This page contains a Flash digital edition of a book.
SPOTLIGHT: COVER FEATURE T


he truth is that employees have been bringing their own devices into the workplace for years, starting with laptops and netbooks, progressing to smartphones, and ending up where we are now; with iPads and other tablets becoming increasingly more commonplace examples of the consumerization of business IT. As Jeff Schmidt, global head of business continuity, security and governance at BT Global Services warns, “these devices can be great tools to enhance and enable business, but it is easy to become cavalier in attitude because they function both professionally and personally, a dangerous combination if the right approach and awareness is not recognized in their use”.


The iPad, though, is especially worthy of attention, not least because it has taken the bring your own device (BYOD) trend to a whole new level and is no longer the realm of the geeky early adopter. Rather, we are increasingly seeing executives wandering around the offi ce with an iPad in hand. Which begs the question: should the CEO bring an iPad to work?


Left to Their Own Devices… Phil Robinson, director at Digital Assurance, and founding associate member of the Institute of Information Security


Professionals, reckons that the whole BYOD trend was pretty much inevitable if you take into account that users have been bringing USB sticks and other removable media into work for more than a decade now. It is “the slow replenishment cycle within the enterprise and the desire by


individuals to use their devices for work and play” that’s really driving the trend now, Robinson told Infosecurity, adding that it’s not about to go into reverse.


Security professionals have no choice in letting consumer devices into the business. Security does not exist to secure the company, but to allow the company to manage its risk


Quentyn Taylor


“BYOD is as momentous a change as the evolution of the internet”, Robinson insists. “It enables us to access information and carry out tasks remotely in speedier and more convenient ways. Any organization that ignores BYOD does so at its peril as users will simply fi nd ways to work around the security obstacles in their path.” Kurt Roemer, chief security strategist at Citrix, agrees that BYOD adoption will continue to spread quickly, as ever more devices are suitable for enterprise usage. He does argue, however, that organizations are not ignoring the issue, far from it in fact: “BYOD policies are rapidly being adopted, with almost half of companies already boasting some sort of formal company policy”, Roemer says. “Almost all (94%) are expecting to have one by mid-2013.”


An Appetite For Risk


When drafting such policies though, should information security professionals prioritize


BYOD can help ease the budget on hardware spending...but then there are the security concerns


security or business enablement? Given that many organizations would agree that BYOD is a cost-effective thing – decreasing the IT spend on peripherals when hardware budgets are being tightened – it is also desirable because it helps to ensure staff are using the latest technology. The business benefi t argument, therefore, cannot be ignored. But then neither can the security issues surrounding the ability to maintain a consistent standard across the enterprise. So the question of priorities would appear to be a rather complex one on the surface. Dig a little deeper, however, and those with experience in handling the consumerization of the workplace will tell you it’s actually pretty simple. Take Quentyn Taylor, director of infosecurity, governance and risk at Canon for example, who told us that “security professionals have no choice in letting consumer devices into the business. Security does not exist to secure the company, but to allow the company to manage its risk. Business enablement is a key driver for information security and always has been.” Taylor is not alone in this sentiment. Neil Campbell, ex-computer crime fi ghter with the Australian Police, and now global


www.infosecurity-magazine.com /// 25


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60