January 24, 2012 (Featured on www.GovInfoSecurity.com)- The most popular abbreviation of 2012, at least from an IT security perspective, is turning out to be BYOD: bring your own device.
BYOD raises jitters among employers, who worry about exposing or losing sensitive data, and employees, who fret about their bosses spying on them. Despite these anxieties, BYOD is a rapidly increasing trend worldwide as more and more workers use their own smartphones and e-tablets to access their employers’ IT systems.
BYOD is already happening, and the trend will surely continue because that is what people want.
Seventy-eight percent IT professionals with IT security responsibilities say they’ve noticed a doubling of mobile devices accessing corporate networks over the past two years, according to a new survey of 768 IT professionals conducted by Dimensional Research for IT security provider Check Point Software Technologies.
That’s a fact that doesn’t surprise Chris Buse, the state of Minnesota’s chief information security officer, who understands that people in positions like his must deal with the situation. “BYOD is already happening, and the trend will surely continue because that is what people want,” he says.
Nine of 10 of respondents from the United States, Britain, Canada, Germany and Japan say mobile devices connect to their corporate networks, whether owned by the employee or employer. Nearly two-thirds of the survey takers say their organizations allow employees to use their own devices. And, the growing use of mobile devices has contributed to increased security incidents, more than seven of 10 respondents say.
Increasing use of smartphones and e-tables has captured the attention of Federal Chief Information Office Steven VanRoekel (see Security Shouldn’t Be an Afterthought), who unveiled earlier this month the Federal Mobile Strategy to assure the effective – and assumably secure – use of mobile technologies. The government created a website to solicit suggestions from its stakeholders or what it calls community members.
As of Monday, community members submitted 111 suggestions to strengthen the Federal Mobile Strategy, some of which directly or tangentially focus in on security and risk. One community member wrote that the government’s enterprise-wide mobile strategy can’t be limited to purchasing mobile devices. Departments and agencies must recognize the need to establish short- and long-term strategies for mobile deployment and mobile application development. “Without a strategy for effectively using mobile in the federal space, mobile application and device deployment will be inefficient and costly.” And, presumably less secure.
That prompted a response from another community member that a mobile strategy can’t be static because “new technologies are created every moment. An enterprise strategy is not a static plan for an organization. Instead, a strategy must describe how mobility (not just mobile technology) fits into an organization, regardless of the device, platform, application, etc.” Added another community member: “Policies can’t keep up with the rate of technology, so there needs to be a way to create a framework that can expedite app approval (from a security and acquisition perspective) if certain rules and conventions are met.”
It’s encouraging to see the federal government recognizes the need to have a policy on mobile use; it’s something all organizations should explore creating. After all, nearly all types of enterprises face the same challenges of providing secure access of mobile devices, especially to demanding employees who want to use their own smartphones and e-tables for work.