Every one of your users has a computer at home, maybe a laptop, definitely a phone, and likes to log in from someone else's computer from time to time. They're carrying your data around, but often not your security policy. You know how hard it is to match policy form device to device, location to location. If only it were …
It's another one of them
works in theory, but in the REALLY WORLD is totally impossible to implement effectively.
Only one possible solution
Boot from your own USB storage device. Even then, you are trusting the BIOS is OK and that there are no hardware key loggers.
Why do many of the Reg headlines and sub headlines have a nautical theme today?
We need answers.
Arrgh, me hearties, 'tis Talk like a Pirate day!
BYOD - problems with security, accessibility, compatibility, disgruntled employees (you want me to pay for the item that I need to do my job properly? Are you kidding me?), etc.
Of course it's cost-saving. But you could just use methods that everyone else has for decades and supply your employees with the proper tools to do the job.
I wouldn't touch it with a bargepole as an employee or an employer. You have no idea where your data ends up (don't tell me you track it, because you can't), you have no idea what's stored on your employees devices when they leave, you have no right to demand search/seizure of that hardware if they run off with your data, you have no way to control what they bring in with them, you are liable if they break it while in the course of their work ("Hey, I need a new iPad... I know... I'll take it into work and claim on their insurance!"), you are liable if it blows up and injures someone else who works there (think Dell laptop batteries, etc.), you are liable if it's stolen, you are liable if it breaks the network. Additionally your employees might think it "cool" to access on their smartphone, until it interferes with their work, until they are MADE to use it because they've proved they can use it even if it's not the best tool for the job (i.e. "I couldn't read my email because the desktop PC broke" - "So, what about your phone that we KNOW works because you used it to get your email last year?"), until their normal tools suffer (or even disappear) for the sake of "allowing" them to bring in their own devices, until they realise they are footing the bill for something they use mainly at work and for work purposes (and work out the taxation on that when it's part-personal, part-business).
BYOD is just a nightmare from every angle. There's nothing wrong with being able to plug in any device you like and doing business (that's just sensible standards-compliance). There is something wrong with "approving" the use of devices that you have zero control or ownership over.
Not even a policeman can make me delete a photo or other data from my personal phone without formal confiscations and court orders. What makes you think that's a sensible path to follow with company data?
BYOD is just a management fad that nobody thought through. Literally pie-in-the-sky. What next? Bring your own desk? Just as stupid and just as many pitfalls.
Amen to that brother!
BYOD needn't mean the employee paying for the device (although then you might call it Choose Your Own Device) and even where it would it needn't be compulsory - I do not know anywhere where it is.
As for the security side of things, well, that's something to manage but it isn't very difficult. If you use application virtualisation (Citrix or similar) you don't transfer any data to the device so you have as much control over that as you ever did (almost zero in most cases as anyone with any access to anything can export it and email it elsewhere - many business just wouldn't function is this was prevented.)
I'd hate to be sat in IT going "No, you can't have that" to everyone - we have the tools to make this possible and so if people want it and are made aware of the risks where there are risks then why not have a go at getting it done?
If one was serious about security email as it is currently implemented would be the very first thing to go - it's a nightmare of convenience and pragmatism - but I doubt it would go down very well with many organisations if anyone tried to prevent its use.
An already been thought of and implemented idea...
Tele-commuting --- Use your own desk, effectively co-locate company data so theres more vulnerabilities...
If you use application virtualisation, you're working rather high up the OSI model.,, Next silly idea? Ideally ones without frequent vulnerabilities/glitches etc?
You transfer the same amount of data at the network level, which in most environments could be easily sniffed and decoded/intercepted and injected.