BYOD Security in the Internet of Things: Risks, Challenges, Solutions

Verified

Added on 2023/06/11

AI Summary

This report explores the security implications of Bring Your Own Device (BYOD) policies within the context of the Internet of Things (IoT). It begins by outlining the evolution of computing and the rise of BYOD, highlighting the benefits such as increased employee productivity and cost savings for organizations. However, it also emphasizes the significant security challenges, including data leakage, malware threats, and the risk of device theft or loss. The report analyzes existing research and surveys to demonstrate the growing prevalence of BYOD and the corresponding security concerns. It further discusses the limitations of Mobile Device Management (MDM) applications in fully addressing BYOD-related risks. The report concludes by underscoring the need for robust security strategies and policies to mitigate these risks and ensure the safe and effective implementation of BYOD in IoT environments. Desklib provides similar solved assignments and past papers for students.

Running head: BYOD SECURITY IN INTERNET OF THINGS
1
BYOD SECURITY IN INTERNET OF THINGS
Name
Institution Affiliation

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

BYOD SECURITY IN INTERNET OF THINGS
2
BYOD Security in the Internet of Things
Abstract
In the past years, technology has been evolving at a very first rate and this comes with so
many advantages as well as disadvantages. This high rate of change caused by technology has
presented so many security challenges in the information sector recently. Recent technology
trends such as the Internet of Things (IoT) and Bring Your Own Device (BYOD) are having a
large impact on how business is operated in so many countries all over the world. As much as the
adoption of BYOD and IoT simplifies the operations of business and other organization, these
trends come with other security complications that put the organizations at risk is called Bring
Your Own Devices (BYOD) is the policy of permitting employees to work with their own
personal mobile devices within an organization and even in the external environment. This
research on the BYOD security on the internet of things is very important as it will outline the
potential risks and challenges that organizations are exposed to by this technology trend. The
research will outline important recommendations on how to deal with these challenges so as to
alleviate the situation. The business sector is the major sector that can benefit from this research
and enable more effective and efficient operations without facing the risks that accompany this
technology. The research will also serve as a reference for further research on the topic in future
as this technology is growing continuously and it requires continuous monitoring.
Key Words
BYOD, IoT, distributed denial of services, data leakage, malware

BYOD SECURITY IN INTERNET OF THINGS
3
Introduction
Since the birth of computing in the I960S, it has undergone several notable transitions to
the current modern computing. Even the types of computers have moved from mainframe
computers to minicomputers and now they have evolved into the personal computers (PC) which
are server-driven in nature. The information technology (IT) was ushered into the internet
computing by the personal computers. Due to the proliferation of cloud-based mobile devices
and applications, the internet computing has been superseded by mobile computing. BYOD
roughly began around 2003 but it took some time for it to become common and its popularity
rose significantly in 2013 (Leavitt, 2013). There is growing pressure from the populace in many
countries for business to allow their staff to bring their personal gadgets such as smartphones and
tablets to the workplace and this puts business with no option but to ensure they put the BYOD
policy in space (Millard, 2013). BYOD is a policy in information technology sector and this
policy allows employees to access sensitive corporate data at work using their personal
computing devices (Li, Peng, Huang, & Zou, 2013). Mobile devices including tablets and
smartphones conglomerate voice and data services and portability to open up an extensive range
of possible mobile applications, "anytime and anywhere" (Disterer & Kleiner, 2013). The BYOD
policy and program give the employee the choice to choose the device to use in performing their
tasks with personal devices such as laptops, tablets and smartphones included (Citrix®, 2013).
The policy does not only allow employees to use personal gadgets to attain data within the work
environment but also even when they are not at work.
BYOD is not just an issue in our country but it is a global phenomenon according to a
2012 survey done by Cisco (Cisco, 2012). A survey research was done by Cisco across 8

BYOD SECURITY IN INTERNET OF THINGS
4
countries in 3 different regions in the world namely Europe, Asia and Latin America. The survey
involved enterprises which have an employee range of above 1000 and midsize companies with
an employee range of 500-999. Earlier, a similar survey had been conducted in the United States
of America and involved 18 industries and 600 IT leaders. Therefore this research was an
extension of the United States research. According to Ovum’s survey (2012) that was done in
seventeen nations among the developed economies and emerging economies in the world, 75%
of employees in with emerging economies use their personal devices at work while in developed
countries 44% of employees use their individual devices at work. The developed economies of
nations in the survey included United States, United Kingdom, Japan, Italy and Sweden while
those with emerging economies included Russia, India, Brazil, Singapore and Malaysia. It is
predicted that by the end of 2018 most of the employees, roughly 70%, will be using personal
smart computing devices to conduct their work (Gartner, 2014). Therefore according to these
surveys and reports, we realize that the prevalence of BYOD is increasing rapidly in both
emerging and developed countries.
Researchers’ Contributions on BYOD Security in IoT
Most of research and studies and research on BYOD began around 2011 although the BYOD
started to emerge in 2013 (Björn, 2012). There several white papers published by now that
describe the BYOD situation and the security concerns and some of them have gone further to
suggest recommended non-technical solutions the risks presented by BYOD. These suggested
non-technical solutions include the policy to regulate the prevalence BYOD. A white paper
presented by EY (2013) identifies the BYOD risk landscapes and categorizes it into 3 groups
namely addressing application risks, mobile devices, and management of the mobile
environment. This white paper presented policy-based (non-technical) resolutions to the risks

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

BYOD SECURITY IN INTERNET OF THINGS
5
and resolved by offering 8 steps to protect and develop BYOD policy. A commentary based on
evidence is provided in a research report by Deloitte (2013) on the state of BYOD policy in the
United Kingdom. This survey tries to clarify the misunderstanding and provides matter-of-fact
intelligence that incorporates perspectives from a wide range of fields such as talent, tax, and risk
management and information technology. Johnson (2012) also carried out another research to
address and understand the risks associated with BYOD and this research involved more 500
Information Technology experts. This non-scientific survey had the main intent to determine the
level of policies and controls and the mobile device usage allowed in BYOD. Edwards (2013),
Leavitt (2013), Miller et al. (2012), Potts (2012), Thielens (2013), Morrow (2012), Thomson
(2012), Mansfield-Devine (2012),and Tokuyoshi(2013) all presented their expert perspective on
BYOD Security in Internet of Things. According to the literature available on this topic, we
realize that BYOD Security in the Internet of Things is a very major concern among researchers
in the information technology sector.
Material and Methods
This research is mainly going to rely on secondary information from published surveys,
reports and work on BYOD by academic researchers. In this research, we collected information
and data from peer-reviewed academic research publications, survey/white paper publications,
and periodicals done by experts in information security. This involved using online databases to
access a large pool of relevant information on BYOD security in the internet of things in the
information and communication publications. The statistical data obtained in these reports and
surveys were presented in different formats such as tables and graphs to facilitate efficient
analysis of the data to extract valuable information from them. The research then emphasized on

BYOD SECURITY IN INTERNET OF THINGS
6
a comprehensive and thorough analysis of the results obtained in the surveys and reports to come
up with solid and evidence-based conclusions.
Results
Figure 1. Level of BYOD development in both developed economies and emerging economies
(Ovum, 2012)
Figure 2. BYOD challenges with security concerns at the top (Forrester, 2012)

BYOD SECURITY IN INTERNET OF THINGS
7
Figure 3. Percentage of the article obtained from different domains of literature
Figure 4. Security as the top-most challenge for all categories of publications

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

BYOD SECURITY IN INTERNET OF THINGS
8
Discussion
Benefits and Challenges of BYOD
We have seen that BYOD is a new trend in information technology that comes with both
benefits and challenges to businesses and other organizations. Employees tend to be more
productive and mobile when they are provided with the flexibility to choose their best devices to
use in performing their designated duties. This flexibility does not only benefit the employee
only but also the business organization. Cost savings, blurring the work-leisure divide and
having the access to employees at any place and time are some of the benefits that a business can
enjoy from BYOD policy. The cost benefits come in since the BYOD policy allows staffs to use
their individual smart mobile computing gadgets at work, therefore, the business does not
necessarily need to provide the devices from the budget of the organization (Mahesh & Hooter,
2013). Some of the valuable benefits of BYOD are identified by Deloitte (2013) and AirWatch
(2012). The benefits identified by the two include simplified information technology
infrastructure, maximized employee contentment, cost saving and management flexibility. The
major benefit of BYOD to employees is that it provides a very high level of convenience to the

BYOD SECURITY IN INTERNET OF THINGS
9
employee. Several publications have given a lot of insight on benefits of BYOD and these
publications include Morrow (2012), Hurlburt, Voas, and Miller, (2012), Kerrayala (2012),
Hayes (2012), EY (2013), Edwards (2013), Disterer and Kleiner (2013), Deloitte (2013) and
Citrix® (2012, 2013). In order for the organization and employees to both enjoy the merits that
come with BYOD, they must also consider the challenges coming along with BYOD policy.
Although companies are primarily fretful with upholding security, employees are
concerned about the privacy they anticipate concerning the individual data on their mobile
computing gadgets as well as maintaining the expediency they want to work from their personal
devices (AirWatch, 2012). In BYOD policy corporate information is sent to gadgets which are
not controlled and coordinated by Information Technology department and this is a very big
challenge to businesses. This may raise concerns about security consequence for data theft,
regulatory compliance and data leakage (Morrow, 2012). Security is the main challenge of
BYOD policy and the real challenge comes in due to controlling the access to corporate data
from these devices and not about the devices themselves. The security challenges that come
along with BYOD are a very serious concern among security officers and captains of enterprises.
Academic researchers have also shown interest in understanding the challenges of BYOD so as
to come up with the most appropriate recommendations to alleviate the situation. The biggest
risk associated with this policy according to Shawkat and Alharthy (2013) is theft or loss of
mobile devices as this may expose very vital corporate data to unknown people. A scalable and
secure BYOD strategy has to be put in place to help manage the risks that come due to loss of
personal devices of the employees or if the employee terminates their contract with the company
(Thielens, 2013). A Forrester (2012) survey whose results are shown in the second figure in the
results involved around 202 respondents with an understanding of the effect of the BYOD

