Special Feature
Part of a ZDNet Special Feature: BYOD and the Consumerization of IT

Don't adapt old IT security policies for BYOD: IBM

Many organisations are simply retrofitting existing IT security policies for mobile devices in the workplace, but they should really be formulating a BYOD policy from scratch, according to IBM Institute for Advanced Security director Glen Gooding.

Morphing existing IT security policies to accommodate for bring your own device (BYOD) is the wrong way to address BYOD, according to IBM Institute for Advanced Security director, Glen Gooding.

According to a recent report by data backup vendor Acronis, 57 percent of Australian organisations do not have a BYOD policy in place, and 33 percent of them do not even allow personal devices to access the corporate network.

For organisations that do have a BYOD policy, many of them are doing it wrong by merely adapting their old IT security policy for mobile devices, Gooding said.

"We're in a state of flux, where businesses are migrating existing security policies that have been embedded within organisations for a number of years now," he told ZDNet. "Many organisations are changing those existing policies, and trying to retrofit them to mobile devices.

"I believe the policies that are going to be more successful in defining mobile security policies are the ones that start from scratch and actually build a policy in and around a mobile-only concept."

Gooding said it is likely that the workplace of the future will be dominated by mobile devices, so taking the necessary steps to accommodate for those devices will benefit staff in their work and personal lives. This is especially pertinent for BYOD, as workers use one device for both work and play.

"Defining appropriate mobile security policies from scratch now will educate users to make better decisions how they use those devices in the future," Gooding said.

Show Comments