BYOD security engineering: A framework and its analysis

With the rapid increase of smartphones and tablets, security concerns have also been on the rise. Employees find it desirable to use personal mobile devices for their work and make no distinction between using their carriers' services versus their organizations' Wi-Fi. Bring Your Own Device (BYOD) is an extension of corporate networks and thus it is essential to secure BYODs to protect enterprise networks (Wang and Vangury, 2014).In this paper, risks of allowing BYOD balanced by its benefits will be examined. The paper has three overarching objectives. The first is to address the security concerns of BYOD, which necessitate technology, policy management, and people integration instead of the traditional technology alone approach. The second is to propose a BYOD Security Framework as the solution to BYOD security concerns. The framework has three pillars: People, Policy Management, and Technology. It will be demonstrated that these three pillars are necessary in order to secure BYOD implementations in enterprises. The final objective is to validate the framework. This is done via an empirical survey conducted on a pool of 114 industry security practitioners. The resulting dataset is analyzed to determine the association between the level of the BYOD Security Framework elements being de facto implemented in organizations and the frequency of security breaches associated with BYOD in those organizations to confirm key elements of the framework.