The UK government should be wary of jumping into allowing workers to use their own smartphones and tablets, as the bring your own device (BYOD) trend spreads, the information assurance arm of GCHQ, CESG, has said.
Ownership of devices makes life simpler from a security perspective, but it is not a prerequisite, the body said in its guidance on end user devices.
“What is necessary is that the device is placed under the management authority of the enterprise for the complete duration it is permitted to access official information,” CESG wrote.
“Hence, a BYOD [bring your own device] model is possible – although not recommended for a variety of technical and non-technical reasons.
“Limitations of current technology mean that a ‘health check’ or ‘device status’ check is not sufficient to verify ‘known good’ – malware can easily subvert such a check.
“The device must be returned to an understood state such as via a firmware reinstall or wipe to factory state and any existing configuration on it replaced. It is only by taking over the enterprise management of the device that an organisation is able to ensure that information security policies are being applied.”
The GCHQ body also urged government departments to carry out pilots before full rollouts. It listed a number of operating systems in its advice, including Android 4.2, Windows Phone 8, iOS 6 and BlackBerry 10.1, hinting they are most likely to be used across government bodies.
There are numerous problems with BYOD, even if it appears to be inevitable across organisations. A recent report from Network Instruments said BYOD was the most difficult emerging trend to monitor.
There are also serious concerns about managing the extra bandwidth that employee smartphones and tablets bring.
Are you a security pro? Try our quiz!
Tesla makes key advances toward advanced self-driving rollout in China as chief Elon Musk meets…
New UK rules bring in basic security requirements for millions of internet-connected devices, aiming to…
Google parent Alphabet sees market capitalisation surge over $2tn on plan to over first-ever cash…
Google asks Virginia federal court to dismiss case brought by US Justice Department and eight…
Snapchat parent Snap reports user growth, revenues in spite of tough competition, in what may…
Quick-growing fast-fashion company Shein must comply with most stringent level of EU digital rules after…
View Comments
I can understand the IT people that are against BYOD. However, I don't think they can do anything to stop it. It's already happening, whether officially sanctioned or not. So the question becomes - how to deal with it?
Does BYOD come with headaches? Of course it does. However, security issues and IT management headaches (how do I support all those devices?) can be addressed by using new HTML5 technologies that enable users to connect to applications and systems without requiring IT staff to install anything on user devices. For example, Ericom AccessNow is an HTML5 RDP client that enables remote users to securely connect from iPads, iPhones and Android devices to any RDP host, including Terminal Server and VDI virtual desktops, and run their applications and desktops in a browser. This enhances security by keeping the organization's applications and data separate from the employee's personal device.
Since AccessNow doesn't require any software installation on the end user device – just an HTML5 browser, network connection, URL address and login details - IT staff end up with less support hassles. An employee that brings in their own device merely opens their HTML5-compatible browser and connects to the URL given them by the IT admin.
Check out this link for more info:
http://www.ericom.com/BYOD_Workplace.asp?URL_ID=708
Please note that I work for Ericom