Monday, 29 August 2016

Bring your own device

Back in the early days of online computing, the means of your average office worker communicating with his organisation's central database was a "dumb terminal", a device with a keyboard and a smallish TV screen, displaying text in either black-and-white or more likely green-on-black. Security was no great difficulty. No external devices could be plugged in to the terminal and the central computer facility controlled access. The only weak point was the users' password, but these could be centrally allocated and thus not easily deduced by an outsider.

All that changed with the growth of the personal computer. It became cheaper and easier to provide each desk-jockey and even executives with a basic IBM-style desktop computer. However, this necessarily came with connections to the external world - first a cassette-recorder interface (dropped in the 1980s) and 5.25" exchangeable disk drives, followed by 3" and 3.5" disk drives and then the USB interface. Each development enabled successively smaller exchangeable media. Coupled with opening up the World Wide Web as well as organisations' internal network, a headache for data controllers was created.

It has been a short step to providing not just an organisation-owned physical machine on the desktop but also wireless access to corporate facilities via a user's own device - lap-top computer, tablet or smartphone. When the lines between private and corporate facilities become blurred, we reach the situation in which Mrs Clinton has found herself. I believe she is merely the most high-profile example of careless crossing of boundaries which occurs day-by-day in companies, councils and government.

BYOD infographic

It is clearly essential that organisations holding or with access to third-party data, as well as their own sensitive information, have strict policies on BYOD (or "bring your own technology" as it sometimes described) and it is good to see that government has issued guidelines.


No comments: