Effectiveness of security controls in BYOD environments

Abstract

Mobile computing introduced completely new security risks and increased the potential of the old ones. Remote access as an enabler of mobile computing opened the organisations’ systems to various attacks from the Internet, both technical and social ones. Regular access to the Internet outside corporate systems exposed mobile devices to malicious code and hackers which improved the attack success rate. As a response, security experts have been developing technical and non-technical mechanisms for protection of information. They have been trying to identify the most effective approach and combination of security controls that can deliver maximum security without impairing the business processes.

These efforts increased with the introduction of Bring Your Own Device (BYOD) concept. BYOD reduces IT costs and provides more flexible work experience. So far, many organisations decided to allow userowned devices on the system and the trend is still growing. From information security perspective, BYOD comes with risks common for mobile computing, but it also introduces new technical and legal ones. Technical solution providers have been trying to develop security systems that can help organisation in adopting the BYOD concept, and security experts have been trying to design a complete security strategy that can meet the challenges of BYOD. The focus of these efforts is information security.