BYOD 2.0 and spotting the next big trend
by Christos K. Dimitriadis - International VP of ISACA - Wednesday, 22 August 2012.
It is only with this holistic approach that the organisation can spot trends—and this is a process that you can implement within your company. This is a vitally important point and has to be addressed by all enterprises now, because once you have missed a trend and it has been implemented in your organisation without your involvement, you cannot stop it. BYOD is an ideal example. The tide cannot be reversed.

BYOD is here to stay and you have to manage it, as well as its implications in other areas. It would be prudent for your enterprise to look at all of its future plans for the deployment of laptops, for example, since BYOD is replacing the laptop with the tablet computer. Whether you like it or not, your sales force is working in an era where they will reject shiny new laptops for their own tablet computers.

Many companies are sitting on brand-new deliveries of laptops that will never be used because they did not spot the trend for the tablet computer. Trend risk analysis, which often is part of an overall framework for the governance and management of enterprise IT (GEIT), can be deployed to avoid problems such as this.

To keep on top of the BYOD challenge you need to keep the requirements of the company foremost in your mind and, using a holistic process, look at the aspirations of staff and see how they match with your predictions of what is likely to happen in the market. In analysing the problem you have to analyse the culture of your company, the technology coming down the road and the human factor that is your staff.

You will have to pay particular attention to the architecture of BYOD and how small changes may have major repercussions in a short period. For example as far as human resources (HR) is concerned, a proper legal framework will have to be constructed to take into account occasions when staff leave the company and take their own device with them. For example, is the company entitled to inspect it and delete all corporate information that is stored in it? How will access to personal data be prevented if the employee does not provide consent to its inspection?

This is particularly the case in the difference between the privacy legal framework around the world. In Europe, for example, the privacy framework is different than in the US and if your BYOD policy is US-centric and not designed for use in Europe there will be a significant number of pitfalls.

Moreover, particular care should be taken in ensuring that employees who do not want to use their personal devices for business purposes are not coerced into doing so. Not only will this be a nightmare to manage but the resentment that can build up can lead to an increase of insider threats.

You will have to consider how your mobile device management (MDM) gateway should be part of your holistic solution. Be ready to analyse risk from the cultural perspective and not only a technical perspective. Your IT security department will be available to analyse your technical risk, but you should focus on the random elements of risk that staff inject into the enterprise, since nearly all people will find ways to make their lives easier and ignore the glaring risk involved. An example of this is people who tie themselves to public clouds and keep sensitive corporate data, and often their entire email archives, on easily accessible public clouds.

Only holistic approaches to human behaviour and IT security behaviour will produce predictable outcomes. You cannot stop a trend, but you can spot one coming and if you analyse your enterprise’s present needs, balanced with the needs of your staff and the future growth of your organisation, not only will you be able to tame the BYOD growth, but you will be in a far better place to spot the next trend coming down the line and be prepared to address it by using information security as a business enabler than a temporary stopper.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th