The bring your own device (BYOD) model remains deep-seated in workplaces, but most organisations continue to manage it reactively, leaving gaps in security despite advances in AI and zero trust frameworks.
This is according to Arthur Goldstuck, CEO of World Wide Worx, and Lionel Dartnall, country manager: SADC at Check Point South Africa, who were speaking about the state of the BYOD model.
Goldstuck said most companies adopted BYOD policies only after problems arose, rather than planning from the outset. “Most companies have managed BYOD haphazardly and integration has usually been reactive: policies written after the fact, rather than planned from the outset. The winners are those who treated BYOD as an architectural change,” he explained.
He noted that AI has made BYOD security more manageable, but not risk-free. “Instead of manually chasing down every risky device, AI tools are now watching traffic patterns, spotting odd behaviour and predicting breaches before they happen. It doesn’t remove risk, but it makes the clean-up faster and the oversight less humanly impossible,” he said.
At the same time, he warned that attackers are keeping pace. “[Securing BYOD has become] easier because the tools are better, harder because the attackers are smarter. The security industry has moved from firewalls and passwords to identity management, zero trust and behavioural analytics. Yet every time the defence improves, the bad guys just move down the field with new tricks.”
Dartnall echoed the view that AI is transforming BYOD security. He pointed to real-time threat detection and behavioural analytics on devices outside traditional perimeters as critical advances. “It has definitely become easier with the introduction of ZTNA and SASE, which introduced a lot more options to secure these unmanaged devices,” he said.
Both noted a gradual shift in compliance-heavy industries away from pure BYOD towards corporate-owned models, such as choose your own device (CYOD), corporate-owned, personally-enabled (COPE), and corporate-owned, business-only (COBO) models. “BYOD was the wild west. The more compliance-heavy the industry, the more likely it is to tighten control and shift towards corporate-owned models,” said Goldstuck.
Anna Collard, SVP of content strategy at KnowBe4 Africa, said risks such as data leakage, shadow IT, insider threats, blurred boundaries between personal and professional use, false sense of device security and misuse of AI applications are some of the less obvious BYOD risks organisations overlook.
She added that common mistakes include drafting policies but failing to enforce them, applying one-size-fits-all rules or neglecting new AI-related risks. She recommended balancing oversight and employee privacy by separating personal and corporate data and using less invasive tools such as mobile application management.
Goldstuck argued that BYOD is too ingrained to disappear. “In five to 10 years, it will be less about the device and more about identity and cloud access. Devices will become interchangeable terminals, and the policies will matter more than the hardware. It will be 'bring your own access',” he said.
He also cautioned that freelancers and contractors should not be overlooked. “If they have access to your systems, they’re either in your policy or in your nightmares."
Share