Who's liable when "BYOD" goes wrong?
- With issues like the one linked here, where companies are stealing private information off personal and corporate iphones and androids predominatly. BB not so much. My question is, who's liable for the loss or theft of someone elses information? After the world has gone to "Bring Your Own Device" You can see the issues that could arise. Like if corprate info is lost or stollen from someones personal phone, could that person be fired, or worse?
When you think about it, whats the interest in bring your own device anyway? Who wants to pay for their own company device and take on the liablity?
Path discovered phoning home with your address book
| http://www.zdnet.com/blog/apple/path...;siu-containerLast edited by Dapper37; 02-16-12 at 07:10 AM.
02-16-12 07:00 AMLike 0 -
- BYOD and BYOT (bring your own technology) are both gaining a lot of traction. Whether it be corporate, educational or just plain old business, this is going to prove to be a huge issue of enormous proportions. Many of the ramifications have not even been considered yet but those who are pushing it see it as some sort of device nirvana. Can you imagine trying to maintain security on any network without knowing what's trying to connect?02-16-12 07:16 AMLike 0
- In the uk and europe any loss of data would be the resonsibility of the data holder therefore the in this case the device owner would be liable for not protecting and gaining permission for the data to be shared whether stolen or not. Europe Data protection Act.
PS an excellent reason to ensure that data whether sensitive or not is not stored in the cloud.Last edited by daveycrocket; 02-16-12 at 07:27 AM.
02-16-12 07:24 AMLike 0 - Tre LawrenceBetween RealitiesIn the USA the employee might be fired but nothing else is likely to happen to that person. Of course they could, and should argue it is IT's fault. The company might be sued depending on what information is stolen. I would think the IT security director would be on the hot seat to say the least. Of course if he/she is smart they would force upper management to state in writing that non-corporate assets are permitted to access corporate information. If I was corporate/government IT director responsible for information assets, I would not permit anything except BlackBerry phones and tablets for non-computer mobile devices unless my manager accepts responsibility. For now, other mobile phones and tabs are just not proven to be secure.
Mobile post via Tapatalk02-16-12 07:31 AMLike 0 - When you concider all the vital information on all these mobile devices nowadays, even more in the future. You can imagine this type of thing coming up! Could end up a convenient way to get rid of employees a company doesn't like. Again I wonder why people bother. Let the company pay.02-16-12 07:39 AMLike 0
-
- Tre LawrenceBetween RealitiesAs a government manager FIPS is good enough and if the device+software combo is FIPS, it is allowed. In the corporate world, federal standards are of no interest except as products to sell to government. The devices need to be proven to a higher standard than FIPS. Again, this is all based on upper management wishes, as always.
Mobile post via Tapatalk02-16-12 07:54 AMLike 0 -
BB10 bringing the app mass to BlackBerry. Sounds like the need for BYOD might fizzel out in the end.
Perhaps even swing back the other way? For security reasons of course.Last edited by Dapper37; 02-16-12 at 08:32 AM.
02-16-12 07:55 AMLike 0 -
As the employer I choose who gets the device when relevant to his/her work. It is my device to give as a representative of my agency. It is my agency's choice to support. And that is relative to the set of requirements for the agency.
What the employee likes or doesn't like is irrelevant to the job he/she has been hired to perform. Unless he/she has been hired to be a tech critic.Last edited by Qbnkelt; 02-16-12 at 08:05 AM.
sleepngbear and jelp2 like this.02-16-12 08:02 AMLike 2 -
- If someone I hire balks at the equipment I choose to give him/her as a tool to do his/her job, he/she has lost points and a certain amount of credibility.
As the employer I choose who gets the device when relevant to his/her work. It is my device to give as a representative of my agency. It is my agency's choice to support. And that is relative to the set of requirements for the agency.
What the employee likes or doesn't like is irrelevant to the job he/she has been hired to perform. Unless he/she has been hired to be a tech critic.
I'm interested on your thoughts on the original post, You seem like you have an understanding of the issues.02-16-12 08:42 AMLike 0 - Sith_ApprenticeMod Team Emeritus
FIPS applies generally to the crypto core. It actually doesnt apply to secure configurations (usually). For instance, your personally BB is FIPS validated. However it is by no means anywhere close to as secure as a BES BB device.
In this case, the responsibility falls on both the company and the individual. It is in fact an individual device. The owner of the device *IS* responsible for what happens on their device. It is no different than if illegal material is passed through your company PC. If you download illegal files, your company is responsible if its over their network. However, since YOU are the one downloading, you are also responsible. Does that make sense?
In an IT security point of view, BYOD/BYOT is a terrible idea. From a financial and management point of view it is great. It is amazing on the bottom line as you remove all device cost, replacement cost, support for devices, etc. However you are taking a shotgun to your corporate security policy and blowing holes into it.02-16-12 08:48 AMLike 3 - As hard as Dapper is hoping for a data-stealing disaster, leading to a dramatic end of the BYOD trend, and forcing companies to kneel before the altar or BlackBerry, crying and repenting and begging to be taken back, neither is likely to happen.
BYOD is just one reason, a relatively minor one at that, why BBs are being displaced from the corporate world, but most importantly: Dapper, did you even READ about the whole Path issue, or are you just trying to overdramatize a minor issue, knowing that there really isn't much to the story?
Path didn't maliciously "steal" anybody's data.. They just tried improving their app/service by implementing a feature (namely sharing with people in your addressbook) and didn't inform their users as thoroughly as some people would like. As soon as it was brought it up, they apologized and patched the app.
Now Dapper, you might keep nuclear launch codes in your addressbook, but I dont, and neither do most people I know... And finally, if a company is really worried about something like this, they can just lock down their employees iPhone, so they don't download any unauthorized app. Something they're likely to do before ending their BYOD practice. Problem solved...02-16-12 08:49 AMLike 0 -
If someone I hire balks at the equipment I choose to give him/her as a tool to do his/her job, he/she has lost points and a certain amount of credibility.
As the employer I choose who gets the device when relevant to his/her work. It is my device to give as a representative of my agency. It is my agency's choice to support. And that is relative to the set of requirements for the agency.
What the employee likes or doesn't like is irrelevant to the job he/she has been hired to perform. Unless he/she has been hired to be a tech critic.02-16-12 09:12 AMLike 0 - In an IT security point of view, BYOD/BYOT is a terrible idea. From a financial and management point of view it is great. It is amazing on the bottom line as you remove all device cost, replacement cost, support for devices, etc. However you are taking a shotgun to your corporate security policy and blowing holes into it.02-16-12 09:27 AMLike 0
- As hard as Dapper is hoping for a data-stealing disaster, leading to a dramatic end of the BYOD trend, and forcing companies to kneel before the altar or BlackBerry, crying and repenting and begging to be taken back, neither is likely to happen.
BYOD is just one reason, a relatively minor one at that, why BBs are being displaced from the corporate world, but most importantly: Dapper, did you even READ about the whole Path issue, or are you just trying to overdramatize a minor issue, knowing that there really isn't much to the story?
Path didn't maliciously "steal" anybody's data.. They just tried improving their app/service by implementing a feature (namely sharing with people in your addressbook) and didn't inform their users as thoroughly as some people would like. As soon as it was brought it up, they apologized and patched the app.
Now Dapper, you might keep nuclear launch codes in your addressbook, but I dont, and neither do most people I know... And finally, if a company is really worried about something like this, they can just lock down their employees iPhone, so they don't download any unauthorized app. Something they're likely to do before ending their BYOD practice. Problem solved...
Intent matters not one iota where there is a breach in security such as one might find if internal numbers are taken from a device and shared with app developers or users who do not have a need to know.
As far as the Dapper, no, he does not have any nuclear codes, I'm sure. But step back a bit, if you can manage an intellectual exercise, to see that the possibility of having internal numbers leaked would be catastrophic for secure agencies.
As far as locking down the iPhone, that is precisely what is needed. And then you have an iPhone that cannot load apps from the App Store, which cannot upload information to the cloud, that cannot sync with iTunes depending on the security requirements of the organisation.
How popular do you think that iPhone would be, do you think, when the owner of the BYOD comes in and learns that they are not authorised Angry Birds?Last edited by Qbnkelt; 02-16-12 at 09:43 AM.
kbz1960 likes this.02-16-12 09:38 AMLike 1 - I really don't think that you, and the other resident "security experts" at Crackberry gives as much credit to corporate Americas CIO's as they deserve...
They would have reviewed the potential pitfalls and beenefits of a change to a BYOD policy, if necessary implemented different security levels for different users, and concluded that the change was worth it, before they proceeded.02-16-12 09:47 AMLike 0 - As far as locking down the iPhone, that is precisely what is needed. And then you have an iPhone that cannot load apps from the App Store, which cannot upload information to the cloud, that cannot sync with iTunes depending on the security requirements of the organisation.02-16-12 09:51 AMLike 0
- Less so, probably. But as you indicated earlier (where you indicated if you were choosing employees would use whatever you ordered), individual employee satisfaction isn't all that high on your personal list.02-16-12 09:59 AMLike 0
- I really don't think that you, and the other resident "security experts" at Crackberry gives as much credit to corporate Americas CIO's as they deserve...
They would have reviewed the potential pitfalls and beenefits of a change to a BYOD policy, if necessary implemented different security levels for different users, and concluded that the change was worth it, before they proceeded.
Undeniably there are different levels of security. The highest levels does not rely in trust, they rely in protection against threat.02-16-12 10:04 AMLike 0 -
Cold? Yup. Hard nosed? Yup. B1tchy? Yup. My personal opinions have nothing to do with my employees. I deal with everyone who works for me on a professional level.
And that is the reality of an IT and contracts manager in a secure agency. Other division managers have other responsibilities.02-16-12 10:08 AMLike 0 - I really don't think that you, and the other resident "security experts" at Crackberry gives as much credit to corporate Americas CIO's as they deserve...
They would have reviewed the potential pitfalls and beenefits of a change to a BYOD policy, if necessary implemented different security levels for different users, and concluded that the change was worth it, before they proceeded.
I have employees who lose their pass card once a week, but want me to load up their credentials on their new devices. Staff who do not believe they should report a lost/stolen passcard until they need access. Staff who want their work address printed on their access cards. BYOD? Not at this company, we have over 250,000 BBs in use. BOYD is a result of financial pressures, and not security measures.02-16-12 10:13 AMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Who's liable when "BYOD" goes wrong?
« Apple and Samsung displace RIM from UK first place
|
A discussion about Kevin's USA relations thread »
LINK TO POST COPIED TO CLIPBOARD