Why do we concern ourselves with securing BYOD? Is it because the device has some intrinsic value that we want to protect from getting into the wrong hands? Definitely not. As an enterprise, we probably don’t think about the extrinsic value of that device so much either – sure, it’s worth a few hundred bucks, but someone else probably purchased it anyway.
So, if it’s not the device that we’re worried about, maybe it’s the apps? Of course not – even an enterprise grade apps runs in the $10’s range at best, so no issue here.
The obvious answer is that we’re trying to secure corporate data on the device, which has orders of magnitude more value than even the highest-end tablet loaded with hundreds of costly apps.
This is really what information security has always been about. The reason we spent so much time on securing devices and networks was that they were the easiest way to secure all of the data and applications inside of our “perimeter.” Of course we no longer own the device or the network, so our perimeter now shrinks to the smallest possible unit – the data itself.
Next-generation BYOD security requirement #1: secure corporate data, not apps or devices. Focus on visibility/audit, loss/theft protection, compliance (if necessary).
This is post 2 in a 7-part series on next-generation BYOD requirements. Read the first post here: