Bring Your Own Device (BYOD) Meaning
BYOD stands for bring your own device, and the most commonly accepted BYOD meaning is when employees use their own personal devices to connect to the organization's network and access what they need to do their jobs. This includes data and information that could be potentially sensitive or confidential.
The devices used for BYOD could include smartphones, tablets, personal computers, laptops, or USB drives. This offers employees more freedom to use the devices that make them better able to perform day-to-day tasks, which, in the long run, saves employers money. However, BYOD has to be carefully managed with a focus on maintaining security and productivity.
How Does BYOD Work?
Bring your own device (BYOD) represents an opportunity for employees to boost their productivity, and when executed using the appropriate safety protocols, a bring-your-own-device policy provides a combination of flexibility and security.
Here is how BYOD works.
Establishing a BYOD Security System
In the context of the above BYOD meaning, as is the case with all networking, the first step is to ensure that whenever a user connects to your system, regardless of the device they are using, they do so in a secure manner. Therefore, you need to:
- Use strong passwords and data encryption for every device that connects
- Determine the kinds of sensitive data—if any—that can be stored on local devices instead of the user’s device
- Decide which mobile BYOD security tools or data management software to install on each BYOD device
- Choose the appropriate time-based lockout features so users are unable to engage in long sessions that provide a way for a hacker who grabs their device to interface with your network
- Decide how your organization can wipe sensitive information off the user’s device, if needed
Which Kinds and How Many Devices Can Users Introduce to Your Network?
To adequately safeguard your digital assets, figure out which devices to allow to connect. This can prevent a range of less secure devices from accessing your network, such as those with older operating systems with outdated security features the manufacturer no longer supports. The number of devices you allow to access your network is also important because the more that connect, the larger your attack surface.
Here are some questions that could guide your thinking around this decision:
- Is my organization positioned to allow access to legacy devices that are no longer supported by the manufacturer?
- If a device uses an older operating system, do we have measures in place to prevent it from being exploited?
- Should we allow every user to bring multiple devices? Would a limit hamper productivity to the point of making the policy ineffective?
- Are we able to secure a range of mobile phones and tablets—or are our current security protections limited to desktops and laptops? If so, should we upgrade our suite of tools?
Importance of BYOD Security
There are several pros and cons of BYOD, and one of the most significant drawbacks is the number of new vulnerabilities it can introduce to your network. BYOD comes with unique data safety challenges. A foundational issue driving the need for BYOD security is you cannot control who has physical access to each device.
For example, when a device is kept inside the office, only those with a physical key, digital key card, and, in some cases, biometric authentication credentials can get their hands on it. But when it is at someone’s home, it may be relatively easy for a hacker to hire a thief to break in and take your employee’s laptop. The hacker can then bring it home and attack it in their personal lab, using a number of online and offline methods.
Also, it is harder to limit the number of viruses and other malware BYOD devices get exposed to because they spend so much time outside your internal firewall protections. This means the number and variety of malicious software floating around each device can be significantly greater than that of an in-house device.
What Are the Pros and Cons of Having a BYOD Policy?
- Faster technology: With a BYOD policy, an organization benefits from the faster adoption of new technologies, as well as devices that provide faster performance and more computing power. Keeping up with changing technology can be expensive and time-consuming for an IT manager, but if employees bring their own technology, there is no need to constantly update the company’s technology portfolio.
- Less time to train employees: When an employee brings their own device, they typically already know how to use it. Often, transitioning from one operating system to another comes with a learning curve that can increase the amount of time it takes for a new employee to get up to speed. In this way, a BYOD policy can enhance productivity.
- Lower up-front costs during onboarding: If an organization has to purchase a new device, new virus- and malware-protection software, and train new employees regarding how to use the device, the costs can quickly pile up. With BYOD, these costs can be a fraction of what they would be otherwise. With each new employee, an IT team frequently has to provide new security protocols to make interaction with the network secure. Employees often have more than adequate security in place on their own devices, and with a BYOD policy, they can be asked to purchase a security solution before accessing the network.
- Employer saves more money: Constantly purchasing new technology to make sure employees have effective devices can represent a significant cost on a company’s balance sheet. With a BYOD policy, much of the cost was already absorbed by the employee when they purchased the device. In addition, when employees bring their own devices, they are also responsible for upgrading as needed. Not only does this shift the cost away from the company but it also compels the employee to treat their device with more care. When employees take ownership of the maintenance of their device, the company has one less thing to pay for, freeing up crucial overhead.
- Increased complexity for security protocols: Because each device comes with its own vulnerabilities, including those it may introduce to the organization’s network, you may need to create a more complex arrangement of protocols to make sure each device is safe and does not pose a threat to the network.
- Increased security risk: Each type of device and operating system will require its own security measures so that all endpoints are safe from threats. A device policy that allows employees to bring their own technology may expose the organization to more risk unless each one is properly protected.
- Device as a distraction: Most people have apps on their personal devices that can present significant distractions. Messaging apps, games, and social media apps, for example, can easily grab an employee’s attention when it should be focused on the task at hand. The problem is exacerbated by the specialized app presets that already exist on an employee’s device. These make it easier to log in to social media networks and other cloud-based apps. Because their browser settings and cookies are tailored to their own personal use, when employees are online, they can come across distracting pop-ups and ads customized to grab their attention.
- Limited privacy: With a BYOD policy, both employees and the organization may face privacy issues. For an employee, their personal device, including all its information, data, and passwords, becomes exposed to the companywide network. For an organization, information, data, marketing collateral, and even trade secrets may all have to pass through the personal devices of individual employees, who may not be as discreet as they should be. In addition, each device an employee introduces to the network opens a potential door for malware that could be used to steal sensitive company files.
How to Support a Successful Bring Your Own Device (BYOD) Policy?
With so many Internet-of-Things (IoT) devices accessing cloud networks, it is more important than ever to have adequate visibility into the devices attached to your network. Every time a device interfaces with your cloud network, it opens the possibility for data to be taken or mismanaged.
An employee may also accidentally allow a hacker to get into the network because their device is not secure enough. It is an easy mistake to make. The device may feel secure on a day-to-day basis and even show zero signs of being infected with malware. However, that does not mean it should automatically qualify to access your network.
This is particularly true if your organization is well-known for its BYOD policy. People with ill intentions may target your organization, knowing that if they can access the device of an employee, they could gain a back door into your network. Without properly screening each device, you are potentially giving a hacker easy access to sensitive content and important cloud infrastructure.
With a BYOD policy, it can be a challenge to control or monitor who is connecting, what they are connecting with, and the risks each device poses to your network. It is crucial that you carefully screen all access to the network.
How Fortinet Can Help
FortiNAC helps you manage BYOD by allowing you to see which devices are connected to the network, so you can evaluate the risk each one poses. With this knowledge, you can figure out how to best protect your network. FortiNAC also allows you to set up automated responses to save you time and energy as you try to manage a BYOD policy.
FortiNAC can be deployed as a standalone measure or as part of the Fortinet Security Fabric. If the rest of your security solution is adequate, as a standalone service, FortiNAC still gives you powerful tools that make a BYOD system safer.
What is a BYOD example?
The devices used for BYOD could include smartphones, tablets, personal computers, laptops, or USB drives.
What are the challenges with a BYOD policy?
It can be a challenge to control or monitor who is connecting, what they are connecting with, and the risks each device poses to your network.