All the latest UK technology news, reviews and analysis


Keep corporate data off smartphones and tablets, caution security experts

25 Sep 2012
Samsung Galaxy Nexus vs iPhone 4S

Firms looking to roll out bring your own device (BYOD) schemes should never be tempted to let staff store corporate information on their personal devices, according to security experts speaking at the V3 Security Summit on Tuesday.

The rush to use tablets and smartphones for work purposes has led to many organisations being forced to take a stand on the issue, and decide whether to let employees use their own devices to access corporate applications, provide them with a device directly or the funds to buy an authorised one.

However, this brings new security challenges to IT departments over managing the influx of mobile devices accessing the network, and the best approach to take to information access.

According to Richard Mardling, strategic business director at identity management specialist AurionPro SENA, whatever approach firms take, allowing business data to be stored on a personal device is never a sensible option.

“I’d be uncomfortable about people storing corporate information on personal devices because you don’t have control over the personal device,” he said, during the V3 Security Summit session on eliminating the security risk from BYOD.

“The only way you can do that is to start to put applications onto that device to control it or get the employee to sign up to quite stringent acceptable use policies, which they might not want to do as it’s their personal device, it’s not the property of the organisation.”

Mardling advised firms to instead look for ways to store, manage and control information accessible via the device within the network, rather than on the device itself.

Andy Bushby, technology director for Information Security at Oracle, said that allowing staff to store client or other sensitive data on their own devices would have implications around the Data Protection Act and new European privacy legislation coming up.

“That in reality means encryption, so you’re going to start encrypting at least a part of someone’s device,” he said.

“And then there’s questions around how do I make sure they’ve wiped that when they leave, and has the user given me the right to do that. If you store information on a personal device, it makes it a more complicated process if they leave or the device is lost or stolen, than storing the data in the infrastructure.

"It’s best to have a security platform that means if someone leaves, they’re turned off for every device and application, and so have no access to sensitive information.”

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Madeline Bennett
About

Madeline Bennett is editor of V3 and The INQUIRER. Previously, she was editor of IT Week. Prior to becoming a journalist, Madeline was an English teacher at a London secondary school. Madeline is a regular technology commentator on TV and radio, including Sky, BBC and CNN. 

View Madeline's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Green IT poll

How important is it to your business that a cloud provider uses renewable energy like solar or wind to power their data centres?
19%
7%
4%
1%
69%

Popular Threads

Powered by Disqus
Galaxy S5 vs Nexus 5 head to head review front

Galaxy S5 vs Nexus 5 video review

We compare Samsung and Google's top devices

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Assistant IT Director

Assistant IT Director Annual Salary: Up to £74,954...

Head of IT Projects

Head of IT Projects Annual Salary: Up to £48,153...

Head of IT Service Management

Head of IT Service Management Annual Salary of up...

Technical Salesforce.Com Analyst

From a secret recipe to a bold idea and very proud traditions...
To send to more than one email address, simply separate each address with a comma.