Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

BYOD: it’s time to throw out the rule book

By Grant Taylor

Employees have differing views when it comes to what they like - not everyone wants a Volkswagen Golf, and many company car schemes take this into consideration. As a concept it works fantastically – instead of having a pool of company owned cars, employees are given an allowance to offset against their own vehicle. Genius!

A few years ago organizations extended this practice into other areas of the business – for example, an allowance to fund purchasing a laptop. The theory was that, if the employee gets ownership of the device after three years, they’re more likely to ‘look after’ it. Consumerisation of IT, or Bring your Own Device (BYOD) as its becoming more commonly known, as a concept was born and with it a can of worms was not only opened, but flung all over the place.

The problem
Initially, while a genius idea, the issue of integrating different operating systems was just the tip of the problem iceberg – changing functionality, applications and connectivity all had to be addressed and standardised. Then came the discussion about what could, and couldn’t be done with them. Initially email was the essential must have, which quickly moved on to the ability to access corporate information. Suddenly security became the elephant in the room.

It wasn’t too long before organizations started to suffer breaches, and public humiliation, as these mobile missiles haemorrhaged sensitive corporate information. Some were lost, some were stolen and a few were sold legitimately on public auction sites! For the technology team, enabling their use was no longer the issue; but securing the data they carried was.

Move on a few years and today the situation we find ourselves is not dissimilar. On one side employees want to utilise technology that fits with their lifestyle - although now they’re happy to fund it themselves. In the ‘other corner’, the technology team are tasked with sanctioning their use, but need to do so securely.

Saying no is simply not an option – for either side.

Barriers – up or down?
The main issue is that, for the majority of organizations, the technology team had barely got to grips with laptops when smartphones started storming the organization’s enterprise. Without time to properly draw breath, the iPad came along and joined the offensive. Unfortunately the formula of affordable price tag, with superb functionality, makes these new business tools too valuable to blanket block. In far too many cases IT is having to play catch up with some teams in danger of losing the game.

Rather than always trying to pre-empt the next advance, technology teams need to find ways to secure the defences now that future proofs the organization for tomorrow’s world.

Stand firm and secure
If we look at the basic problem, in both private and public sector organizations, people are able to consume information on their devices in their personal lives and found it to be beneficial. They simply want the same flexibility in their business lives and this means the ability to consume corporate information on the same devices.

The challenge for the technology team is to put controls in place that allows people to do that securely so that the data that they access is secure.

Managing the challenge
Organizations could take a conjoined approach to their access strategy that enables granular access to people in a safe and secure fashion.

One method is to provision users on a role base, location base and on device based access. This method means each request is permitted or declined dependant on the user, their device, its location and what information is being accessed.

For many organizations that’s easier said than done. However there are solutions on the market which deliver such granularity without introducing significant administrative and support overhead.

Additionally, another option would be to introduce Access on Demand. A relatively new twist, on a tried and tested concept, information is stored in a secure central location – not dissimilar to a public library. However, rather than being able to walk in and browse, users are sent a secure link that takes them to the exact location where the information is stored – be it file, page or record. At this point they can read, edit, or do anything else that they need to do but without the information leaving the central repository. To further strengthen this option, access could be secured with authentication – for example a passcode sent to a device registered to the user that has to be entered before the file can be opened.

With this approach the user gets the flexible agile work experience they’re so hungry for, regardless of the device they’re using and for the organization its information never leaves its control as it is not transferred to the end users device.

For those organisations looking to introduce secure collaboration, especially with a third party, this approach means organizations can provision external agencies safely and securely, and quickly, offering even greater flexibility.

At the end of the day, it is data that is king and must be protected at all costs. Rather than trying to secure every device known to humanity, and those that are being dreamt of, organizations can provision security that fits in today’s mobile and agile world.

Grant Taylor, head of UK operations, Cryptzone

•Date: 13th June 2012 •World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here