Categories: SecurityWorkspace

CESG Issues Updated Guidance For Government BYOD Deployments

The Communications and Electronic Security Group (CESG) has issued updated guidance for public sector organisations wanting to implement a Bring Your Own Device (BYOD) strategy.

The guidance says that although BYOD can bring many benefits to an organisation, a number of management, legal and security issues must be considered to minimise the potential risk of employees bringing personal devices into the workplace.

“With the rapid increase in the use of mobile devices and the growth of remote and flexible working staff now expect to use their own laptops, phones and tablets to conduct business,” says the CESG.

“This guidance is for organisations considering a ‘Bring Your Own Device’ (BYOD) approach, and describes the key security aspects to consider in order to maximise the business benefits of BYOD whilst minimising the risks.”

Security measures

One of the main concerns is that personally owned devices could lead to sensitive information being leaked.

The CESG recommends the use of Mobile Device Management (MDM) or container software to control the flow of information, so only authorised devices can access corporate data and services and ensures that lost devices can be remotely wiped or access revoked if an employee leaves the company.

The guidance warns that overly-restrictive policies that reduce the functionality of a corporately-owned device could encourage employees to find workarounds that increase the security risk, something that can be helped by the use of MDM and containers which separate work and personal data and apps.

Organisations should carry out regular audits of what information is stored on what device with the recommendation being that as little data as possible is stored locally. In any case, there should be regular rehearsals for security incidents so administrators are well-versed in the protocols for mitigating the impact of a lost device or malware.

Educating Whitehall

But technical solutions only form part of the CESG’s recommendations, with the group stressing that employees should be trained and educated about BYOD.

People are more likely to lend their personal device to a family member or provide credentials to a third party, such as a repair shop, for their mobile device – something which would be unfathomable for their work laptop or PC – increasing the risk. Additionally, personal devices are more likely to be infected by malware and have automatic cloud backups enabled, further increasing the likelihood of a breach.

Public sector organisations are also warned of their obligations for protecting personal information and the guidance suggests data controllers are familiar with the Information Commissioner’s Office (ICO) BYOD guidance, the data protection act and the employment practices code, which guarantees employees a degree of privacy in the workplace.

The CESG has previously been fairly unenthusiastic about the prospect of government workers using their own devices stating that although BYOD is technically possible it is not recommended. However the group has approved a number of MDM solutions suitable for the public sector, including Samsung Knox.

Are you a security pro? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago