This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. > Find out more here
All the latest UK technology news, reviews and analysis
|
|
Firms looking to roll out bring your own device (BYOD) schemes should never be tempted to let staff store corporate information on their personal devices, according to security experts speaking at the V3 Security Summit on Tuesday.
The rush to use tablets and smartphones for work purposes has led to many organisations being forced to take a stand on the issue, and decide whether to let employees use their own devices to access corporate applications, provide them with a device directly or the funds to buy an authorised one.
However, this brings new security challenges to IT departments over managing the influx of mobile devices accessing the network, and the best approach to take to information access.
According to Richard Mardling, strategic business director at identity management specialist AurionPro SENA, whatever approach firms take, allowing business data to be stored on a personal device is never a sensible option.
“I’d be uncomfortable about people storing corporate information on personal devices because you don’t have control over the personal device,” he said, during the V3 Security Summit session on eliminating the security risk from BYOD.
“The only way you can do that is to start to put applications onto that device to control it or get the employee to sign up to quite stringent acceptable use policies, which they might not want to do as it’s their personal device, it’s not the property of the organisation.”
Mardling advised firms to instead look for ways to store, manage and control information accessible via the device within the network, rather than on the device itself.
Andy Bushby, technology director for Information Security at Oracle, said that allowing staff to store client or other sensitive data on their own devices would have implications around the Data Protection Act and new European privacy legislation coming up.
“That in reality means encryption, so you’re going to start encrypting at least a part of someone’s device,” he said.
“And then there’s questions around how do I make sure they’ve wiped that when they leave, and has the user given me the right to do that. If you store information on a personal device, it makes it a more complicated process if they leave or the device is lost or stolen, than storing the data in the infrastructure.
"It’s best to have a security platform that means if someone leaves, they’re turned off for every device and application, and so have no access to sensitive information.”
V3 pits top devices against one another ahead of Samsung Galaxy S4 launch
The clock is ticking for Postini users that don't want to move their email management to Google Apps.
Build great digital experiences at the speed of the web
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
