MNN - Mother Nature Network

However, the reverse can also be true. Using a personal device for work can create security risks for the employee as well.

 

Blurring the line

"The use of your own device allows your company to have access to information about how you spend your time while you are not at work," said Dave Montano of Quest, a technology consulting firm based in Sacramento, Calif.

 

"Using your own computing devices at work blurs the separation between the employee's personal and professional life," Montano said. "In addition, if a corporation decides to wipe the data on a BYOD, it may destroy personal information that was not backed up. The employee risks the loss of personal pictures, music, notes and so on."

 

There could be legal consequences as well, as Philip Lieberman, president of the Los Angeles security-solutions firm Lieberman Software, pointed out. 

 

"Should an employee's device contain sensitive or proprietary information that is transferred to their new employer," Lieberman said, "the employee could be subject to serious legal consequences."

 

There is also the question of whether or not an employer has the right to investigate information on an employee's personal device. Stephen Midgley, vice president of global marketing at endpoint security firm Absolute Software in Austin, Texas, believes this issue will often be debated in 2012.

 

"A key mandate for IT is they are accountable for securing corporate data," Midgley said. "The challenge, though, is often they are not directly responsible for the many of the devices that contain corporate data.

 

"On the employee side, they are used to having freedom of choice when it comes to using their own devices. However, that all changes when employees use their own devices to connect to their employer's network," he explained.

 

"Once an employee makes the decision to use their own device, they have to forego the expectation to the same level of privacy they had prior to that connection point," Midgley said. "In other words, corporate security trumps individual privacy. It can be a slippery slope."

 

Giving up control

Patrick Bedwell, vice president of product marketing at corporate IT security firm Fortinet of Sunnyvale, Calif., is seeing another trend. In return for enjoying the freedom of a BYOD policy, employees often have to let their employers' IT teams install a remote-access application on the device.

 

"These apps are intended more to ensure baseline configurations are in place before allowing access, e.g., corporate password policies enabled and the ability to wipe the device if lost or stolen," Bedwell said. "The employee gets the benefit of choosing the device he wants, and the company gets the benefit of not having to issue devices and is able to enforce access policies on devices it doesn't own."

 

There are also apps that give employees some separation between work and pleasure.

 

"Apps like AT&T Toggle separate and safeguard business data on employee-owned mobile devices, creating a distinct work mode apart from the typical personal mode on a single smartphone or tablet," said Ed Amoroso, chief security officer at AT&T in New York. "It helps provide a technical basis for separating the day-to-day usage of personal versus corporate tasks on a device used in both environments."

 

Amoroso added that in order to establish and enforce a proper security policy, it's smart to create and maintain a partnership with a mobile service provider.

 

"Many of the types of attacks that are emerging in the mobile ecosystem can only be stopped via real-time policing and filtering by the service provider under an explicit security service level agreement," he said. "Just loading a security app onto the device is simply not going to be sufficient."

 

Preparation checklist

Before you agree (or insist) to use your personal device for business purposes, Erin Kelley of the Chicago-based IT service provider Simply Smart Technology suggested that you ask yourself — and your boss — the following questions: