Management Clueless on ‘Bring Your Own’ Vulnerabilities

The rise of employees being allowed to ‘Bring Your Own’ (BYO) device into the workplace is a major set-back for information security. However, this development is being led by senior managers who are largely ignorant to the risks.

Who is to blame, and how bad is this situation?

A couple of years ago, the idea that employees might be encouraged to bring their own computing devices into the organisation, and use them for work, would have been considered a crazy idea – and a big backward step for information security.

However, a recent study by ISACA members shows that 23% of UK businesses are already allowing this. The industry even has a catchy name for it ‘Bring Your Own’ (BYO).

Why is BYO being pushed so strongly. Clearly, the rise of the iPad has played a big role. You only have to walk down a first class rail carriage to see more of these in use by high salary individuals than traditional laptops. Clearly, device manufactures are all for it – giving them a convenient entry into the business market with what was only ever designed as a consumer product. Their concern is sales, not ensuring that security is maintained.

Ian Mann, founder of ECSC, says “Information security professionals all recognise the risks. Devices outside of organisational control are a source of vulnerabilities. They create a route for hackers to obtain confidential information, and this area is likely to be the next big cause of security breaches”.

So, is the answer to ban all employee owned devices? Perhaps not, according to Lucy Sharp of ECSC, “Rather, you need to assess the risks. What access are you giving them, what data may be accessed from (or stored on) these devices.”

As with all technology developments, you need to understand the risks, and develop appropriate controls to allow you to exploit new opportunities without compromising your information security.

Ian Mann, commenting on senior managers says, “The big problem here is one of communication. Security and IT teams find it difficult to challenge the CEO who wants to use their iPad. However, in our experience, if you effectively communicate the risks to management, they make more sensible decisions.”

Paul Lambsdown, Sales Director with ECSC adds, “As with all technology developments, there are potential business benefits – and these cannot be ignored. It is the role of information security to facilitate new developments, whilst protecting critical information.”

The following two tabs change content below.

admin

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam dignissim magna vitae dui posuere eu feugiat augue eleifend. Fusce sed tincidunt quam. Donec varius aliquam metus ut semper. Donec augue purus, feugiat interdum malesuada vel, aliquet quis massa. Nulla facilisi. Nam vel ante quam, et tincidunt dui. Maecenas venenatis libero eu nulla tincidunt et accumsan velit sodales. Nam congue mauris et felis porttitor blandit. Nam eget tempor massa. Nullam suscipit gravida eros, ac suscipit magna feugiat sit amet.

Latest posts by admin (see all)

If you have any comments please click the link
Comments 0

Leave a Comment