Categories
Digital Transformation

BYOD risk must be managed

The risks of BYOD must be assessed before a policy is finalised, an expert has said.

Adopting a bring your own device (BYOD) policy will result in many flexible and cost-saving advantages to a firm, but it will also pose a number of security risks, an expert has said.

Writing for ZDNet, Ken Hess said that risk taking is part of business, but savvy operators will temper the risks as much as they possibly can before they proceed.

He explained that businesses spend billions implementing and installing backup cloud computing systems, RAID arrays, SANs, disaster recovery and every kind of "airbag" to lower that daily risk to business operations, so this approach should also apply to BYOD too.

"BYOD brings risk because you’re allowing user-owned devices within your network. You’re allowing users to attach to corporate assets, to access corporate documents and to interact with users inside and outside of your network with those non-corporate owned (controlled) devices," he commented.

He said that the first step is to use a mobile application management or mobile device management suite to lower the potential of any damage, but that is only one aspect of the solution, as it does not protect against OS-related security problems nor does it account for every eventuality that can be thrown up by ignorant or ill-informed users.

Mr Hess added that even corporate-owned devices will not guarantee a trouble or threat-free environment either, but they do allow an extra level of control, with the only susceptible link in the chain being the other end of the device, which he describes as a "necessary evil".

He concludes that risks can only ever be minimised, not eradicated and the amount that any company is willing to tolerate will depend on how many resources they are willing to spend to prevent, avert and mitigate data leakages and threats in the future.

Mr Hess is a full time windows and Linux system administrator with more than 15 years of experience in large multi-data centre environments.