The case can be summarised as an initiative by Intel to allow its employees to bring their own devices to work. The devices will be allowed to access the company’s information and data and thus lead to security issues within the organisation. This idea is fuelled by the fact that employees were already bringing their own devices to work and using them during office hours. The chief information officer is faced with various dilemmas in the implementation of this proposal. The issues that arise might be beneficial or detrimental to the organization while employee privacy will come at play in the case study..The main concern of the case in the organisation is balancing the security of the organisation, productivity of employees and personal privacy with the increasing number of personal devices brought to work.
The main decision maker, in this case is the Chief Information Security. The decision is driven by the need to have uniform security and adoption of the BYOD initiative. The decision is also based on the surveillance and polling of workers while collecting their views on bringing their own devices to work and its relevance to them and the organization.
Issues Arising from Case
The issue that arises is the extraction of data from this initiative and turn it into a source of competitive advantage while ensuring security for corporate data on devices employees bring to work. Also provision of e-Discovery data on request on devices that employees own without infringing on their privacy. Evaluation of the risk on returns of BYOD and how particular data should be applied in order to arrive at the exact value of BYOD
The Proposed Solution to Issues
Discussion on Best Practices to be adopted by Intel
We can use employee pre-screening before and when employing. Background checks on the employees will enable Intel to further see the integrity and predict their performance. All these have to be done by a pre-employment pact signed by the employees for background checks to be done on them and extend of the checks to protect their privacy. Social media frequency of indulgence monitoring checks will give the organization a glimpse of the productivity and distraction of the employee when they bring their own devices.. Having a software to monitor the performance of any data linked to the organization will safeguard the privacy of the organization data and the software will not monitor personal activities.. Monitoring use of the organization resources, improper use of the personal devices will be defined, statement of the allowable use of the company system and the disciplinary action against employees’ misconduct should be discussed and this will lead to the effective and profitable implementation of the BYOD initiative. To maintain security for the company, access to the system should only be granted by a two key encryption by Advanced Encryption Standard system and mac filtering of allowable devices to the network. The encryption key for access to company resources should generally be changed and different users use different access encryption keys to the company resources
For great operation, the mobile devices brought to work should also have additional features to add to the security of the system. The personal devices allowed should allow selective remote wipe and the remote lock of sensitive information of the company. The devices should have anti-malware protection and transparency of organization data movement from the devices. This will reduce the risk to the organization loss of data
The IT system to monitor the operation of the devices should be designed to respond and sense real operation of the organization data and accommodate organizations desired level of control of the IT environment. Access to company data should be permitted only to a very few cleared individuals outside their offices or else the others should just access it as images that cannot be saved thus prevent intrusion to the source of the information using the device as a gateway. Public key authentication for access to the company data should be implemented using a laid out public key infrastructure. Privilege management infrastructure should be used to ascertain the rights and privileges of the users thus allow access to a certain level of the company data using the defined privileges and define the level of access also when outside the working environment.
Implementation of best security for an organisation in regards to personal devices is always a big issue that should be handled with a lot of care. The privacy of the workers and security of the organization should be given a great consideration to create an effective working environment for any organization. For this case, various issues that face the Bring Your Own Device initiative are discussed with the possible remedy for high performance and security for the organization with reference to Intel Corp.
Chandrasekhar, R. (2013). INTEL CORP.-BRING YOUR OWN DEVICE. Ontario: Richard Ivey School of Business.
IBM, s. s. (2008). IBM Security Technology Outlook: An outlook on emerging security technology trends.
ITU. (2003). Security in Telecommunication and Information Technology: An overview of issues and deployment of existing ITU-T Recommendations for secure telecommunications. International Telecommunication Union.
KPMG, I. (2013). Mobile Security: from risk to revenue. Retrieved February 02, 2016, from http://www.kpmg.com/mobilesecurity
Schwartzreich, W. S. (2011). Employee Privacy Rights: Limitation to Monitoring, Surveillance and Other Technological Searches in the Private Workplace. New York: Outten & Golden LLP.
Scott Cox, T. G. (2005). Workplace Surveillance and Employee Privacy: Implementing an Effective Computer Use Policy. Communications of the IIMA, 5(2), 57-65.
Stallings, W. (2011). Cryptography and Network Security: Principles and Practice (5th ed.). Boston: Prentice Hall.