BYOD Security Concerns: Does IT Protest Too Much?
Mobile security concerns about bring-your-own devices are overblown, says an IT security expert in this CIO.com Q&A.
Thu, June 28, 2012
CIO — The bring-your-own-device phenomenon, or BYOD, has really stirred up the hornet's nest in the enterprise, particularly among CIOs. They're worried that BYOD gives too much control to employees and may even be the beginning of the end for IT.
Some CIOs are countering the BYOD effect by drafting severe user policies that lead to legal wrangling over privacy rights. People with a stake in the corporate IT game point out that BYOD's lack of adequate security measures puts sensitive corporate data at risk.
And then there's John Mensel, director of security services at Concept Technology, a 10-year-old IT consulting firm serving midsized companies. He should be leaning hard on the side of IT in the political turmoil caused by BYOD. Instead, he's telling anyone who'll listen to calm down.
CIO.com talked with Mensel about BYOD's real security issues and what BYOD means to the future of IT.
What are the key concerns that you've seen about BYOD and privacy?
Mensel: BYOD has been creeping into our clients' consciousness for the last few years. It's only been in the last six months that people have been caring and worrying about it. I'm talking about smartphones and tablets.
The key difference there is the phone number. My business phone number and my personal phone number are extremely valuable property. People have been calling my business phone number for 10 years. If that number changed, I'd have a big problem.
(For more, check out BYOD's Phone Number Problem.)
A prototypical case is where a salesperson brings his or her own device. Their prospects and contacts are calling them on their personal phone number. When they leave your company, the phone number is leaving, too. This is the single biggest argument in favor of the business providing the device to people who are high profile. I just don't think there's any exception.
There are workarounds, such as Google Voice, call forwarding and others that let your BYOD smartphone receive calls from two different numbers. Can this solve the problem?
Mensel: Sure, if you want to commit to the administrative overhead of managing all of that. In all of the cases where this has been an issue with our clients, we've just said, "Provide the employee with the device so that you have control over it and there's no ambiguity."
In an enterprise that has already committed to BYOD in a large scale, it's a different proposition. They're talking about a huge savings.
(For more, check out BYOD: If You Think You're Saving Money, Think Again.)