Posted by llew
The most obvious benefit of BYOD is that organisations do not have to purchase a significant number of costly devices for employees. Breakages and wastage are also likely to be reduced as people tend to take better care of their own stuff and any repair costs are likely to be the employee’s problem anyway. There are a number other benefits that BYOD assists with:
- Familiarity of Technology – People are likely to be familiar with working with their own devices. Getting used to working with a different device can add a sense of frustration. BYOD takes this issue away. Similarly, working on a device that the user is familiar with, should also increase their productivity, as the learning curve of a new device is removed.
- Flexibility – Employees will not have to carry 2 different devices when travelling. Having one device will mean that employee will have access to all applications and data they need to fulfil their job requirements.
There are also a number of disadvantages that needs to be considered that are likely to have a negative impact on the digital forensic readiness of the organisation.
These disadvantages are also likely to have a negative cost impact for the organisation:
- Security – With BYOD, employees are likely to have a wide disparity of devices. Each device is likely to have very specific differences in how to best secure access to data for that device. Each device will need to adhere to a policy that ensures that the device nor the data cannot be comprised. For example, each device should have anti-virus/malware and firewall applications installed as well as a secure mechanism for logging on to the device which prevents unauthorised third-party access to sensitive data. Further to this, a mechanism that keeps the device’s operating system and applications up to date will need to be implemented.
- Access to Data – In the employee’s employment agreement, provision should be made for the specific device that the employee will be using and which grants the employer explicit rights to access data on that device. There may be legal and human rights issues which prohibit access to personal data that will need to be taken cognizance of.
- Logging – A centralised logging mechanism will need to be implemented that allows various BYOD devices to remotely log activities within the organisation’s network and corporate software applications. The details of exactly what to log and how to protect these logs need to ensure that no human rights are violated in the process.
In summary, while BYOD might significantly reduce costs and increase employee productivity, the forensics readiness issues listed above will need be addressed before BYOD is implemented by the organisation.