Welcome,visitor! Register Login

Post an Ad

Advertisement

An Overview of BYOD (Bring Your Own Devices)

May 6, 2013, by , under Online Security

BYOD

BYOD (Bring Your Own Devices) is now a much-talked and debating concept in the management & access to information technology services as it allows access to the corporate inside network using a wide range of personal devices owned by employees. Implementation of BYOD concept is increasing as the corporate are thinking that it might have impact on employee productivity as well as mobility for its ease of use.

However, paced revaluation occurred on mobile technology in the last few years, which also brought potential security risk into the enterprise network. As a result, CTOs/CIOs around the world not only concern about the controls and monitoring for compliance but also about the methodical project implementation strategy.

Pre-Assessment of BYOD:

Before diving into BYOD, corporate should think or define strategy in line with its Nature of Business. What are the scopes of BYOD in Business? How can BYOD transform the way of doing business? Whether this transformative concept is at all worthy for the Business?  BYOD brings your employee connecting at anytime from anywhere but it may suffer your corporate network.

So, Business should not consider only advantages & disadvantages but should think about the built-in challenges that need to be planned proactively. Considering the above facts, if management determines going for implementation of BYOD then identification of resources to be accessed should be listed in detail. This also includes distinguishing indication of corporate and personnel resources. Corporate resources should be separated and under control. All stockholders should be determined and accordingly policy, procedure or activity workflow should be documented in the following areas:

a)      Personnel Devices Security.

b)      Application (Mobile Apps).

c)      Disposal or Device Lost.

d)      Communication Channel etc.

Group of human resources should also need to be identified and segregation of these groups by their role is important for managing security of sensitive corporate resources. At last, selection of mobile devices & operating system to be used in BYOD implementation can be determined and finalized.

There is some financial involvement in implementation of BYOD in any corporate so following issues need to be considering before doing any cost benefit analysis:

a)      Repair of devices.

b)      Additional accessories.

c)      Roaming Bill re-imbursement when employee was in personnel visit.

d)      Any additional support.

Benefits of BYOD:

  1. Regain visibility and control by managing company data and limiting liabilities on personal devices.
  2. Share corporate data confidently with secure access, backup and file sharing.
  3. Protect data wherever it goes with context aware security.
  4. Increase productivity- employees who use their own devices in work and at home put in more hours work per year.
  5. Save money-reduce the overhead of company provided devices and maintenance.
  6. Improve staff satisfaction-by giving them the flexibility to use the devices of their choice.
  7. Attract and retain the best employees.

Risks in implementation of BYOD:

  1. May decrease employee’s productivity as control in browsing web site is difficult.
  2. Chance of Business Software theft.
  3. Business Data Security and Chance of theft.
  4. Malicious attack on Mobile device can spread in corporate network so chance of service disruption.

Experience from Adopting BYOD:

More organization around world is now adopting BYOD strategy for its simplicity and cost effectiveness. For example, IBM adopted BYOD Model in 2010 as it believes that “At IBM we use what we sell”. Moreover, the demand came from UK “Innovation Jam” as well as it was observed then that it was not worthy to provide all employees a new corporate funded device. As a result, IBM started with” Lotus Traveler” in Europe by extending not only security in email/calendar/contacts onto smart-phones & tablets but also taken care of in privacy and support for variety devices, platforms and carriers.

Now, worldwide adaptation of IBM:

a)      100000 employees with smart-phone or tablet access today.

b)      200000 forecast for 2012 – around half our global workforce.

c)       Most pay for their own devices and monthly service plans.

d)      IBM controls data via security policies.

The Lessons Learned by IBM

a)      Employees supportive of personally owned (and funded) devices.

b)      Employees want single device for personal & business use.

c)       Biggest dissatisfied is the enforced device pass-code.

d)      Employees requested better separation of work % personal data.

Source: IBM Client Technology Innovation Exchange 2012)

However, at Bank of America, employees who are using their own technology for work purposes must install a firewall on the devices for separating access to personal and company information. The bank has been supporting accessing working environments remotely for some of its employees “for years” so the company has the awareness & know-how from a tech perspective to secure remote devices accessing corporate working environment.

There’s more to securing smart-phones and tablets than securing laptops or desktop computers. However, securing mobile devices are more difficult as there’s a difference between a dispersed working environment and a mobile working environment. Fraud is always a potential problem.  Essentially it’s the storage that creates the bulk of the risk in a mobile environment. Thus we need to evolve toward the ability of devices to use data but not store it. In this context, implementing a cloud-based architecture can mitigate the risk of storing sensitive data on mobile devices, as data can be stored in an off-site, fully encrypted cloud environment and you can obtain it with a password. In terms of security, cloud providers systems are probably more secure than most large-scale financial institutions. Storing data in the cloud also saves an employee’s personal data if the devices need to be wiped remotely. Now a days lots of users are using classified ads site to buy their car, mobile, laptop, computer etc. They are using their devices for online shop. Bangladeshi people also likes bangladesh online shopping site. Specially classified ads site of bangladesh. Customers also try to sell their used secondhand car or any product. Even they are looking for specific car brand like Toyota or Nissan. They are looking for car sale ad in the internet. All these activities are happening in online through their mobile devises.

Though it requires much consideration prior to implement BYOD, however, if it is implemented properly and maintaining continuity in monitoring and control, then it can reduce operating cost and increase employee productivity. Moreover, now BYOD goes to mainstream in IT Division thus security should be front and center for users and IT administrators alike. However, in our country, where ICT policy and its implementation is still unsatisfactory, should not be the right strategic model in the name of reducing operating cost or to take BYOD as to increase employees productivity.

Author Details:

Tapan Kanti Sarkar

Tapan Kanti Sarkar

CTO, NCC Bank Limited

President, CTO Forum Bangladesh

Email: tks446@hotmail.com

1907 total views, 1 today

  

Sponsored Links

Leave a Reply

Advertisement