GCHQ: Government Should Be Very Careful With BYOD

The UK government should be wary of jumping into allowing workers to use their own smartphones and tablets, as the bring your own device (BYOD) trend spreads, the information assurance arm of GCHQ, CESG, has said.

Ownership of devices makes life simpler from a security perspective, but it is not a prerequisite, the body said in its guidance on end user devices.

Managing BYOD in government

“What is necessary is that the device is placed under the management authority of the enterprise for the complete duration it is permitted to access official information,” CESG wrote.

“Hence, a BYOD [bring your own device] model is possible – although not recommended for a variety of technical and non-technical reasons.

“Limitations of current technology mean that a ‘health check’ or ‘device status’ check is not sufficient to verify ‘known good’ – malware can easily subvert such a check.

“The device must be returned to an understood state such as via a firmware reinstall or wipe to factory state and any existing configuration on it replaced. It is only by taking over the enterprise management of the device that an organisation is able to ensure that information security policies are being applied.”

The GCHQ body also urged government departments to carry out pilots before full rollouts. It listed a number of operating systems in its advice, including Android 4.2, Windows Phone 8, iOS 6 and BlackBerry 10.1, hinting they are most likely to be used across government bodies.

There are numerous problems with BYOD, even if it appears to be inevitable across organisations. A recent report from Network Instruments said BYOD was the most difficult emerging trend to monitor.

There are also serious concerns about managing the extra bandwidth that employee smartphones and tablets bring.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

  • I can understand the IT people that are against BYOD. However, I don't think they can do anything to stop it. It's already happening, whether officially sanctioned or not. So the question becomes - how to deal with it?

    Does BYOD come with headaches? Of course it does. However, security issues and IT management headaches (how do I support all those devices?) can be addressed by using new HTML5 technologies that enable users to connect to applications and systems without requiring IT staff to install anything on user devices. For example, Ericom AccessNow is an HTML5 RDP client that enables remote users to securely connect from iPads, iPhones and Android devices to any RDP host, including Terminal Server and VDI virtual desktops, and run their applications and desktops in a browser. This enhances security by keeping the organization's applications and data separate from the employee's personal device.

    Since AccessNow doesn't require any software installation on the end user device – just an HTML5 browser, network connection, URL address and login details - IT staff end up with less support hassles. An employee that brings in their own device merely opens their HTML5-compatible browser and connects to the URL given them by the IT admin.

    Check out this link for more info:
    http://www.ericom.com/BYOD_Workplace.asp?URL_ID=708

    Please note that I work for Ericom

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago