There’s no denying the impact that technology has brought in modern organizations. Technology is increasingly changing the way business operate and function by transforming business processes including manufacturing, processing, branding, market, advertising and more. In addition, technology is also transforming the way employees work and carry out their tasks as well as the way clients and other stakeholders engage with businesses (Garlati, 2011). This is from the dawn of ubiquitous mobile computing technology that is progressively on the rise. Organizational industries such as the financial services sector has not been left behind by the digital shift. Adjusting to emerging technologies such as mobile computing is challenging for any business. Today's financial services establishments are especially faced with data security and risk management challenges and requirements. In an attempt to gain a competitive advantage and enhance customer experience, financial organizations are presently focused on adopting newer technologies in the market. Bring Your Own Device (BYOD) is an emerging technology that permits workers to bring their own technology at work and use them to carry out work related tasks (TrendMicro, 2012). This report seeks to discuss the impacts of adopting BYOD technology for Aztec Limited, an Australian based financial services provider.
1.1 Project scope
This report will focus on delivering a BYOD risk assessment study for Aztec Limited in terms expounding on BYOD emerging technology, the state of the financial services industry on BYOD adoption, risks associated with BYOD advancement, data security and finally a comprehensive risk assessment.
1.2 Assessment significance
Evaluation of BYOD adoption at Aztek will enable organizational management to make informed decisions on advances that will help the business explore options that will help the business on cost savings, increase employee satisfaction as well as improve business productivity and efficiency. The assessment will provide Aztek with procedures that will affect BYOD implementations including the adoption of BYOD in the general financial sector, benefits, associated risks and how to manage them in the event of happening. In addition, the assessment will enable Aztek management learn of ways to minimize business costs with BYOD technology.
2.0 Bring your own Device Technology
According to a (TrendMicro, 2012) report, employees have a preference to utilize their own devices in the office as they are already used to them and are simple to use, more appropriate, and permit them to combine their work operations with personal activities (Garlati, 2011). Bring Your Own Device (BYOD) denotes to the concept of allowing company staff to bring in personal computing devices such as laptops, smart phones and tablets to the workstation, and to utilize them to obtain admittance to business systems and information (Hurst, 2012). This technology can also be referred to as bring your own phone (BYOP), bring your own technology (BYOT), and bring your own personal computer (BYOPC) (Monnappa, 2016). The ubiquitous nature of mobile computing devices such as PDAs, tablets, e-readers and smart phones are seeing many people use them in day to day life (Bradley, 2011). This has led to several companies permitting staff to carry their own hand held computing devices to the office (Bodley-Scott, 2014). Organizations including IBM already allows employees to take and use their devices at work because of professed business productivity gains and cost reduction (IBM, 2017). In the business world, BYOD is making noteworthy progress with over 75 percent of employees high level markets like Russia and Brazil with more than 40 percent using their own devices at the workplace (Advisor, 2017). Research has as well shown that it is impossible to prevent employees from bringing their own technology at work (Advisor, 2017). BYOD prevents the ICT function in an organization from bothering with complicated developments in the market since device owners take it upon themselves to ensure device security and update saving them a lot of time. For establishments that embrace BYOD, only few are worried with probable security issues that unsecured mobile technology (Mielach, 2012).
3.0 Benefits of BYOD for organizations
As part of a disruptive technology, BYOD paradigm offers a lot of benefits for business organizations. According to (Jeff, 2012) one of the factors that associate BYOD with benefiting a business is cost reduction. Although there are limitations, both businesses and employees seem to opt for BYOD technology. The following are benefits for adopting BYOD in a business organization according to (ComputerSolutions, 2017)
- Improved productivity – research has indicated that business that have embraced experience increased business productivity
- Enhanced flexibility – mobile devices attract a business workforce in that they can work from wherever they could be. They can access company network remotely with a variety of hand-held computing devices
- Decreased hardware asset procurement – a modern business cannot survive without computer technology including software and hardware. By allowing BYOD implementation organizations don’t require to purchase hardware for use in the business since employees use their own devices hence lessening hardware acquisition costs for the business
- Cost reductions – as stated above an organization is able to minimize hardware software and acquisition which helps the entire business cut on expenses by tasking employees with such responsibility
- Cheaper device and infrastructure maintenance
- Organizational staff are already experienced in using their own devices and won’t require training and help desk support. In addition, staff always ensure that their devices are updated to the latest patches and other software updates which is beneficial for the company.
4.0 Financial services sector review
Technology has brought in numerous advantages for financial businesses (Celik, 2013). Bring Your Own Device (BYOD) as an emerging technology is there on the rise in being adopted by many industries, however the financial industry has embraced BYOD much more that other sectors (Nerney, 2016). Because of a growing and ever expanding BYOD concept, it is important that financial services sector must also adopt the technology (Lund & Silva, 2015).
Like mentioned before, some organizations that allow BYOD are not bothered with the data security issue which is very risky. Like other industries, many financial institutes are also taking necessary precautions with mobile device usage by employees which is also hazardous. According to a current survey (Advisor, 2017), more than two-thirds of financial establishments are yet to optimize and install enterprise related mobile device management with regard to BYOD adoption (Winjnhoven & Wassenaar, 2010).
4.1 Industry compliance and government policies
An Australian government agency for managing information management in the workplace, (AGIMO) is on the edge of allowing a strategy document for increasing mobility technology that will include tablets, smartphones, notebooks, mobile applications for governmental departments and public servants (Trevor, 2013). For financial institutes, BYOD embracing starts with looking into governmental policies and compliance standards that could guide its adoption. Therefore, organizations should first and foremost assess the end-to-end effects of BYOD in the business, chiefly in terms of privacy, security, compliance, data access, content and workforce mobile device usage guidelines. In addition, financial organizations need to choose the right service providers for maximum scalability, flexibility BYOD deployment management and solutions (Framingham, Gens, Levitas, & Segal, 2011). It is important to have a wide range of partners, service workers and recognized professional experts knowledgeable in mobility services, networks and security to assist organizations in ensuring better BYOD management.
4.0 Impacts of adopting BYOD for Aztec
Organizations are increasingly opening their data and information systems to mobile devices including smart phones, notebooks, personal digital assistants (PDAs), iPads and others. This trend has created the BYOD technology that is also referred to as IT ‘consumerization’ in the workplace. Both organizational customers and the workforce are now favoring the performing and accomplishing tasks through the use of their own individual devices over devices provided by an organization (Framingham, Gens, Levitas, & Segal, 2011). Bring your own device (BYOD) paradigm is therefore is a rising development for business IT. There are several benefits for permitting users to carry and use their personal devices to work as well as some concerns including data security issues (Bradley, 2011).
Many financial organizations embrace bring your own device (BYOD) with the notion that the technology will help them in reducing operational costs (Miller, 2016). However the real value of bring your own device (BYOD) technology is to enhance employee experience and satisfaction as well as quickening technical adoption in an organization. With happy and satisfied employees, there results business productivity. Implementing BYOD for financial organizations is a bit more sensitive as it involves more than shifting company infrastructure to employees owned devices. It involves hidden and complicated impacts, in that policies and procedures need to be laid out in well-defined processes before BYOD adoption (Miller, 2016). Preliminary success for any BYOD deployment, a business has to do enough preparation with regards to complex requirements and risk management procedures. The two major important factors to consider in trying to implement bring your own device technology at the early stages include security (BankTech, 2013). Lack of security procedures with BYOD implementation can have adverse effects for a business and can even lead to downtime. The other critical factor has to do with legal compliance policies. It is crucial to establish trust models in terms of understanding what the BYOD technology means with regard to legal obligations (BankTech, 2013).
Technology deployment in a business provides a lot of business changes. In this case, deploying BYOD at Aztek can have either advantages as well as provide some risks. However risks can be prevented before they occur by installing controls to detect and avoid them in the company.
5.1 Benefits of BYOD implementation
- Increased employee satisfaction. If staff are allowed to use their own technology, it increases their work experience s which motivates to work more responsibly and efficiently which will in turn improve productivity for Aztek company
- Reduce hardware and software acquisition costs since employees will be using their own devices. This means that Aztek company will not need to buy mobile devices for the company reducing business expenses
- Reduction in maintenance expenses. Aztek will only need to maintain the devices that belong to the organization since employees will take care of the maintenance of their own devices
- Mobility leading to increased business flexibility. since employees are allowed to use their own technology, they can perform work remotely from anywhere including at home and on commute which improves business efficiency
- Aztek will gain a competitive advantage since by adopting BYOD they will be embracing the digital shift which is increasingly improving all business functions in terms of how businesses engage with existing and prospective customers as well as partners and stakeholders.
