Why Bring Your Own Device (BYOD) Can Be A Security Risk To Your IT (Information Technology) Infrastructure
If there is one workplace trends that dramatically change how an employee performs his or her role that would be BYOD. BYOD stands for bring your own device wherein workers are allowed to bring their own smartphone, laptop or tablet in the workplace to use after connecting it to the firm’s network.
Based on a 2012 survey conducted by Cisco, about 600 firms with over 1,000 employees allow the staff of bringing their own devices. It was found out that 95% of all IT departments are actually employing this concept, and it is not necessarily a secret why these firms are doing such. Each firm saves up to $300,000 yearly per 500 employees by allowing them to carry with them their own devices. The bigger the company the higher the operational cost savings.
The question now is: is BYOD so beneficial that it can outweigh the firm’s security risks?
Let’s all remember that BYOD is not 100% about benefits; with BYOD comes greater risks. If these risks (not just security risks though most are related to such) are not addressed during the implementation, this can lead to more organizational and operational issues than what BYOD essentially solves.
There are at least three issues that these firms have to look at-
First, it would be very difficult for any IT department to regulate the wide range of devices brought in the workplace. Definitely, the employees will present multitudes of devices with different operating systems and with different versions.
Many a reasons why this setup can only lead to systems fragmentation when there are devices, systems and platforms that are agnostic when possible security threats are tackled. For one, implementing management centralization will be harder.
Second, there will be lack of customer data encryption. For the IT department, protecting customer data will be more challenging since this data are only encrypted on authorized devices most of the time based on the survey conducted by ESET, a firm that basically deals with Internet security.
The problem with brought devices is that they are owned by the employees and that while they contain company data, these devices cannot be configured based on the preferences of the firm.
Third, the devices are not ‘firewalled.’ Even when the employees use the devices inside or outside the workplace, they still contain confidential data that once a device is subverted other person or entity may gain access to the data contents. The worst part is, he, she, they or it may gain access not only to the data, but also to the entire firm’s network.
Evidently, there are many benefits to BYOD. However, unless these real security issues are addressed, BYOD will remain to be a contemptuous implementation.
About the author:
Sandhya Bhat MSc, CSSMBB, CSSE has developed several new (under patent filing) and enhanced existing strategic methodologies to improve technology and human capital utilization, produce greater ROI on investments and streamline service delivery. She is an acclaimed author, speaker, a sought after thought leader and an avid world traveler.
#bringyourowndevice #BYOD #mobiledevice
Since we are living in an information-rich world, there are three things that describe enterprise data management: concept, business objective and system.
Enterprise data management is basically about the successful data integration into different business applications and effective data retrieval for business processes utilization.
Every firm is a hodgepodge of different kinds of data or information that must be managed efficiently otherwise other entities might gain access to such and use them against the company.
This is where the role of information management governance comes in. Information governance may mean a lot of things to any individual or firm, but the meanings are always related to proper utilization, distribution, retrieval and disposal of information.
Information management governance is also about specifying the decisions and accountabilities surrounding the manipulation of information for any given purpose. For some, information governance is also about encouraging desirable behaviors among the users of the information to properly value, create, store, use, archive and delete information.
The concept of information management governance is actually derived from the concept of information technology (IT) governance. IT governance is described as a set of processes which ensure effective utilization of IT to enable the organization of achieving its goals. The same concept applies to information governance minus the IT emphasis.
Based on the given definitions and conceptualizations above, information governance highlights accountability of the users wherein the appropriate behaviors are encouraged. Accountability is almost always associated with challenges wherein the lack of such certainly leads to problems.
What we didn’t realize is that information may eventually become futile or obsolete when its integrity is tarnished. The information will lose meaning and the business might no longer deem it necessary, relevant or important regardless of all the hard work and resources (time and money) involved in creating and storing that information.
Perhaps, this is the reason why efficient management and governance is critical – so that information will not lose its integrity and will be useful for the organization for the longest time possible.
Further, the users of the information are the people who knew how valuable the information is. Thus, their behaviors must be controlled, so that they will use the information diligently and generally, treat it as a valuable asset as it really is.
So evidently, more than the information component of information governance, it is more lenient to the human component. After all, the people are the ones who created and using them.
#informationmanagement #datamanagement #governance #dataaudit #datacontrol #EIM #datasecurity #datagovernance #enterpriseinformationmanagement #EnterpriseDataManagement