BYOD: Pros and Cons
In the modern organization, workplaces of many employees cease to be static. As of today, when you can connect to a variety of cloud services and seize opportunities of your device to perform the work operations, literally holding the phone, and the assortment of devices has become a truly colossal, employee’s standing on the desk computer ceases to have value. Therefore, employees are beginning to give preference to personal devices on the workplace (Loguercio, 2013).
One of the most important functions within an IT department is securing the corporate network from both external and internal threats. Traditionally, corporations have provided employees with IT managed device to access the network, however technology has evolved and customers demand to use personal devices to make job functions easier. The introduction of personal devices within the corporate environment creates major holes in security that may lead to the unauthorized access and distribution of sensitive or classified information. Many companies struggle to find the balance between security and productivity in this ever evolving technology boom.
This paper will address such a phenomenon in the world of IT as BYOD in terms of its safety, also its positive and negative attributes, as well as answer questions about the effectiveness of implementation of BYOD in the enterprise.
What is BYOD?
BYOD (“bring your own device”) - a term that describes a situation where employee of the organization instead of corporate computer uses its own device for work, whether it is his personal laptop, tablet or a smartphone. The term BYOD appeared a long time ago (at least since 2004). However, the explosive popularity of this idea has found relatively recently, mainly due to the activity of suppliers of IT-services and rapid development of functional and diversity of cloud services (Loguercio, 2013).
With the increasing number of personal devices, established techniques of ensuring the security of corporate mobile devices (such as MDM, EMM, MAM) have completely lost its benefits or became to give paradoxical results. The only solution is the interaction with employees and finding the optimal ways to control the mobile platform to meet the requirements and desires of not only the company but also the users. (Hurlburt, Miller & Voas, 2012).
The fundamental idea of virtualization and the concept of safe BYOD became approach, when on one device of the employee are created two independent operating system or sets of independent software components (domains). One domain is used solely for personal use, and the second - in working purposes. Variants of implementation of this approach could be many, they may in principle differ from each other, meanwhile the developers are using single term "virtualization mobile" to their decisions. This creates confusion when choosing and comparing such decisions (Hurlburt, Miller & Voas, 2012).
Most virtual solutions for mobile devices can be classified into three main groups according to an embodiment of the implementation:
- Virtual desktop. One of the most well-established technology of those that are now used in the virtualization of mobile devices. The principle of operation is similar to a standard solutions for enterprise infrastructure with thin client, when a user is working with remote desktop, without having the opportunity to save anything on its local workplace.
- Cloud-based virtualization. In this approach, there are only shortcuts for access to applications on the user's device. In this case, all data is stored and processed on the side of cloud hosting, which occurs also limit access to applications and user management.
- Virtualization on the device itself. This model involves the direct creation of two independent domains on a single device with the ability to quickly switch between them. (Hurlburt, Miller & Voas, 2012).
Pros and Cons of BYOD
The indisputable advantages of approaches in the form of remote desktop and cloud-based virtualization is that applications are executed, process and store sensitive data outside employee’s devices. On the one hand, it significantly reduces the risks associated with personal devices, on the other - the transfer and storage of data in the case of third-party cloud hosting is exposed to additional risks. Some companies may simply not be ready to host critical information (eg, CRM or ERP) in a foreign hosting of provider of protective equipment. Another big issue is the need to have a stable bandwidth for work with corporate data and applications, which can be handy if the employee uses the device on company premises (Wi-Fi for example), but can be totally unacceptable outside of it when the employee is responsible and pays for the channel itself (Hurlburt, Miller & Voas, 2012).
Virtualization on the device itself most corresponds of the concept of combining personal and corporate information in a single device. This approach can significantly reduce the load on the support and management of mobile devices, as well as along with technology of cryptographic containers seriously improve the security of data that inevitably get on the personal devices of employees (Hurlburt, Miller & Voas, 2012). Meanwhile, with all the pros for company, implementation of virtualization for mobile devices may affect the interaction with the staff. First of all, it relates to the issues of performance and power consumption of the latest generation of mobile devices. Parallel creation of two virtual domains and the implementation of a virtual environment on an existing OS mobile device, of course, will require resources beyond the nominal device requests. And if the presence of a corporate domain will reduce by half the performance of the device and accelerate by half battery discharge, then users will continue to work with the old devices without any means of protection or control of the employer (Semer, 2013). Developers of decisions are coupled constraints by suppliers of mobile devices that do not have any incentive to optimize the use of resources of party applications or system software (Semer, 2013).
Effectiveness of implementation of BYOD
Efficiency of BYOD is achieved not by strict limitations, but the most flexible control at the level of human relations. Obviously, to ensure maximum effectiveness it should be supervision of the process on many levels (Willis, 2013). The devices must be comfortable, not first came to hand; employee competencies should be enough to use their device at least as effective as desktop computers, and the interaction between the staff should be secured with a safe and fast implement (Willis, 2013).
Summarizing the above, it should be noted that any technology requires a considerable time before it will remove from stage of “trend” or “new item” into a stage of “commonly used”. In the meantime, companies have to rely not on a purely technical means of control and management of personal devices, and on close bilateral interaction with employees. The virtualization technology itself is already causing number of serious questions. As a result, the question of choosing the optimal solutions in relation to the concept of BYOD is still open, and it is possible that in a similar manner as virtualization replaced MDM nowadays, as well a completely new technology will appear in a fairly short time instead of virtualization.
BYOD is not finale, it is a concept, a transitional form between the classical stationary computer on a desktop and some new approach to the organization of work in order to provide maximum comfort and productivity of the employee, giving him the opportunity to work there, then and in such manner as he wants.
- Hurlburt, G.F., Miller K.W., & Voas, J. (2012). BYOD: Security and Privacy Considerations. IEEE computer society. Retrieved from http://www.computer.org/csdl/mags/it/2012/05/mit2012050053-abs.html
- Loguercio, M. (2012). 50 Shades of Insurance. BYOD: “Bring Your Own Device” to work. Insurance advocate. Retrieved from http://www.insurance-advocate.com/50-Shades-of-Insurance-c1358.html
- Willis, D.A. (2013). Bring Your Own Device: The Facts and the Future. Gartner. Retrieved from http://www.gartner.com/id=2422315
- Semer, L. (2013). Auditing the BYOD Program. Internal auditor. Retrieved from http://www.theiia.org/intAuditor/in-the-profession/2013/auditing-the-byod-program/