Mobile Computing and Corporate Data Protection: Bring Your Own Device Security Issues and Challenges

The following paper describes the strategic importance of information technology in the context of corporate data protection, mobile computing security, heterogeneous data storage and isolation. For the purpose of this document we will discuss the works of Yong, Jinpeng & Vangury in their paper “Bring Your Own Device Security Issues and Challenges”.

Enterprise collaboration and the exchange of corporate information had increased thanks to the proliferation of mobile computing technologies and the massive adoption of mobile devices. The concept of Bring Your Own Device (BYOD) appears to be magnificent because it allows corporate users to share, query and use data anytime, anywhere and from the same devices used for their personal activities. However, it also implies a challenge in terms of network access and data protection. How to share and store information in a BYOD environment safely and at the same time preventing the leakage of sensitive data?

What if the device is lost or stolen? Who can access the data? Why? When? Where? What if an employee leaves the company with his BYOD device and the corporate data? All these issues are the biggest challenges for the security of corporate data in an increasingly mobile and flexible environment. Therefore, “a set of principles that any organization should follow before implementing the BYOD framework must include availability, usability, mobility and security.”(AlHarthy & Shawkat, 2013)

In terms of vulnerabilities, BYOD is very sensitive to confidentiality issues, data isolation and security policies compliance. “A few solutions exist for BYOD security. However, limitations and drawbacks have been found in these solutions.” (Wand, Wei & Vangury, 2014)

The research shows that an ideal BYOD solution must be able to separate corporate space from personal space and protect corporate data and monitor and reject unauthorized and illegal data access. Therefore, a BYOD security framework is proposed based on three operational layers: space isolation, network access control and security policies database.

In general terms, Wand, Wei & Vangury approached their experiments by comparing two techniques: Agent-based BYOD discovery system and Scanning-based BYOD discovery system. An agent-based BYOD discovery system requires a mobile app installed in the BYOD device. This piece of software is responsible for reporting the device status to a centralized network management and monitoring system. The centralized monitoring system enforces password rules and a full set of security policies. On the other hand, under scanning-based BYOD discovery system no application is required and a network scanning tools is responsible for detecting BYOD devices. However, this method is only possible within small network areas, takes extra time to perform the discovery and add considerable traffic to the corporate network.

 In conclusion, a BYOD security framework was evaluated by the authors with the intention to provide guidance for enterprises willing to adopt BYOD. It also has been stated by (Wand, Wei & Vangury, 2014) that an ideal BYOD solution must be able to separate corporate space from personal space. At the same time, it must be able to protect corporate data and monitor and reject unauthorized and illegal data access. Limitations and drawbacks were found on the technologies evaluated. Therefore, further work is required in order to design a framework and developing tools to protect BYOD networks, which at the same time represents a potential area for research.

References

AlHarthy, K., & Shawkat, W. (2013, Nov. 29 2013-Dec. 1 2013). Implement network security control solutions in BYOD environment. Paper presented at the Control System, Computing and
Engineering (ICCSCE), 2013 IEEE International Conference on.

Yong, W., Jinpeng, W., & Vangury, K. (2014, 10-13 Jan. 2014). Bring your own device security issues and challenges. Paper presented at the Consumer Communications and Networking Conference (CCNC), 2014 IEEE 11th.

Social collaboration via social tools – Social media to solve business problems

The following article will describe potential areas for research within the field of social networks and social collaboration in the enterprise scenario. The works from Smith, Hansen & Gleave (2009) in their paper “Analyzing Enterprise Social Media Networks” will be used as a research case that shows how social networks and Internet systems can be used as a strategic source for information in the company.

The phenomenon of social networking has moved into the workplace. According to a report from Next Vision IT Security is currently estimated that more than 300,000 companies worldwide use social networks for business purposes or as a tool for internal communication.  Enterprise social networks are poised to revolutionize how people interact in the workplace. Therefore, there is a pressing need to understand how people are using these social networks. (Jin, Hongyu & Friedman, 2013)

According to Smith, Hansen & Gleave (2009) “Social media tools provide a wealth of data that can be transformed into insights about the structure and dynamics of an enterprise or organization… Managers and analysts can use these metrics to better understand organizational dynamics, allowing them to better measure the effects of interventions and events.”

Smith, Hansen & Gleave (2009) supported the relevance of their research in that social network structures are created when people connect to one another through a range of ties. Therefore extracting, processing, and analyzing these networks can reveal important patterns in the structure and dynamics of the institutions.

In general terms, Smith, Hansen & Gleave (2009) approached their experiments by implementing various pieces of software known as social sensors, clickstream captures, feed subscription analysis and data mining. These computational mechanisms were able to collect, from the Internet, various aspects of people activities in the enterprise. Once the information was captured, a mathematical analysis was applied in the form of graph, behavior and content semantics. In their conclusion, the authors were able to determine the effect of social networking in the enterprise setting over revenues and project performance.

A similar study was performed by Ta-Shun, Hsin-Yu, Ling-Ching (2010). They observed a high-tech firm in Taiwan and demonstrated that the social network attributes of the firm itself can be examined to determine the relationships with the firm's profit and research and development capability.

In conclusion Smith, Hansen & Gleave (2009) built a formal model to relate the social interactions of the members of a company with the company’s metrics on performance. Regarding future challenges in the area, opportunities were found to develop the capacity of integrating teleconference (video and voice) and voice data into the network analysis. This area could provide an opportunity for the development of new algorithms for real time data extraction from streaming technologies. In addition, by Ta-Shun, Hsin-Yu, Ling-Ching (2010) recommendation, a future research agenda in the subject should include quantitative analysis of other high-tech industries.  Finally, as stated by Smith, Hansen & Gleave (2009), network visualization, especially visualizing it in large-scale and evolutionary manner, is also a challenge.

References

Jin, C., Hongyu, G., Li, L. E., & Friedman, B. (2013, 14-19 April 2013). Enterprise social network analysis and modeling: A tale of two graphs. Paper presented at the INFOCOM, 2013 Proceedings IEEE.

Next Vision IT Security (n.d). Use of Social Networks in the Enteprise Setting. Retrieved at http://www.nextvision.com/img/pdf/informe-redessociales.pdf

Smith, M., Hansen, D. L., & Gleave, E. (2009, 29-31 Aug. 2009). Analyzing Enterprise Social Media Networks. Paper presented at the Computational Science and Engineering, 2009. CSE '09. International Conference on.

Ta-Shun, C., Hsin-Yu, S., & Ling-Ching, Y. (2010, 18-22 July 2010). Social network analysis of directors and supervisors in Taiwan semiconductor industry. Paper presented at the Technology Management for Global Economic Growth (PICMET), 2010 Proceedings of PICMET '10:.