A rising challenge for many businesses is that of bring your own device (BYOD) policies and the related issues, the key issue (as always) being that of the data. And in particular, how the ownership of the data on the device is agreed, or at least dealt with.
I have seen policies range from one extreme to the other, but there are three main approaches to dealing with device ownership and the data on that device:
- Corporate ownership and provisioning – the employer purchases and retains ownership of the device, and may or may not allow any personal use depending on existing usage policies;
- Shared management – employees accessing business data from their devices give their employer the right to manage, lock down, or even wipe clean the devices;
- Legal transfer – the employer purchases the device from the employee, which may involve a nominal price, and allows the employee to use it for personal communications, and maybe even allows them to buy the device back when they leave the organisation.
All three are very simple for large corporations which consider this as a big enough risk and have the resources to roll out a technical solution to identify what attempts are being made to access the corporate network.
Security Think Tank: Challenges and opportunities of smartphone security policy
The same cannot be said for SMEs, however, many of which may not know the extent of the access to the corporate network by unauthorised devices, and yet implicitly accept that employees use their own devices (it is cheaper than providing them). The lack of knowledge will possibly hold back many SMEs from taking appropriate action at the right time.
There is not one solution that fits all, and although the available technologies are enabling some creative approaches, including the use of cloud storage for all corporate data or the use of SD cards to store all private data, they are not yet quite easy-to-use enough for SMEs.
I believe several solution providers will recognise the severity of this challenge over the next year, and we will see many different innovative options for all devices and platforms. The mobile and cloud solutions space is moving far faster than PC solutions ever did.
Sarb Sembhi is chair of ISACA’s government relations committee.
This was first published in February 2012