Tuesday, 14 January 2014

Overbearing security demands risk public sector BYOD use, warns council CIO

The debate over BYOD security rumbles on
The IT chief of the London borough of Camden has warned the public sector that overbearing security regulations will negatively impact IT innovation, particularly bring-your-own-device (BYOD) policies.
John Jackson, CIO of Camden Council, told a room of public sector IT professionals that the government's latest Public Services Network (PSN) regulation would merely cause users to "revolt" and start handling data even more insecurely by using free tools instead of private cloud solutions provided by their employer.
"One of the things that bothers me is that while we have to get security right, we have to think about that in a collaborative way," Jackson said.
Camden Council has been operating its own BYOD policy for three years, using private cloud systems to keep data secure on multiple devices, which Jackson believes has transformed the way the council works, as well as saving significant amounts of public money.
"Whatever we want to do in the world around security, the idea that the technical bureaucrats can actually control what are revolutionary tendencies within our workforce is going to be very difficult."
He said the government's PSN strategy – which heavily regulates how data can be shared across cloud services – brought forward a new risk of the public sector falling behind the rest of the world.
"The world outside is moving faster than we are moving in technology in government: when there's a mismatch between outside and the inside, you have a problem," he said.
While Jackson says he recognises the importance of security policies with BYOD practices, tightening up control on the devices themselves does not solve the root of most high-profile data breaches: user error.
"The biggest problem in my experience in security isn't the technology, it's people doing stupid things," he explained. "There's a real debate as to how far we push accountability because the more we do the technical side and lock it all down, the more we potentially blur the boundary of who's accountable. There's a big thing in security about accountability because no matter what we want to do the more [the user will] try and subvert us."
"Love it or hate it, BYOD is here to stay," he concluded.

No comments:

Post a Comment