Challenge of Byod Security in Modern Day

Question: Describe about byod(Bring Your Own Device) security is a new challenge that modern day corporations are increasingly facing. Research the issue of BYOD security and write a report documenting your findings. Answer: Introduction Bring your device (BTOD) is also referred to as bring your technology, or bring your phone. It entails the policy of permitting the employees to bring their personal devices like laptops, the tablets, and smartphones to their place of work, and to use the tools to be able to access the privileged corporation information and the application. The BYOD scenarios the employees use their own devices for their personal and the work use. (Ghosh, Gajar Rai, 2013)This program can apparently blur in line between the business and the personal use of the mobile device. The phenomenon of the BYOD is referred as the IT consumerisation. Besides, the term is used to highlight on the same practice that is applied by the students using their phone to the education setting to use on the programs like the Kahoot. The use of the BYOD to make an important development to the business world, with approximately seventy five percent of the employees in the growing market in Russia and Brazil and around 40% i n the developed market using their technology to work. An example of the survey carried apparently showed that 95% of the employees said they used at least one personal device for work. Various factors are driving the adoption of the BYOD programs(Scarfo, 2012). Nonetheless, there is an upward trend to the adoption of the diverse use of the mobile devices, like the tablets, and the smartphones by the individual that are. This paper will clearly demonstrate on the background information of the BYOD when it came into existence, the security challenges that are the adoption of the BYOD program has posed to the business, the protection mechanism that the organization is adopting to overcome these difficulties There is also need to look at the security implications of computer networks and the issues and concept of management in ICT. . Moreover, it will also highlight on the future trends of the BYOD program to the business needs and advancement of the same in the market(Burt, 2011). Background The BYOD has come a long way with the first appearance in BYOD in 2009, to the steady fast rise in 2011. It started at the Intel when they recognize the increasing number of the employees bringing their own personal devices like the smartphones, iPhone and laptops to the workplace and using them on the corporate network of the organization. In the year 2011 the term achieved prominence when the Information services providers, Unisys and the software vendor the Citrix systems began sharing their perceptions and experience of this trend. (Assing, 2013)The BYOD has mainly been featured as factor to the consumer enterprise in the way the enterprises associates with the clients. The role was reversal in the aspect of the business when it was the driving factor in the consumer technology innovations and all their trends. To better understand the evolution of the BYOD there is need to look at past years since the term was introduced. The terms were first imposed in the year 2009, but it had its first mainstream in the year 2010.The CIOs began to experience the pressure when personal devices began to flood at the workplace. During the same period, the Android had started to pick the steam and there was introduction of the first iPad in the market. The influxes to the new devices in the market made the employees bring more devices like the smartphones, the tablets in the work place. Some of the business began to block the personal devices to their networks and their mail servers. In that year, there were many MDM companies that were started and a new API came up to manage the mobile networks. It is due to this that the IT and organizations realized they can longer ignore the element of BYOD. In the year 2011, there was official support of the Bring your device programs which were introduced at the workplace at a fast rate. According to report of Aberdeen 2011, around 75% of the companies had the BYOD policy. It is the same year the Blackberry dominance started to give t o the alternative options of mobile and the acceptance of the BYOD was all-time high. In the year 2012, there was a significant concern for the data security and the data leakages. (Shim, Mittleman, Welke, French Guo, 2013)Moreover, the users were becoming more concern of the privacy. In the same year, many businesses were now focused on the adaptation of clear communicated policies of BYOD to the users, while at the same time working to understand their privacy and implications of the security. There was an increase of the MDM solutions to cater for these implications. In 2013, the applications and the security data continued as the hot topic in regards to the BYOD. There was also a major pivot to secure the device to be able to manage the apps and the data within the business; there were issues of the data breaches which were increasing on a daily basis.. (Shim, Mittleman, Welke, French Guo, 2013)The purpose of the containerization of this apps is to be able to separate the pers onal data and the data of the corporation. Security challenges posed by the BYOD program The unknown third-party access through the mobile application When the employee downloads and installs an application for their use, they likely allow the free third party to access some of the sensitive information for the organization that may be stored to their personal devices. Applications that are downloaded be infected with the viruses and the malware; which are instructed by a hacker command and the control servers to be able to steal any data that is on the mobile devices, without even an alert from the users device. (Burt, 2011)If the employees of an enterprise connect their devices to an open WI-FI devices, the data of the company that is stored on their devices may be compromised and be stolen. Moreover, if the security apps are imposed on the devices of the employees it would become a problem to them, because it requires frequent updates, in which if they dislike this they can easily uninstall. Nevertheless, these software reduces the performance of the device and also degrade on their experience by stretching on the memory and the processor of the devices. Mixing of the personal and corporate data This is the major security challenge to the BYOD, especially when coping with the issue of storage of the personal and corporate information on the same device. Indeed, some data of the organization may be leaked at some point. Some hackers may use the keyboard logging technique and acquire some sensitive information for the company, and this data in the long hands can cause significant harm to the organization(Ghosh, Gajar Rai, 2013). IT fracture Some of the infrastructure in the organization do not conform to the BYOD setting. The BYOD entails that CIOS make various modifications to the current IT infrastructure so that it is a complaint to BYOD. (Assing, 2013)There is a need to identify the applications employees are using to interact with the corporate information. It is fundamental that the data is protected, and conform to the current IT infrastructure. Technical challenges Various technical difficulties may pose on the BYOD program; an example is the control access to the mobile conceding the deployment of BYOD. The companies are unable to determine the permission level for each of the employees when they access certain resources for the company when using the mobile devices and the external network connections. Some of the other factors which may determine the access control are; limitation on how many individuals can be able to access on the resources at one time and how the employees would gain the access to the resources of the company. (Ghosh, Gajar Rai, 2013)It is important to understand the access control aspects differ on the aspect of the location, the size, and the employees number in that company. There is also the issue of incorporating the security measures to cater a given range of devices that are portable against the risk, and usually the threat is very complex. This is so when the employees may own a random number of devices that has different operating systems, which means the needs of the security to every need to be supported equally where it is possible. Protection mechanism Comprehensive BYOD security framework The security measures that exists currently are; the Virtual Private Networks (VPN), the use of the firewalls and email filtering tools. These components are essential for the protection of the inside network and when the personal devices are engaged in the BYOD before enforcement to the formal policies. The VPNs helps to implement on the private network connections to the devices and also allows access to the resources in an environment that is controlled(Ghosh, Gajar Rai, 2013). This contributes to reducing the cost of storing the data on the personal devices. (Burt, 2011)The firewalls, helps protection of the networks by monitoring the traffic and denying access to suspicious requests. The email filters, contributes in the detection and warning of the users of the emails that are infected. The personal devices can sync the application of email thus, it becomes a benefits on the device when the application of filtering the email is active. There is the use of the Network Access Control mechanism. This tool helps to limit the number of the devices that are connected, thus it helps to determine the permission and also denies the devices that are unrecognized to the companys internal network. This mechanism was well implemented before the rise of the BYOD. Thus, it is a focal point for the enhancement of the BYOD framework.(Assing, 2013) The Identification and the Access Management is also a variation of the NAC that entails the customized device access control rules to an individual network. In addition it manages on the sign on and separation of the duties. The single purpose BYOD security mechanism On this aspect, there is need for the final user agreement, the policies that are acceptable and used and the liability agreements that are formal contracts to ensure that the companies and the employees they agree mutually on the Bring your device policies of security. It is imperative for the component to be compatible for success of the BYOD. There is also the issue partition of containerization on the mobile device storage space into the independent sections to divide personal and work data. The component that contains the company data has its own policies on the security that are implemented, and they enable