SlideShare ist ein Scribd-Unternehmen logo
1 von 5
Downloaden Sie, um offline zu lesen
Registration number: CUPB/MTECH-CS/SET/CST/2013-2014/01

CBS.504

BYOD: Implementation and Security Issues
Harsh Kishore Mishra
M.Tech. Cyber Security
Centre for Computer Science & Technology
Central University of Punjab, Bathinda (Punjab)
harshmishra@engineer.com

Abstract— Bring own device (BYOD) (also called bring your own
technology (BYOT), bring your own phone (BYOP), and bring
your own PC (BYOPC)) refers to the policy of permitting
employees to bring personally owned mobile devices (laptops,
tablets, and smart phones) to their workplace, and to use those
devices to access privileged company information and
applications. BYOD has the economic advantage of the employee
providing his or her own equipment, which normally results in a
happier user base. The bring-your-own-device movement has
enticed organizations that pursue BYOD to increase
productivity, improve morale and possibly even reduce capital
costs. The disadvantages are the security risks of allowing an
unknown system onto the corporate network, data security,
ownership and customer protection. Creating a policy to address
BYOD will affect the company in several areas because all
policies require review, approval, updating and awareness.
Policies are auditable items that a company has to demonstrate
adherence.
Keywords— BYOD, Business Privacy Issues, BYOT, BYOD
Policy, Information Security

I. WHAT IS BYOD: AN INTRODUCTION
The term BYOD was mentioned in a paper by Ballagas et
al., at UBICOMP 2005. BYOD first entered in 2009, courtesy
of Intel when it recognized an increasing tendency among its
employees to bring their own devices to work and connect
them to the corporate network Most people associate
Smartphone’s with the term BYOD, but in reality BYOD
comprises not only Smartphone but also employee-owned
computing devices. The term is also used to describe the same
practice applied to students using personally owned devices in
education settings.. However, it took until early 2011 before
the term achieved any real prominence when IT services
provider Unisys and software vendors VMware and Citrix
Systems started to share their perceptions of this emergent
trend. The Bring Your Own Device model/paradigm, a side
effect of consumerization, is now widely adopted to refer to
mobile workers bringing their own mobile devices, with their
data and applications, into their workspace for both working
and personal use. Some believe that BYOD may help
employees be more productive. Others say it increases
employee morale and convenience by using their own devices
and makes the company look like a flexible and attractive
employer.[11]

II. BYOD TRENDS
A company can also see improved productivity from an
employee with BYOD as it allows for the ability to easily take
the device home and work. In most cases, businesses simply
can't block the trend. The concept of BYOD is a topic that
Business is embracing for its flexibility and cost savings.
BYOD is making significant inroads in the business world,
with about 75% of employees in high growth markets such as
Brazil and Russia and 44% in developed markets already
using their own technology at work.[10] Many feel that BYOD
can even be a means to attract new hires, pointing to a survey
that indicates 44% of job seekers view an organization more
positively if it supports their device. Many industries are
adopting BYOD quicker than others. A recent study by Cisco
partners of BYOD practices stated that the education industry
has the highest percentage of people using BYOD for work at
95.25.
A study[9] by IBM says that 82% of employees think that
smart phones play a critical role in business. The study also
shows benefits of BYOD include increased productivity,
employee satisfaction and cost savings for the company.
Furthermore, 88% of IT leaders see BYOD growth and 76%
consider it extremely positive.[6] What it’s also evident is that
BYOD is related to some trends that make it desirable: cloud
computing and work-shifting. The improvement of the
bandwidth availability, mainly in nomadic environments, and
the growth of cloud computing services make possible to
move the work where it is desired. However, BYOD is built
on devices that the company explicitly does not own. In 2011,
57 percent of North American, Asian, and European workers
reported they selected and paid for their own smartphones—
51 percent did so with a laptop, 48 percent with a tablet, and
only 16 percent procured their own desktop computer.[1]
The reason according to which many companies are
embracing the BYOD phenomenon instead of discouraging it
is simple, and always the same: it improves their productivity
and reduces costs. Why? Basically because employees have
more opportunities to collaborate, so that using preferred
devices means greater job satisfaction and a more effective
utilization. Accordingly, BYOD can become the “silver
bullet” in terms of productivity improvement, especially for
some roles and activities where mobility is a strong enabler
for the adoption of new business models.
Registration number: CUPB/MTECH-CS/SET/CST/2013-2014/01
III. BYOD ADVANTAGES
A. Increased Productivity
The use of technology at work has increased significantly
over the past few years as using paper and manual processes
continue to decrease. Increased productivity comes from a
user being more comfortable with their personal device, being
an expert user makes navigating the device easier, increasing
productivity. Employee satisfaction, or job satisfaction, occurs
with BYOD by allowing the user to use the device they have
selected as their own rather than one selected by the IT team.
It also allows them to carry one device as opposed to one for
work and one for personal.
A company can also see improved productivity from an
employee with BYOD as it allows for the ability to easily take
the device home and work. Though technology increases
overall productivity, research also shows that employees are
even more productive if the device they use is their own.
In education, for example, schools have increasingly taken
to using technology in the classroom by providing students
with tablets and computers. Recent research has shown that
this type of learning allows students to be more interactive and
engaged in the learning process.
B. Lower Cost to the Company
Though the use of technology is a benefit to employers as it
without a doubt makes employees more productive, the cost to
companies that purchase a large number of computers or
tablets is a tremendous financial commitment. Most of the
technology used by organizations is only current and up to
date for a certain, limited period of time and then becomes
obsolete and in need of replacement. By allowing employees
to bring, and use, their own devices, they can always have upto-date technology without the company constantly incurring
the costs for new models. For many, this practice has been
extremely beneficial as many budgets are being cut and
organizations are forced to trim spending.
BYOD shift costs from the company to the user and allows
employees to use their own devices. BYOD policies also
allow employees to use the technology that they are
comfortable with and that they prefer, rather than what the
company dictates they them. Users also may upgrade their
devices to the newest features more frequently than what the
company can afford to budget for on an ongoing basis.[5]
C. New Cutting edge Technology
The companies with BYOD models are requiring
employees to cover all costs -- and they are happy to do so.
That brings us to the second significant benefit: worker
satisfaction. Users have the laptops and smartphones they
have for a reason -– those are the devices they prefer, and they
like them so much they invested their hard-earned money in
them. Of course they’d rather use the devices they love rather
than being stuck with laptops and mobile devices that are
selected and issued by the IT department. There are two
corollary advantages that come with BYOD as well. First,
Personal devices are often more cutting edge as company

