Bring your own device schemes (BYOD) have been ruled out as a policy option at the Ministry of Defence.
Speaking at a roundtable organised by BT at the Infosec 2012 conference, Simon Wise, deputy head of the MoD’s global operations security control centre, said: “We have a bring you own policy and it’s simple: Don’t!”
Wise has 20 years of experience in overseeing defence security, having previously worked in procurement positions at the MoD, NATO’s ICT systems and the Royal Navy.
Asked whether the MoD would ever use BOYD, he said. “Personally I can’t see that.”
“The key risk is unauthorised devices and the threat they pose to the rest of the network,” he said. The MoD currently has around 750,000 IP devices, he said.
“There is a list of prohibitive devices that gets longer every day, which requires an uptake of physical security to ensure staff can’t bring them on and off site,” he said.
“We need to be able to detect if they have been brought into our systems so we only allow authorised devices.” He said the ministry had zones for where staff are allowed to use certain devices.
The MoD deals with 200 different company’s information systems, of which it has 20 main suppliers. Wise said the key message for industry suppliers is to be honest about their position in the market, rather than all claiming to have a "magic box" security solutions.
“The MoD has to be a more intelligent customer in understanding hardware and services,” he said.
But the more security layers and protocols an organisation requires, the less beneficial the user experience, and greater the management overheads and restriction of bandwidth, he said.