18 Apr 2013

What happened on 15th April, BYOD: A Faustian Pact?

Together with our event partners, ICT KTN, we held another Mobile Monday London event on Monday 15th April at our usual venue, the CBI Conference Centre.

The event was chaired by David Rogers, of Copper Horse who was joined by a great panel of experts representing a wide range of views on security, standardisation, usability and functionality provided by BYOD concepts in corporate environments.

Joining him on the panel: 

Caroline Maloney from Telefonica
Charles Brookson of Azenby and Chair of GSMA Security Group
Gemma Coles from Mubaloo

Left to right - David, Gemma, David, Caroline & Charles
Huge thanks not only to the panellists and chair but also to our volunteers for helping with the smooth running of the night ... and in particular to Manfred Bortenschlager, who was kind enough to write this piece to summarise some of the themes and to Tes MacPherson who took the photos.

A link to the podcast of the event and some useful follow-up links follow Manfred's summary.

When David posed the event’s headline as a question to the panel “BYOD – is it a Faustian pact?” Charles immediately responded “well, it certainly is a pact with the devil: for all the opportunities of bringing your new, shiny devices come a lot of security risks.” So, security was a topic largely discussed between the panellists and the audience. How can you make sure that confidential data does not leave the company or is compromised? Solutions like locking down of device capabilities like Bluetooth, the camera or tethering were discussed. People, of course, always find ways to circumvent such restrictions.

A further emerging topic was company policies and their ineffectiveness. An interesting analogy was drawn to the ineffectiveness of company policies of prohibiting special websites versus configuring firewalls accordingly. One of the conclusions suggested by panellists was to accept that BYOD is happening and to try to understand its implications and embrace it. An important aspect of embracing is probably employee education and improving social engineering awareness.

This was also underlined with the new generation of “Digital Natives” who do not necessarily make a distinction between a “work” device and a “private” device. Those types might just converge. This trend may lead to a new view on employment in more general way: work when, where and how the tasks require it.

Another topic of discussion was how employees who BYOD can be protected better and how a balanced work-life relation can be guaranteed nevertheless. BYOD could be deployed in combination with a company services policy that would, e.g., switch off email delivery during out-of-office hours.

Lots of debating over beers!
On the actual software development side of things it was criticised that many mobile Operating Systems or platforms do not focus enough on educating developers in the necessity of deploying security mechanism effectively. In other words, developers are not encouraged specifically to pay enough attention to security in mobile app development. On the contrary, in many cases it seems that developers need to overcome cumbersome barriers like insufficient support for security protocols.

Usability was another topic discussed. Many users do not know what certain things on a mobile device actually mean and what the consequences of allowing or switching a particular function or service on or off could mean. A half-solution could be to have a clear separation between corporate and private and thus allow having two (or more) devices. Dual SIM, embedded SIM or even Soft-SIM solutions, which could allow downloadable and switchable profiles, could add an interesting dimension to the BYOD and corporate versus private use discussion.

The verdict:

The benefits of BYOD are cost advantages, increase in productivity, flexibility, convenience, employee engagement, or simply exploiting new possibilities. On the other hand, there are still many unanswered questions as to the security risks, usability and impact on work-life balance.

It is probably fair to say that we are in the middle of an unstoppable development where the boundaries between work and life, corporate and private get more and more blurry and for the upcoming Digital Natives it is the modus operandi anyway. So, we might as well just embrace it, too.

Thanks Manfred!

Mark Bridge at The Fonecast made a recording of the proceedings, which is followed by an interview with chair, David Rogers.

Links that we have been sent by participants ...

From David Rogers, Copper Horse, our chair: 

The most dangerous code in the world: validating SSL certificates in non-browser software

From Becky Hayman of Tigerspike:

Frank (left), engaging with the panel as people arrive
From Frank Domoney of BYOD Toolkit:

Achieving the Productivity Gains of BYOD without compromising security  
* Anyone can have a copy of our list of stakeholders in Legal Firms by clicking on the button on the website, and Mobile Monday Attendees can at the same time request a copy of a BYOD Model Policy. We are in the process of reviewing and updating the Policy in the light of emerging and evolving technology but people won’t go far wrong with the Mk1 version - upon request at this BYOD Toolkit page.