Categories
Presentations

BYOD: What’s the Difference?

I’ve done a couple of presentations this week, comparing the risks and benefits of Bring Your Own Device (BYOD) with those that research and education organisations already accept in the ways we use organisation-managed mobile devices. As the title of my talk in Dundee asked, “BYOD: What’s the Difference” Nowadays, most of the significant risks […]

Categories
Articles

BYOD: Government Guidance

I had been planning to write up a summary of my thoughts on Bring Your Own Device, but I’m pleased to discover that the UK Government has pretty much done it for me. Their draft guidance, just published for comment, suggests an approach along the following lines: Start by reviewing which information should not be […]

Categories
Articles

BYO by Design

The recent invention of the phrase “Bring Your Own Device” seems to have got educational organisations agonising about something we’ve been doing routinely, indeed relying on, for at least 15 years. Whenever you send a member of staff home with some work to do but no laptop to do it on, or provide a webmail […]

Categories
Presentations

BYOD: Doing it Better

I reckon the education sector accepted user-owned devices (now known as Bring Your Own Device) at least fifteen years ago, the moment we provided remote access and encouraged staff and students to work outside the office. My talk at the Janet/Jisc services day in London therefore looked at how we can do it better, suggesting […]

Categories
Presentations

BYOD: Doing Security Together

Presenting at the Jisc’s Safer Internet Day event got me thinking a bit more about the shared interests between owners and organisations in a BYOD scheme, and the opportunity that might present. For many years I’ve liked the idea of helping users be safe in their personal Internet lives (where motivation should be a matter […]

Categories
Articles

From mobile device policy to BYOD

I’ve had a few discussions recently where people talked about the ‘new risk’ of Bring Your Own Device (BYOD), but then mentioned risks – loss/theft of device, use in public place, etc. – that already exist on organisation-managed mobile devices. Turning that around, it struck me that one way to develop a BYOD policy might […]

Categories
Articles

BYOD: About the Owners, not the Devices

The UCISA Networking Group’s conference BYOD: Responding to the Challenge looked at new developments in an area that has actually been an important part of Higher Education for at least fifteen years. Student residences have offered network sockets since the 1990s and staff have been using family PCs for out of hours work for at […]

Categories
Articles

ICO Guide to BYOD

The Information Commissioner has published helpful new guidance on how organisations can support the use of personally-owned devices for work, commonly known as Bring Your Own Device (BYOD). This appears to have been prompted by a survey suggesting that nearly half of employees use their own devices for work, but more than two thirds of […]

Categories
Articles

ENISA Guide to Risk Mitigation for BYOD

ENISA have published a useful set of controls and best practices for managing the risks in a Bring Your Own Device (BYOD) program. They identify three groups of controls Governance Legal, Regulatory and HR Technical (Device, Application, User and Data) Throughout, the focus is on the owners, not the devices, which seems right. If the […]

Categories
Articles

Understanding Threats to Mobile Computing

An interesting talk by Ken van Wyk on threats to mobile devices at the FIRST/TF-CSIRT meeting last week. While it’s tempting to treat smartphones just as small-screen laptops (let’s face it, users do!) there are significant differences in the threats to which the two types of devices are exposed. These need to be recognised in […]