Date Published: November 29, 2022
Comments Due:
Email Questions to:
Author(s)
Kaitlin Boeckl (NIST), Nakia Grayson (NIST), Gema Howell (NIST), Naomi Lefkovitz (NIST), Jason Ajmo (MITRE), Milissa McGinnis (MITRE), Kenneth Sandlin (MITRE), Oksana Slivina (MITRE), Julie Snyder (MITRE), Paul Ward (MITRE)
Announcement
Many organizations now support their employees' use of personal mobile devices to remotely perform work-related activities. This increasingly common practice, known as Bring Your Own Device or BYOD, provides employees with increased flexibility to telework and access organizational information resources. Helping ensure that an organization's data is protected when it is accessed from personal devices, while ensuring employee privacy poses unique challenges and threats.
The goal of the Mobile Device Security: Bring Your Own Device practice guide is to provide an example solution that helps organizations use both a standards-based approach and commercially available technologies to help meet their security and privacy needs when permitting personally-owned mobile devices to access enterprise resources.
This second draft includes major updates to the iOS BYOD implementation.
We look forward to receiving your comments and any feedback on the following questions will be very helpful:
- Does the guide meet your needs?
- Can you put this solution to practice?
- Are specific sections more/less helpful?
NOTE: A call for patent claims is included on page vi of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
Bring Your Own Device (BYOD) refers to the practice of performing work-related activities on personally owned devices. This practice guide provides an example solution demonstrating how to enhance security and privacy in Android and iOS smartphone BYOD deployments.
Incorporating BYOD capabilities into an organization can provide greater flexibility in how employees work and increase the opportunities and methods available to access organizational resources. For some organizations, the combination of traditional in-office processes with mobile device technologies enables portable communication approaches and adaptive workflows. For others, it fosters a mobile-first approach in which their employees communicate and collaborate primarily using their mobile devices.
However, some of the features that make BYOD mobile devices increasingly flexible and functional also present unique security and privacy challenges to both work organizations and device owners. The unique nature of these challenges is driven by the diverse range of devices available that vary in type, age, operating system (OS), and the level of risk posed.
Enabling BYOD capabilities in the enterprise introduces new cybersecurity risks to organizations. Solutions that are designed to secure corporate devices and on-premise data do not provide an effective cybersecurity solution for BYOD. Finding an effective solution can be challenging due to the unique risks that BYOD deployments impose. Additionally, enabling BYOD capabilities introduces new privacy risks to employees by providing their employer a degree of access to their personal devices, thereby opening up the possibility of observation and control that would not otherwise exist.
To help organizations benefit from BYOD’s flexibility while protecting themselves from many of its critical security and privacy challenges, this Practice Guide provides an example solution using standards-based, commercially available products and step-by-step implementation guidance.
Bring Your Own Device (BYOD) refers to the practice of performing work-related activities on personally owned devices. This practice guide provides an example solution demonstrating how to enhance security and privacy in Android and iOS smartphone BYOD deployments. Incorporating BYOD capabilities...
See full abstract
Bring Your Own Device (BYOD) refers to the practice of performing work-related activities on personally owned devices. This practice guide provides an example solution demonstrating how to enhance security and privacy in Android and iOS smartphone BYOD deployments.
Incorporating BYOD capabilities into an organization can provide greater flexibility in how employees work and increase the opportunities and methods available to access organizational resources. For some organizations, the combination of traditional in-office processes with mobile device technologies enables portable communication approaches and adaptive workflows. For others, it fosters a mobile-first approach in which their employees communicate and collaborate primarily using their mobile devices.
However, some of the features that make BYOD mobile devices increasingly flexible and functional also present unique security and privacy challenges to both work organizations and device owners. The unique nature of these challenges is driven by the diverse range of devices available that vary in type, age, operating system (OS), and the level of risk posed.
Enabling BYOD capabilities in the enterprise introduces new cybersecurity risks to organizations. Solutions that are designed to secure corporate devices and on-premise data do not provide an effective cybersecurity solution for BYOD. Finding an effective solution can be challenging due to the unique risks that BYOD deployments impose. Additionally, enabling BYOD capabilities introduces new privacy risks to employees by providing their employer a degree of access to their personal devices, thereby opening up the possibility of observation and control that would not otherwise exist.
To help organizations benefit from BYOD’s flexibility while protecting themselves from many of its critical security and privacy challenges, this Practice Guide provides an example solution using standards-based, commercially available products and step-by-step implementation guidance.
Hide full abstract
Keywords
bring your own device; BYOD; mobile device management; mobile device security
Control Families
None selected