BYOD SECURITY IN INTERNET OF THINGS
10
package on their organization or business exposed that security worries are amongst the topmost
challenges to realizing BYOD programs.
BYOD and Mobile Devices Management (MDM) Applications
Mobile devices Management (MDM) are established in a way that some of the mobile
devices related to challenges that are not necessarily associated with BYOD challenges. These
mobile device challenges include inventory management, software distribution and policy
management. Mobile Devices Management functionality is comparable to PC configuration life-
cycle management (PCCLM) although MDM suites include other mobile-specific requirements.
MTI Technology (2014) provides more insight on the operation mechanisms of MDN outlining
how MDN works. However, the challenges associated with BYOD cannot be exclusively be
addressed by mobile devices management. This is because MDM cannot stop a hacker from
accessing the corporate data through the employee’s devices and also it cannot prevent theft or
loss of the employee’s device thus exposing data to unauthorized individuals. According to
Gartner (2014) prediction, twenty percent of the original BYOD policy will go pear-shaped due
to set out of extremely obstructive MDM measures.
Possible Threats of BYOD
Trustwave is a security vendor and it carried out a survey that discovered that 99% of
susceptibilities mutual in desktop computers are found in mobile gadgets irrespective of the
operating system (Leavitt, 2013). The extremely challenging security threats to the BYOD
policy include distributed denial of service (DDoS), malware, and data leakage (Morrow, 2012).
Malware
Malware is a phrase used to denote malevolent applications that can upset corporate
applications and mobile devices. Mobile applications with embedded code within them that
compromise the security of the related data or the mobile device are an example of malware. An

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

BYOD SECURITY IN INTERNET OF THINGS
11
attacker can impersonate the identities of a corporate or private corporate information can be lost
when a company is faced with a malware attack. Malware can attack both the personal devices of
the employee as well as the corporate applications and this makes both of them non-functional.
Malicious applications always resemble the regular corporate applications but they have been
embedded with the malicious code. When a user visits a compromised site in the internet of
things they can easily encounter the malicious application the can attack the device and the
corporate applications. MTI Technology (2014) explains in details the effects of malware on
BYOD.
Distributed Denial of Service (DDoS)
A DDoS outbreak is an organized violence on the obtainability of services of a certain
targeted network or system which is launched indirectly via several cooperated computing
systems. A DDoS attack can prevent consistent workers from operating equipment from their
personal devices or computer networks. The negative impact of a DDoS attack is mostly felt on
the business servers and this will prevent regular users from accessing the systems of the
organization.
Data Leakage
BYOD allows employees to access corporate data regardless of the time and their
geographic location and this result in data leakage. Since the corporate records are stored and
retrieved by employee’s personal gadgets, the business organization has minimum or zero
control over corporate information. In the event that an employee loses their personal device then
the corporate data will be accessible to any individual who may possess the device. This can be
very risky to the organization since the device may expose confidential corporate data to
unauthorized individuals who may use the data for malicious aims.

BYOD SECURITY IN INTERNET OF THINGS
12
Table 1. Common Threats of BYOD with Their Causes and Implications for Enterprises
Attack on BYOD Causes of Attack Implications for
organization
Malware
.Trojan apps: Malicious code can be inserted
into the
application by an attacker with the intention of
attacking
devices or enterprise applications
.Social media, email, and SMS links: Links
are embedded in SMS, social media posts, and
emails with the intention of
redirecting users to a website that hosts
malicious files
.Third-party app stores: Some third-party app
stores may host malware that can potentially
harm devices, systems, and networks
Theft of enterprise
information
Enterprise applications
malfunctioning
Both corporate
infrastructure and personal
mobile devices of the
employee are affected by
malware
the malicious intention by an attacker
.Exploitable vulnerabilities in an
enterprise network
Negative impact on the server
Deny the availability of the
system for legitimate
Users
Data leakage
The malicious user of a mobile device
Remote access to the mobile device by an
attacker
Application vulnerabilities
Loss of mobile device
Expose corporate
confidential information in
the public