Many organizations provide employees the flexibility to use their personal mobile devices to perform work-related activities. An ineffectively secured personal mobile device could expose an organization or employee to data loss or a privacy compromise. Ensuring that an organization’s data is protected when it is accessed from personal devices poses unique challenges and threats. Allowing employees to use their personal mobile devices for work-related activities is commonly known as a bring your own device (BYOD) deployment. A BYOD deployment offers a convenient way to remotely access organizational resources, while avoiding the alternative of carrying both a work phone and personal phone. This NIST Cybersecurity Practice Guide demonstrates how organizations can use standards-based, commercially available products to help meet their BYOD security and privacy needs.
BYOD devices can be used interchangeably for work and personal purposes throughout the day. While flexible and convenient, BYOD can introduce challenges to an enterprise. These challenges can include additional responsibilities and complexity for information technology (IT) departments caused by supporting many types of personal mobile devices used by the employees, enterprise security threats arising from unprotected personal devices, as well as challenges protecting the privacy of employees and their personal data stored on their mobile devices.