Engaging with users and not locking people out is the key to working with personal devices in the workplace.
Speaking at the SC Magazine conference on mobile device management, head of infrastructure security at the NHS technology office James Wood said that it is important to work with users, as it is not practical to shut things down, but when it comes to personal devices, he is his own antithesis.
He said: “I will let people use devices without stopping them doing their jobs, but the key thing is that the new generation do not want to use old technology and they are used to what they are using. We want people to use their own devices though as it saves money, they pay for their own data plan and if people are happy to do that then we are much happier with this.”
He said that it is important to try and set standards, and with technology not to block everything and not to apply granular controls that prevent things from working.
In an audience vote of 100 delegates, they were asked whether they allowed personal devices to be used for work. More than half of the audience (53 per cent) said that they did allow use of personal devices, 30 per cent said that they disallow personal devices from being connected, while ten per cent said that they had no policy.
Wood said he was very surprised by the results and a key tactic was to make users aware of policy and procedures 'as then you have done all you can to manage risk'.
Tom Lawton, CISO at Thomson Reuters, said that he can only say no for a short time and so he needed a solution that was something other than just saying no, so he used consumerisation as a means to not say no and brought in security improvements to make mobile devices work.
“You can use consumerisation as a means to get what you want. Users have a low tolerance to security controls and you have to factor that in but you need a VIP solution that does not get in the way. The more security controls, the less likely they are to want to use it and more likely they are to go around it. For people who access sensitive data, you have to be sure it will not be lost,” he said.
Bob Schukai, global head of mobile technology at Thomson Reuters, said: “We tend to accept what is thrown at us, you have to set policy so stupid things do not happen, being proactive is key.”