CBS.504

technology refreshes don’t happen as often. BYOD devices
tend to be more cutting edge, so the organization gets the
benefit of the latest features and capabilities. Additionally,
Users also upgrade to the latest hardware more frequently than
the painfully slow refresh cycles at most organizations.[3]
D. Attract and retain talent: In a 2012 survey of government
employees by Forrester, 52 percent said that using their own
devices for work increased job satisfaction. And 44 percent
indicated they would be more likely to work for an employer
that allowed them to bring their own device to work.
IV. ISSUES IN BYOD
BYOD isn’t all wine and roses, though. There are some
issues to consider as well. Clearly, people today are in love
with their mobile devices—and many of them want their
workplace training delivered on those devices. But while
BYOD (Bring Your Own Device) training is tempting, the
risks can be high. By embracing BYOD, organizations lose
much of the control over the IT hardware and how it is used.[3]

Fig 1: Poll results about BYOD Source: www.techweekeurope.uk

A. Security Issues
When an employee attaches a personal smartphone or tablet
to an organizational network or machine (be it wired or
wireless), it makes sense to worry about overall security. First,
as soon as external (personal) devices are attached, malware
could migrate from the personal device into the company’s
machines and over the company’s networks.
In the other direction, sensitive data is likely to make its
way onto the personal devices. This data could include
customer information that should be kept private and company
information that should be kept proprietary. When that kind of
information walks out the door on a daily basis, bad things can
happen, especially if the device is subsequently lost or stolen.
Furthermore, the number of personal devices has gone far
beyond the number of laptops or net-books that were brought
into and out of the office. [1]
Registration number: CUPB/MTECH-CS/SET/CST/2013-2014/01
There’s another, less physical aspect that makes personal
devices typically less secure than laptops. In particular, when
the company owned the laptops, it usually enforced its
security policies on those machines, requiring passwords and
encrypting sensitive data. However, BYOD is built on devices
that the company explicitly does not own.
When employees use their own devices without constraint,
however, they are susceptible to unsecure networks,
application downloads and data. They are also more likely to
visit dubious websites and sometimes forget the devices in
places such as on a train or at a bar, creating more BYOD
security concerns. With employee-owned devices, the
hardware itself may be lost or stolen, leaving company data
and networks vulnerable.[2]
BYOD increases the risk of having a security breach of
important data. When an employee leaves the company, they
do not have to give back the device, so company applications
and other data may still be present on their device. This can
lead to some company data being unsecure.

Fig. 2: Security is crucial BYOD Challenge

In May 2012, IBM banned its 400,000 employees from
using two popular consumer applications over concerns about
data security. The company banned cloud storage service
Dropbox, as well as Apple’s personal assistant for the iPhone,
Siri. Siri listens to spoken requests and sends the queries to
Apple’s servers where they are deciphered into text.[8] There
are also certain compliance regulations that businesses have to
follow, such as HIPPA or GLBA, which are difficult to
enforce when a device is not owned by the company The U.S.
government addressed these and other challenges in 2012,
issuing a BYOD "toolkit" for federal agencies.[2]
B. Privacy Issues
Although security seems to be the major concern when
discussing BYOD and BYOT, the issue of privacy seems
overlooked and potentially the more important. Mobile
devices contain a wealth of data that a user might deem
private, and if personal data is co-mingled with the employer
data on the same device, how are the barriers implemented
between personal and employer data?
Currently, little attention has been paid to this issue, but
that’s a problem that will need to be addressed if BYOD and

CBS.504

BYOT become adapted widely, particularly if companies
begin to mine the data available on their employee’s personal
devices. Likewise, a government-maintained registry of all
smartphones and tablets incurs potential and significant
privacy implications should it become breached or overtaken
without warrant.[1]
Organizations have an obligation to safeguard their
sensitive data, but they have to be careful not to violate
employee privacy when doing so. Employee behavior on
corporate-owned devices and networks can be monitored, but
the same measures may raise privacy and security concerns if
employees are using their own devices. Similarly, remote
wiping of lost or stolen personal devices "becomes
complicated from a legal and cultural point of view," Gartner
researchers noted in a 2012 study. If a user hasn't authorized
personal data to be wiped, the organization could face liability.
Selective wiping may create less of a privacy red flag, but
Gartner found that it "is proving to be difficult in ensuring that
all business data, and only business data, has been deleted
from the device." When users are given the option of
participating in a BYOD program, Gartner recommends that
they be required to give explicit, written consent to data
deletion in the case of a lost, stolen or compromised device.
C. Implementation Issues
1) Infrastructure Issues: Different types of devices
operate at different speeds and with different operating
systems. This can be difficult for an IT department to set up
and maintain infrastructure to support different device needs.
Also, if employees are able to bring their own devices, there
will be many more devices used than what would be if the
company was providing them. Employees might bring all of
their phones, tablets and computers to work, meaning there
will be much more strain on the company’s Wi-Fi and
network.[5]
2) No control over what is on device: Organizations
have no control over what types of applications are put on the
device, which makes it very difficult to enforce security.
Though employees probably would not download games or
other entertainment applications on their work computer, in
the case of BYOD, since the device is their own and also used
for pleasure, they will certainly download numerous types of
personal applications on the device.
3) Support of many different devices: Since it is not one
standard device that everyone is using, the IT department will
need to support many different types of devices and operating
systems. This makes it very difficult to mitigate an issue with
a device when the user needs assistance.[5]

