Print Email Facebook Twitter A Framework of Technologies and Security Controls towards the Support of 'Bring Your Own Device Programmes' in Organizations Title A Framework of Technologies and Security Controls towards the Support of 'Bring Your Own Device Programmes' in Organizations Author Bougioukos, D. Contributor Pieters, W. (mentor) Van Eeten, M.J.G. (mentor) Broekhans, B. (mentor) Westerlaken, R. (mentor) Faculty Technology, Policy and Management Department ICT Programme Management of Technology Date 2013-10-07 Abstract The diffusion of mobile devices in the market place has been tremendous in the last several years. Devices such as smartphones and tablets have become a must-have for contemporary consumers. This development has not left enterprises and organizations unaffected as employees express the desire of using the same devices and consumer technologies at their workplace. As such, organizations have started adopting ‘Bring Your Own Device’ (BYOD) policies. Employees are allowed to bring their personal mobile devices and use them to access critical information or services in the corporate network. The introduction of BYOD programmes stands to deliver several benefits to organizations. However, it presents certain challenges notably in the area of technology and information security. Currently, there are a lot of propositions in industrial literature while fewer in the scientific literature with respect to tackling the technology and information security implications of the trend. It is identified that these propositions are mostly unsystematic while also taking a solution proposing approach. In this sense, decision making efforts of organizations based on lightweight approaches might fail to capture distinct aspects of BYOD supporting technologies and security controls. As such, in this thesis we develop a framework of technologies and security controls to support the content of the decision making process of interested organizations to introduce BYOD programmes. Namely, we investigate the BYOD trend with a desk research shedding light on its origins, the drivers pushing it, the beneficial opportunities and the key challenge areas that are posed to interested organizations. Focusing on the security challenges we investigate the advancements in the threat landscape of mobile devices by reviewing relevant literature and asking the opinion of security experts. Subsequently, we collect from literature the technologies that stand to support employee-owned devices in the corporate network while also the security controls that can assure the protection of sensitive information manipulated over them. Based on this identification we embark on gathering empirical insight to establish a picture on the effectiveness of proposed technologies and residual risks underlying the proposed security controls. For this purpose, we perform semi-structured interviews with security experts and we obtain results from security audits. Next, we consolidate the information gathered for the development of the framework. The framework constitutes a systematic approach comprised of four layers. The layers entail the important areas for decision making, particularly in the area of technologies and security controls, towards the allowance of employee-owned devices for business use. The framework is addressed to practitioners coming from various types of organizations while also researchers in the field of BYOD. Finally, we attempt to evaluate the quality and usability of the framework by asking the opinion of experts. The expert assessment reveals the strong points and shortcomings of the developed framework. Concluding we reflect on the research results, the artifact built and we discuss the limitations while suggesting ideas for future work. Subject Bring Your Own DeviceMobile SecurityMobile ThreatsMobile Device Management TechnologiesBYOD Framework To reference this document use: http://resolver.tudelft.nl/uuid:5079fbee-57ee-4819-a5c7-b4900e4030b7 Embargo date 2015-10-07 Access restriction Campus only Part of collection Student theses Document type master thesis Rights (c) 2013 Bougioukos, D.