What does the UK Government's new BOYD advice mean for enterprise?

October 30, 2014

As the UK Government updates its official guidance on BYOD (Bring your own device), it's time for businesses to have a long hard look to the situation in their own organisations.

All evidence suggests that BYOD is happening whether or not an employer sanctions and sets up proper policy. In spite of this, many organisations appear not to have taken action to deal with this.

As mobile device use proliferates and supports the trend towards more flexible working, it's time for enterprise to catch up.

What's remarkable is that government is often some distance behind the private sector in adopting best practice for the latest technology. However, this time, they are leading the way.

The latest BYOD guidance from CESG the National Technical Authority for Information Assurance) urges organisations to understand the relevant legal issues and potential risks and to make plans for security breaches.

The document warns: "The legal responsibility for protecting personal information is with the data controller, not the device owner."

It goes on to point out that the UK Information Commissioner's Office (ICO) can impose fines of up to half a million pounds for data security breaches.

And this is no empty threat. Last year the Royal Veterinary College was hit by a hefty fine after sensitive details about job applicants were leaked from a camera.

The new guidance recommends the use of expert Mobile Device Management (MDM) services such as those provided by the vendors that Entwrx is partnered with. Our technology helps create MDM solutions that prevent users from inadvertently handing off data to untrusted third-party apps.

The guidance says: "There are a range of technical services, such as Mobile Device Management, that can help you remotely secure, manage and support personally owned devices.

"Container applications, where data is contained within a specific application, can help to manage information flows between personal and business areas of a device."

Data can potentially be shared without the device owner's knowledge, and that mobile devices are at risk in other ways that could affect a business. Therefore, it suggests: "Plan for and rehearse incidents where a personally owned device that has access to sensitive business information is lost, stolen or compromised.

"Ensure you can revoke access to business information and services quickly and understand how you will deal with any data remaining of the device."

Kashif Khan, VP Business Development at ENTWRX, said: "We welcome this comprehensive guidance, which should be used as a benchmark for all organisations where BYOD is being used.

"We have no hesitation in reiterating suggestions that expert advice and specialist solutions such as those provided by some of our partners, Good, Globo and Excitor is essential.

"It's particularly important to note that this comes from a realistic perspective, understanding that people will find a workaround to make their lives easier. We know this, and that's why the ENTWRX suite of products are all about working with enterprise to make life better for their employees."

Image courtesy of basketman at FreeDigitalPhotos.net

Back to the ENTWRX blog