V. BYOD SECURITY POLICY
In BYOD environments, the network needs the intelligence to:
• Automate enforcement of access policy, based on the
context, including who is making the request, when, how they
are accessing the network (wired, wireless, or VPN), and with
what device.
Registration number: CUPB/MTECH-CS/SET/CST/2013-2014/01
• Automatically detect and mitigate web-based threats,
which can lead to security breaches or degrade wireless
network performance.
• Make sure that private information, such as grades, tests,
and salary information, is not compromised if a personal
device is lost or stolen.
• Minimize management overhead by unifying policy
definition on all networks, and providing ready visibility into
the activity of all devices currently connected to the campus
network.
• Protect the IT infrastructure, whether it’s physical,
virtualized or in the cloud.[4]

CBS.504

devices, a user acknowledges accountability and responsibility
for protecting their data.
In addition to applying passcodes and antivirus prevention
to your devices, you should apply a custom level of
application control to BYODs. If applications are available to
employees on the internal network, they should be able to
access them offsite through VPN or email software.
Your company’s security and BYOD can co-exist. And it
starts with planning. Here’s how [7]:
1. Identify the risk elements that BYOD introduces
 Measure how the risk can impact your business
 Map the risk elements to regulations, where
applicable.
2. Form a committee to embrace BYOD and understand
the risks, including:
 Business stakeholders
 IT stakeholders
 Information Security stakeholder
3. Decide how to enforce policies for devices connecting
to your network
 Mobile devices (smartphones)
 Tablets (e.g., iPad)
 Portable computers (laptops, netbooks, ultrabooks)

Fig 3: BYOD Trends (source: www.tuinnovates.com)

The first and best defense in securing BYODs begins with
the same requirements you apply to devices that are already
on your network. These security measures include:
 Enforcing strong passcodes on all devices
 Antivirus protection and data loss prevention (DLP)
 Full-disk encryption for disk, removable media and
cloud storage
 Mobile device management (MDM) to wipe sensitive
data when devices are lost or stolen
One should always extend encryption to both data in
transit and data at rest. Protecting your devices with strong
passwords means you make it incredibly difficult for someone
to break in and steal data. But if somehow your device-level
password is compromised, encrypting the data stored on the
device provides a second level of security a hacker must get
through in order to steal your data.
One should encourage users to think of the extra layers of
security as helpful tools that give them the ability to use their
own devices within the workplace. By password protecting

4. Build a project plan to include these capabilities:
 Remote device management
 Application control
 Policy compliance and audit reports
 Data and device encryption
 Augmenting cloud storage security
 Wiping devices when retired
 Revoking access to devices when end-user
relationship changes from employee to guest
 Revoking access to devices when employees are
terminated by the company
5. Evaluate solutions
 Consider the impact on your existing network
 Consider how to enhance existing technologies prior
to next step
6. Implement solutions
 Begin with a pilot group from each of the
stakeholders' departments
 Expand pilot to departments based on your
organizational criteria
 Open BYOD program to all employees.
7. Periodically reassess solutions
 Include vendors and trusted advisors
 Look at roadmaps entering your next assessment
period
 Consider cost-saving group plans if practical.
Registration number: CUPB/MTECH-CS/SET/CST/2013-2014/01
VI. CONCLUSION
The concept of BYOD is a topic that Business is
embracing for its flexibility and cost savings. Delivering a
corporate BYOD policy will be the foundation for further
BYOD initiates and allow the company to remain competitive.
The reason according to which many companies are
embracing the BYOD phenomenon instead of discouraging it
is simple, and always the same: it improves their productivity
and reduces costs. The BYOD policy initiative was a small
project that produced a Deliverable that the company will use
to spawn other projects. Projects should be temporary
endeavors with a defined start and end date, along with an
objective.
A successful BYOD program allows your users to be
productive outside of their scheduled work hours while also
giving them the flexibility to do the things they like to do
when they’re not working—like update their status or enjoy
playing an interactive game. Whatever decision you make for
your BYOD policy, be sure that it’s enforceable and enables
IT to deploy software remotely.[7]
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]

[9]

[10]

[11]

[12]

K. W. Miller, J. Voas, G. F. Hurlburt, BYOD: Security and Privacy
Concerns, 2013
L. Phifer, Contributor in http://searchsecurity.techtarget.com, BYOD
security strategies: Balancing BYOD risks and rewards, Jan 28, 2013
T. Bradley, Pros and cons of bringing you own devices to work,
PCWorld, Dec. 20, 2011, Accessed on Nov 28 2013.
White paper, BYOD Security Challenges in Education: Protect the
Network, Information, and Student, Cisco, 2012
D. Wiech, The Benefits And Risks Of BYOD, Jan 28, 2013.
A. Scarfò, New security perspectives around BYOD, IEEE 978-07695-4842-5/12, 2012
G. Eschelbeck, BYOD Risks and Rewards , A Sophos Whitepaper,
2013
"IBM:
Sorry,
Siri.
You're
Not
Welcome
Here”,http://www.informationweek.com/news/security/mobile/2400008
82, InformationWeek, Accessed on Nov 27, 2013
IBM BYOD -- Bring Your Own Device -- United States
http://www.ibm.com/mobilefirst/us/en/bring-your-owndevice/byod.html, Accessed on Nov 28, 2013
10
myths
of
BYOD
in
the
enterprise.
http://www.techrepublic.com/blog/10-things/10-myths-of-byod-in-theenterprise/, TechRepublic, Accessed on Nov 28, 2013
Happiness Is ... Bringing Your Own Computer Devices to Work.
<http://www.retailwire.com/discussion/16188/happiness-is-bringingyour-own-computer-devices-to-work> Retailwire, Accessed on Nov.
27, 2013
SearchCompliance.com's IT Compliance FAQ series, Oct 25 2013,
Accessed on Nov 27, 2013.

