Benefits of BYOD

Discuss about the Security Threats to Byod Devices and Countermeasures.

There are many things to think about when it comes to bringing your own device to work, whether you are the employee or the company or business doing the employing. There are specific benefits to allowing the Bring Your Own Device (BYOD) trend into a business or workplace, but there are also some risks. The BYOD trend is one being debated in industries from an IT security standpoint. One thing to consider is that employees are always seeking new ways to get their work done more efficiently, and a lot of them are using their devices to fill a gap in the productivity offered by existing technology in their workplace. So what exactly are the things to consider? What are the significant risks and benefits of implementing a BYOD policy?

The benefits of Bring Your Own Device (BYOD) in the workplace are plentiful. BYOD can enhance a user’s ability to complete a large volume of work at any time due to the existence of a present and available device to handle their workload. The fact that users can use their own devices means that each user may complete their work in the comfort of their own virtual workspace (Annibali, 2015). Some users may be accustomed to using a specific application that may play to their particular strengths and can complete their work in promptly due to these circumstances. With newer emerging technology and a younger generation of tech workers getting hired at larger organisations, the ability to work flexibly has become a hot commodity, and BYOD can alleviate some of the issues involved with being tethered to the office.

When considering a BYOD policy, a company is likely to focus on the relationship between the risks and benefits of doing so. The goal of any workplace is usually to keep cost down when it comes to how to get work done and to keep employees happy and productive. So what are the benefits of BYOD? One of the most significant advantages to consider is the fact that it could potentially save the company money (Ballard, 2012). As suggested in the article on the IBM MobileFirst website, when employees use their own devices for work, it could save the company money because the employee has a device that they have personally purchased. The company, therefore, doesn’t have to shell out money to cover that device. This could also boost employee satisfaction since they are using a mobile device or laptop that they are comfortable with and know how to use.

Considerations for Implementing BYOD Policy

It also saves them from having to carry around multiple mobile phones, like a personal cell phone and a business cell phone, which can get annoying to manage. Enabling employees to use their own devices could also result in more productivity. This would be because they are using devices they are already familiar with, so time and money are saved on training an employee on how to use individual systems. A BYOD Policy can mitigate these types of things, ensuring that costs are kept lower and more manageable and that employees are happier with the options they have in completing work (Cavoukian, Information and Privacy Commissioner/Ontario, & TELUS Corporation, 2014).

There are risks to consider though, and they are essential things to think about. One significant threat to think about is how to control and protect sensitive information. Allowing employees to use their own devices makes this task more difficult, but not impossible. In fact, (Hayes & Kotwica, 2013) thinks that BYOD is inevitable. He believes that the IT security side of BYOD is critical, but that companies and their IT departments need to address this issue and move on. (Kohne, Ringleb, & Yücel, 2015) wrote an article in which he identifies the top three risks of BYOD.

The first risk he identifies is the theft of the device, noting that device loss statistics are high and theft statistics are even higher, with 1.4 million losses in 2013 and 3.1 million robberies in 2013.

The second risk he identified is data leaks, noting that personal devices might be more accessible to be hacked into and that most people do not even take primary measures to protect their mobile devices or the data they keep on them.

The third risk he identified is network security. This is the major one that comes to mind the most. One way to manage the risk of data leakage is to encrypt the data on the device using the cloud. Data breaches are somewhat inevitable in a BYOD business modelled company so encoding the data will present some challenges to potential hackers as they cannot access the data to impose their malicious will (Martinez, Courtney, University of Victoria (B.C.), & University of Victoria (B.C.), 2014).

Organizations can maintain access to these devices using an app that can give access to the business network securely and can revoke access to the system or completely wipe a device if the device has been compromised physically. Users would need to sign an agreement or policy stating that the organisation has the right to do so to protect the integrity of the company as well as the company’s data in the event of a stolen device or a malicious cyber-attack.

Risks of BYOD

One of the most important things to consider from an IT security standpoint would be in how to keep sensitive information and privacy kept protected and maintained (Redmon, 2014). The company would have to figure out how to create and implement security procedures that address these concerns, as well as some others mentioned by Redmon. Some of these things include how to secure data, how to apply IT support for the devices, how to develop and integrate a communication policy in accordance with a BYOD Policy, how to provide a data plan to accommodate these devices and allow users to work on a network, how to control access to certain applications, data recovery/lost or stolen devices, among other things. It might be beneficial to implement a BYOD Policy, but that does not necessarily mean that it is an easy task.

A real-world example of Bring Your Own Device thriving in the workplace happens to be at my fiancée’s job. She is a supervisor for an OB/GYN office in our area and with the recent implementation of BYOD for the Providers.  Each doctor was given a Microsoft Surface Pro that they could sling over their shoulder and use throughout the day instead of the traditional desktop machine in each patient’s room (Rogers, 2016). The doctors can then use these devices as they meet with each patient and take in information such as height, weight, and other information and they can also connect to the intranet for medical diagnoses. This network and the device can be used to reach out to other medical professionals for advice or opinions. The devices were connected to a cloud network within the practice that keeps patient records, charts, etc. stored in the database. The database is managed by an IT team led by a database administrator within the hospital to protect patient records from being compromised. If this data is stolen, it could violate federal HIPAA laws, so the information is encrypted to manage the risks associated with the BYOD business model (Schad, 2014).

Apple and IBM have teamed up to create what is called IBM MobileFirst platform. It is what Apple Inc. labels a new generation of applications or apps, which will connect users to data on their own devices and create a more efficient workplace because they will be able to access the data and analytics anywhere they are. There are several apps in IBM MobileFirst that will be used for specific tasks, but that is predicted to change the way that process is carried out. The apps are customizable to a user’s data ecosystem, company branding, business process, among other things. These apps are designed to learn how users implement them and adapt to what types of information is needed and what functions to make available.

To me bring your own device is fading out due to security issues. I have never seen that as an advantage for any company. Even though I have my own views on BYOD, it still grows in some companies, and like anything using this way has its advantages. One example of these advantages is increased worker satisfaction. This means the workers are usually more satisfied and comfortable with using their own devices. Saving money, of course, is another advantage towards BYOD. Training cost for how to use the device would not be required, and supplying the device would be obsolete also. I too believe productivity would be enhanced due to the know-how of the device. So if employees are already familiar with the device, they will feel more comfortable when their different fulfilling tasks. To sum this up when employees feel comfortable and confident the job will be done faster and more efficiently so overall BYOD will help enhance employee performance (Schad, 2014). As good as the benefits sound when anything from a business such a device is taken home risks become greater. Think if an employee left their phone in a taxicab or a friend gets it and accesses accounts of credit card information from customers. Before making a big decision such as BYOD, it is useful first to weigh your options.

We also must remember we forget as humans a lot. Employees can leave data exposed for hackers and forget to apply software security updates. Even businesses have no control over software coding errors in third-party apps running on the employee’s device. The primary objective is to keep our customer’s information and the company’s information as safe as possible. Depending on the position some employees don’t have enough care for the company as they should. I would recommend cloud technology to manage BYOD (Annibali, 2015).

Cloud technology allows employees to transfer information through a safe, organised platform. Using cloud keeps employees from overhauling their entire IT infrastructure. Mobile application software is another way to manage and reduce risks towards BYOD. Malware is a favourite way for cybercriminals to steal information. With mobile app software, IT workers can control which apps can be installed on their devices. Even though I might have feelings about this method being unsafe, it has been proven to work in individual companies. Intel, for example, is one of those successful companies that implement this method. Over 30,000 employees use this method in this company (Wu, 2014).

Intel also allows employees to choose what level of access they receive. These practices seem to work inside this company surprisingly. It impresses that a company that big still has the respect of its employees no to try anything malicious towards the company. Many other companies such as Blackstone and SAP are very successful with using this method. I first had doubts about using this method due to the risks of untrustworthy employees. As I read through, I see that there are ways to implement this method and still maintain a thorough and secure company. I too would use the technique but increase the punishment of betraying the company (Hayes & Kotwica, 2013). Running a company, I think employees being comfortable is one of the primary keys to starting a successful business.

Conclusion

With all of these things considered, it seems BYOD is in fact inevitable.  It certainly looks as though the benefits outweigh the risks, especially when taking into consideration the IBM MobileFirst platform and all that it offers. This platform provides real solutions to the risks and benefits people worry about when deciding whether or not to adopt a BYOD Policy. If I had to choose whether or not to implement BYOD in an organisation, I would consider it. I believe the increase in productivity associated with BYOD within a business far outweighs the risks as the risks can be managed efficiently, and data can be secured. Security policies are there for a reason and being as though BYOD will be the new trend in organisations shortly it would be beneficial for information security professionals to analyse the latest trends and create new policies to protect the integrity the organisation and its reputation.

References

Annibali, J. A. (2015). Reclaim your brain: How to calm your thoughts, heal your mind, and bring your life back under control.

Ballard, M. (2012). Bring your own device – Unabridged Guide. Dayboro: Emereo Publishing.

Cavoukian, A., Information and Privacy Commissioner/Ontario,, & TELUS Corporation. (2014). BYOD: (bring your own device): Is your organization ready?

Hayes, B. E., & Kotwica, K. (2013). Bring your own device (BYOD) to work: Trend report. Oxford: Elsevier.

Kohne, A., Ringleb, S., & Yücel, C. (2015). Bring Your Own Device. Bring your own Device, 7-23. doi:10.1007/978-3-658-03717-8_2

Martinez, K., Courtney, K. L., University of Victoria (B.C.), & University of Victoria (B.C.). (2014). Bring Your Own Device and Nurse Executives Decision Making: A Qualitative Description.

Redmon, K. (2014). Cisco bring your own device (BYOD) networking. Place of publication not identified: Cisco Press.

Rogers, K. D. (2016). Bring your own device: Engaging students & transforming instruction.

Schad, L. (2014). Bring your own learning: Transform instruction with any device.

Wu, S. S. (2014). A legal guide to enterprise mobile device management: Managing bring your own device (BYOD) and employer-issued device programs.