A few things ring true of today's working world. First is that no one in the year 2014 should have to work in a cubicle. Defenders will say "it's been this way for years," or "you'd be surprised by how common it is." That doesn't make working in a small felted cubby any less ridiculous. In the brief time I occupied one it was best used for sleeping on the job, and I've discovered that's a terrifying idea when sitting in a room full of your peers.
The second is that personal devices should be encouraged and ubiquitous fixtures of the workplace. One simple reason is that employer-provided technology is often clunky, out-of-date, or unsightly, so using personal devices can mean using better devices. It also means no technology learning curves for new employees and provides greater flexibility and creativity regarding how employees choose to collaborate. The takeaway here is the image of a happier, more productive organization.
Still, the transition to personal devices is a much more challenging one than removing the cubicles, but for many organizations it remains well within view of the horizon. A recent survey of 1,110 IT security professionals by the Information Security Community on LinkedIn found that 24% of organizations reported that bring your own device policies were in widespread use, while for a further 31% they remained under consideration.
For those that track shadow IT, 21% said that privately owned devices are widely in use in their organizations even though BYOD is not supported within their organizations. This report shows employees have begun to use their personal devices whether it's accepted behavior or not. That means that for nearly 75% of survey respondents, IT faces the systemic security risk associated with BYOD without the manpower or resources to cope.
So what can they do? Perimeter security solutions are a popular mainstay for enterprises, but employees and contractors easily carry security exploits and other malware on their personal devices past perimeter security. Mobile device management platforms are a popular BYOD solution, but employees perceive them as invasive and they don’t detect security exploits or malware. Trying to keep an eye on hundreds if not thousands of devices is an overwhelming task for IT, not to mention employees aren't eager to give their employers insight into their personal device usage.
There has been a noticeable absence of cyber security solutions that provide dependable protection from malware attacks with no invasion of privacy and minimal operational complexity. New security solutions are reducing the cyber security risk for BYOD, making it even easier than changing the office furniture.
Tom Canty is a forward deployed engineer at Palantir Technologies and hold a masters degree in computer science.