CBS.504

Weitere ähnliche Inhalte

Was ist angesagt?

Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)k33a
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)Michael W. Chitwa
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
IBM Connect 2013: BYOD at IBM
IBM Connect 2013: BYOD at IBMIBM Connect 2013: BYOD at IBM
IBM Connect 2013: BYOD at IBMChris Pepin
 
BYOD Security
BYOD SecurityBYOD Security
BYOD SecurityHexnode
 
Wp byod
Wp byodWp byod
Wp byodJ
 
How To Do BYOD Right
How To Do BYOD RightHow To Do BYOD Right
How To Do BYOD RightRapidScale
 
Aerohive whitepaper-byod-and-beyond
Aerohive whitepaper-byod-and-beyondAerohive whitepaper-byod-and-beyond
Aerohive whitepaper-byod-and-beyondJ
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesCisco Canada
 
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCloudIDSummit
 
The Financial Impact of BYOD Full Presentation
The Financial Impact of BYOD Full PresentationThe Financial Impact of BYOD Full Presentation
The Financial Impact of BYOD Full PresentationCisco Services
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessDMIMarketing
 
IS3101 Tutorial Task 2
IS3101 Tutorial Task 2IS3101 Tutorial Task 2
IS3101 Tutorial Task 2J M
 
Mobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefitsMobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefitsWaterstons Ltd
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesChris Pepin
 
Bring Your Own Device - DesktopDirect by Array Networks
 Bring Your Own Device - DesktopDirect by Array Networks Bring Your Own Device - DesktopDirect by Array Networks
Bring Your Own Device - DesktopDirect by Array NetworksIntellicomp GmbH
 
5 Essential Tips for Creating An Effective BYOD Policy
5 Essential Tips for Creating An Effective BYOD Policy5 Essential Tips for Creating An Effective BYOD Policy
5 Essential Tips for Creating An Effective BYOD PolicyKaseya
 

Was ist angesagt? (20)

Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Bring Your Own Device
Bring Your Own Device Bring Your Own Device
Bring Your Own Device
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
IBM Connect 2013: BYOD at IBM
IBM Connect 2013: BYOD at IBMIBM Connect 2013: BYOD at IBM
IBM Connect 2013: BYOD at IBM
 
BYOD Security
BYOD SecurityBYOD Security
BYOD Security
 
BYOD
BYODBYOD
BYOD
 
Wp byod
Wp byodWp byod
Wp byod
 
How To Do BYOD Right
How To Do BYOD RightHow To Do BYOD Right
How To Do BYOD Right
 
Aerohive whitepaper-byod-and-beyond
Aerohive whitepaper-byod-and-beyondAerohive whitepaper-byod-and-beyond
Aerohive whitepaper-byod-and-beyond
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
 
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
 
The Financial Impact of BYOD Full Presentation
The Financial Impact of BYOD Full PresentationThe Financial Impact of BYOD Full Presentation
The Financial Impact of BYOD Full Presentation
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for Success
 
IS3101 Tutorial Task 2
IS3101 Tutorial Task 2IS3101 Tutorial Task 2
IS3101 Tutorial Task 2
 
Mobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefitsMobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefits
 
ACT 2014 Business or Pleasure the Challenges of Bring Your Own Device Policie...
ACT 2014 Business or Pleasure the Challenges of Bring Your Own Device Policie...ACT 2014 Business or Pleasure the Challenges of Bring Your Own Device Policie...
ACT 2014 Business or Pleasure the Challenges of Bring Your Own Device Policie...
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
 
Bring Your Own Device - DesktopDirect by Array Networks
 Bring Your Own Device - DesktopDirect by Array Networks Bring Your Own Device - DesktopDirect by Array Networks
Bring Your Own Device - DesktopDirect by Array Networks
 
5 Essential Tips for Creating An Effective BYOD Policy
5 Essential Tips for Creating An Effective BYOD Policy5 Essential Tips for Creating An Effective BYOD Policy
5 Essential Tips for Creating An Effective BYOD Policy
 

Ähnlich wie BYOD: Implementation and Security Issues

BYOD- A Productivity Catalyst
BYOD- A Productivity CatalystBYOD- A Productivity Catalyst
BYOD- A Productivity CatalystPacket One
 
BYOD Blue Paper
BYOD Blue PaperBYOD Blue Paper
BYOD Blue Paper4imprint
 
Finding the value in byod capgemini consulting - digital transformation
Finding the value in byod   capgemini consulting - digital transformationFinding the value in byod   capgemini consulting - digital transformation
Finding the value in byod capgemini consulting - digital transformationRick Bouter
 
Byod (Bring your own device) in the professional world
Byod (Bring your own device) in the professional worldByod (Bring your own device) in the professional world
Byod (Bring your own device) in the professional worldKévin CÉCILE
 
Finding the value in BYOD
Finding the value in BYODFinding the value in BYOD
Finding the value in BYODCapgemini
 
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...Vishrut Shukla
 
5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD Implementation5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD ImplementationJumpCloud
 
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trendBring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trendMartin Perry
 
Bring Your Own Devices
Bring Your Own Devices Bring Your Own Devices
Bring Your Own Devices Vishwa Raj
 
BYOD - Highlights of "Consumerization"
BYOD - Highlights of "Consumerization"BYOD - Highlights of "Consumerization"
BYOD - Highlights of "Consumerization"NEORIS
 
The need for IT to get in front of the BYOD (Bring Your Own Device) problem
The need for IT to get in front of the BYOD (Bring Your Own Device) problemThe need for IT to get in front of the BYOD (Bring Your Own Device) problem
The need for IT to get in front of the BYOD (Bring Your Own Device) problemIron Mountain
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanShuja Ahmad
 
Consider byoc as part of desktop as service strategy
Consider byoc as part of desktop as service strategyConsider byoc as part of desktop as service strategy
Consider byoc as part of desktop as service strategyInfo-Tech Research Group
 
Executive Summary: Considering a BYOD Infrastructure
 Executive Summary: Considering a BYOD Infrastructure Executive Summary: Considering a BYOD Infrastructure
Executive Summary: Considering a BYOD InfrastructureMelissa Andrews
 
Making BYOD Work for Your Organization
Making BYOD Work for Your OrganizationMaking BYOD Work for Your Organization
Making BYOD Work for Your OrganizationCognizant
 
Developing more effective mobile enterprise programs
Developing more effective mobile enterprise programsDeveloping more effective mobile enterprise programs
Developing more effective mobile enterprise programsIBM Software India
 
Byod in the middle east
Byod in the middle eastByod in the middle east
Byod in the middle eastteam-abr
 

Ähnlich wie BYOD: Implementation and Security Issues (20)

BYOD- A Productivity Catalyst
BYOD- A Productivity CatalystBYOD- A Productivity Catalyst
BYOD- A Productivity Catalyst
 
BYOD Blue Paper
BYOD Blue PaperBYOD Blue Paper
BYOD Blue Paper
 
Finding the value in byod capgemini consulting - digital transformation
Finding the value in byod   capgemini consulting - digital transformationFinding the value in byod   capgemini consulting - digital transformation
Finding the value in byod capgemini consulting - digital transformation
 
BYOD in an Enterprise
BYOD in an EnterpriseBYOD in an Enterprise
BYOD in an Enterprise
 
Navigating the Flood of BYOD
Navigating the Flood of BYODNavigating the Flood of BYOD
Navigating the Flood of BYOD
 
Byod (Bring your own device) in the professional world
Byod (Bring your own device) in the professional worldByod (Bring your own device) in the professional world
Byod (Bring your own device) in the professional world
 
Finding the value in BYOD
Finding the value in BYODFinding the value in BYOD
Finding the value in BYOD
 
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...
 
5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD Implementation5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD Implementation
 
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trendBring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
 
Bring Your Own Devices
Bring Your Own Devices Bring Your Own Devices
Bring Your Own Devices
 
BYOD - Highlights of "Consumerization"
BYOD - Highlights of "Consumerization"BYOD - Highlights of "Consumerization"
BYOD - Highlights of "Consumerization"
 
Leveraging byod
Leveraging byodLeveraging byod
Leveraging byod
 
The need for IT to get in front of the BYOD (Bring Your Own Device) problem
The need for IT to get in front of the BYOD (Bring Your Own Device) problemThe need for IT to get in front of the BYOD (Bring Your Own Device) problem
The need for IT to get in front of the BYOD (Bring Your Own Device) problem
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in Pakistan
 
Consider byoc as part of desktop as service strategy
Consider byoc as part of desktop as service strategyConsider byoc as part of desktop as service strategy
Consider byoc as part of desktop as service strategy
 
Executive Summary: Considering a BYOD Infrastructure
 Executive Summary: Considering a BYOD Infrastructure Executive Summary: Considering a BYOD Infrastructure
Executive Summary: Considering a BYOD Infrastructure
 
Making BYOD Work for Your Organization
Making BYOD Work for Your OrganizationMaking BYOD Work for Your Organization
Making BYOD Work for Your Organization
 
Developing more effective mobile enterprise programs
Developing more effective mobile enterprise programsDeveloping more effective mobile enterprise programs
Developing more effective mobile enterprise programs
 
Byod in the middle east
Byod in the middle eastByod in the middle east
Byod in the middle east
 

Mehr von Harsh Kishore Mishra (12)

Wormhole attack
Wormhole attackWormhole attack
Wormhole attack
 
Intellectual Property Rights : Indian Perspective
Intellectual Property Rights : Indian PerspectiveIntellectual Property Rights : Indian Perspective
Intellectual Property Rights : Indian Perspective
 
IEEE 802.11ac Standard
IEEE 802.11ac StandardIEEE 802.11ac Standard
IEEE 802.11ac Standard
 
Big Data: Issues and Challenges
Big Data: Issues and ChallengesBig Data: Issues and Challenges
Big Data: Issues and Challenges
 
Big data
Big dataBig data
Big data
 
Role of MicroRNA in Phosphorus Defficiency
Role of MicroRNA in Phosphorus DefficiencyRole of MicroRNA in Phosphorus Defficiency
Role of MicroRNA in Phosphorus Defficiency
 
Windows 8: inside what and how
Windows 8: inside what and howWindows 8: inside what and how
Windows 8: inside what and how
 
Windows 7 Versions Features
Windows 7 Versions FeaturesWindows 7 Versions Features
Windows 7 Versions Features
 
Software Testing and UML Lab
Software Testing and UML LabSoftware Testing and UML Lab
Software Testing and UML Lab
 
Network security
Network securityNetwork security
Network security
 
Intellectual Property Rights
Intellectual Property RightsIntellectual Property Rights
Intellectual Property Rights
 
Windows 8 CP
Windows 8 CPWindows 8 CP
Windows 8 CP
 

Kürzlich hochgeladen

The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 

Kürzlich hochgeladen (20)

The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 

BYOD: Implementation and Security Issues

  • 1. Registration number: CUPB/MTECH-CS/SET/CST/2013-2014/01 CBS.504 BYOD: Implementation and Security Issues Harsh Kishore Mishra M.Tech. Cyber Security Centre for Computer Science & Technology Central University of Punjab, Bathinda (Punjab) harshmishra@engineer.com Abstract— Bring own device (BYOD) (also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC)) refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications. BYOD has the economic advantage of the employee providing his or her own equipment, which normally results in a happier user base. The bring-your-own-device movement has enticed organizations that pursue BYOD to increase productivity, improve morale and possibly even reduce capital costs. The disadvantages are the security risks of allowing an unknown system onto the corporate network, data security, ownership and customer protection. Creating a policy to address BYOD will affect the company in several areas because all policies require review, approval, updating and awareness. Policies are auditable items that a company has to demonstrate adherence. Keywords— BYOD, Business Privacy Issues, BYOT, BYOD Policy, Information Security I. WHAT IS BYOD: AN INTRODUCTION The term BYOD was mentioned in a paper by Ballagas et al., at UBICOMP 2005. BYOD first entered in 2009, courtesy of Intel when it recognized an increasing tendency among its employees to bring their own devices to work and connect them to the corporate network Most people associate Smartphone’s with the term BYOD, but in reality BYOD comprises not only Smartphone but also employee-owned computing devices. The term is also used to describe the same practice applied to students using personally owned devices in education settings.. However, it took until early 2011 before the term achieved any real prominence when IT services provider Unisys and software vendors VMware and Citrix Systems started to share their perceptions of this emergent trend. The Bring Your Own Device model/paradigm, a side effect of consumerization, is now widely adopted to refer to mobile workers bringing their own mobile devices, with their data and applications, into their workspace for both working and personal use. Some believe that BYOD may help employees be more productive. Others say it increases employee morale and convenience by using their own devices and makes the company look like a flexible and attractive employer.[11] II. BYOD TRENDS A company can also see improved productivity from an employee with BYOD as it allows for the ability to easily take the device home and work. In most cases, businesses simply can't block the trend. The concept of BYOD is a topic that Business is embracing for its flexibility and cost savings. BYOD is making significant inroads in the business world, with about 75% of employees in high growth markets such as Brazil and Russia and 44% in developed markets already using their own technology at work.[10] Many feel that BYOD can even be a means to attract new hires, pointing to a survey that indicates 44% of job seekers view an organization more positively if it supports their device. Many industries are adopting BYOD quicker than others. A recent study by Cisco partners of BYOD practices stated that the education industry has the highest percentage of people using BYOD for work at 95.25. A study[9] by IBM says that 82% of employees think that smart phones play a critical role in business. The study also shows benefits of BYOD include increased productivity, employee satisfaction and cost savings for the company. Furthermore, 88% of IT leaders see BYOD growth and 76% consider it extremely positive.[6] What it’s also evident is that BYOD is related to some trends that make it desirable: cloud computing and work-shifting. The improvement of the bandwidth availability, mainly in nomadic environments, and the growth of cloud computing services make possible to move the work where it is desired. However, BYOD is built on devices that the company explicitly does not own. In 2011, 57 percent of North American, Asian, and European workers reported they selected and paid for their own smartphones— 51 percent did so with a laptop, 48 percent with a tablet, and only 16 percent procured their own desktop computer.[1] The reason according to which many companies are embracing the BYOD phenomenon instead of discouraging it is simple, and always the same: it improves their productivity and reduces costs. Why? Basically because employees have more opportunities to collaborate, so that using preferred devices means greater job satisfaction and a more effective utilization. Accordingly, BYOD can become the “silver bullet” in terms of productivity improvement, especially for some roles and activities where mobility is a strong enabler for the adoption of new business models.
  • 2. Registration number: CUPB/MTECH-CS/SET/CST/2013-2014/01 III. BYOD ADVANTAGES A. Increased Productivity The use of technology at work has increased significantly over the past few years as using paper and manual processes continue to decrease. Increased productivity comes from a user being more comfortable with their personal device, being an expert user makes navigating the device easier, increasing productivity. Employee satisfaction, or job satisfaction, occurs with BYOD by allowing the user to use the device they have selected as their own rather than one selected by the IT team. It also allows them to carry one device as opposed to one for work and one for personal. A company can also see improved productivity from an employee with BYOD as it allows for the ability to easily take the device home and work. Though technology increases overall productivity, research also shows that employees are even more productive if the device they use is their own. In education, for example, schools have increasingly taken to using technology in the classroom by providing students with tablets and computers. Recent research has shown that this type of learning allows students to be more interactive and engaged in the learning process. B. Lower Cost to the Company Though the use of technology is a benefit to employers as it without a doubt makes employees more productive, the cost to companies that purchase a large number of computers or tablets is a tremendous financial commitment. Most of the technology used by organizations is only current and up to date for a certain, limited period of time and then becomes obsolete and in need of replacement. By allowing employees to bring, and use, their own devices, they can always have upto-date technology without the company constantly incurring the costs for new models. For many, this practice has been extremely beneficial as many budgets are being cut and organizations are forced to trim spending. BYOD shift costs from the company to the user and allows employees to use their own devices. BYOD policies also allow employees to use the technology that they are comfortable with and that they prefer, rather than what the company dictates they them. Users also may upgrade their devices to the newest features more frequently than what the company can afford to budget for on an ongoing basis.