BYOD: Build A Policy That Works - InformationWeek
IoT
IoT
Comments
BYOD: Build A Policy That Works
Newest First  |  Oldest First  |  Threaded View
rgrapes
50%
50%
rgrapes,
User Rank: Apprentice
6/9/2014 | 1:13:10 PM
Why BYOD policies are necessary.
The necessity, design intent and legalese of BYOD policies is due in large part to the limitations of current mobile devices to isolate apps and data from eachother. Today, we download and mash together all of our apps and data onto a single homescreen (or two). Some of us are organized enough to create app folders, or addtional screens into which we place our apps. But the fact remains that these apps and data all share the same storage location and device memory so our corporate information is sharing the same device space as our personal data. What if we could isolate corporate apps and data from our personal apps and data ... and as device owners permit our IT group to see and manage only the corporate apps and data. After all, it is our device and IT is a guest on our device.

MDM products are not security products, they are device management products. Some MDM products provide lock & wipe features but many are device-wide lock & wipe functions while some provide "Enterprise wipe". But from a security perspective the apps and data are all co-resident. If the User downloads a malicious app then the corporate information could be at risk.

A security product would create strong separation or isolation of the apps and data for each context of the users life: work, play, parenting, finance, health, etc. And for BYOD, would allow the device owner (user) to be in control of those isolated spaces. Sure, they can delegate the management of the Work space to a 3rd party like their IT admin. In this way the corporation gets what they want: security and control over corporate information while the device owner gets what they want: personal privacy and the convenience to use their mobile device exactly the way that they want.

Personal disclosure: I work for a software security company that creates a system-level virtualization/containerization solution that solves the BYOD issue and multiple other consumer use cases. I am simply concerned that corporations and employees are suffering through these complex policies and processes to compensate for inadequate mobile device capabilities. Rather we should be telling the device manufacturers that their phones need to support all of our desired use cases: work, play, sharing, banking, shopping, etc. 

My hope is that next generation mobile devices permit their use across all the various contexts of a persons life ... not just work and play.


How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll