The government has revealed that it will be initiating its own Bring-Your-Own-Device (BYOD) strategy in a move to improve IT efficiency. Speaking at the Intellect conference last week, Liam Maxwell, director of ICT Futures at the Cabinet Office, claimed that the move would save significant amounts of public money. The policy will not, however, be extended to areas within government requiring high levels of security.
It’s great that the government is looking at ways to save money and cut costs within its IT operations, and implementing a BYOD strategy, if done well, is certainly one method of doing so. However, cost cutting must not be the sole consideration here. The safekeeping of data and the management of these devices must be front of mind if this policy is to be truly effective.
The concern with such a high profile institution allowing its staff, albeit not those operating in highly sensitive areas, to use their own devices is that the same security practices employed within the four walls of government are not extended to these ‘external devices’, thus potentially opening the floodgates for serious breaches of security.
What if a device is stolen or lost? Will IT administrators be equipped with the mechanisms to either recover the missing device or wipe it clean remotely? As potentially sensitive information increasingly decentralises into the field, the government simply can’t afford to leave IT staff without the right tools to protect their data.
It will be interesting to see how this issue is addressed – while there are many device auditing capabilities on the market, most solutions cannot deliver an accurate report on what devices are being used and where they are located.
It can also be difficult to get insight into what data is being accessed and how secure it is on distributed mobile devices. Such shortcomings can lead to decentralised and inconsistent mobile device management, as well as greater exposure to security risks.
If the government is to avoid these problems when its new strategy is implemented, it needs to deploy a truly holistic solution that enables IT staff to apply security policies to every device that accesses business information – regardless of platform, operating system or physical location.
In addition, GPS and other location tracking technologies can be used to help to overcome the problem of missing devices, giving administrators the ability to track lost or stolen items in real time.
The enormous productivity benefits of putting a BYOD model in place speak for themselves – but they should not come at the expense of data security.
If the government’s policy is to be truly effective, the government, and indeed any other organisation considering a BYOD strategy, must first of all examine the current practices they have in place for managing ‘traditional’ corporate devices and then look to extend these to offer protection to employees’ own mobile devices. This is the only way to guarantee the safekeeping of your data and these devices.