BYOD and CYOD – Security Challenges For Enterprises (Solved)

BYOD and CYOD – Security Challenges For Enterprises (Solved)

Mobile devices have invaded the business world as much as our personal lives. Employees Are Us. When we go to office and we have to work on a different device, it can at times seem a little annoying especially when you have to access personal work on one device, official work on another device. The whole scenario becomes way lot more annoying when you worked from home for official purpose from a different device and when you came to office you are trying to figure out how to sync it with your work machine! So it becomes natural for us to demand more flexibility to do our jobs with respect to what devices are permitted or not. Office workers wish to stay connected and productive even after outside normal business hours. People working in the office might not be comfortable operating on laptops or phones that are being provided by the company. The office can cater to this issue with a solution of providing networks and accessibilities at office on their own devices. This gave rise to the concept of:

  • Bring Your Own Device (BYOD) : Any device owned by the user can be used anywhere. You can bring your own device to office.
  • Choose Your Own Device (CYOD) : Pre-approved devices being provided by the company that are available for employees to use on or off the premises.

BYOD or CYOD challenges include data security issues, inconsistencies, support expenses, integration issues and policy violations.

In the case of CYOD, the company purchases, owns and maintains all devices. An employee chooses from an approved list of devices perhaps via online custom portal. Some challenges which enterprises face in this case include security and scalability.

For every employee who works from home, company faces multiple potential security risks.

“Research shows 3 out of 4 employees are using their personal devices at work.”

Regardless of the choice between BYOD or CYOD, successful IT organizations are facing the mobility challenge and look forward for integrated solution. If the desired action is not taken, the organization have to absorb the ever rising costs. When it comes to devices in the workplace, companies are finding there is a need for balance between “productivity” and “security.”

BYOD (Bring Your Own Device) or CYOD- The Verdict

The decision of choosing BYOD or CYOD truly depends on the nature of organization. Both the strategies are just different ways of addressing consumerization in the IT market, thus neither strategy is totally right or wrong. The needs and requirements of an enterprise are the major factors for deciding the strategy.

It is true that BYOD revolution has spread everywhere but not every enterprise welcomes this strategy and without escape have to face BYOD challenges. The enterprises looking for more control over devices and network usually opt for CYOD. Though BYOD and CYOD have become the two most popular strategies, they are not complete within themselves.
BYOD and CYOD Gartner Report
BYOD – Device that an employee chooses to use

CYOD – Devices the company provides to select from?

So which is a better option to provide for enterprises? To better answer this, we now need to focus our attention on the challenges which enterprises face while implementing any of these models.

Challenges faced by Enterprises using BYOD or CYOD:

BYOD And CYOD Challenges

  • Network and device security breaches leading to malicious use of company data.
  • Money and time spent to rectify the situation of malpractices or breaches.
  • Avoiding the use of more resources to compensate the loss happened.
  • Increasing wireless coverage, therefore incurring more cost.
  • Establishing policies that are agreed by both employees and companies.
  • Taking into consideration supporting the technological aspects of devices.
  • Different technology and different devices leads to expenditure on hiring people with relevant technical knowledge.
  • Expenditure in implementing new and innovative processes and tools due to varied alternatives.
  • Cost incurred in offering training and services to the staff.
  • Variety in operating systems also leads to increased amount of costs and errors. More the number of OS means more complexity in managing data.
  • Allowing different devices with varied technology can create a lot of fuss amongst the device management team of an enterprise.

With a responsive, comprehensive and productive mobile protection strategy, enterprises can have the best of both worlds. “Get the benefits and prevent the risks”. The innovative companies are adopting the latest protection technology and achieving benefits by finding the best balance. It’s time to avail the best benefits which mobility can provide.

Tips for Success:

  • Clarity in company policies: Whether the enterprise have decided to choose to operate BYOD or the CYOD strategy, enterprises must make sure that there is a complete agreement between the employees and the company about the policies being used.
  • Security of company data: Whether the company chooses to operate BYOD model or the CYOD model, it becomes imperative for enterprises to ensure that company data and proprietary remains secure in all situations. Therefore, enterprises must work on tight security and monitoring of the corporate data.
  • Streamlined Device Management Platform: Proper guidelines should be made on the evaluation criteria of the devices. Users should be notified about what and how devices are permitted to work on the enterprise network. This is of great advantage where both user-owned and company-owned devices are being used. Device management platform should provide tight security based solutions for the access of corporate data. The following areas must be considered while designing a platform:
    • Data encryption
    • Device access controls
    • Authentication
    • Device configuration
    • Network access control.
  • Partitioning: Partitioning is another important practice, which isolates personal data from business data and applications. By partitioning one can easily edit business data and applications without affecting personal stuff.
  • Ensuring user consent: User agreements should be made in accordance with the policies so that no legal issues arise between the employee and the company. Employee should also be notified in case of any kind of violation of the policy.
  • Team Assembly: It is recommended should include members from Legal, I.T. security operations, HR as well as the business. These groups must completely focus on productivity while NOT compromising on the security of the mobile workspace.

Meeting the criteria of policies and security is not sufficient. It is very clear that with proper blending of appropriate policies and technology, enterprises can ensure security of their data and applications. Choosing a mobility strategy with a product-focused approach helps. Post deployment, the end-user testing should be super neat. In fact most companies implementing BYOD or CYOD models usually hire an outside QA team for end to end testing of the system due to the high reliability and trust concerns. It seems a little ironical to have the very team testing a product that is supposed to authenticate and confirm their own permission and other confidential settings! Anyways, this was a high-level overview into the whole security concern around the BYOD and CYOD systems. You can now start figuring out where your company fits – in a CYOD or a BYOD model and how you can plan to reduce risks when using such models.

Feel free to contact us if you are looking for the solution of any security challenge in your enterprise.

References:
http://www.insight.com/content/dam/insight/en_US/pdfs/insight/solutions/cyod-datasheet.pdf
http://www.symantec.com/connect/blogs/byod-vs-cyod-whats-right-your-business
http://www.insight.com/content/insight/us/en/solutions/mobility-network-and-security/cyod.html
http://www.forbes.com/sites/symantec/2014/08/12/byod-or-cyod-whats-best-for-your-business/
http://www.tigertext.com/securing-optimizing-mobile-workforce/

The following two tabs change content below.
Ambuj Tayal

Ambuj Tayal

Director - Consulting Services
In the past, Ambuj has held consulting roles with various global technology leaders, such as Infosys, Fiserv and Xchanging in India. He holds a graduate degree in Chemical Engineering from the Indian Institute of Technology, Roorkee.
Ambuj Tayal

Latest posts by Ambuj Tayal (see all)

Ambuj TayalBYOD and CYOD – Security Challenges For Enterprises (Solved)