A really insightful piece in the MIT Technology Review of 21 May 2012 entitled ‘IBM Faces the Perils of “Bring Your Own Device”‘ by Brian Bergstein should be compulsory reading for all those considering a BYOD approach. Encouraging staff to use their own PC’s or ‘phones was originally seen by some beancounters and bosses as a way of reducing capital expenditure. It also permitted those same bosses to play with the latest toys without being seen to be affect the procurement policy. IBM have recognised the potential pitfalls.
To prevent issues many organizations allowing BYOD install a ‘sandbox’ to prevent incursion into their secure networks. IBM has gone a little further and some of the measures include:
- barring various apps including Dropbox
- configuring devices so that they can be wiped remotely if lost
- disable public file transfer apps
Unfortunately. as those in government immediately identified, it caused problems with the security policy. If, as in the UK, one had to pay regard to the CESG guidelines, one was immediately contravening them. In the private sector there is less compulsion to honour the ‘spooks’ but there are still best practice guidelines to adhere to. IBM’s CIO feels they are being conservative in theeir measures, I believe they are just taking care of IBM’s data.
If this was the public sector, these should be average measures, especially when one considers the size of the Information Commissioner’s fines these days. So, taking into account the costs of securing personal devices, is it any cheaper to permit them and lock them down?