The much-hyped bring-your-own-device (BYOD) trend in IT now has an even trendier stablemate: bring your own network (BYON). Which brings along with it a whole new layer of security worries for companies and their IT departments. And for employees it could bring a new layer of privacy concerns – not only for themselves but their friends.

BYON is a byproduct of new, increasingly popular technology that allows smartphone and tablet users to create their own mobile networks. Typically these are set up through mobile "hotspots." But when you combine mobile networks with BYOD to get BYON, the effect is to bring shaky consumer-level security to the corporate network.

Doesn't that sound like a lot of fun?

Attorney Jim Kunick, a specialist in intellectual property law and other tech-related legal issues, outlines the consequences of BYON. Says Kunich, "it takes the data out of the network the company protects. There's no way to ensure the security of that data."

Just to emphasize the point, he adds, "I mean, no one is sure the Boingo network is secure."

Kunich notes that BYON is becoming popular at startups, particular software development firms and organizations that depend heavily on cloud services. And, he points out, BYON " allows people to run applications in three different cloud-based environments at one time because they're on their own network, they're on a network that they contracted with and they're on the corporate network."

Which adds up to triple trouble. And the worries go both ways. Company policies can allow monitoring and wiping employees' devices, but what about other devices on those networks?

All of which is reason to stop and think about BYOD as well as BYON. Do we really want to have workplace policies governing our personal mobile devices? Perhaps company-issued devices aren't such a bad idea – even if it means you can't use your Latest and Greatest at work.

The consumer tech world runs on hype. But when it threatens both company security and personal privacy, maybe that is the time to draw a line, and stop giving into the hype. 

The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: "Security is not a product, but a process."