Friday, 8 March 2013

BYOD - Bring Your Own Device

Bring your own device (BYOD) (also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC)) means the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and use those devices to access privileged company information and applications.

BYOD has resulted in data breaches. For example, if an employee uses a smartphone to access the company network and then loses that phone, untrusted parties could retrieve any unsecured data on the phone. Another type of security breach occurs when an employee leaves the company, they do not have to give back the device, so company applications and other data may still be present on their device. It is important to consider damage liability issues when evaluating BYOD. If an employee brings their personal device to work, and it is physically damaged through no fault of their own, is the company responsible for repair or replacement?


Business: A business that adopts a BYOD policy saves money on high-priced devices it would normally purchase for employees. Employees may take better care of devices they view as their own property. Companies can take advantage of newer technology faster.

Employees: Employees who work for a business with a BYOD policy can decide on the technology they wish to use, rather than using whatever the company chooses. This may improve morale and productivity. Exclusive control of features is given to the employee.


Business: Company information is often less secure than it would be on a company-controlled device. (Security professionals have called it 'bring your own danger' and 'bring your own disaster'.) Even though the cost of hardware investment can probably be reduced, there is administrative effort and therefore administrative costs. The effort can be much higher for BYOD-devices, because hardware is not fully controlled by IT department (integration into corporate network, incident resolution, etc.). The company may have to pay for employee devices' phone service, which they use outside company time. BYOD is an extreme case of the end node problem.

Employees: Due to security issues, employees often do not have true full control over their devices, as the company they work for must ensure that proprietary and private information is always secure. It is an out-of-pocket expense for employees. They may be responsible for repairs if their devices were damaged or broken at work. Businesses that fall under compliancy rules such as PCI or HIPAA must still comply when using BYOD.
The Ten Commandments of BYOD

1. Create Thy Policy Before Procuring Technology
2. Seek The Flocks’ Devices
3. Enrollment Shall Be Simple
4. Thou Shalt Configure Devices Over the Air
5. Thy Users Demand Self-Service
6. Hold Sacred Personal Information
7. Part the Seas of Corporate and Personal Data
8. Monitor Thy Flock—Herd Automatically
9. Manage Thy Data Usage
10. Drink from the Fountain of ROI