2015 IEEE International Conference on Smart City/SocialCom/SustainCom together with DataCom 2015 and SC2 2015

BYOD Security: A New Business Challenge

Kathleen Downer Maumita Bhattacharya
School of Computing & Mathematics School of Computing & Mathematics
Charles Sturt University Charles Sturt University
NSW, Australia-2640 NSW, Australia-2640
kathleendowner@gmail.com.au mbhattacharya@csu.edu.au

Abstract— Bring Your Own Device (BYOD) is a rapidly whereas Technical challenges are ongoing concerns
growing trend in businesses concerned with information throughout the lifecycle of a BYOD strategy. Human resource
technology. BYOD presents a unique list of security concerns for challenges is divided into 'Policy and regulation challenges'
businesses implementing BYOD policies. Recent publications (laws and privacy rights) and 'Human aspect challenges'
indicate a definite awareness of risks involved in incorporating (issues directly concerning employees).
BYOD into business, however it is still an underrated issue
compared to other IT security concerns. This paper focuses on The paper is organised as follows: Section II categorises
two key BYOD security issues: security challenges and available BYOD security challenges using the above taxonomy, Section
frameworks. A taxonomy specifically classifying BYOD security III explores existing frameworks and Section IV exposes their
challenges is introduced alongside comprehensive frameworks limitations.
and solutions which are also analysed to gauge their limitations.
II. BYOD SECURITY CHALLENGES
Keywords—BYOD, BYOD security, BYOD security framework
A. Deployment Challenge
I. INTRODUCTION AND BACKGROUND Determining exactly where and how BYOD is necessary is
BYOD is a relatively new initiative adopted by modern an initial challenge for companies when implementing security
businesses which allows employees to use personal mobile policies [2][7] (see Figure 1).This involves analysing all
devices to complete work in a convenient and flexible manner. departments and
Recent industry reports claim approximately 70% of employee responsibilities, then deciding which resources are
businesses already utilize BYOD and agree they experience accessible by mobile devices. Difficulty arises when
improvements including enhanced productivity, efficiency, determining how data is accessed and controlled when
morale and reduced hardware expenses [15][35][39]. Of these, employees job share or when an employee’s job encompasses
50% of employees actively use pre-installed security measures many roles. Mobile devices involved in job sharing are prone
on their device (eg. pass codes), yet less than 20% utilize extra to data duplication, as employees may modify data differently.
methods (eg. anti-malware) [5][26][27]. In contrast, the rate of
threats and attacks aimed towards mobile devices are B. Technical Challenge
increasing; especially software based attacks [19][29][39]. Access control for mobile devices coincides with the
This paper was inspired by inconsistencies in research previous challenge. Companies need to determine permission
specifically concerning BYOD security. Analysis of reviewed levels for each employee when accessing certain company
literature revealed that researchers direct their focus towards resources with personal devices and external network
security challenges and frameworks which counteract certain connections [2][7].Other factors that determine access control
threats (see Tables 1, 2 and 3). This information was collated specifications include: setting time limits, limiting how many
to provide a well-rounded view of the current state of BYOD people can access certain resources at one time and how
security. This paper introduces a new taxonomy for employees will gain access to company resources. Access
categorising BYOD security challenges inspired by those used control issues and considerations vary according to the
for classifying network security threats taught by Hansman business size, location, number of employees and industry.
[18]. The BYOD security challenge taxonomy is divided into
two dimensions: Incorporating security measures to cover a range of
portable devices against threats and attacks is complicated, as
Dimension 1. Security challenges are classified according employees will own an unpredictable range of devices with
to areas and resources of the organisation they affect most. differing operating systems, meaning the security needs of
There are two categories: Equipment (software and hardware) each need to be equally supported where possible. Clashes
based and Human resource challenges. between operating system such as requirements, behaviours,
Dimension 2. Further divides challenges by primary conditions and default security issues, will determine security
concerns, key characteristics, similarities and logical measures required [8][7]. Constantly adjusting security
relationships. Equipment based challenges are further divided measures to protect all devices is a heavy strain on resources
into 'deployment challenges' and 'technical challenges'. and personnel responsible for maintaining them.
Deployment challenges occur during pre-implementation,

978-1-5090-1893-2/15 $31.00 © 2015 IEEE 1128

DOI 10.1109/SmartCity.2015.221
 Table 1. Some key publications with the most influence towards BYOD research.

