Mobile Computing and Corporate Data Protection: Bring Your Own Device Security Issues and Challenges

The following paper describes the strategic importance of information technology in the context of corporate data protection, mobile computing security, heterogeneous data storage and isolation. For the purpose of this document we will discuss the works of Yong, Jinpeng & Vangury in their paper “Bring Your Own Device Security Issues and Challenges”.

Enterprise collaboration and the exchange of corporate information had increased thanks to the proliferation of mobile computing technologies and the massive adoption of mobile devices. The concept of Bring Your Own Device (BYOD) appears to be magnificent because it allows corporate users to share, query and use data anytime, anywhere and from the same devices used for their personal activities. However, it also implies a challenge in terms of network access and data protection. How to share and store information in a BYOD environment safely and at the same time preventing the leakage of sensitive data?

What if the device is lost or stolen? Who can access the data? Why? When? Where? What if an employee leaves the company with his BYOD device and the corporate data? All these issues are the biggest challenges for the security of corporate data in an increasingly mobile and flexible environment. Therefore, “a set of principles that any organization should follow before implementing the BYOD framework must include availability, usability, mobility and security.”(AlHarthy & Shawkat, 2013)

In terms of vulnerabilities, BYOD is very sensitive to confidentiality issues, data isolation and security policies compliance. “A few solutions exist for BYOD security. However, limitations and drawbacks have been found in these solutions.” (Wand, Wei & Vangury, 2014)

The research shows that an ideal BYOD solution must be able to separate corporate space from personal space and protect corporate data and monitor and reject unauthorized and illegal data access. Therefore, a BYOD security framework is proposed based on three operational layers: space isolation, network access control and security policies database.

In general terms, Wand, Wei & Vangury approached their experiments by comparing two techniques: Agent-based BYOD discovery system and Scanning-based BYOD discovery system. An agent-based BYOD discovery system requires a mobile app installed in the BYOD device. This piece of software is responsible for reporting the device status to a centralized network management and monitoring system. The centralized monitoring system enforces password rules and a full set of security policies. On the other hand, under scanning-based BYOD discovery system no application is required and a network scanning tools is responsible for detecting BYOD devices. However, this method is only possible within small network areas, takes extra time to perform the discovery and add considerable traffic to the corporate network.

 In conclusion, a BYOD security framework was evaluated by the authors with the intention to provide guidance for enterprises willing to adopt BYOD. It also has been stated by (Wand, Wei & Vangury, 2014) that an ideal BYOD solution must be able to separate corporate space from personal space. At the same time, it must be able to protect corporate data and monitor and reject unauthorized and illegal data access. Limitations and drawbacks were found on the technologies evaluated. Therefore, further work is required in order to design a framework and developing tools to protect BYOD networks, which at the same time represents a potential area for research.

References

AlHarthy, K., & Shawkat, W. (2013, Nov. 29 2013-Dec. 1 2013). Implement network security control solutions in BYOD environment. Paper presented at the Control System, Computing and
Engineering (ICCSCE), 2013 IEEE International Conference on.

Yong, W., Jinpeng, W., & Vangury, K. (2014, 10-13 Jan. 2014). Bring your own device security issues and challenges. Paper presented at the Consumer Communications and Networking Conference (CCNC), 2014 IEEE 11th.