Mobile Security: A Systems Engineering Framework for Implementing Bring Your Own Device (BYOD) Security Through the Combination of Policy Management and Technology Open Access
Downloadable ContentDownload PDF
With the rapid increase of smartphones and tablets, security concerns have also been on the rise. Traditionally, Information Technology (IT) departments set up devices, apply security, and monitor them. Such approaches do not apply to today’s mobile devices due to a phenomenon called Bring Your Own Device or BYOD. Employees find it desirable to use personal mobile devices for their work and make no distinction between using their carriers’ services versus their organizations’ Wi-Fi. BYOD is an extension of corporate networks and thus it is essential to secure BYODs to protect enterprise networks (Wang & Vangury, 2014).To address the security concerns of BYOD, many vendors have introduced Mobile Device Management (MDM) systems. Such systems by themselves do not and cannot provide comprehensive solutions to BYOD precisely due to the nature of BYOD: the user and not the enterprise owns the device. BYOD necessitates a different paradigm, one in which the device is removed as the primary object of security and one in which the device, the user (employee), and management are all taken into consideration. Further, the approach to security would necessitate technology, policy management, and people integration instead of the traditional technology alone approach.In this dissertation, risks of allowing BYOD balanced by its benefits will be examined. The instrument for addressing BYOD security concerns will be presented as a BYOD Security Framework. The framework has three pillars: People, Policy Management, and Technology. It will be demonstrated that these three pillars are necessary in order to secure BYOD implementations in an enterprise.To validate the framework, an empirical survey was conducted from a pool of 114 industry security practitioners. The resulting dataset was analyzed via nonparametric statistics for ordinal data to determine the association between the level of the BYOD Security Framework elements being de facto implemented in organizations and the frequency of security breaches associated with BYOD in those organizations to identify and confirm key elements of the framework.