Limitations Survey/Review
Research Focus
(S/R) /
Investigation (I)
Bradford Explains security challenges and Limited explanation about I
Networks, guidelines for forming BYOD how to enhance access
2012 policies. control solutions.
Disterer et
Opportunities and risks of BYO Only discusses desktop I
al, 2013 and comparison of desktop virtualisation models, with a
virtualisation models. mere mention of MDM.
Eslahi et Discusses MDM, MIM, MAM Limitations of MDM, MIM S/R
al, 2013 and Mobile bot nets. and MAM are not mentioned.
Hansman, Taxonomy theories for network Focus is only on categorising I
2004 security vulnerabilities. attacks and threats.
Hormazd, Explanation of access control Advice only revolves around I
2014 methods that protect data from access control initiatives.
some threats and attack types.
Leavitt, Explains mobile specific security Only acknowledges a few I
2013 frameworks, cloud storage and threats and MDM related end
vulnerabilities. point security methods.
Morrow, Mobile device vulnerabilities as Information is influenced by I
2012 challenges, supported by statistics, thus is biased by
statistical evidence. trends reported 3 years ago.
Scarfo, Presentation of trends and Biased towards desktop I
2012 security frameworks currently virtualisation, in comparison
favoured by businesses. to other solutions presented.
Tokoyosh Explores issues influencing Security frameworks are I
i, 2012 BYOD policies and ideas for mentioned, yet are not
mitigating risks. explained in detail.
Wang et Specific security frameworks Frameworks are limited to S/R
al, 2014 and challenges are discussed. VPNs and MDM variations.

Figure 1. Categories of Security Challenges.

Table 2. Literature review index based on security challenge focus

Research
Category Security Challenge
Determining how to implement BYOD security [2][7]
Deployment
measures into existing networks.
Challenges
Determining who in the organization needs BYOD. [2][7]
Determining where BYOD is useful. [2][7]
Technical Access Control. [2]

1129
 Challenges Implementing security measures to protect all device [8]
hardware and operating systems.
Providing ongoing support 24/7 [2]
Containing, controlling, monitoring data distribution. [22][32][13][28]
Maintaining secure and stable connections. [22][2]
Protecting cloud storage facilities. [32][34][25][3][
33][36]
Policy & Regulation Local government regulations and laws. [1][4]
Challenges Ethical and privacy issues. [1][13]
Human Aspect Employee training and ongoing education of BYOD [7][17]
Challenges security.
Employee reactions, emotions and compliance of [8][37]
BYOD policies.

Providing ongoing support for BYOD security policies BYOD security policy [1]. Legislations may limit levels of
demands extra resources to maintain the desired level of control that companies can enforce on employee owned
security for all devices connected to the network. The devices. Companies spread globally need to adjust BYOD
responsibilities of security personnel will increase to meet policies for each country they are based, in order to align with
these needs. BYOD security solutions require commitment, local laws, which makes streamlining employee contracts and
time and money, especially during deployment [2]. monitoring changing laws more laborious. Legislations
influencing BYOD initiatives in Australia include the Privacy
Containing, monitoring and controlling the distribution
Act (1988) and the Freedom of Information Act (1982) [4].
of data is a primary concern for companies enabling BYOD
initiatives [22]. Maintaining confidentiality and integrity of Ethical and privacy issues coincide with aforementioned
data depends on whether it is stored or only accessed by legal implications. When employees provide devices for work
mobile devices. Monitoring data on devices is complicated as use, companies must consider how evasive security measures
the company loses sight of it once it is transferred from their are, and how they comply with data privacy rights and
network, which leads to the potential of data leakage [32]. regulations. Sensitive data needs to be under tight surveillance
in order to avoid data leaks which lead to lawsuits [1]. Most
Maintaining secure and stable connections between data privacy laws worldwide state that employees must
corporate network resources and devices connected via provide consent before companies install invasive security
external networks is a common concern for BYOD reliant measures or access data on personal devices, and in return, the
businesses. Wireless access points may contain threats such as company needs to provide adequate protection [1]. Ideally,
malware which installs itself on a device when a connection is security solutions are always active; however it can restrict
initiated [22][2]. Factors influencing connections include how employees interact with devices outside of work [13].
employees use of public, unprotected Wi-Fi hot spots, and
unknown security configurations of their home networks. D. Human Aspects Challenges
Protecting company data stored on a cloud facility is a Training and educating employees about BYOD
sensitive issue, as cloud applications enable data to be security, deployed solutions, and enforcement of security
accessed anytime, and may be used as an alternative or policies is critical. This challenge is enhanced when all staff
eliminates the need to store data on mobile devices need to have the same understanding of companywide BYOD
[3][33][36]. When cloud based storage is accessed from security policies, yet those handling more sensitive data have
mobile devices, it is also prone to the same security threats as extra procedures to follow [7]. Effectively teaching staff in a
the device [32], such as hacking, software based attacks, and way they will understand and follow BYOD policies is an
can also exacerbate other BYOD security challenges such as ongoing issue. The main aim of training is to convey
containing, controlling, monitoring distribution and expectations of acceptable device use, ensure awareness of
contamination of data. The inability for a company to control risks, and how to maintain good security practises [17].
the transfer of data creates security loop holes (cloud sprawl),
Employee reactions, emotions and observance of
which occurs when employees transfer company data to public
BYOD security policies is an ongoing challenge for
clouds for file sharing, then do not delete later. Cloud service
businesses to monitor, contain and maintain [8]. Policies need
providers also maintain backups of data for reliability reasons,
to include guidelines for handling situations where employees
thus data is never completely destroyed [34][20]. The
show resistance, utilize mobile devices for illegal activities, or
likelihood of threats against cloud storage and mobile devices
experience difficulty adjusting to them. Over time employees
is increased by enabling the "remember password" feature
have a tendency to forget guidelines set by policies, or are
(storing login credentials in the authentication cache) [34][25].
unaware of changes, which highlights the need for constant
reinforcement and training. Employees who strongly disagree
C. Policy and Regulation Challenges with limitations enforced by BYOD security policies, will
Local government regulations and laws regarding actively seek loopholes to exploit [37].
corporate data determines rules incorporated into a company's

1130
 Table 3. Literature review index based on security framework and solutions focus

Research
Category Framework/ Solution Explored
Company's existing security measures [9][31][11][39]
Comprehensive
Network Access Control (NAC) [9][12][24][30]
BYOD Security
MDM [23][21][35][11][25]
Frameworks MAM [35][25]
MIM [35][14]
Desktop virtualization models [35]
Single Purpose End user agreements, acceptable usage policies, [37][1][2][17][7]
BYOD Security liability agreements
Solutions Containerization [31][20][25][16]
Remote wiping [25][15]
Anti-malware, anti-virus, anti-spyware solutions [20]

