BYOD is really BYOPMD

Monday, May 07, 2012

Phil Klassen


The full impact of BYOD has not really affected many security professionals but it will eventually impact all of us.

For those who still believe that personal devices will never be a part of your network, remember, never say never. Regardless if the influx of non-corporate devices have accessed the interior of your network or not, the first step is a AUP, acceptable use policy.

BYOD is a new phenomenon that should make the security society very nervous. Consider the full scope of this intrusion into our networks, BYOPMD, Bring Your Own Personal Mobile Device.

Each of these words has a significant impact on security. Start with "Your Own Personal".  It's not a corporate device, the company does not own it, and more than likely its shared.

The next word, "Mobile". The industry is just becoming comfortable with securing mobile devices that are confined to the enterprise, such as scanners. As for company laptops that have access to the wild, we at least have a strategy because we can control the AV/malware, applications, and OS. That's all gone with a personal mobile device.

Lastly, "Device".  The device could be a smart phone, an iPad, a Mac Book, or any number of laptops with a variety of operating systems.

If that's not enough consider this. I was reviewing a contract job when I spotted this at the very bottom of the requirements list, "Personal device required - Yes". 

So now you may have a contractor or out-sourced associate doing work within your network using their own mobile device, that may or may not be managed by the security policy of the company they were hired by.

Security professionals and Security solutions are clamoring to establish some form of best practice and the subsequent enforcement of that practice, but there is no way any of us can establish a security posture if there is not a policy to follow. 

The policy must include required security software, type of device supported/allowed, corporate data integrity, and consequences, and it must be supported by all levels of management. Details to come.  

Possibly Related Articles:
Enterprise Security
Information Security
Policy Enterprise Security malware Mobile Devices Smart Phone Laptop Security Solution BYOD
Post Rating I Like this!
Spencer Parkinson Phil, as a Symantec employee I completely agree that BYOD best practices and policies should go hand in hand. Another thing I think is worth mentioning that’s not already in your post is that mobile device management (MDM) can really help when it comes to implementing and enforcing such policies. Of, course what do you expect to hear from an employee of an MDM vendor. However, I really do believe that a good MDM solution can alleviate many of the headaches associated with BYOD. Add mobile application management (MAM) to the equation and secure BYOD becomes very possible.

Spencer Parkinson
Phil Klassen its definitely required for a complete solution and I was going to add that to a future post - thanks for the input
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.