BYOD - Security Risks, Challenges and Approach

Consumerization of IT has made organizations to notice the employee’s demand to use device of their choice (like iPad, tablet, smart phone as well as personal laptop) in addition to the traditional assets (i.e. laptop or the desktop) provided by the organization. The devices may either be owned by the employee or organization. After the initial reluctance organizations are now gradually endorsing the Bring Your Own Device (BYOD) demand of its employees. The BYOD has resulted in need for the re-defining the IT strategy to meet the operational and security challenges.

Organizations need to ensure that they have the right strategy to achieve the efficiency and productivity while adequately addressing the security threats.

Security Risks and Challenges

Security risks and compliance is still the major concerns for the organizations and is the top priority of the CIO. The key security risks of the 
  • Policy enforcement and Compliance 
  • Data leakage 
  • Privacy of the employee personal information
  • Monitoring


In order to achieve the desired increase in productivity, organizations requires to devise a well-defined strategy to ensure the perceived operational challenges and risks are addressed. Listed below is the broad level indicative approach for implementing BYOD program at organization.


The success of the BYOD depends on effective assessment of the risks, identification of the security controls environment and management of environment. There are number of tools which can facilitate organization in designing and implementing an effective BYOD solution. Organization shall select the tool based on its requirement and purpose. Listed below is features of few of well-known tools in the mobile device management.


Organizations need to balance the employees demand to work with their preferred devices as well as the ensuring the organization's interests are safeguarded. The BYOD will gain the further acceptance as the MDM technologies gain further maturity

Authored by Prikshit Goel
(TCS Enterprise Security and Risk Management Unit)
Rate this article: 
Average: 3.1 (8 votes)
Article category: 

There are 2 Comments

A very educative article for a high level understanding of the considerations of a BYOD strategy. This should spawn multiple related articles on the various factes of this subject. 

Thanks Prikshit for sharing an informative article. I just wanted to add couple of points to help people think in those BYOD aspects. 

To address the data protection and security breach risks, one must consider the following: 

  1. Which type of corporate data can be processed on personal devices 
  2. How to encrypt and secure access to the corporate data
  3. How the corporate data should be stored on the personal devices
  4. How and when the corporate data should be deleted from the personal devices
  5. How the data should be transferred from the personal device to the company servers

Generally A BYOD agreement checklist recommended by security team typically includes:

  1. Ensure that end users are responsible for backing up personal data;
  2. Clarify lines of responsibility for device maintenance, support and costs;
  3. Require employees to remove apps at the request of the organization;
  4. Disable access to the network if a blacklisted app is installed or if the device has been jail-broken; and
  5. Specify the consequences for any violations to the policy.