BYO or Bring Your Own devices has become a controversial issue for companies as it allows employees to use personal devices for work purposes. While BYO can potentially save companies money and increase employee productivity, it also brings significant security risks if not implemented properly. These risks include exposed corporate data, loss of device control, and compatibility issues. Ultimately, how well or poorly BYO works depends on establishing clear policies, deploying mobile device management solutions, and ensuring users receive proper training and understand security requirements when using personal devices for work.

1. BYO: BYO A GOOD THING?…………………………………
Head of Information Security
Company85
Phil Cracknell, FBCS, CISSP, MIRM

2. DILBERT © (2013) Scott Adams. Used by permission of Universal Uclick. All rights reserved.

3. BYOD grows like a weed
The ability of
corporations to deal
with it grows like…
petrified wood

4. BYOD has stirred plenty of controversy
Companies are either embracing it to its fullest extent
or avoiding it like the plague
It is one of the few technology shifts that can ‘creep’
into an organisation from the top down!
Current Adoption

5. BYOD or BYO seemed to emerge around 2009 as a
questionable solution to rising IT costs
• More functional/sexy technology now available for
personal consumption
• Company or user initiated?
• Is it inevitable?
• How should businesses approach it?
Where did BYO come from?

6. So why is there a greater apparent fear of BYO than
any other recent technology shift?
– Less control of IT?
– Less ownership?
– Implied greater personal use?
Fear

7. When employees invest their own money in a device, they
naturally feel
“it’s mine, so I should be able to do what I want with it.”
When the company pays for a device, employees are more
inclined to accept rules and restrictions
The Balancing Act

8. From the user perspective
“I don’t want to carry my own phone and a company one”
“I don’t want to use my personal phone for work”
“I can’t use my work phone to the degree I require for
personal use”
“I want the latest technology of my choice, not the ones my
company choose”

9. A good thing
BYOD can potentially save your company money and
help make your employees happier and more
productive
It could drive massive and essential changes to larger
businesses in terms of network zoning, data
segregation and classification (Internal security
defences)

10. There’s always a ‘however’
BYOD brings along with it a number of risks, from
security to compatibility and everything in between
– Legal
– HR issues
– Device loss/insurance/replacement
– Policy

11. BYOD Risks
1: Exposed data
2: Passwords in the wild
3: Declining productivity
4: Compatibility issues
5: Bandwidth overuse/wireless bottlenecks
6: Device management
7: Virus infections

12. People
BYOD presents several technical risks but
ultimately they are linked to people and
behaviour
BYOD brings out the best and worst in people,
and the user types can be easily categorised

13. The Millennials
I blame them for it all!!!
It's the Millennials pouring into all our workplaces.
They put the pressure on management to allow
them to use their own mobile devices on the
job, not some antiquated corporate-issued
BlackBerry. That's sooo 1998!!
They want to work odd hours and over weekends.
They actually want their business lives and
personal lives to blend.

14. The Techies
They've found a friend in Android.
With BYOD in place, they are free to poke
fun at the consumerised Apple-users,
compare App stores, support and
functionality – and all in the name of work!
Android offers the flexibility that techies
crave, and also serves up some pretty cool
apps for monitoring systems remotely and
other IT job functions.

15. The Main Board
CEOs and the like have a hallowed place in
the BYOD world. Whatever they want, they
get.
Like Captain Kirk with an MBA, these
business leaders shout for more power, “all
you can give me and then more!” and the
trusty IT engine room shall provide it.
From Apple devices on the day of launch, to
an IT throwback such as the BlackBerry it’s
pretty clear where the BYOD fire started...

16. The Older Generation
BYOD isn't for everyone, but that hasn't
stopped some companies from mandating the
policy across the workforce.
Half of employers will require employees to
supply their own device for work purposes by
2017, says a Gartner survey of CIOs.
Pity the worker who doesn't want to put up
the cash for a fancy mobile device, sign over
privacy rights, and then be expected to surf
social networks for support when things go
wrong.

17. Who loves the iPhone and iPad more than
anyone else? Salespeople, of course!
They like to keep things simple, love to
give dynamic presentations, and hate
typing on keyboards. They also like to
blend their personal and work lives.
The iPad with its bold Retina display was
simply made for salespeople in the
workplace.
The Salespeople

18. The Clock-watchers
Entry-level and hourly workers have much to
gain from BYOD, many of whom don't qualify for
a corporate-issued device. Now they can tap into
the power of personal mobile technology to do
their jobs.
It's a freedom they've never had before.
Great, right? Well, BYOD also opens the doors to
work outside of defined work hours, in the form
of work-related email and text messages
bombarding hourly workers after they have
punched out.
Expect a slew of lawsuits for unpaid overtime.

19. The Moaners
Every workforce has moaners. Nothing is ever good
enough, and BYOD is no exception. BYOD was
trumpeted by moaners who wanted to use their own
devices instead of a corporate-issued relic.
They complained about having to carry around two
devices all the time.
Now that BYOD has arrived, they're still complaining.
Expectations of privacy, security controls on personal
devices, and policies chock full of legal jargon.
The moaner makes the remote wipe capability of
MDM a must!

20. The Social Networkers
Social networking addicts love BYOD. It
makes social networking easier to do at
work.
One of the top concerns with BYOD is that
it will lead to less productive workers.
Some companies even ban or limit the use
of Facebook and others at work.
On a related note, companies also better
not infringe on an employee's right to
social media privacy in a BYOD policy.

21. The Bad Employees
In the wrong hands, BYOD can be
disastrous. The problem for us is that it
will soon be in every employees
hands!
Most companies have disgruntled
employees. BYOD effectively makes it
easier for a ‘bad’ employee to steal
stuff and hide it somewhere in the
cloud, even claiming ignorance to the
actual location of where the data was
‘moved’ or coped to ;-)

22. Vendor FUD
Despite the inevitable flood of Fear, Uncertainty and Doubt
spewed from our vendor community – many of the risks with
BYO are INTERNAL and staff-related
Use BYOD to clean up your wild west – embrace it! BYOD will, if
done right, make your world more secure not less

23. Some essentials for survival of BYO
Get a clear mandate from the board
– What is in scope? BYOD doesn’t have to mean mobiles, tablets and laptops – ask the hard
questions
Data Classification and Zoning
– Ensure you know where your important/confidential data is
– Ensure policies and technology control access to this data
– Control entry to and placement on your network – a BYO DMZ? Hell yes!
Get an MDM (Mobile Device Management) solution
– Remote wipe
– Device barring and exclusion
– Remote enforcement of PIN lock and other features

25. BYO – A good thing?
Thank you!
Phil Cracknell, FBCS, CISSP, MIRM
Head of Security and Privacy services at
Company85
uk.linkedin.com/in/cracknell
@pcracknell