The CISO perspective: The pros and cons of BYOD

By Sooraj Shah
16 Jan 2013 View Comments

The security behind enterprise mobility

Further reading

Commerzbank's Yeomans added that enterprise management of devices can also hamper the security on the device.

"The latest iPad devices are significantly more secure out of the box than a provisional personal Windows XP system. As soon as people buy [their own device] from the store, have control of it and get someone else to do the management and the ability to zap things remotely, it has been proven to be a bad experience, it actually locks down the devices," he said.

"The FBI in their papers have expressed concern as to whether they can do any forensic examination on these devices and whether they can get any information out of them at all," he added.

FFW does not maintain a log of applications on personal devices but it can wipe data from a device and it uses encryption. With corporate devices it maintains a log of applications and other mobile services, Andrew said.

But the key to effective security for Andrew is staff training.

"I can spend £30,000 on training or on implementing security controls and I'd rather spend it on training," he said.

According to Gibbons, security awareness among users is improving.

"I do see consumers placing a greater emphasis on security, I think they see that as a bonus. That probably wasn't the case before," he said.

Andrew argued that with BYOD, the need for users to be vigilant is even greater.

"Few people let other users use their corporate laptops at home, but if with BYOD you had corporate accounts on personal devices that are being shared, problems can arise," he said.

Value of mobile devices

Andrew said that the concept of BYOD is attractive to him because of the additional responsibility an employee has over their own device.

"If the enterprise loses BlackBerrys or laptops, people get a replacement, but how many people lose their own phone? They don't tend to lose it because it's of tangible value to them," he said.

But Network Rail's Gibbons believes that BYOD has not yet proven that it is worth the cost and effort of implementing it.

"With mobile I see the benefits significantly outweigh the costs but with BYOD I'm yet to be convinced. If the employees didn't have them would they not do the work?" he asked.

Another issue is roaming charges, said Andrew.

"Who picks up the cost for roaming is an ongoing debate. If it's a corporate device, it's easy: it gets billed to us. But with BYOD we would have to find a compromise," he said.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

39 %
26 %
14 %
21 %