5.2 Threats and Vulnerabilities
Many technology advances come with a share of risks. This is because of the fact that modern technologies are accessed through the Internet that connects all categories of networks and users including fraudulent users. As a result, data security breaches are on the increase. The recent ransom ware attack, wanna cry saw organizations including financial agencies suffer data and financial loss for organizations in over 150 countries (Woollaston, 2017). Major risks associated with adopting BYOD for Aztek could include the following;
- Data insecurity from hackers
- Lack of proper security controls in employee devices
- Lack of proper mobile device usage could bring in data security susceptibilities
- Mobile device theft since employees use them outside the organizations which can lead to data access by the wrong hands
- BYOD pressures the ICT department to be acquainted with a wide range of mobile gadgets in an effort to link them to the company network since every individual person in the organization will have a different version of a cell phone, notebook or tablet.
- Some companies may be using applications that cannot be installed or are not compatible with particular mobile computing devices that employees bring into the business which could make business procedures stop and affect business performance
6.0 Data security risks
Disputably, a huge concern for BYOD adoption in a financial institution is data and information security (Pillay, et al., 2013). The use of personal devices therefore introduces a lot of risks for the organization. Data security could include the following
- Data loss – employees can easily lose company data as they carry the devices outside company premises
- Data leakage – since individuals are using their own data, it easy to leak company information easily to unauthorized sources which could harm the organization
- Lack of management and control over devices and data contained in them – the organization is limited in controlling and managing employees personal devices
- Susceptibilities due to malicious software installations by users which could harm the organization by creating risks
Therefore, for financial establishments, data security risks and other data compromises, prompts organizational management to upgrade urgency in enabling the setting up of a robust secure environment for BYOD implementation
7. 0 Risk management
Risk assessment refers to an evaluation of IT methodologies that are used to manage risks. Risk management can also be defined as activities that combine risks identification, risk evaluation, strategies to cope with risk and mitigation possibilities (Berg, 2010). As far as organizations are concerned, they can be faced with very many risks factors and therefore require risk management procedures. BYOD brings about many risks as discussed above. It is therefore crucial for organizations including Aztek to have ways to identify and manage those risks.
7.1 Major IT Control Frameworks
- Personally owned, company enabled - BYOD devices can fall in the the POCE group framework category where they purchased or acquired by an individual but controlled by an organization to ensure security (Hassell, 2012).
- Corporate owned, personally enabled – BYOD control and management can also be under COPE category where they owned by an organization but used privately by an individual employee (Hassell, 2012).
7.2 Other existing BYOD control considerations
- Security procedures and policies - include setting security policies for organizational to control acceptable BYOD devices and informing employees of standardized security practices to follow.
- Security culture – involves a set of collaboration, thinking and behaviors amongst employees with regard to how they understand their role towards decreasing data security risks (Thomson, 2010).
- Security Strategy – includes well defined approach to ensure that BYOD application will boost employee productivity and satisfaction without creating risks (Siponen, 2006)
- Security controls – combined with security strategy, security controls reduce BYOD risks, threats and associated vulnerabilities.
- Security training and awareness - educate users on the importance of and security implementation in their devices (Crossler & Belanger, 2009).
Data security approaches
Technology will keep on advancing creating more complexities and concerns such as data security concerns. Improved technologies also mean that hackers and intruders also get access to upgraded intrusion tactics. Organizations that embrace BYOD have to therefore a secure BYOD environment (Paloma, 2013). Organizations such as Aztek can use the following policies to ensure a safe BYOD environment
- Integrated policies and procedures control and management: policy and procedures allow data, systems and applications security by authenticating and authorizing the users. It will therefore be important for Aztek to deploy policies to manage mobile device usage to ensure a secure BYOD environment
- Another way to enable a secure BYOD environment is to ensure corporate network and access security services. BYOD success requires that ICT unit in the business provide the right levels of network and security access to the business network in this case based on each user device and profile. Company employees at Aztek should also be able to securely access the suitable data, services and applications by use of encryption protocols and authentication factors
- Implementing additional levels of security in employee devices with access procedures as well as employee devices owned by the company. This proves essential in ensuring protection of delicate data in the company.
