Why Bring Your Own Device (BYOD) Can Be A Security Risk To Your IT Infrastructure

If there is one workplace trends that dramatically change how an employee performs his or her role that would be BYOD. BYOD stands for bring your own device wherein workers are allowed to bring their own smartphone, laptop or tablet in the workplace to use after connecting it to the firm’s network.

Based on a 2012 survey conducted by Cisco, about 600 firms with over 1,000 employees allow the staff of bringing their own devices. It was found out that 95% of all IT departments are actually employing this concept, and it is not necessarily a secret why these firms are doing such. Each firm saves up to $300,000 yearly per 500 employees by allowing them to carry with them their own devices. The bigger the company the higher the operational cost savings.

The question now is: is BYOD so beneficial that it can outweigh the firm’s security risks?

Let us all remember that BYOD is not 100% about benefits; with BYOD comes greater risks. If these risks (not just security risks though most are related to such) are not addressed during the implementation, this can lead to more organizational and operational issues than what BYOD essentially solves.

There are at least three issues that these firms have to look at-

First, it would be very difficult for any IT department to regulate the wide range of devices brought in the workplace. Definitely, the employees will present multitudes of devices with different operating systems and with different versions.​

Many a reasons why this setup can only lead to systems fragmentation when there are devices, systems and platforms that are agnostic when possible security threats are tackled. For one, implementing management centralization will be harder.

Second, there will be lack of customer data encryption. For the IT department, protecting customer data will be more challenging since this data are only encrypted on authorized devices most of the time based on the survey conducted by ESET, a firm that basically deals with Internet security.​

The problem with brought devices is that they are owned by the employees and that while they contain company data, these devices cannot be configured based on the preferences of the firm.

Third, the devices are not ‘firewalled.’ Even when the employees use the devices inside or outside the workplace, they still contain confidential data that once a device is subverted other person or entity may gain access to the data contents. The worst part is, he, she, they or it may gain access not only to the data, but also to the entire firm’s network.

Evidently, there are many benefits to BYOD. However, unless these real security issues are addressed, BYOD will remain to be a contemptuous implementation.