By now nearly everyone is familiar with bring your own device (BYOD). Some people out there still aren’t sure whether BYOD was nothing more than a buzzword in 2013 or if it really was a popular movement with serious security implications. (My personal thought is that the trendiness of the acronym downplayed the very real security concerns that the concept brought upon the enterprise.)
But no matter what you think of it, BYOD is, as Art Coviello, executive chairman of RSA, told me in an email, “so 2013.” According to Coviello, we should get ready for BYOI, bring your own identity. BYOI, Coviello added, is the next step in the trend that began with BYOD:
The next evolution will be the consumerization of ID or identity as employees increasingly push for a simpler, more integrated system of identification for all of the ways they use their devices. Identity will be less entrusted to third parties and increasingly be something closely held and managed by individuals – as closely as they hold their own devices.
BYOD wasn’t really new in 2012 and 2013—many of us were using our personal desktops and laptops to access work networks for many years—but the trend began to steamroll with the increased popularity of smartphones and tablets. Similarly, BYOI, or BYOID, has been around for a while. I found an article on eWeek that was published in 2011 that talked about the topic. But like BYOD, the advances in technology are bringing BYOI to the forefront.
As Michael Angelo, chief security architect at NetIQ, pointed out to me in an email, BYOI will come into play whenever employees use their own third-party identities to conduct transactions. It will be up to security professionals to monitor this use to evaluate risk potential to the network.
At least one person thinks BYOI will improve security. Doron Cohen wrote on the SafeNet blog:
The ability to use a single credential to access a wide range of services often increases security since a user only has to remember one [strong] password instead of multiple passwords. In some cases, it also enables the user to turn on two-step authentication for a single trusted provider, leveraging one time passcodes as an extra security measure.
BYOI is an acronym that I think we will all be seeing a lot of in 2014. I’ll be especially interested to see how it influences security.