update, synchronise files, trigger remote wiping, support VPN

III. EXISTING FRAMEWORKS FOR BYOD SECURITY connections, conduct anti-malware scans, and provide activity
Security solutions generally maintain a single focus and reports [35][11][25]. MDM is useful for companies
are recommended to enhance comprehensive frameworks, implementing BYOD strategies rapidly and require a
which are multi-functional approaches. centralized, simplified solution.
Mobile Application Management (MAM) is a flexible
A. Comprehensive BYOD Security Frameworks alternative to MDM, as the scope of protection concerns a
Existing security measures include Virtual Private specific set of applications on the mobile device. MAM allows
Networks (VPNs), firewalls and email filtering [9][31], are the company to apply security policies, lock down, define
ideal for protecting resources inside networks and when access control rules, configure software behaviours, remote
mobile devices are already engaged in BYOD prior to the wipe applications under its control, restrict access to
enforcement of formal policies. VPNs facilitate exclusive unauthorised applications and install approved applications.
network connections with devices and allows access to Applications outside of MAM’s boundaries remain private and
resources in a controlled environment [11][39]. This reduces continue to function at the employee’s discretion [35][25].
the need for storing data on devices, whilst accommodating MAM is enhanced when combined with containerisation.
flexible work patterns. Firewalls protect networks by
Mobile Information Management (MIM) is primarily
monitoring network traffic and denying access to suspicious
concerned with data integrity and encryption, determines
requests. Email filtering detects and warns users of infected
application and personnel access and ensures document
emails. Mobile devices can sync email applications, therefore
synchronization amongst multiple devices, whilst
benefiting the device when email filtering is active [31].
simultaneously administering security procedures such as
Network Access Control (NAC) limits the number of malware scanning [35]. Company data is located in one place,
connected devices, determines permissions and denies such as a cloud server, yet is accessed according to permission
unrecognized devices access to a company's internal network rules applied to the requesting devices and applications [14].
[9][12][24][30]. It was well established prior to the rise of MIM synchronises data across devices similarly to cloud
BYOD, yet is pivotal for enhancing BYOD frameworks. storage services; as data is stored in a virtual central location.
Identity and Access Management (IAM) is a variation of
Desktop virtualization models enable desktop computers,
NAC, which applies customized device access control rules to
virtual machines and servers to host sessions for remotely
a network, yet also manages single sign on and separation of
located devices. Mobile devices operate like remote controls
duties [9]. Similarly, Access Application control (AAC), is
when interacting with applications contained on hosting
installed on a mobile device and performs identical access
hardware, and communicate via VPN connections. There are
control functions. Desktop virtualization and MDM variations
four types of end user virtualisation: virtual desktop streaming,
are heavily reliant on NAC and ACC. NAC helps ensure that
application streaming, hosted virtual desktop & hosted virtual
the probability of data leakage, company-wide malware
applications, which divide applications, operating systems and
infections and other attacks are reduced or avoided.
user profiles into independent, yet cohesive layers which adapt
Mobile Device Management (MDM) is a multi- to user profiles. Some businesses already use this technique,
functional framework which grants businesses the ability to however it is becoming increasingly prevalent as BYOD
strictly control mobile devices. MDM solutions contain a main grows [35]. Desktop virtualisation models are low cost,
component which manages protocols, provides constant centralise resources, data and security management and
control and monitoring, resides within the company's network reduces or eliminates the need to transmit data onto mobile
and relies on the exchange of certificates to authenticate and devices, thus reduces the possibility of data leakage occurring.
communicate with MDM agents, which are installed on
mobile devices [23][21]. Together they enforce access rights,

