The implementation of bring your own device (BYOD) policies in high-security environments is open for debate, and the enormous benefits related to BYOD must be compared with the level of security an organization is able to reach for its infrastructure. In high-security environments, the problem is particularly acute, given the confidential nature of the information processed. A defensive approach to BYOD security is justified in such cases because the risk of security breaches is enormous.

As we break down key BYOD policy considerations, let’s break down the concept. The term BYOD refers to the policy of permitting employees to use their personal mobile devices to conduct business functions — like accessing their email and company documents. Of course, any time personal devices are used to access or store company information, the company becomes vulnerable to data breaches. As the number of cyber threats against mobile devices grows, it is critical that BYOD security and privacy policies are established as part of an overall information security policy.

When developing a BYOD policy, it is necessary to consider the many facets of mobile technology in order to develop a multilayered approach:

Mobile Device Management

In a BYOD environment, it is necessary to establish controls to regulate the way personal mobile devices access the organization’s network. One way to do this is by using a mobile device management (MDM) application. MDMs are software designed for mobile security administration and can implement various functionalities such as application management, data protection and policy compliance verification. Through the Solutions Exchange, Samsung is working closely with many of the leading MDM providers to provide seamless integration on its devices.

Virtual Environments

In a high-security environment, the volume of data left on mobile devices as a result of processing must be minimized — in other words, mind your data footprint. Data must be protected when stored in devices and when transmitted over unsecured channels. The adoption of virtual environments that replicate real environments and related functionalities can be used to customize data access based on the user’s profile. Every user accesses an image of a real environment based on their profile. In this way, the impact on the real environment from any potential cyber attacks is mitigated.


In a BYOD, high-security environment, only a limited number of applications should be allowed on the device, and in some cases, legitimate mobile applications should be improved with the development of custom security features. Application provisioning and patch management are essential processes for securing mobile applications in a BYOD context. In order to enforce security policies for mobile devices, companies should adopt mobile device management and mobile application management solutions.

Encryption and Containerization

Data encryption is a proven method of data protection, and it has been used by the U.S. government and the military for years to safeguard the country’s most confidential information. In a BYOD setting, the use of Virtual Private Networks (VPNs) is encouraged as it employs encryption and can help to secure the device’s connection to a corporate network.

Any BYOD policy should aim to separate business data and personal data that reside on the same device. This could be achieved by implementing sandbox mechanisms, which limit the access to a specific set of data from each application. The mobile OS sandboxing model is a paradigm that could bring significant improvement for the security aspects of a BYOD policy. Another option is to use applications that implement their own data separation.

Implementing a BYOD Security Policy

In today’s high-security BYOD environment, organizations need to adopt a multilayered approach in mobile security defense. A BYOD security policy will evolve over time and should be periodically revisited to achieve security, productivity and privacy goals, even as threats evolve. In high-security environments, the policies are only as effective as the staff that uses them. It is critical that employees are constantly trained and informed of the internal security policies, including BYOD security.

The adoption of a BYOD policy is a challenge, but one that can deliver significant benefits in terms of greater employee satisfaction and increased productivity.

Are you considering a BYOD policy? Protect your company’s valuable information with Samsung Knox™

Posts By

Pierluigi Paganini

Pierluigi Paganini is the chief information security officer at Bit4Id, member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, ECIPS, Cyber Threat Intelligence Network (CTIN), (ISC)2 Italy Chapter and CLUSIT. He is a security evangelist, security analyst, freelance writer and editor-in-chief at "Cyber Defense Magazine." Follow him on Twitter: @securityaffairs.

View more posts by Pierluigi Paganini