BYOD: Get Ahead of the Risk

Intel CISO: Policy, Accountability Created Positive Results

By , January 11, 2012.
BYOD: Get Ahead of the Risk

Intel in 2009 first recognized the issue of bring your own device, or BYOD, as employees increasingly wanted to use their own mobile devices in the workplace. Instead of turning their backs to the risk, Intel leaders embraced the technology, setting up an effective policy for employee-owned devices. The result: increased connectivity to Intel's network, greater employee productivity and improved security measures.

See Also: I Found an APT: Now What? Operationalizing Advanced Threat and Breach Response

Had the company not addressed the issue, employees would have continued to bring devices into the enterprise anyway. "They would connect it up in different ways," says Intel CISO Malcolm Harkins. "It would just be done in an unmanaged fashion."

So, Intel embraced BYOD and made it part of a strong mobile policy that revolves around accountability. "We really want to make sure that not only the IT organization is accountable for providing the right technology footprint on those BYO devices, so that we can manage reasonable controls on it," Harkins says. "But the employees themselves have a level of accountability in understanding the risk that brings to the company."

Since developing a policy around BYOD, Intel has seen the amount of mobile devices its employees use for work double at an incrementally small cost to the company.

"We're getting feedback from the employees that they're happy about being able to use their devices," Harkins says.

In an interview about BYOD, Harkins discusses:

  • Why Intel embraced the BYOD trend;
  • Steps it took to manage the risks;
  • Policy tips for organizations struggling with BYOD.

Don't miss Malcolm Harkins' new webinar on BYOD, entitled Mobile: Learn from Intel's CISO on Securing Employee-Owned Devices.

Harkins is vice president of Intel's Information Technology Group and CISO and general manager of information risk and security. The group is responsible for managing the risk, controls, privacy, security and other related compliance activities for all of Intel's information assets. Before becoming Intel's first CISO, Harkins held roles in finance, procurement and operations.

TOM FIELD: To get started, why don't you tell us a little bit about yourself and your work with Intel, please?

MALCOLM HARKINS: I'm a vice president in Intel's Information Technology Group, and Intel's chief information security officer, so I pretty much have worldwide responsibility for anything and everything you can imagine that's an information risk, security controls or compliance-related item for the company.

BYOD: Intel's Experience

FIELD: Everybody's talking about bring your own device - BYOD - today, but when did the BYOD trend first strike Intel, and what was your initial response?

HARKINS: Well, you can go back and look at it actually from a historical perspective. When you said this, it honestly dawned on me - at the dawn of the personal-computing revolution back in the early '90s, it wasn't a "bring your own" necessarily into the office, but at that time, we allowed people to login to our network, so they were using their home systems to logon to our network to do work remotely. So in essence, 15-17 years ago, I could argue that we had a BYO-type model, though we removed that because of risk concerns quite a number of years ago, but the new trends really took off over the past 24 months.

FIELD: So in those 24 months, as people have started to introduce their smart phones, their tablet computers, even USB removable storage devices, how have you come to treat this phenomenon of employee-owned mobile devices?

HARKINS: There are two approaches: one is the initial reaction that I think is pretty common from a risk and security professional, where you see the risk and you want to shy away from it. But we recognize that if we did that, we'd probably create and generate more risk for ourselves because people would bring it into the enterprise anyway. They would connect it up in different ways. It would just be done in an unmanaged fashion. Once we kind of got past the recognition that we really couldn't stop that BYO trend, we said we've got to essentially run to the risk in order to shape it, and so we started with the small form-factor and smart phones and said, "Let's figure out how to enable that for the enterprise," which we did almost two years ago. It was late 2009 when we started the first kind of pilots on that, and then by January of 2010, we opened it up broadly across the enterprise.

Advantages of BYOD

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Bill Proposes EHR Interoperability Plan

Legislation being drafted by Rep. Michael Burgess, M.D., R-Texas, proposes devising new methods to...

Latest Tweets and Mentions

ARTICLE Bill Proposes EHR Interoperability Plan

Legislation being drafted by Rep. Michael Burgess, M.D., R-Texas, proposes devising new methods to...

The ISMG Network