Describe about byod (Bring Your Own Device) security is a new challenge that modern day corporations are increasingly facing. Research the issue of BYOD security and write a report documenting your findings.
Bring your device (BTOD) is also referred to as bring your technology, or bring your phone. It entails the policy of permitting the employees to bring their personal devices like laptops, the tablets, and smartphones to their place of work, and to use the tools to be able to access the privileged corporation information and the application. The BYOD scenarios the employees use their own devices for their personal and the work use. (Ghosh, Gajar & Rai, 2013)This program can apparently blur in line between the business and the personal use of the mobile device. The phenomenon of the BYOD is referred as the IT consumerisation. Besides, the term is used to highlight on the same practice that is applied by the students using their phone to the education setting to use on the programs like the Kahoot. The use of the BYOD to make an important development to the business world, with approximately seventy five percent of the employees in the growing market in Russia and Brazil and around 40% in the developed market using their technology to work. An example of the survey carried apparently showed that 95% of the employees said they used at least one personal device for work. Various factors are driving the adoption of the BYOD programs (Scarfo, 2012). Nonetheless, there is an upward trend to the adoption of the diverse use of the mobile devices, like the tablets, and the smartphones by the individual that are. This paper will clearly demonstrate on the background information of the BYOD when it came into existence, the security challenges that are the adoption of the BYOD program has posed to the business, the protection mechanism that the organization is adopting to overcome these difficulties There is also need to look at the security implications of computer networks and the issues and concept of management in ICT. . Moreover, it will also highlight on the future trends of the BYOD program to the business needs and advancement of the same in the market (Burt, 2011).
The BYOD has come a long way with the first appearance in BYOD in 2009, to the steady fast rise in 2011. It started at the Intel when they recognize the increasing number of the employees bringing their own personal devices like the smartphones, iPhone and laptops to the workplace and using them on the corporate network of the organization. In the year 2011 the term achieved prominence when the Information services providers, Unisys and the software vendor the Citrix systems began sharing their perceptions and experience of this trend. (Assing, 2013)The BYOD has mainly been featured as factor to the consumer enterprise in the way the enterprises associates with the clients. The role was reversal in the aspect of the business when it was the driving factor in the consumer technology innovations and all their trends. To better understand the evolution of the BYOD there is need to look at past years since the term was introduced. The terms were first imposed in the year 2009, but it had its first mainstream in the year 2010.The CIOs began to experience the pressure when personal devices began to flood at the workplace. During the same period, the Android had started to pick the steam and there was introduction of the first iPad in the market. The influxes to the new devices in the market made the employees bring more devices like the smartphones, the tablets in the work place. Some of the business began to block the personal devices to their networks and their mail servers. In that year, there were many MDM companies that were started and a new API came up to manage the mobile networks. It is due to this that the IT and organizations realized they can longer ignore the element of BYOD. In the year 2011, there was official support of the Bring your device programs which were introduced at the workplace at a fast rate. According to report of Aberdeen 2011, around 75% of the companies had the BYOD policy. It is the same year the Blackberry dominance started to give to the alternative options of mobile and the acceptance of the BYOD was all-time high. In the year 2012, there was a significant concern for the data security and the data leakages. (Shim, Mittleman, Welke, French & Guo, 2013)Moreover, the users were becoming more concern of the privacy. In the same year, many businesses were now focused on the adaptation of clear communicated policies of BYOD to the users, while at the same time working to understand their privacy and implications of the security. There was an increase of the MDM solutions to cater for these implications. In 2013, the applications and the security data continued as the hot topic in regards to the BYOD. There was also a major pivot to secure the device to be able to manage the apps and the data within the business; there were issues of the data breaches which were increasing on a daily basis.. (Shim, Mittleman, Welke, French & Guo, 2013)The purpose of the containerization of this apps is to be able to separate the personal data and the data of the corporation.
The unknown third-party access through the mobile application
When the employee downloads and installs an application for their use, they likely allow the free third party to access some of the sensitive information for the organization that may be stored to their personal devices. Applications that are downloaded be infected with the viruses and the malware; which are instructed by a hacker command and the control servers to be able to steal any data that is on the mobile devices, without even an alert from the user’s device. (Burt, 2011)If the employees of an enterprise connect their devices to an open WI-FI devices, the data of the company that is stored on their devices may be compromised and be stolen. Moreover, if the security apps are imposed on the devices of the employees it would become a problem to them, because it requires frequent updates, in which if they dislike this they can easily uninstall. Nevertheless, these software reduces the performance of the device and also degrade on their experience by stretching on the memory and the processor of the devices.
Mixing of the personal and corporate data
This is the major security challenge to the BYOD, especially when coping with the issue of storage of the personal and corporate information on the same device. Indeed, some data of the organization may be leaked at some point. Some hackers may use the keyboard logging technique and acquire some sensitive information for the company, and this data in the long hands can cause significant harm to the organization (Ghosh, Gajar & Rai, 2013).
IT fracture
Some of the infrastructure in the organization do not conform to the BYOD setting. The BYOD entails that CIOS make various modifications to the current IT infrastructure so that it is a complaint to BYOD. (Assing, 2013)There is a need to identify the applications employees are using to interact with the corporate information. It is fundamental that the data is protected, and conform to the current IT infrastructure.
Technical challenges
Various technical difficulties may pose on the BYOD program; an example is the control access to the mobile conceding the deployment of BYOD. The companies are unable to determine the permission level for each of the employees when they access certain resources for the company when using the mobile devices and the external network connections. Some of the other factors which may determine the access control are; limitation on how many individuals can be able to access on the resources at one time and how the employees would gain the access to the resources of the company. (Ghosh, Gajar & Rai, 2013)It is important to understand the access control aspects differ on the aspect of the location, the size, and the employee’s number in that company. There is also the issue of incorporating the security measures to cater a given range of devices that are portable against the risk, and usually the threat is very complex. This is so when the employees may own a random number of devices that has different operating systems, which means the needs of the security to every need to be supported equally where it is possible. Protection mechanism
Comprehensive BYOD security framework
The security measures that exists currently are; the Virtual Private Networks (VPN), the use of the firewalls and email filtering tools. These components are essential for the protection of the inside network and when the personal devices are engaged in the BYOD before enforcement to the formal policies. The VPNs helps to implement on the private network connections to the devices and also allows access to the resources in an environment that is controlled (Ghosh, Gajar & Rai, 2013). This contributes to reducing the cost of storing the data on the personal devices. (Burt, 2011)The firewalls, helps protection of the networks by monitoring the traffic and denying access to suspicious requests. The email filters, contributes in the detection and warning of the users’ of the emails that are infected. The personal devices can sync the application of email thus, it becomes a benefits on the device when the application of filtering the email is active.
There is the use of the Network Access Control mechanism. This tool helps to limit the number of the devices that are connected, thus it helps to determine the permission and also denies the devices that are unrecognized to the company’s internal network. This mechanism was well implemented before the rise of the BYOD. Thus, it is a focal point for the enhancement of the BYOD framework. (Assing, 2013) The Identification and the Access Management is also a variation of the NAC that entails the customized device access control rules to an individual network. In addition it manages on the sign on and separation of the duties.
The single purpose BYOD security mechanism
On this aspect, there is need for the final user agreement, the policies that are acceptable and used and the liability agreements that are formal contracts to ensure that the companies and the employees they agree mutually on the Bring your device policies of security. It is imperative for the component to be compatible for success of the BYOD. There is also the issue partition of containerization on the mobile device storage space into the independent sections to divide personal and work data. The component that contains the company data has its own policies on the security that are implemented, and they enable for remote access on the control of the company, without affecting the personal data. In addition, there is a need for the antivirus, and spyware applications that are important to strengthen the BYOD security framework (Scarfo, 2012).
The security is essential to the computer network, especially when it relies on the corporate data in an organization. It entails the protection of the information systems from theft or the damage of the hardware, and the information that is contained in them. (Shim, Mittleman, Welke, French & Guo, 2013) There are various security measures that need to be put up in order to prevent the breach of the information. Some of them are the user of the account access control and the cryptography to protect the system files. (Blum, Eskandarian & Hoffman, 2004) There is need to input the firewalls to help on the network security by shielding the access to the internal network services and the use of the intrusion systems for the detention. These systems helps to detect the network attacks that is in progress and helps in the forensics of the post attack. In the events of the breach of the computer network it can lead to great implications for the company. (Merete Hagen, Albrechtsen & Hovden, 2008) The clients to the company can seek to sue the company for the disclosure of the information, on the ground of the breach of the confidentiality. Cryptography
The modern cryptographic techniques are the essential in IT system that needs to store-to protect personal data. It is important to note that on itself the cryptography does not provide any protection against the data breaching; but only when it is applied correctly in a specific contest does it provide the protection to the personal data. (Merete Hagen, Albrechtsen & Hovden, 2008) It is usually a large field. Some of the newer cryptographic techniques are homomorphic encryption, which are essential in the processing and the searching in the personal data. There are various techniques that exists for the searching through the encrypted data, that is able access to provide a privacy protection and selective to the sensitive data. One of the technique that is used for the designing privacy preserving systems is the homomorphic encryption. The cryptographic system is only as strong as the encryption algorithms, the digital algorithms and the message authentication codes. If any of these components are broken the system becomes damaged. Most of the system fails because of the mistakes that are done on the implementation. Some do not ensure that the plain text is destroyed after the encrypted. Others may use the temporal files to protection against the data loss when the system crash.
In the management of the ICT security there are various issues and concept that are related to its planning and on the development of an effectiveness. In any organization it should design, implement and maintain the coherent set policies in the planning and development of the security plan, processes and systems to be able to manage the risks to its information assets. In this aspect, it will ensure acceptable levels of the information security risks. (Swiler, Phillips, Ellis & Chakerian, 2001) On the concept, it is important to have a plan phase. On this it is involves the designing the information security management, this is by accessing the information security risks and selecting the appropriate controls. The next concept is the do phase, that involves the implementing and operating the control. Nevertheless, the check phase objective that involves the review and the evaluation of the performance. The last concept it the act phase that involves any changes that are made where necessary on the peak of the peak performance (Saint-Germain, 2005).
Security planning and development
The most significant part of the deployment of the ICT management system is the planning. It is not possible to plan for the security, until the full assessment of the risk has been done, the security planning involves the deployment of the security policies and the implementation control to prevent computer risks from becoming reality. The security planning varies from one organization to another. The first aspect of the planning is the risk assessment. (Perrig, Stankovic & Wagner, 2004)There is no plan of action that can be developed and implemented before the risk is assessed has been done. It provides the baseline for the implementation of the security plan. The next steps is to identify the assets. (Scarfo,2012)This is by performing of the information asset inventory by highlighting the various items that are needed to be protected within the organization. It should be done on the basis of the business plan of the organization. The next is to identify the risk to the information assets. (Shim, Mittleman, Welke, French & Guo, 2013) It is vital to determine the risks that affect each of the asset in the organization. It is then necessary to identify the threat and the method of the attack. The threat is any action that is potentially harmful to the organization through the disclosure, the breach of information, modification of destruction. It is then necessary for the development of the security policies and control. (Shin, 2010) These components will give a clear guideline for the various areas of the responsibility, and the plans which highlights the steps to take and the rules to be followed in the implementation of the policies.
Conclusion and future trends
The rapid growth of the personal devices is continuing to redefine communication and the productivity in the workplace. As a result to this, the BYOD programs, in which the employees use their smartphones and tablets for the business aspect has increased tremendously. (Scarfo, 2012)According to Gartner he predicts that by 2017, fifty percent of the employers would require their employees to supply their own devices to work. Further research from Juniper concluded that by the year 2018, there would be more than one billion devices that are used by the program of BYOD worldwide. With the increase in the sales through the mobile devices over the last years, every business that has not implemented the BYOD policy would suffer from breach of sensitive corporate information and be shared freely outside the corporation. Nevertheless, mobility drives productivity for the CIOS and the business by increasing the number of the mobile application users in the workplace. (Shim, Mittleman, Welke, French & Guo, 2013)The rolling of requests throughout the place of work will present a myriad of opportunities that are beyond the traditional use of the mobile emails and the communications. There is also the need to evaluate the BYOD needs, since most of the leaders do not understand the benefits. (Assing, 2013)Throughout the world, the BYOD market is expected to grow to more than eighteen billion dollars by the year 2017.
In the paper, it has clearly demonstrated on the background information of the BYOD program and how it has advanced over the years. It has also demonstrated, on the security challenges that are posed by the BYOD programs and the protection mechanism on the same. Nonetheless, there are also future trends on the BYOD programs in which there would be exponential growth to the number of business adopting it, the increase in revenue it is projected to bring, and the improvement of the security measures to secure the corporate data.
References
Assing, D. (2013). Mobile access safety: Beyond BYOD. John Wiley & Sons.
Baker, W. H., & Wallace, L. (2007). Is information security under control?: Investigating quality in information security management. Security & Privacy, IEEE, 5(1), 36-44.
Blum, J. J., Eskandarian, A., & Hoffman, L. J. (2004). Challenges of intervehicle ad hoc networks. Intelligent Transportation Systems, IEEE Transactions on, 5(4), 347-351.
Burt, J. (2011). BYOD trend pressures corporate networks. eweek 28(14), 30-31.
Ghosh, Gajar & Rai. (2013). Bring Your own device(BYOD): Security risks and mitigating strategies. Journal of Global Research in Computer Science, 4(4), 62-70.
Heberlein, L. T., Dias, G. V., Levitt, K. N., Mukherjee, B., Wood, J., & Wolber, D. (1990, May). A network security monitor. In Research in Security and Privacy, 1990. Proceedings., 1990 IEEE Computer Society Symposium on (pp. 296-304). IEEE.
Hill, D. W., & Lynn, J. T. (2000). U.S. Patent No. 6,088,804. Washington, DC: U.S. Patent and Trademark Office.
Li, Y., Guo, H., & Jajodia, S. (2004, October). Tamper detection and localization for categorical data using fragile watermarks. In Proceedings of the 4th ACM workshop on Digital rights management (pp. 73-82). ACM.
Merete Hagen, J., Albrechtsen, E., & Hovden, J. (2008). Implementation and effectiveness of organizational information security measures. Information Management & Computer Security, 16(4), 377-397.
Mirkovic, J., Dietrich, S., Dittrich, D., & Reiher, P. (2004). Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security). Prentice Hall PTR.
Perkins, C. E. (2008). Ad hoc networking. Addison-Wesley Professional.
Phillips, C., & Swiler, L. P. (1998, January). A graph-based system for network-vulnerability analysis. In Proceedings of the 1998 workshop on New security paradigms (pp. 71-79). ACM.
Perrig, A., Stankovic, J., & Wagner, D. (2004). Security in wireless sensor networks. Communications of the ACM, 47(6), 53-57.
Saint-Germain, R. (2005). Information security management best practice based on ISO/IEC 17799. Information Management, 39(4), 60.
Scarfo. (2012). New security perspectives around BYOD. In broadband, wireless computing, communication and Applications(BWCCA), 2012 Seventh International Conference. 446-451.IEEE.
Shin, D. H. (2010). The effects of trust, security and privacy in social networking: A security-based approach to understand the pattern of adoption. Interacting with computers, 22(5), 428-438.
Shim, J.P., Mittleman, D., Welke, R., French , A.M., & Guo, J.C. (2013). Bring your own device(BYOD): Curent status, issues, and future directions.
Schneier, B. (1999). Risks of relying on cryptography. Communications of the ACM, 42(10), 144-144.
Stinson, D. R. (2005). Cryptography: theory and practice. CRC press.
Walker-Osborn & Mann. (2013). TO Byod or…. or not to Byod. ITNow, 55(1). 38-39.
Susanto12, H., Almunawar, M. N., & Tuan, Y. C. (2011). Information security management system standards: A comparative study of the big five. International Journal of Electrical Computer Sciences IJECSIJENS, 11(5), 23-29.
Swiler, L. P., Phillips, C., Ellis, D., & Chakerian, S. (2001). Computer-attack graph generation tool. In DARPA Information Survivability Conference & Exposition II, 2001. DISCEX’01. Proceedings (Vol. 2, pp. 307-321). IEEE.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download