The ‘Bring Your Own Device (BOYD)’ policy is a term that people use when describing the trend of permitting employees to bring their personally owned devices to the workplace and use those devices to access privileged information on the companies’ networks and servers. This policy helps companies to realize immense savings in terms of acquisition of new equipment and subsequent maintenance of these devices. Despite this obvious advantage of the BOYD policy, there are some underlying negative impacts that companies employing this trend may not be aware of or lack the proper tools to manage (Goodrich, & Tamassia, 2011).
Threats
The BYOD policy has created a situation called the end node problem where a single device is used for accessing both high-risk and sensitive work in the company’s network server. One of the strategies used by the risk-averse organizations is in forcing the employees to use separate devices for internet applications to reduce the risks that come with the BYOD policies. The strategy is often referred to as ‘inverse-BYOD’ strategy.
There is also a risk of infecting the company servers with malware which may end up corrupting important company information. This risk occurs because most users share their personal devices with other people, especially friends and relatives most of whom know little to nothing about the potential threat that malware presents, and how to protect their devices from these computer viruses.
Data breaches are also causes for concern in organizations which have adopted the BYOD policy. Data breaches may occur in situations where an employee uses an unsecured device to access and download sensitive company information. Since the device is unsecured, any person (whether trusted or otherwise) who can gain access to the device will also have access to the company data (Vacca, 2013). Such people may end up corrupting this data or even worse, use the data for malicious purposes.
Vulnerabilities
- End node problem – a situation where a single device is accessing both high-risk and sensitive work in the company’s network server.
- Malware – is unwanted software that interrupts the normal operation of computer systems. A single infected device, when connected to the company servers, can spread the viruses/malware to other devices in the same network. This may lead to the failure of the entire network.
- Data breaches – are situations where unauthorized persons gain access to company information/data. This usually occurs when an employee fails to secure data previously downloaded from the company’s server onto their device.
Security approaches
Some companies issue their employees with separate devices to be used specifically for internet applications. This is one strategy currently employed by risk-averse organizations in attempts to reduce the risks that come with BYOD policies. This is the ‘inverse – BYOD’ strategy (Joe, & Schneider, 2012).
For other companies, the best alternative is to outsource the security requirements of the organization to various commercial carriers such as Verizon, AT&T, and Sprint.
Additions
In addition to the mentioned security measures to tackle BYOD related risks, I would recommend screening protocols that can check for any sensitive company information on employees’ devices. When such information is detected, the system will automatically ‘wipe’ all this data from the said device. I will also recommend scheduling regular training seminars for employees as pertains to BYOD policies because, as mentioned earlier, none of all the security strategies is better than the sensitization of company employees on the hazards that come with the BYOD policy and the appropriate steps to take in order to ensure the security of company secrets. This will benefit the company and the employees who may otherwise end up losing their devices into the custody of the state.
This website is of immense benefit to the citizens as it ensures fast and easy access to healthcare. The website also enables the digitization of users’ or beneficiaries’ files, which ensures that it does not miss out any citizens who are qualified for this government service. The government also benefits in that it can easily manage expenditures and other cash flow matters which is a significant milestone in the fight against corruption. Despite all these advantages, however, the website also comes with its fair share of shortcomings, most of which are a manifestation of various cyber crime issues.
Security threats
The most obvious threat is probably the potential threat of hacking (Joe, & Schneider, 2012). Malicious individuals or even organizations may attempt to gain certain information for their own benefit. Hackers may want to retrieve information such as the users’ social security numbers, their places of residence, their phone numbers or other contact details, and their incomes. Such information can be used for planning and executing robberies, in addition to stealing identities. Pharmaceutical companies may also wish to earn on other people’s misfortunes by offering them ‘cheaper’ medication.
Data breaches are also causes for concern in organizations, especially medical institutions, which have adopted the BYOD policy. Data breaches may occur in situations where an employee uses an unsecured device to access and download sensitive information from this website’s servers. Since the device is unsecured, any person (whether trusted or otherwise) who can gain access to the device will also have access to the website’s data, which will be the user’s personal information most likely. Such people may end up corrupting this data or even use the data for malicious purposes.
