Sector-wise Investigation of Bring Your Own Device (BYOD) Security Policies in Pakistan

Abstract

With the advancement in technology and pervasiveness of computing devices, new practices have been adopted by various organizations to optimize their infrastructure and to efficiently utilize the available resources and increase productivity while consuming lesser resources. One such effort was the introduction of Bring Your Own Device (BYOD) con cept, to let the employees bring their personal devices to the workplace for the tasks assigned to them. Prior to the introduction of Bring Your Own Device (BYOD), companies used to provide their own resources to the employees, and those resources were managed centrally by the organizations. However, as soon as the organizations shifted to the BYOD approach, they lost control over those resources, and were unable to employ their best security practices to the devices that are not owned by them. Therefore, the BYOD approach has left us with numerous security concerns. For instance, suppose that an employee is not in the premises of the organization and he tries to share a critical file with his colleague via an insecure free Wi-Fi available in a coffee shop. Doing this will provide a golden opportunity to a hacker to break into the employee’s personal device and hence steal the critical data. The goal of this thesis is to investigate BYOD in four sectors, namely, Information Technology (because almost 75% of the cyber security attacks are targeted towards the IT industry), Banks (because they provide monetary benefits to the intruder if he successfully manages to break into their systems), Military (because their data is highly critical and is enough to destroy a whole country if it is misused by an enemy), and Hospitals (because the patients’ information is very sensitive and can prove to be fatal for a patient if is illegally modified). More specifically, the following aspects will be investigated for each sector: • What was the organization’s experience as they shifted from the traditional desk top based approach to the BYOD approach • What security issues they encountered with the BYOD approach and how did they tackle them • What differences between the two approaches are responsible for these security issues • Which security issues still remain unattended The findings from this study will help assess the current state of BYOD policies and their implementation in various sectors of Pakistan, along with the similarities and dif ferences in BYOD policies between the different sectors in Pakistan. This information will be used to propose a BYOD security framework and to give recommendations to the four selected sectors with which we can ensure best possible security even while complying with the BYOD approach.