The Bring Your Own Device may be an unstoppable evolution. The BBC report quotes several different surveys. Avanade found that 88% of executives said employees were using their own personal computing technologies for business purposes. A Cisco survey found that although 48% said their company would never authorize employees to bring their own devices, 57% agreed that some employees use personal devices without consent.
Absolute Software, also quoted in the BBC report, has a new blog posting called “The BYOD Movement – A Cultural Shift.” In the BBC report, Absolute’s Stephen Midgley says that potential new staff are specifically asking “what kind of device they will be able to use to access the network.” Staff are demanding, and increasingly getting, the opportunity to choose and use their own computing devices; and even making it a condition of employment.
So BYOD may be here to stay. Unfortunately, like most developments in computing, the concept comes first and security is added later. That’s an increasing concern for security professionals. In fact, the number one prediction for 2012 from Trend Micro concerns BYOD and states, “As more and more corporate data is stored or accessed by devices that are not fully controlled by IT administrators, the likelihood of data loss incidents that are directly attributable to the use of improperly secured personal devices will rise.”
This same BYOD problem goes beyond the work environment – it’s also happening in our schools. Pupils are bringing their own mobile devices and using them on school premises – sometimes as part of a class activity, often not. It’s a similar problem with different dimensions between workplace and school. Dr Brian Bandey, a Doctor of Law also studying at Oxford University and principal at Patronus PhD with a special interest in e-Safety law in education notes that “in many cases teachers are encouraging the use of mobile devices in order to engage pupils with technology and the internet.” But those same pupils also use their devices inappropriately. The type of inappropriate use may differ between school and office, the laws that management must follow may be different in detail, and the remedies available are certainly different (it is ‘easier’ to fire an employee than a school pupil); but it is a comparable revolution and problem.
As Dr. Bandey points out: “Technology-based misbehaviour in the workplace is conducted by adults and the effect of that behaviour is suffered by adults. But in the school minors who are developmentally inhibited from accurately forecasting the consequences of their actions and who are inherent risk-takers misuse technology to the detriment of other minors who are, by their nature, more vulnerable than adults.”
The key to solving the emerging BYOD security problem, says Dr Bandey, is the same for school and office: firstly recognising the fact of BYOD misuse; then implementing a mixture of technology and policy. “The behavioural truth is that technology misuse is prevalent in both workplace and school. Employer and school alike need to risk assess it, implement careful and thorough policies and then police them using appropriate monitoring technology. In some instances then, the behaviour can be modified before harm is done.”
The January/February issue of Infosecurity Magazine shines a spotlight on consumerization and the BYOD trend. Don't miss it!