A Framework For Enhancing Corporate Data Security In A Bring Your Own Device (Byod) Environment: A Case Of Government Organizations In Kenya.

Abstract

Information and Communication Technology (ICT) has become an integral part of the lives of many people today. In the business scene, ICT has been embedded into the fabric of many organizations. The modern business environment is highly dynamic and is characterized by increased competition and changing employee and customer demands. Emerging technologies such as Cloud Computing, Mobile Computing and Bring Your Own Device (BYOD) have shifted the trajectory of how Information Technology (IT) is consumed. This shift has resulted in a phenomenon referred to as IT Consumerization. Proliferation of mobile devices such as smart phones and tablets has led to a notable shift in the way organizational resources are accessed by employees. Organizations are now adopting BYOD which allows employees to use their personal devices to access sensitive organizational data both within the organization and remotely. The greater capability and flexibility that these cutting-edge devices offer make them popular among many employees especially the younger generation. Adoption of BYOD by organizations presents various benefits such as increased employee productivity, better customer service and increased efficiency. Government agencies in Kenya are increasingly adopting the BYOD concept in line with the Government’s digitization program aimed at increasing efficiency of Government services and as a cost-cutting measure. However, the biggest challenge to successful adoption is the security of sensitive data. BYOD adoption presents data security risks such as loss of data, data leakages, distributed denial of service (DDoS), malware and other vulnerabilities. Various Government agencies have in the recent past experienced cyber-attacks from criminals targeting sensitive and confidential information stored by these agencies. Recent cyber security reports have also identified Government agencies as the most vulnerable organizations in terms of cyber security risk. Despite the increased security risks brought about by BYOD adoption, Government organizations continue to implement traditional security frameworks which may not address the unique vulnerabilities brought about by BYOD. It is therefore important to identify the specific risks and challenges facing BYOD adoption in Government organizations and to review the frameworks that have been put in place by these organizations to address these challenges. The study identified these challenges, reviewed the effectiveness of the existing frameworks and developed an enhanced holistic framework that would ensure secure BYOD adoption. This would enable the organizations to enjoy the benefits of BYOD while at the same time ensuring that the security of sensitive data is not compromised. The target population for this study was the ICT experts, administrators, or managers in 90 government agencies in Kenya. The study results would be useful to government organizations including the Ministry of ICT and other policy makers and IT professionals because it pointed out the specific issues or risks facing BYOD adoption in Government and recommended possible solutions to these challenges through a multi-layered security framework.