Members of the UK Council for Electronic Business focus on Secure Collaboration and seek to understand and ‘position’ the evolution of Bring Your Own Device (BYOD) for their organisations. A Mobile Computing Vision paper from the MOD makes reference to BYOD, and here UKCeB members Jez Nash and Andrew Rix of HP present MOD DCB an overview with a defence focus.
Bring Your Own Device (BYOD) is the use of a personal device in the work environment, and particularly its use to access the enterprise. The concept becomes blurred when personal devices are used for work-related tasks but do not form part of the enterprise. Consumers of technology have become increasingly reliant on mobile devices to assist them in their daily lives and are seeking to introduce their ‘highly connected’ state into their working lives. The challenge of maintaining security when creating access for personal devices is now being addressed by commercial organisations as the consequence of not doing so is a dilution of a company’s ability to maintain control over its information.
The increasing level of personal interaction with ever-present mobile devices is only set to continue with the proliferation of context-aware applications and the expanding range of device types and form factors. The inconvenience of carrying and managing multiple devices of a similar type will enhance the desire of employees to converge work and personal devices. This is evidenced in the commercial world by more and more companies now choosing to support BYOD at some level. BYOD implementations within the commercial sector vary from the basic use of personal phones through to full integration of a suite of devices with wide-ranging access to the enterprise. The latter has been made possible through the evolving technologies of virtualisation and multi-tiered security, which enable personal and work activities to be compartmentalised on a single device. Such technologies, together with the development of Enterprise Mobile Management capabilities, enable appropriate levels of device governance, while affording access to enterprise commodities such as office automation tools, collaborative working environments and business applications.
So is it possible to introduce BYOD within defence? The answer is yes, but the route for doing so is likely to be progressive, starting with Choose Your Own Device (CYOD). This is where the enterprise supports a limited device selection (potentially on a single mobile operating system). This would enable a degree of convergence by offering controlled access to a range of enterprise services.
Both user experience and choice could be expanded over time by extending the operating systems and range of devices supported. The transition from CYOD to BYOD would probably depend upon a risk balance decision that considers the business and operational drivers against and the appetite to embrace advances in technology that could mitigate the perceived security risks with allowing a device of unknown provenance (and potentially limited end point security) to connect to the enterprise. The MOD also recognises there are non-technical considerations to factor in, such as Duty of Care and Health and Safety matters. The accompanying diagram presents an illustrative MOD perspective.
To participate in activities relating to Secure Collaboration across Team Defence, including BYOD, contact the UKCeB at www.ukceb.org