[5] C. New Cutting edge Technology The companies with BYOD models are requiring employees to cover all costs -- and they are happy to do so. That brings us to the second significant benefit: worker satisfaction. Users have the laptops and smartphones they have for a reason -– those are the devices they prefer, and they like them so much they invested their hard-earned money in them. Of course they’d rather use the devices they love rather than being stuck with laptops and mobile devices that are selected and issued by the IT department. There are two corollary advantages that come with BYOD as well. First, Personal devices are often more cutting edge as company CBS.504 technology refreshes don’t happen as often. BYOD devices tend to be more cutting edge, so the organization gets the benefit of the latest features and capabilities. Additionally, Users also upgrade to the latest hardware more frequently than the painfully slow refresh cycles at most organizations.[3] D. Attract and retain talent: In a 2012 survey of government employees by Forrester, 52 percent said that using their own devices for work increased job satisfaction. And 44 percent indicated they would be more likely to work for an employer that allowed them to bring their own device to work. IV. ISSUES IN BYOD BYOD isn’t all wine and roses, though. There are some issues to consider as well. Clearly, people today are in love with their mobile devices—and many of them want their workplace training delivered on those devices. But while BYOD (Bring Your Own Device) training is tempting, the risks can be high. By embracing BYOD, organizations lose much of the control over the IT hardware and how it is used.[3] Fig 1: Poll results about BYOD Source: www.techweekeurope.uk A. Security Issues When an employee attaches a personal smartphone or tablet to an organizational network or machine (be it wired or wireless), it makes sense to worry about overall security. First, as soon as external (personal) devices are attached, malware could migrate from the personal device into the company’s machines and over the company’s networks. In the other direction, sensitive data is likely to make its way onto the personal devices. This data could include customer information that should be kept private and company information that should be kept proprietary. When that kind of information walks out the door on a daily basis, bad things can happen, especially if the device is subsequently lost or stolen. Furthermore, the number of personal devices has gone far beyond the number of laptops or net-books that were brought into and out of the office. [1]
  • 3. Registration number: CUPB/MTECH-CS/SET/CST/2013-2014/01 There’s another, less physical aspect that makes personal devices typically less secure than laptops. In particular, when the company owned the laptops, it usually enforced its security policies on those machines, requiring passwords and encrypting sensitive data. However, BYOD is built on devices that the company explicitly does not own. When employees use their own devices without constraint, however, they are susceptible to unsecure networks, application downloads and data. They are also more likely to visit dubious websites and sometimes forget the devices in places such as on a train or at a bar, creating more BYOD security concerns. With employee-owned devices, the hardware itself may be lost or stolen, leaving company data and networks vulnerable.[2] BYOD increases the risk of having a security breach of important data. When an employee leaves the company, they do not have to give back the device, so company applications and other data may still be present on their device. This can lead to some company data being unsecure. Fig. 2: Security is crucial BYOD Challenge In May 2012, IBM banned its 400,000 employees from using two popular consumer applications over concerns about data security. The company banned cloud storage service Dropbox, as well as Apple’s personal assistant for the iPhone, Siri. Siri listens to spoken requests and sends the queries to Apple’s servers where they are deciphered into text.[8] There are also certain compliance regulations that businesses have to follow, such as HIPPA or GLBA, which are difficult to enforce when a device is not owned by the company The U.S. government addressed these and other challenges in 2012, issuing a BYOD "toolkit" for federal agencies.[2] B. Privacy Issues Although security seems to be the major concern when discussing BYOD and BYOT, the issue of privacy seems overlooked and potentially the more important. Mobile devices contain a wealth of data that a user might deem private, and if personal data is co-mingled with the employer data on the same device, how are the barriers implemented between personal and employer data? Currently, little attention has been paid to this issue, but that’s a problem that will need to be addressed if BYOD and CBS.504 BYOT become adapted widely, particularly if companies begin to mine the data available on their employee’s personal devices. Likewise, a government-maintained registry of all smartphones and tablets incurs potential and significant privacy implications should it become breached or overtaken without warrant.[1] Organizations have an obligation to safeguard their sensitive data, but they have to be careful not to violate employee privacy when doing so. Employee behavior on corporate-owned devices and networks can be monitored, but the same measures may raise privacy and security concerns if employees are using their own devices. Similarly, remote wiping of lost or stolen personal devices "becomes complicated from a legal and cultural point of view," Gartner researchers noted in a 2012 study. If a user hasn't authorized personal data to be wiped, the organization could face liability. Selective wiping may create less of a privacy red flag, but Gartner found that it "is proving to be difficult in ensuring that all business data, and only business data, has been deleted from the device." When users are given the option of participating in a BYOD program, Gartner recommends that they be required to give explicit, written consent to data deletion in the case of a lost, stolen or compromised device. C. Implementation Issues 1) Infrastructure Issues: Different types of devices operate at different speeds and with different operating systems. This can be difficult for an IT department to set up and maintain infrastructure to support different device needs. Also, if employees are able to bring their own devices, there will be many more devices used than what would be if the company was providing them. Employees might bring all of their phones, tablets and computers to work, meaning there will be much more strain on the company’s Wi-Fi and network.