Bring Your Own Device:
The Advantages and Disadvantages of BYOD Network Policies Benjamin Fuller
Introduction
The world of mobile devices continues to expand year after year, as more consumers seek out the newest smartphones, tablets, and laptop computers. The proliferation of so much mobile technology has given consumers access to unquantifiable nodes of information streaming across the Internet, WLAN, and other networks. People are beginning to use their own, more familiar devices for both personal and professional work, blurring the line between work and play. More and more employees have the ability to telecommute from home, connecting to their office via an ISP. More employers are even encouraging employees to keep in touch with email servers and test messages by utilizing their personal smart phones and tablets.
The trend of bringing your own device to work was first formally realized by Intel in the late 2000’s. Always attempting to stay abreast of new technologies, Intel managers began to examine the behavior of some of their employees as they sought to bring new smart devices into the work place to carry out their duties. The trend originated as a result of employees’ shifting attitudes towards their work and how it occupied their physical office space. Employees would express their opinions that if they were able to engage in work place activities on their mobile devices from the comfort of their own homes, they could be able to carry out their jobs more efficiently and effectively (Assing and Cale, 2013). Employers recognized the value of allowing employees to utilize their own devices, and even encouraged the practice under the idea that a balance could be achieved between both home and work life.
In countries where access to smart devices has become the norm, employers have adjusted information technology practices and policies to accommodate incoming personal devices. The BYOD concept has attracted many followers the world over, altering the very landscape of information technology and the security of sensitive information (Hoboken and
Longo, 2013). BYOD allows employees to make use of personal devices to access privileged information and other potentially sensitive application. It is a part of a larger trend called the Consumerization of IT. It is indicative of the larger movement of employees brining popular consumer market technologies both at home and in the work place. While Consumerization of IT deals with the broader aspect of the inclusion of consumer electronics, like online services, cloud storage, web-based email services, and social media, BYOD focuses strictly on the integration of consumer grade smartphones and tablet PCs into the workplace. The Consumerization of IT, and with it the concept of BYOD, raises a number of IT security concerns. Understanding the benefits and detriments of implementing BYOD policies in the work place is essential for a modernIT department.
Advantages
More employees are finding that smartphones and tablet pcs play a critical part of their day to day business. The added mobility h also prompted more employees to support the idea that BYOD increases their productivity, boots their job satisfaction, and ultimately saves their company from purchasing hardware that would only be used in a physical office space. BYOD is, in general, less costly than purchasing new equipment for employees because companies may have a “hands-off approach (Scardilli, 2014).” A corporation’s ability to service and handle all of the questions that accompany their own personal equipment can also be an additional burden to IT departments. Employees can handle their own devices and use the ones that work best for their needs, both personally and professionally. According to Scardilli, ‘ultimately, the
employee does not care what device they’re using, they just want to have their stuff (2014).” Employees report that they are more familiar with their personal devices, which adds to the ease and comfort of conducting day to day work. Overall, both employers and employees laud the
opportunity to see increased productivity from the implementation of BYOD policies in the workplace, with the especially useful advantage of conducting work after normal business hours. According to a study conducted by Thompson, “three in 10 young professionals admit that the absence of remote access would influence their job decisions (2012).” Implementing a policy of BYOD can allow corporations to attract new and diverse talent that would otherwise consider more flexible working conditions. More organizations are beginning to understand that if they cannot implement Consumerisation of IT, and especially BYOD, into their workplace, they cannot stay maintain and attract the workforce that will keep them competitive and innovative.
Security and Management
The greatest threat BYOD smartphones and tablets pose is that organizational data is being delivered directly to devices that are not directly managed by the company’s IT
department. The exposure of sensitive data can be incredibly detrimental to an organization’s ability to operate and stay competitive. The security of data accessed through consumer smartphones and tablets through BYOD policies is a critical aspect of implementing modern networks. There are a number of network vulnerabilities, which include (1) access to the network itself, (2) vulnerabilities of the various mobile devices that may be used by employees, and (3) negligence on the part of the members of the organization.
IT Department, Policies, and the Endpoint
The devices used to log into an organization’s network have the potential to become gateways for cyber-attacks phishing for sensitive information. “Key loggers, malware and cyber-attacks have greatly increased the potential for unauthorized access to, and information theft from, endpoints (Morrow, 2012).” IT departments should mitigate the security at the
endpoint devices, which in the case of BYOD can be virtually any personal device an employee uses to access the network. The consequences of a lack of security could include data leakage or the entrance of malware into the system. Organizations must find ways to control the data once it has reached its final destination in order to prevent any intentional or accidental misuse by the employee. The adoption of some sort of coverage solution is critical to maintaining network integrity. According to Giffin, “that’s very challenging to do if you’re managing your computers with one system and managing your mobile devices with another (2014).” Blocking certain applications while employees have access to the network, like Facebook or Dropbox, may keep corporate date confined to the specific applications for which they are intended.
Mobile Device Vulnerabilities
Surveys indicate that of all employees making use of an organizations BYOD policies, 64% will report that proprietary or sensitive data was either lost or stolen (Morrow, 2012). With upwards of 3 billion new mobile devices expected to be shipped in 2015, there is reason to be concerned that sensitive information could become the target of malicious apps and other vulnerabilities (Morrow, 2012). According to a Symantec’s study in 2011, more than half of all Android threats collect some sort of data from the host device or tracks their activities (Morrow, 2012). The wide appeal of smart phones has led to a number of applications to be released. These range anywhere from games to organizational software. With BYOD, users are still free to install a variety of applications that may collect sensitive data about the device, its owner, or other sensitive information that may be stored away. These unmanaged devices can become the target of information leaks or hostile activity without the employee being aware of the situation. Employees must be aware of the applications they install and the permissions these programs request one on the mobile device. Knowing and understanding the terms and conditions of the
application will allow employees to make appropriate judgments when using their personal device for both work and play.
“What mobile malware does with your phone”
Morrow, B. (2012).
Training and Employee Responsibility
Network administrators must go out of their way to establish sound policies that encourage good behavior among employees making use of BYOD programs. Organizations might want to include rules regarding passwords, and prohibit users from sharing them with friends or relatives. Passwords used to enter the organization’s network should “bear no resemblance to a spouse’s name, pet’s name, birthdate, anniversary, or other widely available
information (Dean, 2003).” Network administrators should also ensure that only authorized users have access to the resources needed, and prohibit other employees from accessing workgroups or files that are impertinent to their own work. More than half of breaches are caused by human error (Dean, 2003). Intruders can use social engineering and snooping to obtain sensitive passwords or information. Employees must be aware of their responsibilities while accessing organizational information while making use of their personal devices.
Conclusion
The duty of maintaining network security in the midst of a world with tablet pcs and smartphones is shared among both IT professionals and the employees that participate in BYOD programs. Serious security vulnerabilities are exposed as organizations continue to allow foreign devices to connect to their sensitive computer networks. However, the benefit of allowing
employees to access their work at any time in any location has proven to boost productivity and satisfaction. There are incredible benefits to BYOD programs, including the ability to stay competitive and connecting employs nearly effortlessly on their own devices. Understanding the advantages, along with the security issues involved in Consumerisation of IT will allow
References
Assing, D., & Calé, S. (2013). Mobile access safety: Beyond BYOD (1st ed.).
Dean, T. (2003). Enhanced Network guide to networks (Enhanced ed.). Boston, Mass.: Thomson/Course Technology.
Gordon Thomson, G. (2012). BYOD: Enabling the chaos. Network Security, 2012(2), 5-8. Hoboken: Wiley. Longo, B. (2013). Learning on the wires: BYOD, embedded systems, wireless
technologies and cybercrime.
Morrow, B. (2012). BYOD security challenges: Control and protect your most sensitive data. Network Security, 2012(12), 5-8
Scardilli, B. (2013). BYOD: Keeping data secure. Information Today, 30(9), 29-29. Retrieved from
http://search.ebscohost.com.libaccess.sjlibrary.org/login.aspx?direct=true&db=llf&AN=9 1258299&site=ehost-live
Scardilli, B. (2014). BYOD or COPE: The best mobile strategy for the workplace. (cover story). Information Today, 31(2), 1-36. Retrieved from
http://search.ebscohost.com.libaccess.sjlibrary.org/login.aspx?direct=true&db=llf&AN=9 4766672&site=ehost-live
