You will have to pay particular attention to the architecture of BYOD and how small changes may have major repercussions in a short period. For example as far as human resources (HR) is concerned, a proper legal framework will have to be constructed to take into account occasions when staff leave the company and take their own device with them. For example, is the company entitled to inspect it and delete all corporate information that is stored in it? How will access to personal data be prevented if the employee does not provide consent to its inspection?

This is particularly the case in the difference between the privacy legal framework around the world. In Europe, for example, the privacy framework is different than in the US and if your BYOD policy is US-centric and not designed for use in Europe there will be a significant number of pitfalls.

Moreover, particular care should be taken in ensuring that employees who do not want to use their personal devices for business purposes are not coerced into doing so. Not only will this be a nightmare to manage but the resentment that can build up can lead to an increase of insider threats.


You will have to consider how your mobile device management (MDM) gateway should be part of your holistic solution. Be ready to analyse risk from the cultural perspective and not only a technical perspective. Your IT security department will be available to analyse your technical risk, but you should focus on the random elements of risk that staff inject into the enterprise, since nearly all people will find ways to make their lives easier and ignore the glaring risk involved. An example of this is people who tie themselves to public clouds and keep sensitive corporate data, and often their entire email archives, on easily accessible public clouds.

Only holistic approaches to human behaviour and IT security behaviour will produce predictable outcomes. You cannot stop a trend, but you can spot one coming and if you analyse your enterprise’s present needs, balanced with the needs of your staff and the future growth of your organisation, not only will you be able to tame the BYOD growth, but you will be in a far better place to spot the next trend coming down the line and be prepared to address it by using information security as a business enabler than a temporary stopper.