Is BYOD a Nightmare for IT Security or a Dream Come True?


My answer: a dream come true. Here is why, BYOD is not the enemy. It does not increase risk anymore than employees walking in and out of the building with company provided laptops or USB flash drives. The only differences between company provided equipment and BYOD is that company provided equipment costs more (purchase and maintenance), is typically outdated, and an increased learning curve (people are more efficient on their own equipment). Considering these facts, accepting risk for hardware seems silly. What IT security teams need to focus on is keeping data safe regardless of what device it is on.

There are those that would complain that having to support end-user equipment… Stop, you are already doing it. IT departments support a desktop or laptop or cell phone for each employee. The next argument is, “but it is specific hardware and a specific OS…” Gong, you are done. If an IT person does not know how to fix a problem, they jump on the internet, regardless of the device/OS combination. We need to stop approaching this as, “but this is a Windows shop.” As a security professional you will not know what to do when the new CEO brings in an iPad and wants to sync it to his Mac Book Pro so that he can offer a keynote using a device that “makes him look cool.”

We need to take off the blinders. They are all Von Neuman machines. Heck, they are all even PC based hardware these days (Intel or AMD). And the cell phones… People WANT integration. One cell phone is bad enough, asking employees to carry two?

Obligatory automobile metaphor: When fuel injectors came along critics decried them as causing the end of the carburetor industry. Guess what, we all moved on. Funny thing is, 40 years later you can still buy new carbs, parts for them, and some professionals still tune them. The point: things change.

BYOD is the next direction. Do not fear using your own software on your own hardware. If an end-user does not know, or is not sure, provide them with the equipment that does the job. Otherwise, help them integrate and teach them to secure. It is your job to teach security after all…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.