Browse Definitions :
7 mobile device security best practices for businesses Manage mobile operating system updates with Intune
Definition

BYOD (bring your own device)

What is BYOD?

BYOD (bring your own device) is a policy that allows employees in an organization to use their personally owned devices for work-related activities.

Those activities include tasks such as accessing emails, connecting to the corporate network, and accessing corporate apps and data. Smartphones are the most common mobile device an employee might take to work, but employees also take their own tablets, laptops and USB drives into the workplace.

This rise in the use of personal devices encourages companies to implement BYOD policies. BYOD is not simply to eliminate the need for employees to carry two phones; a BYOD policy is designed to ensure that the employees use strong security practices when connecting to the company network.

How does a BYOD policy work?

A BYOD policy outlines what the company sees as acceptable use of the technology, how to operate it and how to protect the company from cyber threats such as ransomware, hacking and data breaches. It is critical to have a well-defined BYOD policy and understand the risks and benefits of BYOD in the organization.

The policy is generally available in a document that employees must agree to. It outlines that employees who may need to access corporate digital assets can use their personal devices if they meet the requirements outlined within the BYOD policy.

A BYOD policy may include all or some of the following:

  • what constitutes acceptable use of personal devices for business activities;
  • types of mobile devices approved for use by IT;
  • software that must be installed to help secure the device, for instance mobile device management (MDM) or mobile application management (MAM) tools;
  • security measures such as password requirements;
  • user responsibilities around the device and its access to the network;
  • any incentives or cost reimbursement for using personal data plans for work-related activities;
  • a clear definition of the termination policy; and
  • an exit plan when employees no longer wish to use their personal devices for work.

Why is BYOD important?

BYOD provides an important benefit to both companies and their employees. For starters, it creates a significant convenience for employees as they no longer must carry multiple devices with them. It also allows them to choose the type of device they are most familiar with and comfortable using. For companies, BYOD means the IT department no longer has to purchase additional mobile devices for employees. This setup reduces their costs significantly and reduces some of the burden of supporting those mobile devices.

What level of access does BYOD offer?

It is not uncommon to find that BOYD offers employees the same level of access to corporate resources as corporate-owned devices. Exceptions include environments where the data is highly sensitive and under strict regulatory compliance requirements. In that case, IT would limit the level of access for employees using personal devices. These limitations might come up in government organizations, financial institutions that deal with sensitive data, or even top executives at an organization that may be the target of hackers. In those cases, IT departments may deploy corporate devices to help keep them more secure.

What are the risks or challenges of BYOD?

IT generally cannot fully manage a BYOD device, because many employees may not want IT to have control over their personal data. This issue makes it difficult for IT to ensure that hackers are not able to access these devices and deploy tools such as screen recorders or keyloggers. With the rise in security breaches, personal devices are becoming a huge target of cybercriminals.

BYOD vs. corporate-owned policies

The alternative models to BYOD include company-owned, business-only (COBO), and company-owned, personally-enabled (COPE). These two options for device ownership generally mean that the company purchases and owns the devices, and employees can access relevant content and data on the company network. IT is able to implement more controls such as MDM and mobile threat detection tools in this case. These policies may affect employee satisfaction, however, because it requires them to carry additional devices.

BYOD best practices

To successfully implement BYOD, IT must consider the following:

  • Have a written policy in place for employees.
  • Be clear and outline all the necessary details an employee needs to be aware of.
  • Update the policy as technology and the threat landscape change.
  • Detail what is acceptable use of BYOD devices and what is not.
  • Use tools such as MAM to ensure that corporate data is protected.
  • Have a change management and monitoring strategy to ensure employees adhere to the policy.
  • Have processes around addressing lost or stolen devices.
  • Have processes around security incident response.
  • Train employees on BYOD during their onboarding.
  • Set clear expectations on what happens if an employee violates the policy.

Implementing a BYOD policy

For organizations implementing BYOD for the first time, one of the important aspects is setting expectations and training the employees. This should preferably be done during the registration process for the BYOD device or during an employee's HR and IT onboarding.

BYOD has proven to be an attractive policy for companies to adopt. It can bring convenience to employees along with cost savings for the company. Some in IT are concerned that personal devices pose a significant security risk, and without more controls of mobile devices, they are limited in the level of protection they can give. This concern has put some companies in the position of swapping out BYOD for corporate-owned devices.

This was last updated in May 2021

Next Steps

Three enterprise scenarios for MDM products

Understand the basics of mobile device management products

Six questions to ask before buying enterprise MDM products

Continue Reading About BYOD (bring your own device)

Networking
  • network management system

    A network management system, or NMS, is an application or set of applications that lets network engineers manage a network's ...

  • host (in computing)

    A host is a computer or other device that communicates with other hosts on a network.

  • Network as a Service (NaaS)

    Network as a service, or NaaS, is a business model for delivering enterprise WAN services virtually on a subscription basis.

Security
  • WebAuthn API

    The Web Authentication API (WebAuthn API) is a credential management application program interface (API) that lets web ...

  • Common Vulnerability Scoring System (CVSS)

    The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity of security vulnerabilities in ...

  • Dridex malware

    Dridex is a form of malware that targets victims' banking information, with the main goal of stealing online account credentials ...

CIO
  • audit program (audit plan)

    An audit program, also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate ...

  • blockchain decentralization

    Decentralization is the distribution of functions, control and information instead of being centralized in a single entity.

  • outsourcing

    Outsourcing is a business practice in which a company hires a third party to perform tasks, handle operations or provide services...

HRSoftware
  • team collaboration

    Team collaboration is a communication and project management approach that emphasizes teamwork, innovative thinking and equal ...

  • employee self-service (ESS)

    Employee self-service (ESS) is a widely used human resources technology that enables employees to perform many job-related ...

  • learning experience platform (LXP)

    A learning experience platform (LXP) is an AI-driven peer learning experience platform delivered using software as a service (...

Customer Experience
  • market segmentation

    Market segmentation is a marketing strategy that uses well-defined criteria to divide a brand's total addressable market share ...

  • sales pipeline

    A sales pipeline is a visual representation of sales prospects and where they are in the purchasing process.

  • market basket analysis

    Market basket analysis is a data mining technique used by retailers to increase sales by better understanding customer purchasing...

Close