By Bernard Sia
As an IT Outsourcer, I cringe at the thought of having to support 30 different variations of mobile operating systems; it does not matter whether the phone is service provider locked or jail-broken with viruses and all.
Who is to be blamed when the proverbial mess hits the fan?
Naturally the easy way out for an outsourcer is to draw a solid line that says, I am sorry, that is not within our contract. But seriously, as an innovative company; you would want to stand head and shoulders above your competitors and say; YES, we are able to support that phone. Not only that, we can secure critical business information, anywhere; anytime!
Personally, I find the whole security issue overblown. Since the dawn of civilization people have been lurking the halls of temples and rat on priests feasting on animal offerings, and no amount of inner sanctums could keep a lid on towns folk whispering.
Fortunately today; we have a host of technologies that allows us to trace how information flows, from who, to whom, on top of versioning every change that occurs.
Unfortunately, technology cannot change the human psyche. Whenever there’s an opportunity, opportunism arises.
Over in Malaysia, BYOD devices have taken over the boardroom; and senior management have made iPads and Berry’s the communications medium of choice. Don’t be surprised if you walk into the elevator of PETRONAS Twin Towers and you see tenants carrying an iPad, a Blackberry, his own personal mobile; with potentially an ultrabook tucked inside the suitcase.
So the right question to ask is not about the perils of BYOD, but how do you manage risks arising from Human Behaviour.
My take on it:-
a) Make it a corporate policy
Ensure that all staffs sign on a document specifying their roles and responsibilities with corporate information.
b) Make it known that big brother is watching
“WARNING” this email is Information Rights Managed (IRM) and Data leakage Protected (DLP), and the sensitivity setting is “CORPORATE USE ONLY”. As mentioned, a number of IRM technologies allow you to monitor unauthorized information leakage and trigger a warning should the mail be forwarded beyond the corporate domain.
But seriously, if your staffs are bent on selling corporate information; there’s nothing that can stop the employee from taking a picture off the monitor; or even scribbling it down on a piece of paper.
c) Be a great company, with a purpose, manned by good people
That trumps any security tool out there in the market.
Happy New Year!