A Brief Discussion Over BYOD

BYOD

This post is about (drum roll please) BYOD!

Table Of Contents

• BYOD
• Table Of Contents
• What is BYOD?
• How have organizations responded to BYOD?
• How have organizations adapted to BYOD with networking?
• What areas of risk have been identified for BYOD?
• What does the future hold for BYOD?
• References
• Thanks For Reading

What is BYOD?

"BYOD" (Bring Your Own Device) refers to the technological culture of letting employees at a company bring their own pieces of technology to work with in development of the project. It has also been called BYOC (Bring Your Own Computer), BYOP (Bring Your Own Phone), BYOPC (Bring Your Own Personnal Computer). Traditionally,the main drive for technology has come from an enterprise background, where employees were handed over machines, hardware, and software for their development and work at their company.

This was done as it was uncommon for employees to have their own gadgets and machines at home that they would like to bring to work and use. Starting from the 2000s, and more acceleration towards the 2010s, we began to see a massive drive towards technological commercialism, and the propagation of technology for normal users in everyday lives. As technology became more and more easier to own, and software was designed for more home and personal use, there began a shift for developers to code in their own free time, and work on projects either at home, or the idea of customizing their home machines to fit their needs.

Then as these users began to move towards the workforce, users now wanted to letting these devices be the same they use for personal and office use. This, users believe, helps them to be more satisfied as,

• They can work on machines they bought
• Can configure freely as per their needs
• Easy upgrades and installs of software without having to deal with bureaucracy or authorization
• Carry work to their homes if they wish to work

Of course, BYOD does not come without tradeoffs, and has its drawbacks and concerns.

How have organizations responded to BYOD?

The reactions of organizations have been mixed, and it varies widely from company to company, and from countries as well. Some domains, such as EdTech, have seen more constructive user experience.Organizations that have favored positively suggest that,

1. Using personal devices increases employee morale and convenience
2. Attracts new hires
3. Easily up to date with software releases
4. Allows company to save financially - no need to buy hardware for personal
5. Improves employee satisfaction

Those organizations that lie on the negative end of the spectrum present justifiable reasons as to why they rather prefer the option of buying heavily policed and stable hardware with fixed and verified updates.

Organizations cite reasons such as,

1. "Cyber Security" & "Information Security" attacks, with potential risks for leaking critical and sensitive information to the world
2. Misuse of personal mobile devices while on duty
3. Reportedly responsible for data breaches
4. Loosing personal machine (PC or mobile) can result in data breakers with malicious intents to compromise sensitive organization information
5. Enforcement of policies and that proper access of data is provided, stored, and maintained

How have organizations adapted to BYOD with networking?

Very skeptically, more organizations related to networking believe that machines or software that is "smart" will always be in someway "exploitable". This has led to careful concerns of considering of what it takes to better improve software to avoid breaches and such.

In terms of BYOD, and depending on the employee's organization, rules maybe very strict where employees are only allowed to work on the project using machines provided by an IT department within the organization, only using software approved by the IT department. Avoiding malicious links, software, software updates, or visits to web applications that the IT department deems unsafe or not "compliant" with the standards of the organization

What areas of risk have been identified for BYOD?

BYOD exposes areas of,

1. Confidentiality - if a user leaves his/her machine at home logged in, anyone can start interacting and be able to see information the other person is not authenticated to see
2. Integrity - because it is allowed to download software, and it is not often checked for SHA256 or other similar methods, the integrity of software remains uncertain, and has a chance of being compromised. To make sure every install is indeed integrity, users will need to check against the checksum - which is something very few users actually do3. Breaches - masquerading, falsification, and repudiation are common attacks that can be if a malicious agent finds access to the employee's machine

What does the future hold for BYOD?

BYOD is here to stay. Whether or not it is something that every organization adopts is up for debate and a concern further as the world is moving towards working remotely and helping to allow employees to work from home - this increases challenges of cyber and information security.

For some organizations that do not deal with critical or sensitive information, BYOD is without a doubt an obvious option. But for companies with tech employees in domains of FinTech, Banking,Network Administrator, Senior Cloud Engineer - performing BYOD is not an easy option.

References

• Bring Your Own Device - Wikipedia
• Pros & Cons of Bringing Your Own Device to Work - PC World
• Learn from Intel's CISO on Securing Employee-Owned Devices - GovInfo Security
• What is Bring Your Own Device (BYOD)? - IBM

Thanks For Reading

Thanks for making this far down! 😄

Socials,

• Email: saifulislam84210@gmail.com
• Twitter: https://twitter.com/SaifUlI25919743
• GitHub: https://github.com/rubix982
• LinkedIn: https://www.linkedin.com/in/saif-ul-islam/

Comments

[Ryan Latta]

Nice article.

There's something that I also think devs need to be aware of with BYOD. Most companies have you sign an IP transfer clause as a part of your hiring paperwork.

The clauses vary, but in effect they state that the company owns all of your intellectual property.

BYOD opens a vector for a company to grow that ownership.

If you ever wanted to have a side project? Company owns it. Write a book? That's also the company's property.

It'd be dangerous to assume that because they offered BYOD that they revisted those clauses.

[Saif Islam]

I was not aware of this prior to reading your suggestion. Do you know of a case study that demonstrates a lack of proper revision for BYOD policies?

This sounds fundamentally dangerous and can cause licensing issues.

[Ryan Latta]

I don't know of a study, but I have been at plenty of companies that issued BYOD policies that didn't address preivously existing IP transfer clauses.