Technology and risk assessment for BYOD (Bring your own device) / Ma. Monina Soledad B. Tiongson

Year : 2014

Number of Pages : 47 leaves

Adviser : Prof. Edison D. Cruz

Executive Summary

Nowadays, cutting edge technology generally appears first in the consumer market. Once exposed to these new technologies, tendency of most people is to prefer to use it in their workplace to enhance their productivity. This resulted to the concept of BYOD or otherwise known as Bring Your Own Device. BYOD is becoming more prevalent in enterprises today as key mobile and wireless enterprise trends drive the need for enabling greater access. BYOD essentially means that organizations allow their employees to utilize whatever personal mobile device/s they have in order to accomplish work related tasks. Using mobile phones as primary communication devices, globalization driving cross-border collaboration and workforce becoming more remote and mobile, are but some of the key drivers to BYOD adoption. The growth in BYOD has been fuelled by the growth in tablet computer and smartphones. It is expected that these devices will represent the majority of all personal devices used by personnel. BYOD encompasses more than personal computers with the rise of other mobile devices such as smartphones, tablets, ultrabooks, blackberry, etc. And with the advent of cloud technology and other tools in the web, the concept of BYOD has now broadened to include software and services. Although this IT consumerization trend provided employees with more device choices and flexibility in their work environment, it has also brought diminished control from the IT department. The surge of mobile devices entering the enterprise environment, coupled with the lack of a sound enterprise mobility strategy, has given rise to growing concerns about the risks brought about by BYOD. As more and more employees start to use their mobile devices to access corporate information/services, the potential security impact of BYOD continues to rise. Some of the security issues connected to BYOD include the following : financial, legal or regulatory and data security. These associated risks will be discussed in detail in the main body of this paper. If all users are allowed to bring and use their own devices to connect to the corporate network, one can just imagine the chaos it will bring to the IT department if left unchecked-given the prevalence of malwares and other security threats that continuously evolve every day. It seems that the BYOD phenomenon is here to stay. For the IT department, however, their biggest challenge lies in determining the best means to manage all these devices. One critical factor involves having an enterprise mobility strategy in place which includes BYOD policy and a solution to address effective management of personal devices. Despite the so-called benefits of adopting BYOD, it also brings with it a unique set of management challenges for organizations. Recognizing that employees tend to be happier and potentially more productive using technology of their choice is a big step towards managing consumerization of IT. However, one must note that this is just the first step and there are other aspects that require management as well.

Top management must know how to assess the impact of consumerization on their enterprise specifically bearing in mind the security related risks and finding the best means of taking control of the situation. Finding the best way to manage personal devices based on sector, operations and working practices is critical. Given that IT consumerization brings with it a disruptive shift in technology ownership and processes in the workplace, it also represents one of the biggest challenges for enterprise information managers. If managed intelligently, however, it can serve not only the interests of employees but may also benefit the business. The enterprise, in general, should be ready to transform, optimize and manage its resources. If the enterprise wishes to be globally competitive, it must be ready to adopt intelligent and secure management of personal devices, including personnel behavior (through implementation of sound security policies) in the workplace. Through this project, I hope to bring more information regarding BYOD-the benefits as well as the risks involved in its adaption that will hopefully help organizations in deciding whether to use it or not. Pros and cons of BYOD (for the enterprise in general, including those for specific industries) will be discussed in detail including an assessment of solutions that would mitigate the risks brought about by BYOD. The main objective of this paper is to provide a clearer understanding of BYOD and the underlying solutions that would make its implementation seamless.