Challenges of BYOD
Bring Your Own Device or what we call BYOD is the trend of bringing your OWN device to the organization and to use the device in accessing privileged organizational information and applications. Employees are encouraged to bring in their own devices and are provided with applications and features of applications for usage.
Let’s look at Past and Current Trend of Mobile Devices
Organizational structure have been relying on internet since 2000. All of organizational applications and privileged data is provided in Organization’s own Server or what we call Network. Here we look at animage which gives us a very clear picture of Mobile sales or what we call Internet Device sales. Fig-1 clearly tells us Sales of Internet devices in the year 2000 have shifted from traditional Desktop and Computers to Smartphones and Tablets by 2013. These handheld devices have been provided almost full Internet Capability to be able to run almost every HTML based application provided by the organization.
Now lets’ have a look what analyst have been predicting on Internet devices. So from Fig-2 we can see, that the current trend of using Mobile devices have significantly risen from 2010 onwards, and we can expect the complete transformation for using Mobile Internet devices for Internet and applications which don’t need a conventional computer to perform.
Let’s have a look at Security Issues of BYOD Policy
1) End Node Problem:BYOD policy allows Organizational users to access Critical Organizational Information in their Handheld Device. This poses a serious Security issue which we call END-NODE Problem. In this case we can never be sure what the Device have been used for. The device is used for both Sensitive as well as Normal usage beyond network. Now if the users who is working with the Sensitive data saves in mobile hard drive , there poses a significant risk of Data Loss and Data Theft. So what can be done is, tackle the issue with App itself, which prevents or locks the user sensitive data, when tried to access separately.
2) Data Breaches: BYOD have tendency of Data Breaches, for example if the user loses his/her mobile device, then there is a possibility of the data being breached by anonymous user who ever gets the mobile device.
3) BYOD Phone No Problem: BYOD policy have employees who actually use their number as for work phone, and when the employee leaves the organization the leads and connections are kept in the employees, which in turn means data theft.
The most important criteria for an organization to allow BYOD policy, is to have a clear check on the data that is being displayed or stored in Employee devices, and create specific Security software mandatory for accessing the Company network which removes any residual corporate data. Furthermore the device belongs to the Employee and hence the organization have lesser control over the devices.
The major points to ponder on BYOD Security are:
1) The type of data to be processed on Employee Personal Device(s)
2) How to encrypt and ensure a secure access to corporate data
3) Storage policy of corporate data in mobile devices
4) Track edit and deletion of corporate data from personal mobile devices
5) Transfer policy of mobile data from device to company server
6) Social Network usage restriction
7) Corporate Data handling by Corporate Mail Server
Major Security procedures employed by organizations
The CDW-G Report on mobile security measures by US Federal employees, provide us with the statistics of widely used Security measures that have been provided for BYOD devices.
The most used and secured form of mobile security is using data in encrypted form. By encrypted form we mean, data transferred coded by a security key. The receiving device requires the same key to decode the encrypted data to get the information.
BYOD policy have also included enhanced security by multi-levelauthentication for access into company server, which in reality secures the data in case of loss or theft of devices. Organizations must be prepared to manage varying devices. A list of acceptable devices, possibly not too restricted and at the same time not too vast would be the best option. But some standard requirements will have to be fulfilled, with devices conforming to a specific level of functionality.by