BYOD: Good or Bad?
The Bring your own device or BYOD trend being touted by cloud computing as one of its most attractive features is actually causing concern to a lot of IT officers because of the inherent problems brought to the table by allowing company data resources off the premises. One of the biggest problems that can be encountered would be data loss or information leakage. These are the same repercussions as losing a company laptop a few years ago the potential for disaster because of losing vital company secrets is extremely high.
AccelOps Cloud Security Survey Report surveyed some 176 IT security personnel and they ranked BYOD as the top source for fear of incurring data loss and having the need for heightened data control. This is the traditional topic or cloud worriers and opponents of cloud computing which only helps in propagating the myth that cloud computing in not secure. ISC2’s January research shows that explicitly linked cloud computing to the creation of personal device policies. But the take away from the research is that companies who support BYOD have happier employees while also needing to increase their cloud security knowledge and skills. The same research survey shows that 78% of the participants consider BYOD as a “somewhat or very significant risk”.
While BYOD is certainly a highly appealing way to do things for the employee, it becomes rather a pain for employers. Part of this is because there is no proper standard in creating BYOD policies, and each company has to stumble and learn from their own mistakes, because as with all new things, few have explored it to catalogue best practices and create ad-hoc standard policies. When learning from other’s mistakes is not pretty much an option yet, companies have to become smart when approaching this nice little feature.
My two cents on the matter is that BYOD policies should be based around data control and logon security. Little to no data should be stored within mobile devices themselves that may be retrievable by those that get their hands on the device. If this is the case, data thieves have to login to the account on the stolen devices which makes it just a tad harder. This is where logon security comes into play. Multi- tier verification should be the way to go because common username-passwords can easily be stolen or even guessed. There should be further user authentication and verification, probably along the lines of facial or voice recognition or other forms of multi-tier verification devices.
By Abdul Salam
He has recently co-authored: Deploying and Managing a Cloud Infrastructure: Real-World Skills for the CompTIA Cloud+ Certification (Wiley).