1131
B. Single Purpose BYOD Security Solutions activity [24]. Once infected applications enter the network,
End user agreements, acceptable usage policies and NAC holds little control over its activities [12]. Other down
liability agreements are formal contracts ensuring companies falls include limits on the number of connected devices that
and employees mutually agree upon BYOD security policies; can be supported simultaneously and increased strain on
this is vital to the success of BYOD [37]. Agreements support administrators who monitor network traffic. Application
all security controls in place, as they make certain employees Access Control is prone to being dismissed by employees as it
know what is expected whilst using personal devices for work, is an intrusive form of access control [30].
and protects the business on legal accounts in the case of a MDM is controversial as all applications and data on the
security breach [1]. BYOD policies contain information such device (work and personal) are subject to security protocols it
lists of permitted applications, installed security measures, enforces. It is an endpoint, access control solution whose
management access, levels of access control, back up security features are primarily reactive measures. Lack of
procedures, and rules concerning storage of data [2][17]. For preventative measures still leaves mobile devices prone to
example, employees may use VoIP applications, yet social inappropriate use if stolen or lost [20][25]. Employees are
websites are prohibited during work hours. Businesses are usually resistant of MDM, as they feel restricted, their privacy
advised to involve employees when devising BYOD security is invaded or that device ownership is surrendered [25][24].
policies in order to help them understand responsibilities [7]. MDM can be laborious to maintain, as connected devices
Containerization partitions mobile device storage space constantly vary and it requires regular updating [20].
into independent sections in order to divide personal and work MIM and MAM have similar limitations to MDM in
data. The section containing company data has its own regards to access control and heavy focus towards reactive
security policies applied and allows remote access for security measures. Neither offer control like MDM, which
company control, without affecting personal data [31][20].The limits the company's power to control devices. MAM only
company can also specify a browser within the container to protects applications, whilst MIM protects data stored in a
help secure online traffic [25]. Gessner et al. suggests using central location, and both provide minimum protection against
containerisation as perimeter defence, where its internal malware [14]. MAM does not explicitly protect data and the
applications utilise VPN connections to access resources in the placement of its boundaries around selected applications can
company's network, whilst allowing policy management to inhibit communication with personal applications [16].
direct control. Policy management includes rules controlling Businesses must consider management of data synchronisation
access rights of devices, and security procedures required to as employees overriding each others work is a potential
ensure the contents of the container are protected from threats consequence if MIM policies are not refined.
which may be present elsewhere on the device [16].
Desktop virtualisation models fundamentally depend on
Remote wiping is the final reactive solution that is stable and secure network connections, and the strength of
triggered when a device is lost, stolen or the owner separates these affect the safety of transmitted data. If too many
from the company. The technique involves logging into, then employees connect simultaneously to a particular virtual
removing all company applications and data residing on the desktop environment, bottlenecks can occur at it's entry points.
device [25][15]. Some commercially available MDM and Businesses still need to determine user access permissions and
MAM solutions already contain remote wiping procedures. apply monitoring techniques, such as session management.
Antivirus, anti-malware and spyware applications are Network security solutions offer little protection from data
essential for strengthening BYOD security frameworks [20]. It leakage and may increase hardware costs.
is imperative that companies enforce the use of these measures
and employees using mobile devices for work reasons have B. Limits of Single Purpose BYOD Security Solutions
some form of this software installed and actively scanning, in End user, liability agreements and acceptable usage
order to reduce the chances of infecting resources and other policies are limited by how strongly the administering
devices connected to the company's network. company enforces them. Human error, general negligence and
failure to comply with BYOD security agreements contribute
IV. LIMITATIONS OF EXISTING FRAMEWORKS to risks and damages incurred as a result of security breaches
and lost intellectual property [29][37][38][6][8]. Compliance,
A. Limits of Comprehensive BYOD Security Frameworks auditing and agreements that are not BYOD specific are prone
to being challenged by resistant employees who disagree or
VPNs, firewalls and email filtering are biased towards
have malicious intent [37].
protecting internal network resources. Mobile devices are not
fully protected and are still capable of transmitting malware Containerisation only places boundaries around selected
into the network and opening loop holes for other threats such applications and does not prevent employees from copying
as data leakage. Firewalls and antivirus software installed on data in the container to other storage spaces, which means
company networks may only recognize threats targeting PC there is no protection from suspicious activities [31]. Remote
operating systems, thus allowing mobile OS specific malware wiping is only a reactive measure which does not prevent data
to enter the network and infect other devices. Email filtering is from being stolen or used for malicious reasons. Remote
restricted by its dependency on commitment of end users wiping is obsolete if its execution is delayed; if not triggered
[31].The primary purpose of NAC is to protect network entry immediately after an event, data may already be compromised.
points, and as such cannot single-handedly detect suspicious Antivirus, antimalware and spyware are reactive measures

