BYOD:(B)rought (Y)our (O)wn (D)estruction?
Righard Zwienenberg ESET
download slides (PDF)
Nowadays all employees bring their own Internet-aware devices to work. Employers and institutions such as schools think
they can save a lot of money by having their employees or students use their own kit. But is that true, or are they
over-influenced by financial considerations?
There are many pros and cons with the BYOD trend. The sheer range of different devices that might need to be supported
can cause problems, not all of them obvious. This paper will list the pros and cons, including those for Internet-aware
devices that people do not think of as dangerous or even potentially dangerous.
These devices are often 'powered' by
applications downloaded from some kind of App-Store/Market. The applications there should be safe, but are they? What
kind of risks do they pose for personal or corporate data? Furthermore, the paper will describe different vectors
of attack towards corporate networks and the risk of intractable data leakage problems: for example, encryption of
company data on portable devices is by no means common practice. Finally, we offer advice on how to handle BYOD policies
in your own environment and if it is really worth it. Maybe 'Windows To Go' - a feature of Windows 8 that boots a PC
from a Live USB stick which contains Win8, applications plus Group Policies applied by the admin - is a suitable base
model for converting BYOD into a Managed By IT Device.
Remember: BYOD isn't coming, it is here already and it is (B)ig, (Y)et (O)utside (D)efence perimeters!