When organizations move to allow BYOD, they run into a problem with respect to security. If you allow people to bring in their own laptops and tablets to work and to use those laptops and tablets to connect to internal resources such as file servers, how do you ensure that those computers aren’t infected with malware?
One of the reasons that Microsoft included anti-malware in Windows 8 by default was because telemetry data showed that 25% of people don’t have an active anti-malware product within a year of purchasing a computer running Windows 7.
Allowing people to use their own computers usually means that people are delegated the responsibility to manage their own computer’s security. This was the way it happened back in my first job at a University. The University had wrangled an anti-virus license for anyone that was enrolled as a student or member of staff for their home and work computers. Granted this was back in the mid 90’s, but when I was doing front line help desk support, the majority of the computers that I looked at didn’t have up-to-date anti-malware software.
With BYOD, you have people using their “personal” computers to interact with organizational resources. These are the computers that they Facebook on, surf the internet on and, if we’re to be brutally honest, probably watch movies and TV shows they’ve torrented on and watch porn on. Whereas people might have a general reluctance to watch that sort of stuff on a computer provided to them by the organization, they are a lot less likely to be inhibited about such behavior if it’s a computer they purchased with their own money. One of the “draws” to the user of BYOD is that it’s *their* computer, which means that there is an expectation of privacy with respect to the computer’s contents that isn’t there with an organizationally issued computers.
Put another way – people are far more likely to visit the sorts of websites that host malware using their own personal computer than they are to use one that belongs to their workplace. And because it’s their personal computer, they are a lot less likely to be as responsible about keeping it up to date with anti-malware software.
In a couple of years, when Windows XP has the sort of market share that Windows 8 now enjoys and Windows 8 now enjoys the sort of market share that Windows 8 has, IT admins will have less to worry about with respect to “bring your own device” security. But until an OS that has a built in default anti-malware becomes the majority used OS, there’s always going to be a non-trivial number of people in BOYD environments who don’t keep their computer up to date, are at risk of becoming infected with malware, and who are potentially exposing organizational resources by connecting to organizational networks.