Over the last decade and particularly in the tablet age, business and academic organizations have slowly transitioned to a Bring Your Own Device (BYOD) model, where employees/students buy their own IT and then link it to the network. This has never been a security friendly way of doing things but the cost benefits have usually won the day. With Windows 10, this may well change
We have all been reading the stories about the new End User License Agreement (EULA) in W10 that gives Microsoft the right to view huge reams of your personal information, including information in private folders. This may be a non-event for some home users but in an age of BYOD, where company and academic data may be copied or synchronized onto private IT, it should be seriously considered as a business threat. I have no doubt that Enterprise licenses will be locked down fairly tight but a BYOD is not an Enterprise license.
Businesses and academic institutions will need to carefully examine the W10 EULA and understand it in detail before allowing W10 BYOD equipment to join their network; if they allow it at all. Right now, we are only starting to see the sort of data that W10 phones home to Microsoft and we don’t know who Microsoft allows to see that data or how that data can be analysed or mined. We simply don’t know enough to be able to adequately risk assess this.
Take an example; many businesses commission universities to carry our research and testing on commercially sensitive projects. If a student or member of academic staff uses a BYOD laptop or tablet to work on that data, then when they get home and connect to the family Wi-Fi, what happens to that data as a result of the W10 EULA? Who has access to that data?
Other BYOD wrinkles also jump to mind. If you connect to the business Wi-Fi, will W10 share the key with your contacts? What happens with Windows Update bringing-in downloaded updates on a BYOD machine and then pushing them to other BYOD machines on the network?
Until I have a firm grasp of this, I certainly can’t see my company allowing W10 devices onto our network; the risk (still unquantified) to commercially valuable data is just too great.
With W10 BYODs already in use, has your business or university started work on this yet?
Photo credit: Sarawut Aiemsinsuk/Shutterstock
Andy Gowen is a compulsive buyer of the latest and brightest tech. He has managed UK regional IT projects, has a successful consultancy business and is a Director of MontiDots Limited, a publishing company specializing in the games sector. Andy is an associate lecturer at the University of East Anglia teaching market strategy and leadership.