Righard Zwienenberg ESET
download slides (PDF)
Nowadays all employees bring their own Internet-aware devices to work. Employers and institutions such as schools think they can save a lot of money by having their employees or students use their own kit. But is that true, or are they over-influenced by financial considerations?
There are many pros and cons with the BYOD trend. The sheer range of different devices that might need to be supported can cause problems, not all of them obvious. This paper will list the pros and cons, including those for Internet-aware devices that people do not think of as dangerous or even potentially dangerous.
These devices are often 'powered' by applications downloaded from some kind of App-Store/Market. The applications there should be safe, but are they? What kind of risks do they pose for personal or corporate data? Furthermore, the paper will describe different vectors of attack towards corporate networks and the risk of intractable data leakage problems: for example, encryption of company data on portable devices is by no means common practice. Finally, we offer advice on how to handle BYOD policies in your own environment and if it is really worth it. Maybe 'Windows To Go' - a feature of Windows 8 that boots a PC from a Live USB stick which contains Win8, applications plus Group Policies applied by the admin - is a suitable base model for converting BYOD into a Managed By IT Device.
Remember: BYOD isn't coming, it is here already and it is (B)ig, (Y)et (O)utside (D)efence perimeters!