A Policy-Based Framework for Preserving Confidentiality in BYOD Environments: A Review of Information Security Perspectives

Chalee Vorakulpipat,Soontorn Sirapaisan,Ekkachan Rattanalerdnusorn,Visut Savangsuk

doi:10.1155/2017/2057260

Chalee Vorakulpipat, Soontorn Sirapaisan + Show 2 more

Open Access

https://doi.org/10.1155/2017/2057260

Copy DOI

Abstract

Today, many organizations allow their employees to bring their own smartphones or tablets to work and to access the corporate network, which is known as a bring your own device (BYOD). However, many such companies overlook potential security risks concerning privacy and confidentiality. This paper provides a review of existing literature concerning the preservation of privacy and confidentiality, with a focus on recent trends in the use of BYOD. This review spans a large spectrum of information security research, ranging from management (risk and policy) to technical aspects of privacy and confidentiality in BYOD. Furthermore, this study proposes a policy-based framework for preserving data confidentiality in BYOD. This framework considers a number of aspects of information security and corresponding techniques, such as policy, location privacy, centralized control, cryptography, and operating system level security, which have been omitted in previous studies. The main contribution is to investigate recent trends concerning the preservation of confidentiality in BYOD from the perspective of information security and to analyze the critical and comprehensive factors needed to strengthen data privacy in BYOD. Finally, this paper provides a foundation for developing the concept of preserving confidentiality in BYOD and describes the key technical and organizational challenges faced by BYOD-friendly organizations.

Highlights

Bring your own device (BYOD) policies that include smartphones and tablets have played an important role in technological enhancements over the past decade
In order to comply with the bring your own device (BYOD) policy and satisfy the requirements explained above, an implementation of the framework is achieved through a centralized mobile device management platform, which has the necessary features and can manage devices remotely and straightforwardly
A policy-based framework for a BYOD environment should consider the key concepts of information security and privacy

Summary

Introduction

Bring your own device (BYOD) policies that include smartphones and tablets have played an important role in technological enhancements over the past decade. Many organizations employ a BYOD policy and allow their employees to freely use BYOD Some companies view this as an opportunity to implement new technology without investing their own resources on devices [1]. If an employee loses his/her smartphone which may contain confidential organizational data such as email and trade secrets, there is potential of that data leaking in an unauthorized fashion to the public. This can be detrimental to the organization’s reputation and profitability [2]. The final section provides a conclusion and suggestions for further study

Related Research

Proposed Framework

Framework Analysis

Conclusions