A - The organization does not control the device, so they have a harder time ensuring that the data which is important to them does not end up in other locations (unapproved destinations).

B - People lose mobile devices all the time (just as true of company devices as of personal ones, if not more so). Without robust tools for managing the devices and/or the data on the devices, a lost device means that corporate data can be exposed.

C - Because a personal device will have other apps on it, and those apps might be malicious or might just interact with the corporate one in ways that facilitate undesirable interactions from the business perspective.

D - Personal devices provide all sorts of access to foreign networks (the employee's and the internet). This presents a much larger attack vector for someone looking to get into your organization.

E - If an employee leaves an organization, you might forget that they're carrying a lot of data with them, and you might not have made any useful provisions for ensuring that they aren't.

In short, the plethora of mobile devices today provide an every growing number of ways for employees to move corporate data outside the "perimeter", and open the corporate network to access from a variety of locations -- all the while, forming a bridge to other, untrusted networks.

And, most of these devices provide feeble native tools for managing this situation, if they provide anything at all.

Mind you, all of these risks are not necessarily unique to mobile computing, but they do compound the issue greatly.

And, lest anyone think I am suggesting otherwise, they are manageable and can be mitigated for those organizations that have the foresight to do so.

-ASB: http://XeeMe.com/AndrewBaker

Patricia Bramhall

President/CEO, Tydak Consulting Services LLC

Posted on Feb. 3, 2012

Hello Catherine,

BYOD, or Bring Your Own Device is becoming more and more common in the workplace thanks to smartphones and netpads. We work with our clients to develop both policy and security around these technologies. Telling your staff that they are not allowed on the network with personal devices is a loosing battle. Better to get out in front of it and set policies. The first is security, each device must be password protected. Many iPad users do not set the device password and have access to corporate email available and unsecured. The second most important policy is to ask each person to sign an agreement that allows the company to remotely wipe their device if you suspect a breach or non-compliance with coroprate standards. This is especialy important if they lose their device.

There are technologies available to keep unknown devices off your network and prevent your employees from accessing email. Again, for our clients, its more effective to embrace it and set policies and procedures as you would for any remote access or other hardware device.

Best of luck. The technology continues to provide challenges for us all.