The CISO perspective: The pros and cons of BYOD

The pros and cons of BYOD were laid out in a panel discussion at Infosecurity 2013 yesterday, with the CISOs of Commerzbank, law firm Field Fisher Waterhouse (FFW) and National Rail all giving their views on one of the most talked about topics in business IT over the past few years.

Mobile and BYOD strategies

Andrew Yeomans, head of information security at Commerzbank and a member of the Jericho Forum, said that the German bank had explored the concept of BYOD and carried out some experiments.

"It is a lot harder in a regulated environment. In financial services you're supposed to keep a log of everything and it can constrain you. One of the things we have explored is using [products from security vendor] Good Technology on devices and the other is using devices with purely a VPN connection," he said.

Yeomans said that not many employees use email in an offline mode, so if users were using it in a browser setting then many of the security issues normally connected with enterprise mobile use would no longer be there.

"As long as the user is secure in using the passwords it becomes much simpler than protecting the device that is not in your hands," he said.

Tracy Andrew, CISO at Field Fisher Waterhouse, said that the law firm would not go ahead with BYOD; instead it is trialling a corporate iPad scheme.

"100 people are trialling it and there has been a positive response, to the extent that tech-savvy lawyers in the firm have set up their own iPad user group and are looking at which apps best suit the law firm and best suit their needs. Then they set up a meeting with the IT directors and myself to discuss which of the apps we would go live on," he said.

Peter Gibbons, CISO at National Rail, said that the company has a mobile technology strategy that focuses on tablets and smartphones.

"We are aggressively using it to bring them across the rail industry; it's no secret that we are trying to save costs. The strategy will mean we'll have 8,000 to 10,000 iOS devices in the field helping us with things like inspection. At the moment, we have 100 to 150 users on a BYOD trial, using both Android and iOS devices," he said.

The mobile device management (MDM) solution
While Commerzbank has not adopted a mobile device management solution as yet, Field Fisher Waterhouse (FFW) has switched from Good Technology to MobileIron.

"We had a trial with Good Technology but it failed because of the double log-in feature, which as a security professional, I liked, but lawyers want easier access, so we then opted for MobileIron," Andrew said.

But the firm has since encountered problems with the MDM solution.

"MobileIron has been positive for iOS but bad for Android. We initially had a problem with the email client, which we resolved with [ActiveSync-based enterprise solution] TouchDown," said Andrew.

National Rail, meanwhile, has implemented MaaS360 by Fibrelink.

"We have Fibrelink for our corporate line of devices and that is fully tendered. We integrate this through the back-end and that is where we join it in with BYOD as well," Gibbons said.