Categories: SecurityWorkspace

CESG Issues Updated Guidance For Government BYOD Deployments

The Communications and Electronic Security Group (CESG) has issued updated guidance for public sector organisations wanting to implement a Bring Your Own Device (BYOD) strategy.

The guidance says that although BYOD can bring many benefits to an organisation, a number of management, legal and security issues must be considered to minimise the potential risk of employees bringing personal devices into the workplace.

“With the rapid increase in the use of mobile devices and the growth of remote and flexible working staff now expect to use their own laptops, phones and tablets to conduct business,” says the CESG.

“This guidance is for organisations considering a ‘Bring Your Own Device’ (BYOD) approach, and describes the key security aspects to consider in order to maximise the business benefits of BYOD whilst minimising the risks.”

Security measures

One of the main concerns is that personally owned devices could lead to sensitive information being leaked.

The CESG recommends the use of Mobile Device Management (MDM) or container software to control the flow of information, so only authorised devices can access corporate data and services and ensures that lost devices can be remotely wiped or access revoked if an employee leaves the company.

The guidance warns that overly-restrictive policies that reduce the functionality of a corporately-owned device could encourage employees to find workarounds that increase the security risk, something that can be helped by the use of MDM and containers which separate work and personal data and apps.

Organisations should carry out regular audits of what information is stored on what device with the recommendation being that as little data as possible is stored locally. In any case, there should be regular rehearsals for security incidents so administrators are well-versed in the protocols for mitigating the impact of a lost device or malware.

Educating Whitehall

But technical solutions only form part of the CESG’s recommendations, with the group stressing that employees should be trained and educated about BYOD.

People are more likely to lend their personal device to a family member or provide credentials to a third party, such as a repair shop, for their mobile device – something which would be unfathomable for their work laptop or PC – increasing the risk. Additionally, personal devices are more likely to be infected by malware and have automatic cloud backups enabled, further increasing the likelihood of a breach.

Public sector organisations are also warned of their obligations for protecting personal information and the guidance suggests data controllers are familiar with the Information Commissioner’s Office (ICO) BYOD guidance, the data protection act and the employment practices code, which guarantees employees a degree of privacy in the workplace.

The CESG has previously been fairly unenthusiastic about the prospect of government workers using their own devices stating that although BYOD is technically possible it is not recommended. However the group has approved a number of MDM solutions suitable for the public sector, including Samsung Knox.

Are you a security pro? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago