The UK government should be wary of jumping into allowing workers to use their own smartphones and tablets, as the bring your own device (BYOD) trend spreads, the information assurance arm of GCHQ, CESG, has said.
Ownership of devices makes life simpler from a security perspective, but it is not a prerequisite, the body said in its guidance on end user devices.
“What is necessary is that the device is placed under the management authority of the enterprise for the complete duration it is permitted to access official information,” CESG wrote.
“Hence, a BYOD [bring your own device] model is possible – although not recommended for a variety of technical and non-technical reasons.
“Limitations of current technology mean that a ‘health check’ or ‘device status’ check is not sufficient to verify ‘known good’ – malware can easily subvert such a check.
“The device must be returned to an understood state such as via a firmware reinstall or wipe to factory state and any existing configuration on it replaced. It is only by taking over the enterprise management of the device that an organisation is able to ensure that information security policies are being applied.”
The GCHQ body also urged government departments to carry out pilots before full rollouts. It listed a number of operating systems in its advice, including Android 4.2, Windows Phone 8, iOS 6 and BlackBerry 10.1, hinting they are most likely to be used across government bodies.
There are numerous problems with BYOD, even if it appears to be inevitable across organisations. A recent report from Network Instruments said BYOD was the most difficult emerging trend to monitor.
There are also serious concerns about managing the extra bandwidth that employee smartphones and tablets bring.
Are you a security pro? Try our quiz!
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
View Comments
I can understand the IT people that are against BYOD. However, I don't think they can do anything to stop it. It's already happening, whether officially sanctioned or not. So the question becomes - how to deal with it?
Does BYOD come with headaches? Of course it does. However, security issues and IT management headaches (how do I support all those devices?) can be addressed by using new HTML5 technologies that enable users to connect to applications and systems without requiring IT staff to install anything on user devices. For example, Ericom AccessNow is an HTML5 RDP client that enables remote users to securely connect from iPads, iPhones and Android devices to any RDP host, including Terminal Server and VDI virtual desktops, and run their applications and desktops in a browser. This enhances security by keeping the organization's applications and data separate from the employee's personal device.
Since AccessNow doesn't require any software installation on the end user device – just an HTML5 browser, network connection, URL address and login details - IT staff end up with less support hassles. An employee that brings in their own device merely opens their HTML5-compatible browser and connects to the URL given them by the IT admin.
Check out this link for more info:
http://www.ericom.com/BYOD_Workplace.asp?URL_ID=708
Please note that I work for Ericom