Looking into this example in a wider manner, in the early days of the Bring Your Own Device (BYOD) trend, most IT security departments considered the technology far too insecure to use, attempting to prohibit it. Later on they have realized that it is a law of physics that water will find its own level, accepting that BYOD was there and they should find ways to enable it through IT security controls.
There are management processes that have to be in place to ensure the IT security of an organisation and some of these are being deployed to deal with the risks of BYOD. Employees like to feel they can bring in the devices and connect them to the network. Talking about Google, Douglas Merrill, one of their ex- chief information officers, said “studies show that employees can increase company returns when they have the freedom to innovate by trying new software and new workflows. However, those returns disappear when employees are made to feel that their activities are illicit.”
As an example of how companies can give workers freedom without compromising security, Merrill described his experience at Google. "Google's engineering culture was all about working the way you want to work," he said. Employees could use any operating system and work from any convenient location - the office, home, a coffee shop, or wherever. As a result, it was impractical to rely on traditional security solutions, such as installing antivirus software on each device employees used.
Instead, Merrill said, Google addressed security by building up its infrastructure. For example, the company put antivirus protection on its mail server, which is the main source of viruses that infect the network. They also watched their network traffic patterns for any unusual spikes. Merrill said that enterprises need to find new ways to accommodate employees, while also securing their systems. Trying to change behaviour, like asking employees to stop using instant messaging or Gmail, only stands to stifle innovation.
IT security departments need to be aware of what their employees are up to and what is actually happening on the network.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.