1132
concerned with counteracting software based attacks as they [16] Gessner D, Girao J, Karame G and Li W (2013) Towards a User-
appear to devices. Their effectiveness is dependent on the Friendly Security-Enhancing BYOD Solution. Technical Researches,
NEC Technical Journal. Vol. 7. pp. 113-116.
device owner's initiative to execute scans regularly. They may
[17] Gladyng, C. (2013) BYOD: Can it harm your business?: A mobile
not protect the device entirely, due to the rapid rate at which device based study. University of Derby, UK. Pp. 31-34.
malware is growing, and multiple anti-malware applications
[18] Hansman, S., Hunt, R. (2004). A taxonomy of network and computer
may be required, which is time consuming and tedious. attacks. Computers and Security. Vol. 24. Issue 1. pp. 31-43.
[19] Hoffman, R (2013) Close the BYOD Security Hole. Information Week,
V. CONCLUSION United Business Media LLC. Vol. pp. 16.
[20] Hormazd Romer A (2014) Best practices for BYOD security. Computer
In light of challenges and frameworks discussed, it is Fraud and Security. Vol. January 2014. pp. 13-15.
evident that BYOD security requires further research and [21] Keunwoo, R., Woongryul, J., Dongho, W (2012) Security requirements
development. Although frameworks discussed are effective, of a Mobile Device Management System. International Journal of
there is room to improve, reduce limitations and close existing Security and its Applications. Vol. 6. pp. 1-6.
loopholes. Scholars recommend implementing a multi layered [22] Kim K and Hong S (2013) Study on Enhancing Vulnerability
approach when devising BYOD security policies [31][35][10], Evaluations for BYOD Security. International Journal of Security and
yet seldom provide thorough advice about uniting existing Its Applications. Vol.8. pp. 299-238.
frameworks and solutions effectively. It is fair to state that [23] Kim, S and Jin H (2015) A Simple Security Architecture for Mobile
industry awareness needs to gain a higher priority. Existing Office. International Journal of Security and its Applications. Vol. 9. pp.
139-146.
frameworks will eventually extend themselves to flexibly suit
[24] Koh, E., Oh, J., Im, C. (2014) A study on security threats and dynamic
specific business needs in response to cybercrime and the access control technology for BYOD, Smart-work Environment.
growth rate of malware targeting mobile operating systems. [25] Leavitt N (2013) Today's Mobile Security Requires a New Approach.
Technology News, Computer. Vol. pp. 16-19, IEEE Computer Society.
REFERENCES [26] Lennon RG (2013) Changing User Attitudes to Security in Bring your
Own Device (BYOD) and the Cloud. Paper submitted to Computing
[1] Absalom, R. (2012) International Data Privacy Legislation Review: A Department of Letterkenny Institute of Technology, Co Donegal,
guide for BYOD policies. Ovum. Vol. 1. pp. 1-23. Ireland. pp.1-4.
[2] Astani, M., Ready, K., Tessema, M. (2013) BYOD Issues and Strategies [27] Malloy M (2014) Webroot Rolls out New BYOD Security Report.
in Organisations. Issues in Information Systems. Vol: 14, Issue 2. pp. Wireless News, Close-Up Media Inc, USA. pp. 1-2.
195-201.
[28] Mitrovic, Z., Veljkovic, I., Whyte, G., Thompson, K. (2014) Introducing
[3] Amoroso, EG. (2013). From the Enterprise Perimeter to a Mobility- BYOD in an organisation: the risk and customer services view points.
Enabled Secure Cloud. Security & Privacy, IEEE.Vol 1. Pp. 23 - 31. The 1st Namibia Customer Service Awards & Conference, November,
[4] Australian Government, Department of defence: intelligence and 2014. pp. 1-26.
security. (2014) Bring Your Own Device (BYOD) For Executives. Paper [29] Morrow B (2012) BYOD security challenges: control and protect your
explaining guidelines for corporate BYOD policies, submitted online, most sensitive data. Network Security. Vol. December 2012. pp. 5-8.
February 2014, Australia. Pp. 1-3.
[30] Pell, L. (2013) BYOD Implementing the Right Policy. University of
[5] Barker, J (2014) Kensington Survey: Majority of organizations report Derby, UK. Pp. 95-98.
BYOD creates greater security risks. Close-Up media Inc, Coventry,
USA, November 2014. pp.1-2. [31] Rhodes J (2013) Building Security Around BYOD. Managing Mobility,
Rough Notes. Vol. 156. pp. 104, 114.
[6] Beaver K (2012) The BYOD Security Loophole. In Security Technology
Executive. Vol. May 2012, pp.20. [32] Rodríguez, NR., Murazzo, MA., Chavez, S. (2012). Key aspects for the
development of applications for Mobile Cloud Computing. Journal of
[7] Bradford Networks (2012) Ten Steps to Secure BYOD. Whitepaper by Computer Science & Technology. vol. 13, no. 3. pp. 143-148.
Bradford Networks, MA, USA, 2012. pp. 1-4.
[33] Sahu, D., Sharma, S., Dubey, V., Tripathi, A. (2012). Cloud Computing
[8] Chen, H., Li, Hoang, T., Lou, X. (2013) Security challenges of BYOD: a in Mobile Applications. International Journal of Scientific and Research
security education, training and awareness perspective. The University Publications, Vol 2. Issue 8. August 2012. pp. 1-9.
of Melbourne, Australia. Pp. 1-8.
[34] Samaras V, Daskapan S, Ahmad R and Ray S (2014) An Enterprise
[9] Dell Inc (2015) Dell Offers Top Five Best practices for Overcoming Security Architecture for Accessing SaaS Cloud Services with BYOD.
BYOD and Mobile Security Challenges. Paper presented to ENP Paper submitted to Delft University of Technology, Netherlands and
Newswire Publishing, UK. pp. 1-3. Manukau Institute of Technology, New Zealand. pp. 1-6.
[10] Denman, S. (2012). Why multi-layered security is still the best defence. [35] Scarfo A (2012) New Security perspectives around BYOD. 2012
Network Security, Vol 2012. Issue 3. Pp. 5–7.
Seventh International Conference on Broadband, Wireless computing,
[11] Disterer G and Kleiner C (2013) BYOD Bring Your Own Device. Communication and Applications. Vol. pp. 446- 451, IEEE Press.
Procedia Technology Vol. 9, 43-53.
[36] Subramanian, L., Maguire Jr, GQ. (2011). An architecture to provide
[12] Dongwan, K., Changmin, J., Taeeum, K., Hwankuk, K. (2015) A Study cloud based security services for smartphones. 27th Meeting of the
on Security framework for BYOD environment. Institute of Research Wireless World Research Forum (WWRF), Wireless World Research
Engineers and Doctors, USA. Pp. 89-92. Forum, 2011Conference paper (Refereed).
[13] Eschelbeck G and Schwartzberg D (2012) BYOD Risks and Rewards: [37] Thomson G (2012) BYOD: enabling the chaos. Network Security. Vol.
How to keep employee smartphones, laptops and tablets secure. February 2012. pp. 5-8.
Whitepaper by Sophos, Oxford, UK, June 2012. pp. 1-7.
[38] Tokuyoshi B (2012) The security implications of BYOD. Network
[14] Eslahi, M., Naseri, M., Hashim, H., Tahir, NM., Mat Saad, E. (2013) Security. Vol. April 2013. pp. 12-13.
BYOD: Current State and Security Challenges. Universitii Teknologi [39] Wang W, Wei J and Vangury K (2014) Bring Your Own Device
MARA, Malaysia Pp. 1-4.
Security Issues and Challenges. Paper presented to The 11th Annual
[15] French A, Guo C and Shim JP (2013) Current Status, Issues, and Future IEEE CCNC- Mobile Device, Platform and Communication, USA. pp.
of Bring Your Own Device (BYOD). Communications of the 80-85.
Association for Information Systems. Vol. 35. pp. 191-197.

1133