The proliferation of bringing personally owned mobile devices into the workplace, and using the devices to access privileged company resources such as email, file servers, and databases is known as BYOD (Bring Your Own Device). It is very widespread. Many of us know people who access corporate email on their personal smartphone or tablet. Organizations should be concerned with BYOD for some of the following reasons:
- Individuals are accessing organizational data on personal devices
- Security controls are inconsistent
- Organizations may be unaware of lost or stolen devices
- Data destruction techniques may be inconsistent or non existent
There are some serious issues with BYOD strategies. However, I am wondering if the new Android 4.0 operating system (Ice Cream Sandwich or ICS) is designed to reduce the BYOD risks. I recently received an Asus Transformer Prime tablet with ICS installed. When setting up my corporate email account, I received a message asking me if I wanted to “enable server specific security policies”. On one hand I think this is great. It allows corporate admins to perform some of the following:
- Erase all data
- Set password rules
- Monitor screen unlock attempts
- Lock the screen
- Set lock screen password expiration
- Set storage encryption
- Disable the camera
See the screenshot below.
Of course, the downside is that our employers may possibly have a lot of control over our personal devices.
What do you think? Will this help reduce BYOD risks?