View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
January 12, 2016updated 31 Aug 2016 10:29am

From the Pentagon to the NHS: 4 surprising organisations deploying BYOD

News: If these organisations can do it, surely your data isn't too sensitive to host on employee devices.

By Alexander Sword

The main challenge of Bring Your Own Device (BYOD) policies is ensuring that corporate data that is used on an employee-owned device is kept safe. It is understandable, therefore, to feel an instinctive sense of hesitation when considering implementing such a policy.

However, even some of the companies with the most to lose from a data breach are implementing BYOD. If they aren’t afraid to try it, why should anyone else be? CBR has rounded up some of the most surprising BYOD implementations.

 

1. The Pentagon

As the main headquarters of the US Department of Defence (DoD), the Pentagon needs to be one of the most secure workplaces in the world, for obvious reasons.

However, in 2015 the Defence Department announced that it would be running a BYOD pilot for users within the DoD staff, which was scheduled for launch in the summer. It fell behind schedule and the new timeline is unclear, however.

The initiative was planned as part of the White House Digital Government Strategy, which was first launched in 2012 under the White House’s Federal CIO, Steve VanRoekel.

As part of the initiative, the White House published a toolkit to help Federal agencies planning to move to BYOD. This identified a range of benefits for Federal agencies moving to BYOD, including the choice offered to customers through embracing the consumerisation of IT and the cost benefits of reducing the amount of expenditure required on providing government devices to staff.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Assuming the DoD implementation follows the White House guidance, it could make use of virtualisation, providing remote access to the required resources so that no sensitive information is stored or accessed on the device. Another possibility is a walled garden to contain the relevant data and application processing within an app, or limited separation to allow comingled personal and work data but with policies to ensure security controls are in place.

 

2. University College London Hospitals

As well as defence, medicine is another field where information can be incredibly sensitive. Some illnesses can carry social stigma, while medical professionals are often privy to personal details about substance abuse, family planning or mental health.

Azzurri worked with University College London Hospitals (UCLH) to enable BYOD for its clinicians after the NHS Trust found good patient engagement results using tablets.

Originally the Trust provided patients with a range of apps available on hospital-owned devices. After the cost became prohibitive, UCLH trialled BYOD across 150 devices belonging to senior managers. Azzurri also provided a MobileIron solution to securely manage the devices.

The roll-out was enthusiastically embraced by staff, and allowed the Trust to mobilise employees far more quickly and cheaply than under a company provision model.

3. ‘European financial services company’

Banks are another routine handler of sensitive data, so their BYOD implementations will naturally be more tentative than most other sectors. Of course, while not as bad as the potential consequences of data loss by the Department of Defence, the loss of any customer’s financial information could be disastrous.

However, the benefits of BYOD apply as much to banks as they do to any other organisation. Used to working with computers, banks often have a large proportion of tech-savvy staff which may have several devices that they wish to bring, or particular operating systems or devices that they are more comfortable working with.

An anonymous case study on Cisco’s website refers to a European financial services customer which sought to implement a BYOD policy but faced a lack of standardisation across its network; regular merger and acquisition activity exacerbated the fragmentation of its IT.

This prevented it from being able to identify and detect rogue devices on the network. Cisco worked with it to build a standardised network, making security monitoring of devices much easier.

 

4. Thomson Snell & Passmore LLP

In April 2015, Egress Software Technologies revealed the results of a freedom of information request. In 2014, the Information Commissioner’s Office investigated 173 UK firms for incidents that may have breached the Data Protection Act.

In other words, the security of law firms’ data is a big issue, considering that they may hold sensitive information on clients, M&A activity or intellectual property and patent filings.

Looking to enable its partners to work from mobile devices after moving its desktop and software infrastructure to the cloud, Thomson Snell & Passmore LLP chose mobile device management company MobileIron to build a range of solutions, such as secure email.

The firm also deployed its business apps on MobileIron Apps@Work. In addition, it started using Kerberos so that when a password is changed on the office desktop it does not change that in the device, preventing the user from being locked out.

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU