BT’s head of global security practice, Jill Knesek, has said the telco is ‘overly conservative’ and ‘struggling’ with the proliferation of bring-your-own-device (BYOD) and cloud trends within the enterprise because of compliancy fears.
Knesek was speaking this week in Las Vegas on a panel at CA’s annual conference for customers and partners, where she admitted that the organisation may be creating more security risks by being slow to adopt BYOD and cloud, as employees bypass the IT department and use the tools anyway.
Speaking on the topic of BYOD, Knesek said: “How do you manage it? I can tell you right now that BT is still in the mode of very prescriptive about what we do on BYOD. We have not opened it up full board, and there is a lot of nervousness around what that means.
“We are taking a very conservative view at this stage and being very careful about how we roll it out. I think it’s going to come down to how we control the apps, but the data is really going to be the key for us because people still want their personal device, but they want it in a corporate setting.”
She added: “We have to figure out where we can draw that line on wiping the device, which part of the device we can wipe, how we control access, is this person acting personally or are they acting in a corporate function? We are not sure how we are going to handle that in a lot of scenarios.”
Equally, when speaking on the adoption of cloud within BT, Knesek said that although there are some benefits to be gained, enterprises inevitably end up giving up control when pushing applications out into the cloud. She said that although cloud will probably be a direction the company ends up going in the future, being on the cutting edge was too “nerve wracking and not the smartest move for large organisations”.
“I think it comes down to the risk factors and I think we are trying to understand the cost versus the benefits. We are trying to understand how those contracts and those terms and conditions are put together – where responsibility ends for the cloud provider, and where it begins for us,” said Knesek.
“We are not doing a lot around the core business functions, we really aren’t. We are trying to keep on the fringes.”
However, when asked by Computerworld UK whether BT might actually be increasing the risk of data loss by locking down employees who will probably find ways to bypass the IT department by ignoring policy and using personal devices and the cloud, Knesek agreed that it was a concern.
“I probably tend to believe that there’s a lot of employees that are already doing it and they’re probably doing it without permission, which is even scarier. I think we have to be very cautious about being overly cautious, because sometimes I think we set a conservative attitude and our employees, contractors and customers are going to want to be at the cutting edge of technology,” she said.
“BT is an old company and we have a lot of people there with a lot of tenure. So we fight that attitude. I think we have to be careful, very large organisations that aren’t bringing in the young innovative mind-sets into IT and security are going to struggle with adapting to that after it has already peaked in the field. That’s where we are today, we are chasing it a little bit.”
She added: “We have found instances of people using Google and different cloud services without going through the proper process and creating compliancy issues for us. We are struggling with that and overly conservative in some areas. It’s probably because we are so large and the compliancy issues are so broad for us that we tend to take a very European view of some of the issues at hand right now.”