News: If these organisations can do it, surely your data isn’t too sensitive to host on employee devices.
The main challenge of Bring Your Own Device (BYOD) policies is ensuring that corporate data that is used on an employee-owned device is kept safe. It is understandable, therefore, to feel an instinctive sense of hesitation when considering implementing such a policy.
However, even some of the companies with the most to lose from a data breach are implementing BYOD. If they aren’t afraid to try it, why should anyone else be? CBR has rounded up some of the most surprising BYOD implementations.
1. The Pentagon
As the main headquarters of the US Department of Defence (DoD), the Pentagon needs to be one of the most secure workplaces in the world, for obvious reasons.
However, in 2015 the Defence Department announced that it would be running a BYOD pilot for users within the DoD staff, which was scheduled for launch in the summer. It fell behind schedule and the new timeline is unclear, however.
The initiative was planned as part of the White House Digital Government Strategy, which was first launched in 2012 under the White House’s Federal CIO, Steve VanRoekel.
As part of the initiative, the White House published a toolkit to help Federal agencies planning to move to BYOD. This identified a range of benefits for Federal agencies moving to BYOD, including the choice offered to customers through embracing the consumerisation of IT and the cost benefits of reducing the amount of expenditure required on providing government devices to staff.
Assuming the DoD implementation follows the White House guidance, it could make use of virtualisation, providing remote access to the required resources so that no sensitive information is stored or accessed on the device. Another possibility is a walled garden to contain the relevant data and application processing within an app, or limited separation to allow comingled personal and work data but with policies to ensure security controls are in place.
2. University College London Hospitals
As well as defence, medicine is another field where information can be incredibly sensitive. Some illnesses can carry social stigma, while medical professionals are often privy to personal details about substance abuse, family planning or mental health.
Azzurri worked with University College London Hospitals (UCLH) to enable BYOD for its clinicians after the NHS Trust found good patient engagement results using tablets.
Originally the Trust provided patients with a range of apps available on hospital-owned devices. After the cost became prohibitive, UCLH trialled BYOD across 150 devices belonging to senior managers. Azzurri also provided a MobileIron solution to securely manage the devices.
The roll-out was enthusiastically embraced by staff, and allowed the Trust to mobilise employees far more quickly and cheaply than under a company provision model.
3. ‘European financial services company’
Banks are another routine handler of sensitive data, so their BYOD implementations will naturally be more tentative than most other sectors. Of course, while not as bad as the potential consequences of data loss by the Department of Defence, the loss of any customer’s financial information could be disastrous.
However, the benefits of BYOD apply as much to banks as they do to any other organisation. Used to working with computers, banks often have a large proportion of tech-savvy staff which may have several devices that they wish to bring, or particular operating systems or devices that they are more comfortable working with.
An anonymous case study on Cisco’s website refers to a European financial services customer which sought to implement a BYOD policy but faced a lack of standardisation across its network; regular merger and acquisition activity exacerbated the fragmentation of its IT.
This prevented it from being able to identify and detect rogue devices on the network. Cisco worked with it to build a standardised network, making security monitoring of devices much easier.
4. Thomson Snell & Passmore LLP
In April 2015, Egress Software Technologies revealed the results of a freedom of information request. In 2014, the Information Commissioner’s Office investigated 173 UK firms for incidents that may have breached the Data Protection Act.
In other words, the security of law firms’ data is a big issue, considering that they may hold sensitive information on clients, M&A activity or intellectual property and patent filings.
Looking to enable its partners to work from mobile devices after moving its desktop and software infrastructure to the cloud, Thomson Snell & Passmore LLP chose mobile device management company MobileIron to build a range of solutions, such as secure email.
The firm also deployed its business apps on MobileIron Apps@Work. In addition, it started using Kerberos so that when a password is changed on the office desktop it does not change that in the device, preventing the user from being locked out.