BYOD, Security Risks and CISO Strategies
Not a day goes by without another article – or flurry of articles – weighing in on the BYOD debate. Whether the tone of these articles is belligerently anti, or passionately pro, the majority appear to agree on the fact that BYOD is unstoppable; the tipping point has been reached and large, small and middling organisations will have to learn to live with the radical uncertainty it introduces into the landscape.
A recent study from Kapersky found that two thirds of businesses have now adopted BYOD and, as ‘wearables’ become more affordable, this trend is set to grow rapidly. The rapid adoption of BYOD in the workplace – after all, it’s only been around since 2009 – is due, in main, to two factors:
· Business gain from BYOD – research shows a growth in productivity of up to 34%
· The boom in mobile phone technology over the past decade – most workplaces just can’t compete
The mobile revolution offers organisations, on the one hand, the flexibility that is integral to the success of a business, whilst, on the other hand, requiring a risk appetite that may be well beyond their current desire or capabilities…
… the beleaguered Security Chief is caught in the crossfire. The C-Suite wants the benefits BYOD seems to offer, IT are shaking their heads in righteous disbelief at such a proposition, and the employees are getting on quietly with the revolution in hand, by using their own devices whether sanctioned or not.
So, one more sleep problem for the CISO! How can the defence of the organisation’s assets be guaranteed against the multitudinous possibilities of loss, breach, theft and leakage, once they’re made portable and in the bags and pockets of employees?
Quite simply, they can’t. However many software solutions flood the market to solve the problem, the human factor sits at the centre of this contentious issue, and there’s no one-stop shop solution to deal with that.
Despite the lack of certainty, however, BYOD offers a great opportunity for Security Teams to shift their role within an organisation – from defence to awareness, response, and effective communication. Having clear and realistic discussions with the C-Suite about the level of risk presented by BYOD, shifts the position from one of apologist to that of strategic alignment with the business aims. There’s no quick fix – but with executive support and combined business purpose a risk analysis can be undertaken and a process of strategic amelioration developed with the collaboration of key stakeholders in the business.
Collaboration is a key word where BYOD is concerned. We cannot rely on IT to solve it, or HR to monitor it, or employees to suddenly be failsafe. We’re all experiencing this revolution for the first time; none of us have the answer – by considering ways in which the process of risk analysis, policy drafting, and technology can emerge from an inclusive and collaborative starting point, in which perspectives are shared and solutions owned by all parties, we may find a new and flexible response to a new and flexible technology in the workplace.