- Mobile device management(MDM) which permits ICT department to monitor devices connected to the organizational and hence deny access from suspicious devices and applications as well as deleting access of employee device that have been reported stolen
- Ensure secure data communications by using secure encryption standards between mobile devices and company network substructures including wireless and wired networks
BYOD implementation is more and more on the rise (Cisco, 2012). There includes valid motives why some organizations would consider embracing bring your own device (BYOD) approach such as to save costs and maintenance of IT resources. Also, mobile computing devices are progressively on the increase in the world today. On one hand, consumers feel at ease when using their own devices to access organization networks which as stated above is very beneficial for the businesses especially the financial institutions. However, on the other hand, organizations need to take into consideration the security measures of mobile device computing and as well as compliance obligations governing mobile device usage. Several organizations have already concluded that BYOD adoption is worth the risks. Others are yet to embrace BYOD technology as they probably tend to conclude the risks involved could be too much for the business. As such, it suffices that BYOD adoption is a matter of an organization weighing the pros and cons of implementation and then deciding on whether to allow the technology or not. Those that allow BYOD adoption need to enforce procedures for data security such as mobile device management and requiring that mobile device access to the company network is monitored and controlled by IT personnel. With this, they will be able to reduce infrastructure costs and IT resources maintenance fees. Conversely, organizations that choose not to embrace BYOD may be able to control data security at a higher level and deal with IT resources procurement and maintenance costs. Whatever option an organization goes by, it is important to note that technology will continuously develop and that together with such advances are associated risks. The important thing is to develop procedures that will help the business manage the likelihood of such risks.
The risk assessment lead recommend that Atzek takes on the adoption of BYOD in the organization so as to save on expenses associated with procuring and maintain IT resources. Such a move will also enable Atzek create a satisfactory working environment for its workforce. As for risks, threats and susceptibilities that could be associated with such implementation, the business can install methodologies that will entirely prevent as well as lessen BYOD implementation risks such as mobile device management, encryption protocols, device authentication and authorization. This will enable conforming to the digital revolution as well as safeguarding organizational data and information
Advisor. (2017, January 3). 23 BYOD Statistics You Should Be Familiar With. Retrieved from www.ingrammicroadvisor.com: https://www.ingrammicroadvisor.com/data-center/23-byod-statistics-you-should-be-familiar-with
BankTech. (2013, June 13 ). Preparing Your Bank for BYOD. Retrieved from www.banktech.com: https://www.banktech.com/channels/preparing-your-bank-for-byod/a/d-id/1295146?
Berg, P. (2010, June ). RISK MANAGEMENT: PROCEDURES, METHODS AND EXPERIENCES . Retrieved from https://www.gnedenko-forum.org/Journal/2010/022010/RTA_2_2010-09.pdf
Bodley-Scott, J. (2014, June 11). BYOD for the financial services sector - are you ready? Retrieved from www.bobsguide.com: https://www.bobsguide.com/guide/news/2014/Jun/11/byod-for-the-financial-services-sector-are-you-ready/
Bradley, T. (2011, December 20). Pros and Cons of Bringing Your Own Device to Work. Retrieved from PC World: https://www.pcworld.com/article/246760/pros_and_cons_of_byod_bring_your_own_device_.html
Celik, H. (2013). The Impacts of Information Technologies on Financial Institutions. Globalization of Financial Institutions, 175-183.
Cisco. (2012). Introduction: BYOD Has Gone Global. Retrieved from www.cisco.com: https://www.cisco.com/c/dam/en_us/about/ac79/docs/re/BYOD_Horizons-Global.pdf
ComputerSolutions. (2017, October 2). THE PROS & CONS OF BYOD IN THE WORKPLACE. Retrieved from www.ezcomputersolutions.com: https://www.ezcomputersolutions.com/blog/the-pros-cons-of-byod/
Crossler, E., & Belanger, F. (2009). The Effects of Security Education Training and Awareness. Journal of Information System Security , 3-22.
Framingham, M., Gens, F., Levitas, D., & Segal, R. (2011). Consumerization of IT study:Closing the consumerization gap. Retrieved from International Data Corporation.
Garlati, C. (2011). Trend micro consumerization report 2011. Retrieved from www.bringyourownit.com: https://bringyourownit.com/2011/09/26/trend-micro-consumerization-report-2011/
Hassell, J. (2012, May 17). 7 Tips for Establishing a Successful BYOD Policy. Retrieved from www.cio.com: https://www.cio.com/article/2395944/consumer-technology/7-tips-for-establishing-a-successful-byod-policy.html
Hurst, B. (2012, August 6). Happiness Is … Bringing Your Own Computer Devices to Work. Retrieved from www.retailwire.com: https://www.retailwire.com/discussion/happiness-is-bringing-your-own-computer-devices-to-work/
IBM. (2017, October 3). IBM Mobile solutions . Retrieved from www.ibm.com: https://www.ibm.com/mobile/
Jeff, J. (2012, August 2). BYOD: Organizations Question Risk vs Benefit. Retrieved from Microsoft: https://cloudblogs.microsoft.com/microsoftsecure/2012/08/02/byod-organizations-question-risk-vs-benefit/
Lund, D., & Silva, J. (2015, October ). Financial Services Optimizing BYOD Strategies for Success. Retrieved from www.business.att.com: https://www.business.att.com/content/whitepaper/optimizing-byod-strategies-for-success-whitepaper.pdf
Mielach, D. (2012, April 26). Worker BYOD: A Double-Edged Sword for Employers. Retrieved from www.businessnewsdaily.com: https://www.businessnewsdaily.com/2423-byod-risk-benefits.html
Miller, D. (2016, December 29). Can BYOD Work for Banks? Retrieved from www.ericom.com: https://www.ericom.com/communities/blog/can-byod-work-for-banks-and-financial-institutions
Monnappa, A. (2016, December 1). What is BYOD (Bring Your Own Device) and Why Is It Important? Retrieved from www.simplilearn.com: https://www.simplilearn.com/what-is-byod-and-why-it-is-important-article
Nerney, C. (2016, November 25). BYOD policy for financial firms. Retrieved from www.mobilebusinessinsights.com: https://mobilebusinessinsights.com/2016/11/byod-policy-for-financial-firms/
Paloma, J. (2013, February 19). A Secure BYOD Environment. Retrieved from Microsoft : https://technet.microsoft.com/en-us/security/jj991910.aspx
Pillay, A., Nham, E., Tan, G., Diaki, H., Senanayake, S., & Saurabh, D. (2013). Does BYOD increase risks or drive benefits? Retrieved from minerva-access.unimelb.edu.au: https://minerva-access.unimelb.edu.au/bitstream/handle/11343/33345/300314_2013_tan_risk.pdf?sequence=1
Siponen, M. (2006). Information Security Standards Focus on the Existence of Process, Not Its. Communications of the ACM, 8-19 .
Thomson, K. (2010). “Information Security Conscience: a precondition to an Information Security Culture. Journal of Information System Security, 3-19.
TrendMicro. (2012). Enterprise readiness of consumer mobile platforms. Retrieved from www.trendmicro.com: https://www.trendmicro.de/cloud-content/us/pdfs/business/reports/rpt_enterprise_readiness_consumerization_mobile_p
Trevor, C. (2013, February 25). Public servants to soon know if they can BYO devices to work. Retrieved from The Sydney Morning Herald: https://www.smh.com.au/it-pro/government-it/public-servants-to-soon-know-if-they-can-byo-devices-to-work-20130225-2f1uk.html
Winjnhoven, A., & Wassenaar, D. (2010). Impact of Information Technology on Organizations: The State of the. lnfernational Journal of lnformafion Management , 35-53.
Woollaston, V. (2017, May 22). WannaCry ransomware: what is it and how to protect yourself. Retrieved from www.wired.co.uk: https://www.wired.co.uk/article/wannacry-ransomware-virus-patch