Bring your own network (BYON) is the ability of end users to create or access alternative networks when the available options are not satisfactory for their purposes. The specifics of BYON differ depending on whether the term is being used by a network administrator concerned with protecting corporate data or by a vendor who provides Internet access to mobile end users as a service. When a network administrator talks about BYON, he is describing the ability of employees to create personal area networks (PANs) as an alternative to the corporate network. Vendors use the term to describe a service that allows remote employees to subscribe to a global wireless broadband network instead of connecting to insecure public hot spots or relying on spotty cellular coverage.
In the enterprise, BYON is an offshoot of the BYOD movement. Many employees who bring their own computing devices to work also have the ability to create a wireless hot spot by tethering their mobile phone's cellular connection to some other computing device. Employees can also create hot spots by bringing in a small wireless router that plugs into an electrical outlet (see MiFi ). In some organizations, employees "bring their own networks" to access social media or shopping websites blocked by administrators.
Once an ad hoc network has been created, employees often stay connected to the network they've created and log into corporate applications, which can cause problems. For example, corporate data that passes through the ad hoc network cannot be monitored and may not be secure. In addition to exposing potentially sensitive corporate information, data traveling outside the corporate network can introduce new malware threats and place other corporate data at risk.
Administrators generally deal with the security issues caused by BYON in one of three ways. Some create mobile policies that prohibit employees from using personal networking devices at work. Other administrators create secondary secure wireless networks that employees are allowed to access with personal devices. A third, more controversial approach, is to have each employee sign a document that holds the employee personally responsible for any lost data or security threat introduced to the corporate network by the employee's personal device. Although the legality of this last approach has been questioned, some administrators feel that when an employee signs such a document, the real payoff is that it makes him keep security in mind when using personal Internet-capable devices at work.