Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

Solving the BYOD Puzzle by Controlling Data and Devices

A Security Magazine Online Exclusive

Smartphone Image for BYOD
February 1, 2013
Smartphone Image for BYOD
BYOD trends are sweeping the nation; How is your company handling them?

Eighty-eight percent of IT professionals report that Bring Your Own Device movement (BYOD) is here to stay, whether their companies had a sanctioned policy or not, according to a 2012 survey from MokaFive.

So how do you manage a movement that’s going to infiltrate the organization no matter what? You can start by examining what role BYOD plays in your enterprise, says Larry Whiteside, Jr., CISO and Director of Information Security, Risk & Compliance, and Director of Enterprise Operations at Spectrum Health.

“In the healthcare industry, our physicians and clinical facilities drive the business,” Whiteside tells Security magazine. “We’re always seeking ways for them to be as efficient as possible – finding the best possible ways for doctors to get their jobs done – which drives us toward technology.

“The reality is,” he adds, “Virtual workplaces are more prevalent now – the iPad craze exacerbated the situation. Our physicians want to use their personal devices to access charts, patient records and corporate emails, and we have to devise a strategy that addresses those risks.”

However, allowing BYOD doesn’t mean shelling out enough funds to buy every employee a company-issued cell phone.

LivingSocial, a deal-of-the-day website with more than 70 million members worldwide, has roughly 2,200 employees in the U.S. – 1,000 of which are salespeople that work at home or in mobile offices. For those employees, the policy is straightforward BYOD, says Rinaldi Rampen, Director of Security & Risk at LivingSocial.

“It’s user-friendly but challenging from a security standpoint,” Rampen says. “The huge majority of our employees work with iPhones and iPads, and Apple’s cloud (iCloud) has built-in protections. We keep looking at different enterprise solutions, but we haven’t found anything out there yet that’s worth the money.” Outfitting each device with one of the enterprise BYOD solutions on the market would cost $50-80 per device, he adds.

“BYOD is dictated by executives,” says Rampen. “Your boss will walk into the office with a new iPad Mini and say ‘Tell me how I can use it – Figure out how to make it work,’ and that’s just what we have to do.”

“Security used to be the ‘Office of No,’” says Whiteside. “We would tell people what they can’t do and why not. But now, the CSO and CISO are more aligned with the business goals, and we measure key performance and risk indicators for our enterprise.” This new focus, he says, forces security professionals to address the wants and needs of the company’s key players as more of a priority in order to help them increase their efficiency and job satisfaction.

Solutions for the BYOD Puzzle

According to the MokaFive survey, one-third of respondents reported that their companies have no BYOD policy in place, and 10 percent after that admitted that they did not know if they were operating under a BYOD policy or not. Eleven percent of respondents stated that while their companies do not allow BYOD, they use their personal computing devices anyway. This shows that employees are opening more and more doors to valuable data, and the lack of permission doesn’t seem to be abating the flood of devices into the workplace. So how can CSOs and CISOs stem the tide of information?

Within the Spectrum Health system, employees using their own devices are allowed access to data for presentation only, not downloading, Whiteside says. “Employees can virtually access data through the network, but nothing is downloaded or stored on personal devices.” That way, if a device is lost, the employee reports the missing device and that user’s token and password is killed in the network, ensuring that access to the data is shut down.

For Ward Spangenberg, former director of information security at Pearl.com and newly hired senior vice president of Development and Operations at Attensity, BYOD is evaluated on a case-by-case basis.

“You have to have a business purpose for each device,” he says. “All devices work as a one-off – Does everyone really need email access on their phone?” These questions are necessary, Spangenberg says, in order to close as many entry points for data loss as possible.

But in an enterprise where everyone is working on their own devices, Rampen can’t close all of the entry points, so he has to prioritize which risks are the most dangerous.

“In the end, devices are just conduits to data,” he says. “Maybe, in your organization, email isn’t all that important. Maybe it’s everything. You have to understand where your critical data sets are being kept, and you can work protection out from there.” These data sets will be different for every organization, so no two BYOD policies can be exactly the same.

Rampen works with the CISO Executive Network to discuss the latest trends, what has worked and what doesn’t – “From a client perspective, people are willing to share their experiences, especially on BYOD,” he says. “It’s such a new movement, and a lot of the kinks are still being worked out.”

He notes that it’s important to have a working committee to manage and update BYOD policy. Those committees should include representatives from IT, Legal, HR and Security departments, Rampen adds.

At Pearl.com, Spangenberg recommends – especially when issuing company devices – that BYOD devices are scanned and verified whenever they connect to the network, and that any “jailbroken” or suspicious devices are isolated and addressed.

“You have to have a goal for your BYOD policy,” says Whiteside. “Develop that goal at a corporate level with your business partners and liaisons, then go back to create a policy that reaches that goal. Ensure that you won’t have to uproot and change your system because you lost track of the end game.”

“Information Security is now responsible for managing information security across the whole organization, not just managing technology,” Whiteside adds.

Like Rampen says, the technology is just the conduit to the real asset worth protecting – the data. 

KEYWORDS: Bring Your Own Device (BYOD) cyber policy mobile device security mobile workforce

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • The Cyber 101 Discussion

    Phishing Education & Training: A Small Piece to Solving a Complex Puzzle

    See More
  • Generic Image for Cyber Security

    BYOD Users Expected to Double by 2014

    See More
  • Innovations

    Leaves Zero Data on Employee Devices

    See More

Related Products

See More Products
  • 1119490936.jpg

    Solving Cyber Risk: Protecting Your Company and Society

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing