Businesses that are rushing to join the BYOD craze are heading for disaster if they do not get the security side of things right.
That’s according to Robert Schifreen, author and ex-hacker. Speaking at an event in London he said companies need to get their security in order before embarking on a BYOD policy. If they don’t, he said, the consequences could be disastrous.
"BYOD is a lot like cloud computing – it had been around for ages but then it got a sexy name and everyone was talking about it. Then companies jumped in and made decisions, not necessarily good decisions, to go with it and then it became huge," he said.
"I think that may well be the same with BYOD. It’s got a sexy name and people are talking about it. It’s making companies think they can kill their hardware budget by letting people bring their own machines," he added. "I think companies jumping on the BYOD bandwagon are heading for a fall if they do not do it right."
But how do companies ensure they get it right? Anna Watson, general manager security solutions at Dimension Data, told CBR that accurate planning is the way to do it, and that it actually represents a great opportunity to revisit out of date policies and ensure workers remain productive yet secure.
Security policies in place at many businesses were written at a time when the mobile fleet consisted of laptops that were corporate-issued and fully locked down. That is simply not the case these days, with workers using iPhones, iPads and other mobile devices to get their work done.
"Businesses need to go back and look at their overall security policy. What we’re finding is that most organisations do have policies in place but they need to be adjusted and incorporate new devices," Watson said. "It’s not about ripping and replacing; it’s about seeing how they can adjust the current technology policies and processes in place."
Watson points out that the device is little more than a tool to connect to the data or services workers need to be more productive. The shift in the security industry from protecting the device to protecting the data is a welcome one, Watson added.
"BYOD is a great starting point because it is something very tangible. But really they need to look at the bigger picture, which includes the data centre, the applications and even the network they have access to," she told CBR. "Then you can review policies and see what the risk really is."
"The positive," Watson concluded, "is that it is an opportunity to review something that is in place and adjust it to a new environment."