Infosec: The UK Drops FUD Bombs On BYOD
The UK is afraid of BYOD, whilst others plough ahead. But it needn’t be this way, says Tom Brewster
The UK, once a behemoth of technological prowess, is lagging behind many nations in various areas of IT. Just look at the delays to 4G, the weak uptake of fibre broadband in rural areas, the government’s painfully slow adoption open standards or interesting, new technology. Needless to say, the UK public sector, whether because of a lack of understanding, political inertia or regulatory constrictions, isn’t exactly a bastion of IT innovation.
In the private sector, Britain is no longer so great. Where’s our Mark Zuckerburg? Where’s our Apple? Now Autonomy is under the control of HP, there are few major British IT companies.
There have been signs of change, of course. Note the G-Cloud – one of the first governmental cloud marketplaces in the world. Tech City is buzzing with activity, as industry giants like Google and Facebook settle in to foster UK tech talent. Companies like ARM still fly the British flag across the world too, proving innovation is alive on these shores.
Yet on one of the biggest trends, BYOD (Bring Your Own Device), the UK is moving about as fast as a snail on sleeping pills. At the same time, it’s acting like a scared kitten, afraid of reaping the manifold benefits BYOD can bring, from user appreciation to increased productivity.
At least, that’s the impression I was left with after an InfoSec 2012 briefing with BT and a number of its customers, including the Ministry of Defence and Norfolk County Council. Research from BT showed globally, 60 percent of businesses allow employees to access corporate data from their own devices. That figure goes down to 37 percent in the UK. In China it goes up to 92 percent.
Just 15 percent of companies think the cost of BYOD is unclear, yet that goes up to 30 percent in the UK. In China, enterprises are much more sure of themselves, where over three-quarters (79 percent) are sure they can tell if an unauthorised device has connected to their network. That means not only are Chinese firms happily rolling out BYOD projects, most are confident about maintaining security with their deployments. Basically, they’re nailing it.
But these figures indicate UK organisations, in particular in the public sector, are letting fear, uncertainty and doubt (known in the security industry as FUD) stop them moving forward with BYOD initiatives. Kurt Frary, ICT architecture manager at Norfolk County Council, told TechWeekEurope the body was looking at rolling out a project of its own, but noted there were very few local authorities who were doing something similar. Leeds and Cambridgeshire councils are the only ones who have kicked off programmes to date, it seems. “When we look at councils across the country, it is not being done,” Frary said.
A change of tack
Looking back at the BT-commissioned research, the UK appears to be the polar opposite of the Asian superpower in enabling BYOD, and is moving slower than most other nations. Yet it need not be that way. When asked whether the MoD let workers use their own devices for handling government projects, Simon Wise, who oversees activities of the MoD’s Global Operations Security Control Centre, said “we do have a policy: don’t do it”.
Clearly no one wants to risk national security by letting people’s machines connect to vital infrastructure, potentially exposing it to infection or misplacing critical data. But there are surely areas where the MoD can open up, letting workers access certain applications when out of the office. Containerising apps – a service that companies like Good Technology offer – might be the answer for the MoD here. Look at the data, not the device when doing a BYOD risk assessment.
Nigel Harrison, previously of the Cabinet-led Office of Cyber Security and Information Assurance, agreed with TechWeekEurope that this was a positive approach. “That is certainly something that has been looked at in the public sector in the UK,” he claimed. Well why hasn’t the government gone ahead and implemented such a strategy if it’s such a sensible one? Is this another case of unnecessary government inertia?
Every organisation would benefit from looking at BYOD in a different way, not viewing it as a Yes/No question. Yet it appears many are still guilty of the latter.
Are you a security guru? Test yourself with our quiz!