Saturday, March 15, 2014

BYOD risks and minefields

I read the article in CIO Think_Deleted_Text_Messages_Are_Gone_Forever_Think_Again and the discussion that rumbles on about BYOD.

Firstly, a bit surprising the article suggests a "wow" factor associated with recovering deleted text messages. I would have thought it was common knowledge by now in business, generally, and particularly at CIO level.

Secondly, the notion and practice of companies getting employees to use their own devices (BYOD) to access company networks and company information seems to be an open invitation to allow a security breach (intentional or by accident) to happen. The corporate body and individual (at senior level) duty of care place encumbent obligations on both to conduct risk assessments, identify company assets, control dissemenation of company information in order to protect. It might be there are legal risks for companies demanding access to employees phones to go through their personal data.

There appears no persuasive technical/technological evidence to support BYOD propagation on the basis without it a company could not operate. Moreover, why require BYOD policies, practices and procedures that in essence generate further and continuing costs to maintain them anyway whereas in-house company devices (properly controlled) also means retention of company assets, devices have an asset value, depreciation allows for write down and tax relief etc.

BTW the points about assets and finance came from a specialist corporate accountant in this area where as accounting is not my forte. Mind you, brain surgery is not my forte either as I could not get any practice in the subject matter due to the patients; there was a shortage of volunteers.

No comments: