Regulated environment key to successful BYOD: Security expert

Information leaks could result from an unregulated bring-your-own-device (BYOD) policy, says ACT government IT security manager

Controls, such as restricted network access, should be in place before allowing staff to bring their own devices if organisations want to avoid the risk of data leakage, says ACT government IT security senior manager, Peter Major.

Major told Computerworld Australia that information on tablets and smartphones could be easily compromised if the device was lost and accessed by someone with malicious intent.

“You also have the problem of data integrity. If they’re processing the information on a tablet and uploading it into an environment that is not controlled by an application or interface, then you end up with a chance of polluting your data pool,” Major said.

He said there’s a bring-your-own-device (BYOD) “tsunami” coming as baby boomers are retiring and Gen X/ Y workers want the flexibility to work when and where they please.

“Once people know what they are signing up for, and the conditions, then they will tend to work within the BYOD environment,” Major said. “When it comes to BYOD, do a threat and risk assessment, work out your cost models and move ahead in a phased manner.”

However, Major said if IT managers do not have a BYOD policy in place then they risked alienating workers. “The company will become an employer of lest choice and people will simply move away,” he said.

According to Major, the ACT government is taking a phased approach to BYOD by creating policy governance and allowing staff to use iPad and iPhone devices to access government information.

Currently, 250 iOS devices are operating on the network with plans to allow Android and Windows devices onto the ACT government network later this year following trials.

“Most agencies at the federal level only deal with one customer base, but within the ACT government we have doctors, lawyers, politicians and school children accessing various levels of information across the network,” he said.

“For example, when school children log in and access the education side of the network the security measures can’t be too intrusive. We have to protect them from themselves but we can’t put them off from using our education resources.”

Major added that staff members were more productive and able to work outside the office since the BYOD policy was implemented.

In addition, BYOD is set to save the ACT government service desk costs as it provides the connection and business applications but workers are responsible for their calls/broadband usage bills.

Major is not the only IT manager to see benefits of a well-managed BYOD policy. A recent US study from analyst firm, Aberdeen Group, found workers with BYOD devices were more likely to work at home and a policy could be used to attract employees in competitive industries such as law.

Major is scheduled to present at the upcoming security conference AusCERT in May.

IDG Communications is an official media partner for AusCERT 2012.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the newsletter!

Error: Please check your email address.

More about Aberdeen GroupACTCERT Australiaetworkf2IDGIDG CommunicationsIDG CommunicationsIDG Communications

Show Comments

Market Place