Published on March 1, 2014
INTRODUCTION • Bring Your Own Device (BYOD) has become one of the most influential trends that has or will touch each and every IT organization. • The term has come to define a megatrend occurring in IT that requires sweeping changes to the way devices are used in the workplace. 2
WHAT IS BYOD? • Bring your own device (BYOD) (also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC)) refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications. Source: Wikipedia 3
THE CONFLICT Corporate space Consumer space Devices with functionality limited to phone calls and email Mobile phones Smart phones offering tens of thousands of useful apps, typically iPhone Restricted storage for official files and email What to Store Providers such as Google and Yahoo offering virtually unlimited storage to store whatever you want Long replacement cycles – up to four years for hardware and eight years for software Update Cycles Very rapid updated hardware – immediate download of new apps and services Highly standardized, inflexible and often restricted environment Style and Customization High variety of consumer devices, systems, applications and “skins” 4
BUSINESS DRIVERS Consumer Devices Multiple Needs and Multiple Devices Work and Personal Overlap Anywhere, Anytime Mobility Video, Collaboration, and Rich Media Applications 6
BENEFITS OF BYOD Improved employee convenience and satisfaction Higher agility in business operation Attraction and retention tool for talented workers Increased employee productivity Greater workforce mobility 7
CHALLENGES FOR IT ORGANIZATION Unclear cost benefits Providing Device Choice and Support Maintaining Secure Access to the Corporate Network On-Boarding of New Devices Enforcing Company Acceptable Usage Policies Visibility of Devices on the Network Protecting Data and Loss Prevention Revoking Access Potential for New Attack Vectors Ensuring Wireless LAN Performance and Reliability Managing the Increase in Connected Devices 8
CHALLENGES FOR END USER Keeping it Simple Mixing Personal Device With Work Getting the Productivity and Experience Needed 9
PRIVACY CHALLENGES • Personal nature of device and expectation of privacy • • • Mobile nature of the devices • • Remote working and travel (checking to see if employee is where they are supposed to be) Where monitoring may occur on a personal device: • • • • • Is prohibited web surfing on a company device allowed on the personal device? Personal data: pictures, videos, personal emails, bank statements, tax returns, social security numbers, chat histories, user names/passwords, medical information While connected to the network Data in transmission between personal device and network Monitoring of “sandboxed” or company area of mobile device. Monitoring of entire device (e.g. key stroke logger; recording browser history, etc.) Location 10
PRIVACY CHALLENGES – INVESTIGATIONS • Investigations (internal, criminal, audits) • Security breach response – forensic investigations • Litigation holds • eDiscovery (searching for, preserving and collecting data) • Information requests/demands/subpoenas/regulatory investigations 11
INCIDENT RESPONSE CHALLENGES • Obtaining access to the device and data thereon • • • Physical possession Unlocked/login credentials Unencrypted • Remote wiping • Timing issues • • • Damage to the device • • • • • Incident detection Litigation holds/tampering of evidence Installation of software may be required Data loss Software corruption Loss of use Privacy issues • • Cooperation issue Ability to tie to business need and limit scope 12
Governance & Risk Analysis 13
QUADRANT DIAGRAM High Embrace Contain Disregard Block Value to Business Low Security pressure High 14
BYOD GOVERNANCE • Creation of organization-specific BYOD policies developed in conjunction with Legal, HR, IT, Procurement, Sales, and others • Transparent guidelines on who is eligible or not for the program • New employee agreements for support, risk, and responsibility. • Adjustments to service levels and service desk training. • Funding and reimbursement strategies. • Employee education and IT publishing specifications on acceptable devices. • Customization by country and possible tax implications for both employee and employer 15
BYOD GOVERNANCE • Individual responsibility needs are heightened under BYOD programs • Corporate management needs to be transparent in requiring greater management control over an individual’s devices in order to allow BYOD programs to work • Internal audit team’s knowledge of the organization’s mobile strategy needs to evolve just as quickly as the mobile landscape • Governance must include an interdisciplinary Steering Committee to identify, discuss, and evaluate risks from an interdisciplinary perspective 16
RISK ANALYSIS • Performing a risk analysis prior to implementing a BYOD program is crucial • Interdisciplinary teams should be involved in the risk analysis • Risk assessment should incorporate the likelihood as well as the impact of the risks • Risk analysis should address identification of the associated BYOD information risks to the organization: • • • • Handling of personally identifiable information (PII) Handling of high value organizational information Handling of other data impacted by regulatory compliance (healthcare data, credit card data) Risk assessment mitigation plans must be owned by the business and IT stakeholders and properly implemented 17
Mobile Device Management 18
MOBILE DEVICE MANAGEMENT • Mobile Device Management (MDM) software secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises • MDM functionality typically includes over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones, smartphones, tablet computers, ruggedized mobile computers, mobile printers, mobile POS devices, etc. • By controlling and protecting the data and configuration settings for all mobile devices in the network, MDM can reduce support costs and business risks • The intent of MDM is to optimize the functionality and security of a mobile communications network while minimizing cost and downtime 19
MOBILE DEVICE MANAGEMENT • Mobile Device Management software (MDM) can consist of four main components: • • • • Software management - Manage and support mobile applications, content and operating systems (configuration, updates, patches/fixes) Network service management - Gain information off of the device that captures location, usage, and cellular and WLAN network info (provisioning, usage, service, reporting) Hardware management - Provisioning and support (asset/inventory, activation) beyond basic asset management. Security management - Enforcement of standard device security, authentication and encryption (remote wipe, policy enforcement). 20
Deployment Basics 21
3 MODELS 22
APPLICATION STRATEGIES 23
HIGH LEVEL ARCHITECTURE 24
ACTION POINTS TO OVERCOME SECURITY CONCERNS 26
THANK YOU 28
Bring Your Own Device (BYOD) ist die Bezeichnung dafür, private mobile Endgeräte wie Laptops, Tablets oder Smartphones in die Netzwerke von Unternehmen ...
BYOD: Bring your own device Why and how you should adopt BYOD Start your trial
Bring your own device (BYOD) bezeichnet die Möglichkeit, private mobile Endgeräte auch in Unternehmensnetzwerken und in Netzwerken von ...
History. The term BYOD first entered common use in 2009, courtesy of Intel when it recognized an increasing tendency among its employees to bring their own ...
»Bring Your Own Device« (BYOD) war in der letzten Zeit eines der beliebtesten Themen in Sachen moderne Unternehmenskultur und wurde in unterschiedlichsten
Inspiration strikes when you least expect it. Ideas do not always come to you at your desk. You may be in a meeting, in an elevator, or at lunch. In a BYOD ...
Bring Your Own Device (BYOD) ist im Unternehmen ein Sicherheitsrisiko. Der Einsatz von privaten Smartphones, Tablets und Notebooks durch die Mitarbeiter ...
Bring Your Own Device (BYOD) programs can empower employees with the flexibility to work on personally-owned devices while enhancing security and ...
BYOD is short for bring your own device. In the consumerization of IT, BYOD, or bring your own device, is a phrase that has become widely adopted to refer ...
Bring your own device Security and risk considerations for your mobile device program September 2013. ... typically called bring your own device (BYOD), ...