[5] 2) No control over what is on device: Organizations have no control over what types of applications are put on the device, which makes it very difficult to enforce security. Though employees probably would not download games or other entertainment applications on their work computer, in the case of BYOD, since the device is their own and also used for pleasure, they will certainly download numerous types of personal applications on the device. 3) Support of many different devices: Since it is not one standard device that everyone is using, the IT department will need to support many different types of devices and operating systems. This makes it very difficult to mitigate an issue with a device when the user needs assistance.[5] V. BYOD SECURITY POLICY In BYOD environments, the network needs the intelligence to: • Automate enforcement of access policy, based on the context, including who is making the request, when, how they are accessing the network (wired, wireless, or VPN), and with what device.
  • 4. Registration number: CUPB/MTECH-CS/SET/CST/2013-2014/01 • Automatically detect and mitigate web-based threats, which can lead to security breaches or degrade wireless network performance. • Make sure that private information, such as grades, tests, and salary information, is not compromised if a personal device is lost or stolen. • Minimize management overhead by unifying policy definition on all networks, and providing ready visibility into the activity of all devices currently connected to the campus network. • Protect the IT infrastructure, whether it’s physical, virtualized or in the cloud.[4] CBS.504 devices, a user acknowledges accountability and responsibility for protecting their data. In addition to applying passcodes and antivirus prevention to your devices, you should apply a custom level of application control to BYODs. If applications are available to employees on the internal network, they should be able to access them offsite through VPN or email software. Your company’s security and BYOD can co-exist. And it starts with planning. Here’s how [7]: 1. Identify the risk elements that BYOD introduces  Measure how the risk can impact your business  Map the risk elements to regulations, where applicable. 2. Form a committee to embrace BYOD and understand the risks, including:  Business stakeholders  IT stakeholders  Information Security stakeholder 3. Decide how to enforce policies for devices connecting to your network  Mobile devices (smartphones)  Tablets (e.g., iPad)  Portable computers (laptops, netbooks, ultrabooks) Fig 3: BYOD Trends (source: www.tuinnovates.com) The first and best defense in securing BYODs begins with the same requirements you apply to devices that are already on your network. These security measures include:  Enforcing strong passcodes on all devices  Antivirus protection and data loss prevention (DLP)  Full-disk encryption for disk, removable media and cloud storage  Mobile device management (MDM) to wipe sensitive data when devices are lost or stolen One should always extend encryption to both data in transit and data at rest. Protecting your devices with strong passwords means you make it incredibly difficult for someone to break in and steal data. But if somehow your device-level password is compromised, encrypting the data stored on the device provides a second level of security a hacker must get through in order to steal your data. One should encourage users to think of the extra layers of security as helpful tools that give them the ability to use their own devices within the workplace. By password protecting 4. Build a project plan to include these capabilities:  Remote device management  Application control  Policy compliance and audit reports  Data and device encryption  Augmenting cloud storage security  Wiping devices when retired  Revoking access to devices when end-user relationship changes from employee to guest  Revoking access to devices when employees are terminated by the company 5. Evaluate solutions  Consider the impact on your existing network  Consider how to enhance existing technologies prior to next step 6. Implement solutions  Begin with a pilot group from each of the stakeholders' departments  Expand pilot to departments based on your organizational criteria  Open BYOD program to all employees. 7. Periodically reassess solutions  Include vendors and trusted advisors  Look at roadmaps entering your next assessment period  Consider cost-saving group plans if practical.
  • 5. Registration number: CUPB/MTECH-CS/SET/CST/2013-2014/01 VI. CONCLUSION The concept of BYOD is a topic that Business is embracing for its flexibility and cost savings. Delivering a corporate BYOD policy will be the foundation for further BYOD initiates and allow the company to remain competitive. The reason according to which many companies are embracing the BYOD phenomenon instead of discouraging it is simple, and always the same: it improves their productivity and reduces costs. The BYOD policy initiative was a small project that produced a Deliverable that the company will use to spawn other projects. Projects should be temporary endeavors with a defined start and end date, along with an objective. A successful BYOD program allows your users to be productive outside of their scheduled work hours while also giving them the flexibility to do the things they like to do when they’re not working—like update their status or enjoy playing an interactive game. Whatever decision you make for your BYOD policy, be sure that it’s enforceable and enables IT to deploy software remotely.[7] REFERENCES [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] K. W. Miller, J. Voas, G. F. Hurlburt, BYOD: Security and Privacy Concerns, 2013 L. Phifer, Contributor in http://searchsecurity.techtarget.com, BYOD security strategies: Balancing BYOD risks and rewards, Jan 28, 2013 T. Bradley, Pros and cons of bringing you own devices to work, PCWorld, Dec. 20, 2011, Accessed on Nov 28 2013. White paper, BYOD Security Challenges in Education: Protect the Network, Information, and Student, Cisco, 2012 D. Wiech, The Benefits And Risks Of BYOD, Jan 28, 2013. A. Scarfò, New security perspectives around BYOD, IEEE 978-07695-4842-5/12, 2012 G. Eschelbeck, BYOD Risks and Rewards , A Sophos Whitepaper, 2013 "IBM: Sorry, Siri. You're Not Welcome Here”,http://www.informationweek.com/news/security/mobile/2400008 82, InformationWeek, Accessed on Nov 27, 2013 IBM BYOD -- Bring Your Own Device -- United States http://www.ibm.com/mobilefirst/us/en/bring-your-owndevice/byod.html, Accessed on Nov 28, 2013 10 myths of BYOD in the enterprise. http://www.techrepublic.com/blog/10-things/10-myths-of-byod-in-theenterprise/, TechRepublic, Accessed on Nov 28, 2013 Happiness Is ... Bringing Your Own Computer Devices to Work. <http://www.retailwire.com/discussion/16188/happiness-is-bringingyour-own-computer-devices-to-work> Retailwire, Accessed on Nov. 27, 2013 SearchCompliance.com's IT Compliance FAQ series, Oct 25 2013, Accessed on Nov 27, 2013. CBS.504