byod, mobile security, data loss, bring your own device, cope, corporately owned personally enabled, armor5, marissa mayer
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

To see the list of all blogs, including Scott Wright's Security Views Blog and the Streetwise Security Zone Podcast click HERE. You also can subscribe via an RSS reader, or check the "Watch This" box in the left column to receive news by email of new articles.

Watch this Blog Notify me by e-mail any time a new post is made to this blog.

Group Administrator


65% of honey sticks to date have been used in risky ways that could impact business operations. What's a Honey Stick? - Look for the link at the bottom of any article on this page for an explanation.

Streetwise Customizable Non-Trivial Security Quiz PowerPoint Deck
Product ID: 00000010

Customize your own 5 minute looping PowerPoint presentation or video loop with security awareness quiz questions. It's great for pre-meeting warm-ups as people await the beginning of a security training session. It also works ... More »

Non-Member Price: $199.00 $179.00

October 2013 Posts


  The Honey Stick Project - Measuring risk decisions
Blog Entry

Don't lose sight of the end objectives for BYOD policies

Thursday, October 31st 2013 @ 6:58 AM (not yet rated)    post viewed 6153 times

I recently did a cross-country tour with Trend Micro in which I presented a session on security policies in five Canadian cities, together with several other speakers. In that session, I emphasized that for each security policy you develop or review, businesses need to carefully identify the objective of the policy before deciding on the requirements and implementation technologies.

What are the objectives of a BYOD policy?

With the Bring Your Own Device (BYOD) issue, the policy and its business objectives are a little bit obvious, but people don't seem to spend enough time thinking about them, especially the need to balance of security and productivity. For example, if people want to use their own mobile devices for business purposes, our business objectives might be the following:

  1. To allow employees to be accessible and to access data at any time while they are away from their desks; and
  2. To allow employees to work in ways that are as convenient as possible

The business objectives should be the most important, and should generally make people more productive. Of course, the security objectives are important, but they should be in support of the business objectives; not treated as the pre-eminent priorities, in most cases.

When security objectives get ignored in policies and standards

Sometimes security policies can detract from short term productivity, causing people to ignore them. As an example, this story about Yahoo's CEO, Marissa Mayer illustrates how even C-Level executives don't have much patience for any security safeguard that makes them less productive in the short term. But in the big picture, if risks increase due to inadequate security safeguards, then long term productivity is threatened.

This is my view of things like "agile development" methodologies. Agile can make teams look more productive in the short term, but if security is compromised to get there, you may end up with big setbacks as a result of security breaches that exploited vulnerabilities that weren't addressed in the development process.

Finding a balance beteween productivity and security in BYOD

With BYOD, keeping the team productive can seem easy by allowing people to use whatever device they want. But if you don't choose the right security solution that both preserves productivity and maintains risks at an acceptable level, there will likely be undesirable consequences later on.

As an example, this blog post on Armor5's website does a great job of addressing the productivity objective that BYOD policies should be trying to address.

Where does your team draw the balance between productivity and security when it comes to your BYOD or COPE policies?




Scott Wright

The Streetwise Security Coach

Phone: 1-613-693-0997
Scott Wright on LinkedIn 

To download my FREE Security Management Resource Guide now, and to receive my series of Streetwise Security Tips, as well as my Streetwise Security News and updates click HERE.


Site Meter

 rate this post: very bad poor average good fantastic!

Copyright 2012. Security Perspectives Inc. All Rights Reserved.