BYOD – the CEO still wants to use their iPad
What does BYOD mean?
BYOD also known as “Bring Your Own Devices” refers to the use of personal devices for conducting work related activities.
What’s the problem?
I’ve previously argued that by attempting to secure an employee’s personal device you were creating a ‘technology tug of war’ – the security measures remove the user experience and so on.
But what if the CEO insists that they want to use their own personal device of choice as they see their counterparts doing so at trade shows and the likes?
We think that the most likely argument will be that they don’t want to carry a heavy laptop or that they want a tablet size device to take notes on, or one that fits in a suit pocket. There may also be a desire to watch movies, listen to music and play games on the personal device whilst travelling, etc.
But the main issues here is of course, security. Corporate devices can have the necessary security measures implemented to remove risk and monitor malicious activity. However, when personal devices begin to enter the corporate network a gaping hole appears in the overall security coverage of the business and cyber risk increase tenfold.
How to address the issue
The way we address the above is to provide equivalent corporate devices to address the weight/tablet issue – but with the same levels of security as the corporate desktop or laptop (in fact typically more but the user wouldn’t necessarily know). Provide a nice looking tablet style device that supports the same corporate security policies and same user experience and provide that to your CEO. If you design and build them right the CEO will have exactly the same experience using it as when in the office but they can have all the benefits of a tablet (immediate start-up, portable, touch screen, etc).
When the CEO sees their counterparts downloading corporate emails and replying on their personal iPad, Nexus, or smartphone protected only by a four digit pin, they can say ‘Have you considered the risk of you losing that device and the data it contains?’ When faced with the response ‘no, have you?’ they can reply with the memorable phrase:
‘ Yes, this has full device encryption using AES256, total data-in-transit encryption with the same, Certificate-based PKI authenticated cryptography, two-factor authentication, safe browsing via a secure web gateway, anti-virus, auto-wipe/destruct, anti-theft countermeasures, and is protectively monitored by a team of cyber security analysts 🙂 ’
The only issue you are left with is do you let the CEO watch movies and download music to that device for travelling and so on? That’s up to you and your corporate policy but we’d suggest that your CEO should take their own iPad, iPod or other such device for that purpose. Yes, that’s two devices but two devices released from the tug of war and able to deliver the user experience it was designed for.
How do you secure a corporate tablet to ensure military grade security but a standard user experience? Well, there are lots of options, too many for this article to cover. But if you’d like to find out more reach out to our team today.
Author: Duncan Wright