BT security chief: We are ‘struggling and overly conservative’ on BYOD and cloud

Jill Knesek was speaking this week at CA’s annual conference in Las Vegas

BT's head of global security practice, Jill Knesek, has said the telco is 'overly conservative' and 'struggling' with the proliferation of bring-your-own-device (BYOD) and cloud trends within the enterprise because of compliancy fears.

Knesek was speaking this week in Las Vegas on a panel at CA's annual conference for customers and partners, where she admitted that the organisation may be creating more security risks by being slow to adopt BYOD and cloud, as employees bypass the IT department and use the tools anyway.

Speaking on the topic of BYOD, Knesek said: "How do you manage it? I can tell you right now that BT is still in the mode of very prescriptive about what we do on BYOD. We have not opened it up full board, and there is a lot of nervousness around what that means.

"We are taking a very conservative view at this stage and being very careful about how we roll it out. I think it's going to come down to how we control the apps, but the data is really going to be the key for us because people still want their personal device, but they want it in a corporate setting."

She added: "We have to figure out where we can draw that line on wiping the device, which part of the device we can wipe, how we control access, is this person acting personally or are they acting in a corporate function? We are not sure how we are going to handle that in a lot of scenarios."

Equally, when speaking on the adoption of cloud within BT, Knesek said that although there are some benefits to be gained, enterprises inevitably end up giving up control when pushing applications out into the cloud. She said that although cloud will probably be a direction the company ends up going in the future, being on the cutting edge was too "nerve wracking and not the smartest move for large organisations".

"I think it comes down to the risk factors and I think we are trying to understand the cost versus the benefits. We are trying to understand how those contracts and those terms and conditions are put together - where responsibility ends for the cloud provider, and where it begins for us," said Knesek.

"We are not doing a lot around the core business functions, we really aren't. We are trying to keep on the fringes."

However, when asked by Computerworld UK whether BT might actually be increasing the risk of data loss by locking down employees who will probably find ways to bypass the IT department by ignoring policy and using personal devices and the cloud, Knesek agreed that it was a concern.

"I probably tend to believe that there's a lot of employees that are already doing it and they're probably doing it without permission, which is even scarier. I think we have to be very cautious about being overly cautious, because sometimes I think we set a conservative attitude and our employees, contractors and customers are going to want to be at the cutting edge of technology," she said.

"BT is an old company and we have a lot of people there with a lot of tenure. So we fight that attitude. I think we have to be careful, very large organisations that aren't bringing in the young innovative mind-sets into IT and security are going to struggle with adapting to that after it has already peaked in the field. That's where we are today, we are chasing it a little bit."

She added: "We have found instances of people using Google and different cloud services without going through the proper process and creating compliancy issues for us. We are struggling with that and overly conservative in some areas. It's probably because we are so large and the compliancy issues are so broad for us that we tend to take a very European view of some of the issues at hand right now."

Join the CSO newsletter!

Error: Please check your email address.

Tags Mobile & WirelessapplicationsBTsecuritysoftwareIT Business

More about BT AustralasiaGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Derek du Preez

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts