Bring Your Own Device Policy
Many organizations are moving or have moved towards a policy that allows employee-owned devices to be used in the workplace. This policy is commonly referred to as a bring your own device policy (BYOD). There are other terms used to identify this policy as well, such as bring your own phone (BYOP), bring your own technology (BYOT), and more. The devices that are qualified by the BYOD policy for employee use include smart phones, tablets, and laptops.
Bring Your Own Device Policy Advantages
A bring your own device (BYOD) policy seems to be an advantageous situation for both the organization and for its employees. From an organizational standpoint, as Optimus Sourcing points out, fewer company-owned devices need to be purchased and maintained, so you’d think a BYOD policy should result in cost-savings. Also, employees are also less likely to treat their own equipment as if it were a rental car, since they will be absorbing the repair and replacement costs.
The advantages to employees are also compelling. PC World explains that when employees are allowed to use devices that they prefer to use rather than get stuck with something issued by the company, it results in higher employee morale. What the organization ends up with is an atmosphere that is primed for higher productivity. It also eliminates the need for employees to lug multiple devices around. I mean, who really wants to carry around both a personal smart phone and a work smart phone?
Bring Your Own Device Policy Disadvantages
Yes, the organization can reap some benefits when instituting a BYOD policy. However, there are some potential issues that need to be addressed. For example, I highly doubt that all of the employee-owned smart phones are going to be of the same make and model. Obviously, that’s going to throw some challenges at your IT department. Also, security becomes a huge issue. To reduce the security risk, an organization needs to have a clearly defined BYOD policy.
So, employees can use their personal devices for work. The bad news is, the organization isn’t picking up the tab. Also, what about the personal information that you have on a device that you use for work? Your device has work-related information on it and is subject to a BYOD policy. In other words, the organization you work for is going to implement a mobile device management (MDM) solution. A MDM is all about protecting data, so if your device is lost or stolen, the IT department can deploy security measures to lock the device or remotely wipe the data. Again, that’s on your personal smart phone that you pay for.
BYOD Computer Forensics Implications
A BYOD policy increases the difficulty for a computer forensics examiner. When an incident occurs and an investigation is warranted, evidence collection includes more than the typical hardware. As Inside Counsel points out, it will likely now include [potentially] thousands of different types of smart phones and tablets as well. Just think about the tools that are required for that investigation. And, it doesn’t end there. Cloud storage is another area that will need to be analyzed, which will likely encompass a variety of data formats. Clearly, computer forensics examiners can really have their work cut out for them in an organization with a BYOD policy.