For all the sophistication and power of the modern cell phone or tablet, people think of them more or less like pens: You can use the generic ballpoints they have at the office, or you can bring the one you like from home. That's a consequence of high technology becoming pervasive. People use technology widely, and they might prefer what they use on their own time.
Pens, of course, can't access corporate networks (yet). But cell phones and tablets represent powerful computing devices; people might even be able to get more done using their personal devices for work. That's given rise to the BYOD (bring your own device) phenomenon. Just five [almost] years ago, in January 2008, only 10 percent of U.S. companies responding to an Aberdeen survey said they allowed workers to use their home devices. In July 2012, that jumped to more than 80 percent of U.S. respondents. The same trend exists outside the U.S., though fewer companies elsewhere allow BYOD, with companies in the Asia-Pacific region most resistant.
Companies mostly allow BYOD for mobile phones and tablets, aiming to get the productivity benefits of mobile technology without having to shell out a lot of money for corporate cell phones. Notebook computers still tend to be provisioned by corporations.
One looming problem with BYOD: Just because workers have smart phones does not mean they'll be smart about security.
"I have no trouble with people bringing their own machines to work if, and only if, they are competent to run them," Dan Geer, a security researcher and chief information security officer at In-Q-Tel, the CIA's venture capital arm, said in an email. "If they are mere subscribers with a penchant for shiny things, then keep them out of the network."
The trouble is, when the worker who likes shiny things is the CEO, and wants to use his or her new iPad to run business intelligence dashboards, it creates real pressure on a CISO to respond. Common sense would say, "of course, the CISO will do the right thing and preserve the security of the network." Common sense would be sadly disappointed.
"When I started here a year ago, we had execs with an iPhones or iPads and they'd bring it in and hook it up and walk around with it," says Ben Haines, CIO at Pabst Brewing Co. in Los Angeles. Haines said that when he pointed out the risks inherent in walking around with insecure connections, the executives immediately understood the issues. Haines set up a mobile device management policy and found a provider to handle it (MaaS 360 from Fiberlink), and in two weeks it was up and running.
Sign up for CIO Asia eNewsletters.