BYOD security awareness
[Click the diagram to enlarge it]
“Bring Your Own Device” (BYOD) - corporations allowing employees to use their personally-owned ICT gadgets for work - is a hot topic. BYOD started appearing in the computer press about a year ago. Now it seems to be on everybody’s watch list for 2012, the benefits for both employers and employees making this a trend that’s hard to ignore.
While researching BYOD security for February's security awareness module, I have read a lot of glib statements in the security press, a fair number of scare-stories and lots of marketing drivel from vendors desperate to steer the PR bandwagon in their general direction. Several journalists recommend “a BYOD policy”, for instance, but actually finding BYOD policy examples on the Web proved virtually impossible.
Along with the usual mind maps, developing the risk-control spectrum diagram above helped me get my thoughts in order, and provides a useful structure for one of the three seminar presententations in February's awareness module. Given that one might be forgiven for thinking of BYOD as a purely technical subject, I find it interesting that the bulk of the awareness materials focus not on IT pros but on general employees and management. The governance aspects of BYOD are particularly fascinating: without management-level understanding and support through strategies and policies on BYOD security, the IT security controls noted on the spectrum diagram are moot.