BYOD Security Concerns - Research Paper Example

BYOD Security Concerns BYOD Security Concerns For decades, the employment of BYOD has been of great concern to many employers. By definition, it describes the introduction of business trend of the worker-owned technologies in a work place (Smith 2013 pg132). In addition, it involves a bigger phenomenon of information technology. This entails the dual use of employee’s personal devices and software for individual and work purposes within an organization. Some scholars support that BYOD in relation to security concerns represents a paradigm change in utilization and management of terminal devices in an enterprise. Based on above therefore, the following essay tries to explain how BYOD is of merits and demerits as far as security in an organization is concerned (Hayes 2013 pg114). Based on the merits, BYOD helps reduce expense for employees. Based on be almost 80 dollars per employee within a month for devise, cellular access among others. This allows companies to record their employees’ investments in devices. In addition, it enhances their security measures within the enterprise. Furthermore, BYOD helps in improvement of employees’ engagement. This is because they can use devices, which they are well, versed with and know how to use. Finally yet importantly, it allows the companies to take advantage of newer technologies in the market. The resultant here is reduced cost and promotion of collaboration among people (Guerin 2013 pg87). In relation to above merits many challenges arise which are of defense concerns. The first challenge is the ease loss of these devices. In relation, the relatively portability and small size of these devices and the information stored on them exposes them to higher risk of getting lost or get stolen. In addition, the weakness of passwords and operating system defenses on customer devices largely contribute to these risks. In relation to this, data leakage also becomes a threat (Hayes 2013 pg119). Moreover, the storage of important data assets on employee-owned devices poses a great threat to enterprises due to anticipated or inadvertent of sensitive information. These may include private consumer information and proprietary organization information. Thus, these sensitive data downloaded onto a personally owned device goes through easy sharing or get stored with less or no security. Therefore, it may lead to exposure of the company to the risk of data breach (Bartz 2012 pg165). In addition to above, the employment of this trend in a company introduces new governance challenges that can lead to other fatal risks within that company. BYOD may introduce important security risks for organizations because they no longer control the devices in which the information is stored. Hence, the enforcement of safety policies becomes difficult for issues such as regulatory compliance and theft. In addition, the issue of ownership of the company greatly depends on this problem. Moreover, companies then have less visibility of the safety surrounding for BYOD in contrast to traditional networked surrounding (Smith 2013 pg140). This trend also poses other technical challenges. For instance, there are plethora of mobile handsets that underpinned by different operating systems that undergo technical changes. Thus, they are expired very quickly. In relation, companies tend to rely on traditional user-based authentication to approve or deny access for their employees. However, this requires extension to involve device-based verification. Moreover, these devices can potentially infect the organization’s network with malware. In relation, an employee can install malicious malware accidently because of social engineering and thus this may result to limited protection within the organization (Hayes 2013 pg127). In addition to predictable internet threats, wireless devices introduce new dangers that are specific to a mobile channel. For instance, the nature of security threats posed by BYOD devices is significantly in contrast to traditional corporate devices. In addition, the loss of visibility of these devices may render a discovery, prevention and fraud or layering IS strategy to be ineffective in preventing a security breach. For example, a person with a BYOD device can file-share classified company information or email a sensitive data. This information leakage arises from the fact that these devices are able to access the company’s network and the IT department is not able to control them. Furthermore, one of the common features applied by employees who operate on BYDO devices is remote wipe capability. When it is activated manually in response to an employee’s report that a device has been stolen or lost, this feature tends to clear any of the data stored in that device. In other words activating a remote swipe command to an employee’s BYOD device will result in deletion of even employees personal data, photos, videos and all other personal information stored in this device. If there were never, backups of this information, the deletion could result to significant loss of important and irreplaceable data of the employee (Guerin 2013 pg93). In addition, if the employee activates the remote wipe command with intentions of removing the entire employer’s data, the employer may still be subject to criminal liability. This is in relation to if the employee did not give the authorization before the deletion for his personal items. Moreover, there have been cases where employers receive demand letters from employees already sacked whose devices had been remotely wiped by the employers IT department without their authorization As companies and organizations increasingly lose control on security over their end devices, workers engage in roles that are more important to play. This helps in upholding organizations safety. In addition, employers who access data stored on BYDO device even with the authorization exposes themselves to liability. The employer could discover information upon which he cannot lawfully depend to make employment decisions. Some of these facts may include serious eating disorders and other impairments. Thus, even seeing an application related to these disorders in the device may also reveal the information of the employee (Smith 2013 pg148). From above challenges, an organization should employ many considerations in reducing these threats. One of the main considerations would be avoidance by prohibiting this trend within an organization. In relation, some organizations like government financial sectors may choose to retain tight control over the IT surrounding to prevent to these fear by bargaining it altogether. Moreover in order in order to harness the power of this trend, security and usability must be coupled within a company’s IS approach. Furthermore, organizations may consider adopting a mobile device management solution. This also reduces threats of exposure because the IT personnel control all the devices (Bartz 2012 pg174). Lack of awareness also becomes a primary contributor to several risks within an organization. Maintaining knowledge and good support measures for handling BYOD device loss is critical to the security of the information on the device. The threat of the device itself must go through assessment as part of the organization’s assessment framework. In addition, devices that are being used to store or forward sensitive financial information to others within an organization should be more sensitive to theft or accidents than a device with information on calendar or email updates BYOD may bring significant business terms of reduction in capital outflow, workers’ productivity, and flexibility of work if it goes through handling with care and much attention employed as well. Therefore IS approach must be properly drafted to achieve a balance between the two. In relation, a IS strategy will not appeal to employees whereas a loosely defined one will create a required level of security within the organization. Thus, the approaches and policies that protract it must be developed and implemented with the employees needs in consideration (Guerin 2013 pg104). In conclusion therefore, it is clear that BYDO has many impacts and no single IS approach exists for supreme protection against these threats. Therefore defense-in-depth and many IS strategies must be employed in an organization. Technology has sophisticated to the state that our lives spread over it. Thus, employers are required to familiarize and adjust traditional mandates and needs to minimize risks while BYOD trend accelerates. Although BYOD policy is important component of these strategies, the constant nature implies that there are still inherent weaknesses unless it adopts vibrant capabilities like self-learning. This helps keep up with the fast-changing security threats brought about by BYOD. Thus, setting up a BYDO program is not likely to be a one-time process for companies. Its dynamism and different features involved makes it very challenging for employees. References Hayes, B. E., & Kotwica, K. (2013). Bring your own device (BYOD) to work: Trend report. Oxford: Elsevier. Guerin, L., & Stim, R. (2013). Smart policies for workplace technologies: Email, blogs, cell phones & more. Berkeley, CA: Nolo. Smith, G. S. (2013). Straight to the top: CIO leadership in a mobile, social, and cloud-based world. Bartz, R. J. (2012). CWTS certified wireless technology specialist official study guide (exam PW0-071). Hoboken, N.J: Wiley. Read More