The Security Scrutinizer with Howard Anderson

Addressing the BYOD Trend

Ensuring the Security of Personally-Owned Mobile Devices

You may be tempted to ignore - or even block - the BYOD trend. But that would be short-sighted.

See Also: How Tri-Counties Regional Center Secures Sensitive Files and Maintains HIPAA Compliance

It's time to acknowledge that "bring your own device" is a trend that isn't going to go away. As more members of your workforce acquire the latest and greatest tablets and smart phones, they'll increasingly demand the ability to use personally-owned devices for some business purposes.

If your 2012 plans don't include addressing the BYOD phenomenon, it's time to add to your to-do list. 

And as more organizations conclude that accommodating BYOD can slash their costs for acquiring and maintaining mobile technology, they'll come up with policies for addressing the security issues involved (see: BYOD: How to Minimize Risk).

Certainly, accommodating personally-owned tablets, smart phones and other mobile devices brings risks. The devices are easily lost, which can make any data stored on them vulnerable. And unless organizations make a concerted effort to ensure security controls, such as encryption and remote-wipe capability, are in place on these devices, they could be much riskier to use than corporate-owned devices, which routinely have security controls installed.

Some experts, including Roger Baker, CIO at the U.S. Department of Veterans Affairs, argue that the security issues involved when allowing personally owned devices are largely legal, rather than technical. For example, the VA is devising a legal agreement for those using personally-owned devices that gives the agency the right to wipe any VA information off the device and ensures the VA has access to the device when needed.

But the VA, and many others, also are turning to technology to deal with security issues. For example, the VA is investing in a more robust mobile device manager application to monitor the devices and enforce policies.

I believe many organizations, at least at first, will attempt to prohibit storage of sensitive information on personally-owned devices. That may be the most powerful way to mitigate risks. But will it prove practical and enforceable? We'll have to wait and see.

If your 2012 plans don't include addressing the BYOD phenomenon, it's time to add to your to-do list.



About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.