for remote access on the control of the company, without affecting the personal data. In addition, there is a need for the antivirus, and spyware applications that are important to strengthen the BYOD security framework(Scarfo, 2012). Security implications of computer network The security is essential to the computer network, especially when it relies on the corporate data in an organization. It entails the protection of the information systems from theft or the damage of the hardware, and the information that is contained in them. (Shim, Mittleman, Welke, French Guo, 2013) There are various security measures that need to be put up in order to prevent the breach of the information. Some of them are the user of the account access control and the cryptography to protect the system files. (Blum, Eskandarian Hoffman, 2004) There is need to input the firewalls to help on the network security by shielding the access to the internal network services and the use of the intrusion systems for the detention. These systems helps to detect the network attacks that is in progress and helps in the forensics of the post attack. In the events of the breach of the computer network it can lead to great implications for the company. (Merete Hagen, Albrechtsen Hovden, 2008 ) The clients to the company can seek to sue the company for the disclosure of the information, on the ground of the breach of the confidentiality. Cryptography The modern cryptographic techniques are the essential in IT system that needs to store-to protect personal data. It is important to note that on itself the cryptography does not provide any protection against the data breaching; but only when it is applied correctly in a specific contest does it provide the protection to the personal data. (Merete Hagen, Albrechtsen Hovden, 2008) It is usually a large field. Some of the newer cryptographic techniques are homomorphic encryption, which are essential in the processing and the searching in the personal data. There are various techniques that exists for the searching through the encrypted data, that is able access to provide a privacy protection and selective to the sensitive data. One of the technique that is used for the designing privacy preserving systems is the homomorphic encryption. The cryptographic system is only as strong as the encryption algorithms, the digital algorithms and the message authentication codes. If any of these components are broken the system becomes damaged. Most of the system fails because of the mistakes that are done on the implementation. Some do not ensure that the plain text is destroyed after the encrypted. Others may use the temporal files to protection against the data loss when the system crash. Issues and concepts related to management of ICT security In the management of the ICT security there are various issues and concept that are related to its planning and on the development of an effectiveness. In any organization it should design, implement and maintain the coherent set policies in the planning and development of the security plan, processes and systems to be able to manage the risks to its information assets. In this aspect, it will ensure acceptable levels of the information security risks. (Swiler, Phillips, Ellis Chakerian, 2001) On the concept, it is important to have a plan phase. On this it is involves the designing the information security management, this is by accessing the information security risks and selecting the appropriate controls. The next concept is the do phase, that involves the implementing and operating the control. Nevertheless, the check phase objective that involves the review and the evaluation of the performance. The last concept it the act phase that involves any changes that are made where ne cessary on the peak of the peak performance (Saint-Germain, 2005). Security planning and development The most significant part of the deployment of the ICT management system is the planning. It is not possible to plan for the security, until the full assessment of the risk has been done, the security planning involves the deployment of the security policies and the implementation control to prevent computer risks from becoming reality. The security planning varies from one organization to another. The first aspect of the planning is the risk assessment. (Perrig, Stankovic Wagner, 2004)There is no plan of action that can be developed and implemented before the risk is assessed has been done. It provides the baseline for the implementation of the security plan. The next steps is to identify the assets. (Scarfo,2012)This is by performing of the information asset inventory by highlighting the various items that are needed to be protected within the organization. It should be done on the basis of the business plan of the organization. The next is to identify the risk to the information assets. (Shim, Mittleman, Welke, French Guo, 2013) It is vital to determine the risks that affect each of the asset in the organization. It is then necessary to identify the threat and the method of the attack. The threat is any action that is potentially harmful to the organization through the disclosure, the breach of information, modification of destruction. It is then necessary for the development of the security policies and control. (Shin, 2010) These components will give a clear guideline for the various