This website is also a prime candidate for phishing due to the appeal of having many users. The first step is installing malware into either the users’ devices or the website’s servers. These programs will then collect various types of information and relay this information on the hackers’ devices. The worst outcome is that the installed malware ends up corrupting or deleting valuable user information. The number of deaths that may potentially occur is unfathomable; as such a scenario may mean that ailing citizens may fail to get timely medical attention.
Outsourcing
As mentioned before, such commercial carriers as AT&T, Sprint and Verizon are considered as the best alternatives for outsourcing the security requirements of the organization by many companies. However, for a website used for this purpose, outsourcing may present such problems as the end node problem, when the device is used not only for sensitive work but for the one associated with risks in the company’s network server; malware, which prevents the computer systems form the normal operation and can effect the work of other devices connected with each other in the network server causing the failure of the entire network; and data breaches, when unauthorized people get access to the databases of the companies.
Security
Appropriate security strategies include: the sensitization of company employees on the hazards that come with the BYOD policy, and the appropriate steps to take in order to ensure the security of personal information about the users of the website (Goodrich, & Tamassia, 2011). This will benefit the users, but also the employees who may otherwise end up losing their devices into the custody of the state. I would also recommend screening protocols that can check for any sensitive user information on the website maintenance employees’ devices. When such information is detected, the system will automatically ‘wipe’ all these data from the affected device.
Hybrid cloud solution
Hybrid cloud solution is a technique for storing data on the site remotely and simultaneously. Some of the benefits of a hybrid storage system are the ability and the capacity to scale (Evans, 2011). There are, however, some challenges that come with accessing cloud storage facilities remotely (through the internet) and they include:
- Latency, which is the amount of time it takes for data to be transmitted from the remote host to the client. Higher latency figures represent longer response periods and less data per unit of time.
- Security. In terms of secured data transfer protocols, cloud storage is considered to be less secure in comparison to on-site storage due to the use of the internet for retrieving data.
- Reliability refers to guarantees that data transfers between the host and the client are accomplished successfully, and that acknowledgments are received in the appropriate order (Brandon, 2013, p. 8).
Since a hybrid data storage system requires two separate storage sites (one of them is the clients’ site and another one is the providers’ site), both parties are responsible for the security and the integrity of sensitive data stored on-site. It is essential to ask prospective service providers about the security measures that they have taken in order to ensure the security, the integrity, and the availability of data stored on their servers. For secure cloud based computing, appliances ensure secure access to the cloud storage provider through user authentication protocols, encryption of data in transit, and encryption of data at rest within the storage servers (Grimes 2012, p. 16).
Online Auctioneering
The same mechanisms and provisions put in place in cloud storage solutions in order to ensure the availability, security, integrity, and confidentiality of data can be applied and will work effectively to ensure the same criteria in an online auctioneering company, which employs ‘big data’ technologies. This is the case because both setups are plagued with similar threats and vulnerabilities. It should, therefore, follow that similar security measures be taken in order to address these threats and vulnerabilities.
Near – Field – Communication
The downside of this technology is that after a mobile device has been used to complete a transaction and later attached to a computer, a crook can retrieve enough information to clone a credit card to a hotel room key, open new credit cards, and steal a person’s identity (How Vulnerable Are Radio Frequency Identification Devices? 2013). The same protocols used for protection of personal information should be applied to RFID devices in order to avoid the aforementioned threats. From a smart phone user’s standpoint, I would advise the disabling of cookies and other features used for storing event logs, if a person wishes to use near-field communication.
References
Brandon, J. (2013). What’s standing in the way of hybrid cloud? Business Cloud News. Web.
Evans, C. (2011) Hybrid cloud solutions address cloud data storage’s three key challenges. Web.
Goodrich, M. T., & Tamassia, R. (2011). Introduction to Computer Security (Limited ed.). Harlow, Essex: Pearson Education.
Grimes, D. (2012). Meeting the challenges of hybrid cloud computing infrastructures. Web.
How Vulnerable Are Radio Frequency Identification Devices? (2013). Web.
Vacca, J.V. (2013). Computer and Information Security Handbook. Burlington, MA: Elsevier Science & Technology Books.
Valacich J., & Schneider, C. (2012). Information Systems Today: Managing in the Digital World (4 ed.). Upper Saddle River, New Jersey: Prentice Hall.