The UK Communications-Electronics Security Group(CESG) has issued tough new guidance on how the public sector should approach the thorny issue of BYOD for its workforce.

New documentation advises organisations to create a BYOD policy that restricts the data that can be stored on devices without creating the sort of barriers that unwittingly encourage staff to try risky workarounds.

One way of doing this is to use containerisation that puts a digital wall between personal and organisational data and apps on these devices as part of a larger mobile device management (MDM) ethos.

On a technical level, close attention should also be paid to user authentication, cloud backup services, the use of business and personal social media accounts, said the CESG summary.

The most important issue raised by the CESG is simply that organisations must grasp that the management of data security within BYOD still falls on them and not the device’s owner – the guidance is clear about the potential for ICO fines for organisations ignoring that principle.

Part of this is for public sector organisations to plan for security incidents such as loss, theft or compromise with procedures put in place for a rapid response.

“Finding the right balance between security and usability is critical for all organisations and we have put this principle at the heart of our work,” said Jonathan Hoyle, director general for Government and industry cyber security at GCHQ .

“This guidance is the result of close collaboration between CESG’s cyber security experts, our partners in industry and the public sector. It provides an excellent set of recommendations for anyone trying to enable secure business using the latest technologies in a cost-effective way.”

A challenge for any official BYOOD guidance is that of application security. Users might free to install apps on these devices which could have security vulnerabilities that are difficult for organisations to have visibility on, pointed out Workshare CMO, Ali Moinuddin.

“Apps must provide  user authentication, password protection, permissions, time-limited file access, SSL and AES encryption, auto wipe capabilities, administration capabilities that allow administrator to remove data and documents from these devices in case they are lost or stolen, while offering an intuitive user-friendly design that will appeal to workers on the move,” he said.

More detailed guidance is available on each individual platform, including Android/Samsumg, iOS, BlackBerry, Windows (7, 8, RT,Phone), as well as OS X, Ubuntu and the Chrome OS.

A year ago, CESG issued similar guidance for operating system security.