Is BYOD a step too far or too soon?

Are your Employees Defining your Business Information Risks?

Thursday 12 July 2012

BCS London Office, Southampton Street, Covent Garden


The current fashion to allow employees to use their personal devices at work (BYOD) might give some Business benefits in employee satisfaction and equipment costs but raises questions about the Business Risk.

Traditionally businesses supplying Laptops and Smartphones to employees for business use have been able to control that risk by defining the build and using appropriate technology to protect corporate information. Many of these technologies do not exist, or are not fit for business purposes in the consumer market. (e.g. Patch deployment, Malware scanning...).

Recent surveys have shown a change of focus in the malware development community towards smartphones / pads. Users are unaware of much of this malware as it has no malevolent effect on the device, it just gathers personal information, user context etc. for use by organised crime. In the BYOD scenario this includes Business information.

If employees are allowed to use their own devices:

  • Will they be prepared to accept corporate security restrictions (on their own device)?
  • Are they aware of the business risks?
  • Can they separate private from Personal Data?
  • Should employee Contracts be updated (to accept reduction in Duty of Care)?

While other groups at BCS have discussed the security and technical issues of BYOD, ELITE would like to discuss the Business and People implications for the CIO and Board. A recent Cisco survey showed “Seven out of 10 young employees frequently ignore IT policies and two-thirds said they believe their company's policies need to be modified. About 61% said corporate IT security isn't their responsibility, believing it is that of their employer or the maker of their devices."

The business needs to have a clear Business Case for BYOD and underwrite these risks at Board level. They need to be confident that risk awareness is part of the Business culture.

If the Business allows employees to use their own devices:

  • Who underwrites the risk at Board Level? (or does the buck stop with the CIO / CISO?)
  • Are employees involved in defining the Business Case (if it exists)?
  • Is risk awareness part of the Business culture?
  • Are they prepared to accept cultural change?

This ELITE event is a rare opportunity to learn from experts in the field - (from the Analyst and Consultancy community not product vendors). It will be invaluable to any IT professional who is considering or deploying BYOD, looking for help in building a business case taking account of the risk while handling the employee issues and expectations.

Rick Chandler, Event Chair

Speaker Bios
Rick Chandler (PDF)
Martin Smith (PDF)
Tim Jennings (PDF)

BYOD introduction (PDF)
Security awareness and cultural change - Martin Smith (PDF)
BYOD - Managing the business risk - Tim Jennings (PDF)
Read the notes from the meeting (PDF)