Abstract:
the term has become mainstream in 2010. BYOD refers to the phenomenon in
which organizations permit and encourage employees to bring and utilize their
personal devices for work activities. It is not only beneficial for enterprises but
it also increases employee satisfaction. Organizations get benefit of increased
productivity and reduced IT expenditure whereas the employees are able to use
the mobile device which is comfortable and convenient for them.
However, BYOD deployment also brings serious security and privacy concerns.
Critical information of organizations can be leaked if proper measures are not
taken to secure BYOD devices. Moreover, if due to BYOD model, customer’s data
gets lost or compromised then the company’s reputation and trust relationship
might get damaged.
Several frameworks have been introduced in literature which aims at providing
security to corporate data in BYOD environment but none of them provides
comprehensive security. Some of the frameworks utilize Access Control models
which restricts the access of corporate data from enterprise server based on
defined attributes, but do not ensure security of data stored on enterprise device.
Others restrict employees to install only company authorized applications on
their personal device, completely nullifying the purpose of BYOD. Moreover,
most of the frameworks require root privileges and modification of underlying
operating system.
This research focuses on providing comprehensive security to corporate data
in order to support secure IT consumerization. The framework creates encrypted
container on employee’s device. Corporate applications utilize this container for
data storage. Other applications are not authorized to access corporate data.
Moreover, it enforces security policies on device to log attempted violations. The
proposed framework does not require modification to the underlying kernel and
allows the IT administrator to remotely manage and control BYOD devices.