areas of the responsibility, and the plans which highlights the steps to take and the rules to be followed in the implementation of the policies. Conclusion and future trends The rapid growth of the personal devices is continuing to redefine communication and the productivity in the workplace. As a result to this, the BYOD programs, in which the employees use their smartphones and tablets for the business aspect has increased tremendously. (Scarfo, 2012)According to Gartner he predicts that by 2017, fifty percent of the employers would require their employees to supply their own devices to work. Further research from Juniper concluded that by the year 2018, there would be more than one billion devices that are used by the program of BYOD worldwide. With the increase in the sales through the mobile devices over the last years, every business that has not implemented the BYOD policy would suffer from breach of sensitive corporate information and be shared freely outside the corporation. Nevertheless, mobility drives productivity for the CIOS and the business by increasing the number of the mobile application users in the workplace. (Shim, Mittleman, Welke, French Guo, 2013)The rolling of requests throughout the place of work will present a myriad of opportunities that are beyond the traditional use of the mobile emails and the communications. There is also the need to evaluate the BYOD needs, since most of the leaders do not understand the benefits. (Assing, 2013)Throughout the world, the BYOD market is expected to grow to more than eighteen billion dollars by the year 2017. In the paper, it has clearly demonstrated on the background information of the BYOD program and how it has advanced over the years. It has also demonstrated, on the security challenges that are posed by the BYOD programs and the protection mechanism on the same. Nonetheless, there are also future trends on the BYOD programs in which there would be exponential growth to the number of business adopting it, the increase in revenue it is projected to bring, and the improvement of the security measures to secure the corporate data. References Assing, D. (2013). Mobile access safety: Beyond BYOD. John Wiley Sons. Baker, W. H., Wallace, L. (2007). Is information security under control?: Investigating quality in information security management. Security Privacy, IEEE, 5(1), 36-44. Blum, J. J., Eskandarian, A., Hoffman, L. J. (2004). Challenges of intervehicle ad hoc networks. Intelligent Transportation Systems, IEEE Transactions on, 5(4), 347-351. Burt, J. (2011). BYOD trend pressures corporate networks. eweek 28(14), 30-31. Ghosh, Gajar Rai. (2013). Bring Your own device(BYOD): Security risks and mitigating strategies. Journal of Global Research in Computer Science, 4(4), 62-70. Heberlein, L. T., Dias, G. V., Levitt, K. N., Mukherjee, B., Wood, J., Wolber, D. (1990, May). A network security monitor. In Research in Security and Privacy, 1990. Proceedings., 1990 IEEE Computer Society Symposium on (pp. 296-304). IEEE. Hill, D. W., Lynn, J. T. (2000). U.S. Patent No. 6,088,804. Washington, DC: U.S. Patent and Trademark Office. Li, Y., Guo, H., Jajodia, S. (2004, October). Tamper detection and localization for categorical data using fragile watermarks. In Proceedings of the 4th ACM workshop on Digital rights management (pp. 73-82). ACM. Merete Hagen, J., Albrechtsen, E., Hovden, J. (2008). Implementation and effectiveness of organizational information security measures. Information Management Computer Security, 16(4), 377-397. Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P. (2004). Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security). Prentice Hall PTR. Perkins, C. E. (2008). Ad hoc networking. Addison-Wesley Professional. Phillips, C., Swiler, L. P. (1998, January). A graph-based system for network-vulnerability analysis. In Proceedings of the 1998 workshop on New security paradigms (pp. 71-79). ACM. Perrig, A., Stankovic, J., Wagner, D. (2004). Security in wireless sensor networks. Communications of the ACM, 47(6), 53-57. Saint-Germain, R. (2005). Information security management best practice based on ISO/IEC 17799. Information Management, 39(4), 60. Scarfo. (2012). New security perspectives around BYOD. In broadband, wireless computing, communication and Applications(BWCCA), 2012 Seventh International Conference. 446-451.IEEE. Shin, D. H. (2010). The effects of trust, security and privacy in social networking: A security-based approach to understand the pattern of adoption. Interacting with computers, 22(5), 428-438. Shim, J.P., Mittleman, D., Welke, R., French , A.M., Guo, J.C. (2013). Bring your own device(BYOD): Curent status, issues, and future directions. Schneier, B. (1999). Risks of relying on cryptography. Communications of the ACM, 42(10), 144-144. Stinson, D. R. (2005). Cryptography: theory and practice. CRC press. Walker-Osborn Mann. (2013). TO Byod or.... or not to Byod. ITNow, 55(1). 38-39. Susanto12, H., Almunawar, M. N., Tuan, Y. C. (2011). Information security management system standards: A comparative study of the big five. International Journal of Electrical Computer Sciences IJECSIJENS, 11(5), 23-29. Swiler, L. P., Phillips, C., Ellis, D., Chakerian, S. (2001). Computer-attack graph generation tool. In DARPA Information Survivability Conference Exposition II, 2001. DISCEX'01. Proceedings (Vol. 2, pp. 307-321). IEEE.