Content
About this brief
Decent Work and Economic Growth- Industry, Innovation and Infrastructure
- For policymakers
- United Kingdom
- Brief created: 2024
- Sign up
Security and Trust Issues in BYOD Networks
Brief about:
Journal Article (2023)
Written by:
Other researchers:
Investigates the security and trust challenges organizations face in implementing Bring Your Own Device (BYOD) networks and explores existing and emerging solutions to address these issues.
BYOD networks, which allow employees to connect personal devices such as smartphones and tablets to corporate networks, are growing in popularity across various organizational environments due to potential cost savings and productivity gains. However, BYOD introduces significant security vulnerabilities and compliance challenges, as personal devices are often less secure and have varying levels of user-applied security measures. The risks associated with BYOD include exposure to malware, man-in-the-middle attacks, data leaks, and difficulties in enforcing security policies on devices not owned by the organization. To balance the benefits of BYOD with these security risks, organizations need reliable, secure frameworks that can protect corporate data and resources without alienating employees.
Key findings
- Zero-trust frameworks help secure BYOD networks by restricting access to only authenticated devices and users, addressing the lack of perimeter control in traditional security models.Evidence
We detail the use of access control mechanisms, including profiling and captive portals, to verify device and user identities before allowing access to corporate resources, helping reduce unauthorized access to sensitive data.
What it meansA zero-trust approach strengthens the security of BYOD networks by enforcing strict access controls that do not rely on traditional network perimeters.
- Cloud computing can effectively support secure data sharing on BYOD networks by using a private or hybrid cloud model.Evidence
We describe that private clouds allow organizations to control data storage and access while maintaining security through protocols like SSL or TLS, which secure data transfers and reduce the risk of man-in-the-middle attacks.
What it meansBy leveraging private or hybrid clouds, organizations can provide secure access to corporate resources for BYOD users while retaining control over sensitive data.
- Mobile Application Management (MAM) enables organizations to manage corporate applications on personal devices without infringing on employees' personal data.Evidence
MAM provides a containerized environment where corporate applications and data are kept separate from personal applications, allowing IT departments to manage access controls, enforce data policies, and remotely wipe data in case of device loss.
What it meansMAM enhances data security on BYOD devices, preserving employee privacy while allowing corporate oversight and control over critical applications.
- Transient authentication with tokens or wearables can secure BYOD devices against unauthorized access and ''shoulder surfing'' attacks.Evidence
The article highlights the use of tokens, such as smartcards or wearables, that grant or revoke device access based on proximity, automatically logging users in or out as they approach or leave the device.
What it meansTransient authentication enhances security by providing an automatic login/logout function that secures devices against unauthorized physical access in BYOD environments.
Comments
You must log in to ask a question
Are you a researcher looking to make a real-world impact? Join Acume and transform your research into a practical summary.
Already have an account? Log in
Discover more
Security and Trust Issues in BYOD Networks
Cite this brief: Safdar, Ghazanfar Ali. 'Security and Trust Issues in BYOD Networks'. Acume. https://www.acume.org/r/security-and-trust-issues-in-byod-networks/
Brief created by: Dr Ghazanfar Ali Safdar | Year brief made: 2024
Original research:
- Mansour, A., & Safdar, G. A., ‘Security and Trust Issues in BYOD Networks’ 25(4) (pp. 45–51) https://doi.org/10.1109/MITP.2023.3293714. – https://ieeexplore.ieee.org/document/3293714
Research brief:
Investigates the security and trust challenges organizations face in implementing Bring Your Own Device (BYOD) networks and explores existing and emerging solutions to address these issues.
BYOD networks, which allow employees to connect personal devices such as smartphones and tablets to corporate networks, are growing in popularity across various organizational environments due to potential cost savings and productivity gains. However, BYOD introduces significant security vulnerabilities and compliance challenges, as personal devices are often less secure and have varying levels of user-applied security measures. The risks associated with BYOD include exposure to malware, man-in-the-middle attacks, data leaks, and difficulties in enforcing security policies on devices not owned by the organization. To balance the benefits of BYOD with these security risks, organizations need reliable, secure frameworks that can protect corporate data and resources without alienating employees.
Findings:
Zero-trust frameworks help secure BYOD networks by restricting access to only authenticated devices and users, addressing the lack of perimeter control in traditional security models.
We detail the use of access control mechanisms, including profiling and captive portals, to verify device and user identities before allowing access to corporate resources, helping reduce unauthorized access to sensitive data.
A zero-trust approach strengthens the security of BYOD networks by enforcing strict access controls that do not rely on traditional network perimeters.
Cloud computing can effectively support secure data sharing on BYOD networks by using a private or hybrid cloud model.
We describe that private clouds allow organizations to control data storage and access while maintaining security through protocols like SSL or TLS, which secure data transfers and reduce the risk of man-in-the-middle attacks.
By leveraging private or hybrid clouds, organizations can provide secure access to corporate resources for BYOD users while retaining control over sensitive data.
Mobile Application Management (MAM) enables organizations to manage corporate applications on personal devices without infringing on employees’ personal data.
MAM provides a containerized environment where corporate applications and data are kept separate from personal applications, allowing IT departments to manage access controls, enforce data policies, and remotely wipe data in case of device loss.
MAM enhances data security on BYOD devices, preserving employee privacy while allowing corporate oversight and control over critical applications.
Transient authentication with tokens or wearables can secure BYOD devices against unauthorized access and ”shoulder surfing” attacks.
The article highlights the use of tokens, such as smartcards or wearables, that grant or revoke device access based on proximity, automatically logging users in or out as they approach or leave the device.
Transient authentication enhances security by providing an automatic login/logout function that secures devices against unauthorized physical access in BYOD environments.