Bring your own device
Bring your own device (BYOD)—also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC)—refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications. The phenomenon is commonly referred to as IT consumerization. The term is also used to describe the same practice applied to students using personally owned devices in education settings.
BYOD is making significant inroads in the business world, with about 75% of employees in high growth markets such as Brazil and Russia and 44% in developed markets already using their own technology at work. Surveys have indicated that businesses are unable to stop employees from bringing personal devices into the workplace. Research is divided on benefits, but with around 95% of employees stating they use at least one personal device for work, BYOD is a reality that company IT security managers simply cannot ignore.
The term BYOD first entered common use in 2009, courtesy of Intel when it recognized an increasing tendency among its employees to bring their own devices (i.e., smartphones, tablets and laptop computers) to work and connect them to the corporate network. However, it took until early 2011 before the term achieved any real prominence when IT services provider Unisys and software vendor Citrix Systems started to share their perceptions of this emergent trend. BYOD has been characterized as a feature of the "consumer enterprise" in which enterprises blend with consumers. This is a role reversal in that businesses used to be the driving force behind consumer technology innovations and trends.
In 2012, the U.S.A Equal Employment Opportunity Commission adopted a BYOD policy, but many employees continued to use their government-issued BlackBerrys because of concerns about billing, and the lack of alternative devices.
The proliferation of devices such as tablets and smartphones, which are now used by many people in their daily lives, has led to a number of companies, such as IBM, to allow employees to bring their own devices to work, due to perceived productivity gains and cost savings. The idea was initially rejected due to security concerns but more and more companies are now looking to incorporate BYOD policies, with 95% of respondents to a BYOD survey[which?] saying they either already supported BYOD or were at least considering supporting it.
According to research by Logicalis, high-growth markets (including Brazil, Russia, India, UAE, and Malaysia) demonstrate a much higher propensity to use their own device at work. Almost 75% of users in these countries did so, compared to 44% in the more mature developed markets.
Some[which?] reports have indicated productivity gains by employees. Companies like Workspot inc believe that BYOD may help employees be more productive. Others[who?] say it increases employee morale and convenience by using their own devices and makes the company look like a flexible and attractive employer. Many[who?] feel that BYOD can even be a means to attract new hires, pointing to a survey that indicates 44% of job seekers view an organization more positively if it supports their device.
Some industries are adopting BYOD quicker than others. A recent study by Cisco partners of BYOD practices stated that the education industry has the highest percentage of people using BYOD for work at 95.25.
A study by IBM says that 82% of employees think that smartphones play a critical role in business. The study also shows benefits of BYOD include increased productivity, employee satisfaction, and cost savings for the company. Increased productivity comes from a user being more comfortable with their personal device; being an expert user makes navigating the device easier, increasing productivity. Additionally, personal devices are often more cutting edge as company technology refreshes don't happen as often. Employee satisfaction, or job satisfaction, occurs with BYOD by allowing the user to use the device they have selected as their own rather than one selected by the IT team. It also allows them to carry one device as opposed to one for work and one for personal. Cost savings can occur on the company end because they now would not be responsible for furnishing the employee with a device, but is not a guarantee.
A company can also see improved productivity from an employee with BYOD as it allows for the ability to easily take the device home and work.
Although the ability to allow staff to work at any time from anywhere and on any device provides real business benefits; it also brings significant risks. To ensure information does not end up in the wrong hands, it’s imperative for companies to put security measures in place.
Various risks arise from BYOD, and agencies such as the UK Fraud Advisory Panel encourage organisations to consider these and adopt a BYOD policy.
BYOD security relates strongly to the end node problem, wherein a device is used to access both sensitive and risky networks/service risk-averse organizations issue devices specifically for Internet use (this is termed Inverse-BYOD).
BYOD has resulted in data breaches. For example, if an employee uses a smartphone to access the company network and then loses that phone, untrusted parties could retrieve any unsecured data on the phone. Another type of security breach occurs when an employee leaves the company, they do not have to give back the device, so company applications and other data may still be present on their device.
Furthermore, people sometimes sell their devices and might forget to wipe sensitive information before selling the device or handing it down to a family member. Various members of the family often share certain devices such as tablets; a child may play games on his or her parent’s tablet and accidentally share sensitive content via email or through other means such as dropbox.
IT Security departments that wish to monitor usage of personal devices must ensure that they only monitor work related activities or activities that accesses company data or information.
Organisations who wish to adopt a BYOD policy must also consider how they will ensure that the devices which connect to the organisation’s network infrastructure to access sensitive information will be protected from Malware. Traditionally if the device was owned by the organisation, the organisation would be able to dictate for what purposes the device may be used or what public sites may be accessed from the device. An organisation can typically expect users to use their own devices to connect to the Internet from private or public locations. The users could be susceptible from attacks originating from untethered browsing or could potentially access less secure or compromised sites that may contain harmful material and compromise the security of the device.
Software developers and device manufacturers constantly release security patches due to daily increase in the number of threats from malware. IT departments that support organisations with a BYOD policy must be prepared to have the necessary systems and processes in place that will apply the patches to protect systems against the known vulnerabilities to the various devices that users may choose to use. Ideally such departments should have agile systems that can quickly adopt the support necessary for new devices. Supporting a broad range of devices obviously carries a large administrative overhead. Organisations without a BYOD policy have the benefit of selecting a small number of devices to support, while organisations with a BYOD policy could also limit the number of supported devices, but this could defeat the objective of allowing users the freedom to completely choose their device of preference.
Several market and policies have emerged to address BYOD security concerns, including mobile device management (MDM), containerization and app virtualization.
While MDM provides organizations with the ability to control applications and content on the device, research has revealed controversy related to employee privacy and usability issues that lead to resistance in some organizations. Corporate liability issues have also emerged when businesses wipe devices after employees leave the organization.
A key issue of BYOD which is often overlooked is BYOD's phone number problem, which raises the question of the ownership of the phone number. The issue becomes apparent when employees in sales or other customer-facing roles leave the company and take their phone number with them. Customers calling the number will then potentially be calling competitors which can lead to loss of business for BYOD enterprises.
International research reveals that only 20% of employees have signed a BYOD policy.
It is more difficult for the firm to manage and control the consumer technologies and make sure they serve the needs of the business. Firms need an efficient inventory management system that keeps track of which devices employees are using, where the device is located, whether it is being used, and what software it is equipped with.
If sensitive, classified, or criminal data lands on a U.S. government employee's device, the device is subject to confiscation.
A challenging but important task for companies who utilize BYOD is to develop a policy that defines exactly what sensitive company information needs to be protected and which employees should have access to this information, and then to educate all employees on this policy.
Another important issue with BYOD is of scalability and capability. Many organisations today lack proper network infrastructure to handle the large traffic which will be generated when employees will start using different devices at the same time. Nowadays, employees use mobile devices as their primary devices and they demand performance which they are accustomed to. Earlier smartphones did not use a lot of data and it was easy for Wireless LAN to handle that amount of data, but today smartphones can access webpages as quickly as most PCs do and have applications that use radio and voice at high bandwidths, hence increasing demand from WLAN infrastructure.
- Mobile security
- One to one computing
- Bring your own operating system
- Remote mobile virtualization
- BYOD on pcworld.com
- Bring Your Own Technology on malleehome.com
- "BYOD – Research findings". Logicalis. Retrieved 12 February 2013.
- Rene Millman, ITPro. "Surge in BYOD sees 7/10 employees using their own devices." Aug 12, 2012. Retrieved Jun 5, 2013.
- "Mobile: Learn from Intel's CISO on Securing Employee-Owned Devices". Gov Info Security. Retrieved 10 January 2013.
- Lisa Ellis, Jeffrey Saret, and Peter Weed (2012). http://www.mckinsey.com/~/media/mckinsey/dotcom/client_service/High%20Tech/PDFs/BYOD_means_so_long_to_company-issued_devices_March_2012.ashx
- "BlackBerry Strategizes For More U.S. Government Clients."
- "Support BYOD and a smarter workforce".
- El Ajou, Nadeen (24 September 2012). "Bring Your Own Device trend is ICT industry's hottest talking point at GITEX Technology Week". Forward-edge.net. Retrieved 26 September 2012.
- "BYOD research findings". Logicalis. Retrieved 12 February 2013.
- UC Strategies. "BYOD’s Productivity Gains Are “Hard to Calculate” – Study Says." May 1, 2013. Retrieved Jul 11, 2014.
- 10 myths of BYOD in the enterprise. TechRepublic. http://www.techrepublic.com/blog/10things/10-myths-of-byod-in-the-enterprise/3049
- Cisco ASA + Workspot = BYOD. Workspot. http://www.workspot.com/blog/cisco-asa-workspot-byod/
- Happiness Is ... Bringing Your Own Computer Devices to Work. RetailWire. http://www.retailwire.com/discussion/16188/happiness-is-bringing-your-own-computer-devices-to-work
- Casey, Kevin (19 November 2012). "Risks Your BYOD Policy Must Address", InformationWeek. Retrieved 19 June 2013.
- "90% American workers use their own smartphones for work".
- "What is bring your own device?".
- "Bring your own device (BYOD) policies" (PDF). Fraud Advisory Panel. 23 June 2014. Retrieved 23 June 2014.
- The U.S. Air Force Research Lab's (AFRL) Leader iPad Pilot did uses this method to provide its researchers unfiltered access to the Internet, reserving its filtered, sensitive network for other use.
- 4 Steps to Securing Mobile Devices and Apps in the Workplace - eSecurityPlanet.com
- Wiech, Dean. "The Benefits And Risks Of BYOD". Manufacturing Business Technology. Retrieved 28 January 2013.
- David Weldon, FierceMobileIT. "No one-size-fits-all solution for BYOD policies, panel reveals." May 13, 2014. Retrieved Jul 11, 2014.
- Tom Kaneshige, CIO. "Attack of the BYOD-Killing MDM Software." February 4, 2014. Retrieved Jul 15, 2014.
- Lauren Weber, Wall Street Journal. "BYOD? Leaving a Job Can Mean Losing Pictures of Grandma." January 21, 2014. Retrieved Jul 15, 2014.
- Kaneshige, Tom. "BYOD's Phone Number Problem".
- "BYOD Policy". Logicalis. Retrieved 12 February 2013.
- Kenneth C. Laudon, Jane P. Laudon, “Management of Information Systems”
- Jarrett, Marshall. "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations" (PDF). Office of Legal Education. Retrieved 15 May 2013.
- "Marine Corps mobile device strategy looks to cut costs."