Gaurav Priyadarshi, CISA, BS 25999 LI, ISO 27001 LA, ITIL V3
The IT infrastructure that was created at the beginning of the IT era remains a constant framework for the future. Just as everything in life evolves, the IT environment and its landscape transform. Today, IT must continue to grow.
The bring your own device (BYOD) trend of enabling and empowering employees to bring their own devices (e.g., laptop, smartphones, tablets) has expanded to bring your own technology (BYOT) including office applications (e.g., word processing), authorized software (e.g., data analytics tools), operating systems, and other proprietary or open-source IT tools (e.g., software development kits, public cloud, communication aids) to the workplace. This coupling has been coined as bring your own device and technology (BYODT). As BYODT becomes increasingly acceptable and popular, it is likely to be one of the biggest challenges for information security governance.
This article describes some of the pros and cons of BYODT and outlines the various security governance steps to be taken by enterprises that are considering adopting a BYODT approach.
Implementing BYODT can result in numerous benefits including:
As with all other evolutionary approaches, BYODT comes with its own set of concerns and objections:
This discussion of pros and cons is displayed through the schematic diagram in figure 1.
Clearly, the ongoing trend and the benefits realized from BYODT suggest that the concerns should be considered as challenges and companies should address BYODT implementation by leveraging these challenges.
The following approach can assist in the successful implementation of a BYODT program that mitigates security challenges:
BYODT provides numerous benefits to the business, the key ones being reducing the IT budget and the IT department’s workload, faster adaptation to newer technology, and making employees happier by giving them flexibility to use and customize their devices to enhance efficiency at work. Of course, various challenges come along with BYODT: increased security measures, more stringent controls for privacy and data protection, and other regulatory compliance.
These challenges provide a fundamentally new opportunity for innovation, redefining the governance structure and adoption of underlying technology. Clearly, the way forward for organizations is to mitigate the challenges of BYODT, align it with their future IT strategy and put it on the IT road map so that they can move ahead in the evolutionary cycle and thereby bring benefits and flexibility to one of their most important stakeholders—their employees.
1 Forrester, Key Strategies to Capture and Measure the Value of Consumerization of IT, May 2012, www.trendmicro.com/ cloud-content/us/pdfs/business/white-papers/wp_forrester_ measure-value-of-consumerization.pdf 2 Ibid.
Gaurav Priyadarshi, CISA, BS 25999 LI, ISO 27001 LA, ITIL V3, is a senior security consultant at TATA Consultancy Services, a leading IT service company with worldwide experience in the information security domain. Priyadarshi is a technology evangelist and a follower of trending security concepts. He can be reached at firstname.lastname@example.org.
Enjoying this article? To read the most current ISACA Journal articles, become a member or subscribe to the Journal.
The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.
Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.
© 2013 ISACA. All rights reserved.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.