Bring Your Own Device (BYOD) has a tempt affect on the present work place which not only boost the company production and revenue but also cut cost at the same time. This term also invites other relevant concerns like bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC) means the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace. The concept of BYOD broadens when BYOS (Bring Your Own Software ) introduced which include software and services, as employees use cloud services and other tools on the web. The devices will get the privileged to access the company information and applications without altering the ownership of the device. The term is also used to describe the same practice applied to students using personally owned devices in education settings in an interactive classroom environment. BYOD and BYOD Security is becoming a common rule rather than the exception in today’s workplace. BYOD may be a convenience to the employee though a company needs to think about its impact on corporate security models. While adopting BYOD in workplace, the issue eventually will arise how the data will be protected.
Starting from 2009, 60% employees of present day business world adopting BYOD. A BYOD policy and BYOD Security was introduced by the Equal Employment Opportunity Commission of USA as the line between workplace and home is becoming indistinct. These policies concentrate on the issues such as if the employee lost the device or leave the job or the damage liability issue. The time has never been better to offer a secure BYOD program that maximizes the productivity of employees. Although a firm partition between personal and business data to protect confidential information and other programs with total confidence is an absolute need.
Why to have BYOD & BYOD Security
- Cut device carrier costs and block unauthorized devices from the company network by leveraging secured Network Operations Center (NOC)
- Companies can take an advantage of newer technology faster
- Employees may take better care of devices as the device is their own property and generating earnings
- Employees can decide on the technology they wish to use rather than using whatever the company chooses. This may improve self-esteem and productivity.
- Exclusive control of features that is given to the employee
- Ensure successful deployment and adoption, through a structured program and change management approach
- Improve user productivity by providing access to secure collaboration solutions (e mail, PIM, calendar), intranet, and in-house or third-party mobile applications .
- Protect user’s privacy and critical information by using legal security container to separate personal and company data
- Saves money on high- priced devices that company would normally purchase for employees
Is it really ‘bring your own danger’ ‘bring your own disaster’?
- Company information is often less secured than it would be on a company- controlled device
- Due to security issues, employees often do not have true control over their devices, as the company they work for, must ensure that proprietary and private information is always secure like BYOD Security
- It is an out- of- pocket expense for employees. They may be responsible for repairs if their devices were damaged or broken
What BYOD means for security
Introducing BYOD partially depends on the morale of the employee.
As a Director/CEO of a company ask yourself:
- Who owns the device? (Employee’s concern)
- Who manages and secures the device? (Company’s concern)
It’s risky to prohibit personal devices present day workplace as because employees end up using their own devices anyway to meet the deadline, unmonitored and undeterred by company security policies. Whatever company thinks of BYOD Security and however company chooses to implement it, IT managers should treat it the same way as any introduction of new technology; with a controlled and predictable deployment.
8 Steps to a BYOD security plan
Company’s security and BYOD security can co-exist. And it starts with planning which should include Employee’s concern and company’s concern. Here’s how:
1. Decide which devices will your company allow to connect to your network (Employee’s and company’s concern)
- Mobile devices (smart phones),Tablets (e.g., iPad), Portable computers (laptops, netbooks, ultrabooks)
- Map the risk elements to regulations, where applicable
- Measure how the risk can impact your business
2. Build a project plan to include these capabilities (Employee’s and company’s concern)
- Define Operating System (OS)
- Boosting cloud storage security
- Data and device encryption
- Policy compliance and audit reports
- Remote device management
- Upgrading or wiping devices when retired
3. Revoke access to devices when end-user relationship changes from employee to guest or terminated by the company
4. Determine who has network access based on who, what, where and when
5. Form a committee to introduce BYOD and educate about the policy including
- Business stakeholders
- IT stakeholders
- Information security stakeholders
6. Evaluate implementation (Employee’s and company’s concern)
- Consider the impact on existing network
- Consider how to enhance existing technologies prior to next step
7. Open BYOD program to all employees and control access based on need to know
8. Periodically reassess solutions including vendors and trusted advisors
- Look at roadmaps entering your next assessment period
- Consider cost-saving group plans if practical
As BYOD Security goes main stream in IT departments, security should be front and center for users and IT administrators alike.
To ensure BYOD Security (IT concern)
The first and best defense in securing BYODs begins with the same requirements applied to devices that are already on the network. These security measures include:
- Enforcing strong pass codes on all devices
- Antivirus protection and data loss prevention (DLP)
- Full-disk encryption for disk, removable media and cloud storage
- Mobile device management (MDM) to wipe sensitive data when devices are lost or stolen
- Application control
Outside of the IT department, most users think that viruses are the only threat to their devices. Many believe that malware doesn’t affect mobile devices at all. An educated user is a safer user. User awareness is the most important security measure which might sound trivial but it might be the most important non-hardware, non-software solution available. Not only does user education make the user aware of all the potential dangers of BYOD device, it also places a lot of the responsibility for corporate security onto the user.
Adopting BYOD and BYOD Security
BYOD is all about allowing employees to do their jobs and be as productive as possible – which is why it’s being embraced by more and more companies. The Middle East companies have one of the highest adoption rates of the practice worldwide in 2019. According to research by Logicalis, USA, high- growth markets (including Brazil, Russia, India, UAE, and Malaysia) demonstrate 75% employees are allowed to use their own device at work.
But making BYOD Security work is not as precise as it once was when the company owned the assets and could make the rules. In June 2012, IBM banned its 400,000 employees from using two popular consumer applications over concerns about data security. The company banned cloud storage service Dropbox, as well as Apple’s personal assistant for the iPhone, Siri. A company can’t just set up BYOD based on a picture of security risks and employee needs at a single point in time. A continuous check for vulnerabilities is required. The changing needs and potentially of employees should be able to modify BYOD Security & policy to reflect the changing needs of employees as well as evolving security threats.
A successful BYOD program allows the users to be productive outside of their scheduled work hours while also giving them the flexibility to do the things they like to do when they’re not even working in their workplace – like update their status or enjoy playing an interactive game. Whatever decision you make for your BYOD policy, be sure that it’s enforceable and enables IT to deploy software remotely. Remember BYOD is to make your company profitable not to make you an economic failure due to the outflow of information.