Riding%20technology%20waves whitepaper


Published on

This 10-page opinion paper from the Riding technology waves series looks at making the bring your own device (BYOD) trend work for you. Examines opportunities and security risks of BYOD in an organisation, security sprawl, meeting BYOD head-on with good security policies. Quotes Jeff Schmidt, Executive Global Head of Business Continuity, Security & Governance, BT Global Services, on educating end-users about security. Eight essentials for an effective BYOD policy.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Riding%20technology%20waves whitepaper

  1. 1. BT AssureRiding technology wavesMaking the bring your own device(BYOD) trend work for you
  2. 2. Making the bring your own device (BYOD) trend work for you Your data is everywhere. It’s on devices you own and devices you don’t; it’s accessed from within your buildings and without; it’s on your network and it’s in the cloud. Now there are no boundaries, how do you keep your data secure? Do you fight the infiltration of personal equipment into the workplace or leave your people to their own devices and work with the trend of bringing your own? What’s clear is that organisations need to reassess their approach to security and how they manage devices.Making the bring your own device (BYOD) trend work for you
  3. 3. Beyond a trend and here to stayCompare every aspect of work today to the picture ten Drivers behind BYOD:years ago; everything’s shifted. • Familiarity/satisfaction of using your choice of device (and possibly operating system).Work is no longer something done solely in the • The pleasure and status that comes from using theoffice between nine and five thirty. Work technology latest piece of tech.is no longer exclusively used for work, saved and • Wanting your technology to have the portabilityshut down at home time. Home and work spheres that suits your lifestyle.have merged and re-formed. We’re more connected, • The convenience of having all elements of life inmore of the time, and our choice of technology one place, on one device — work and personal —reflects who we are. making it easy to flit between the two; and • The power to choose the device that will best support your productivity and responsiveness.
  4. 4. Security sprawl — the big threatGlobal market intelligence provider IDC states that The gap between BYOD belief and realitythe biggest current security threat is security sprawl,the proliferation of ways an organisation’s data can • Half of IT managers report that BYOD is on thebe accessed — and put at risk. rise, and believe it can increase productivity, yet 64 per cent believe it is too risky to allow personalDealing with this sprawl is making IT managers devices to be integrated1. IT managers feelcautious and distrustful of BYOD. Fears include: besieged; 80 per cent say BYOD increasesunknown devices connecting to the network; the IT workload3.increased possibility of security breaches, loss of • In 2010, roughly 30 per cent of informationdata and compliance infringements; and a loss workers surveyed used their own PC orof infrastructure control. But the trend continues smartphone for work. By 2011, that number hadregardless, leaving IT management in the unenviable increased to about 40 per cent1.position of setting security policies after, rather than • Forty per cent of IT decision makers say theybefore, the event. let employees access corporate information from employee-owned devices, yet 70 per cent of employees say they access corporate“Consumerisation, or bring your own device, data that way3.is one of the first things we talk about when Imeet with CIOs. It’s top of mind.”Ted Schadler, Vice President, PrincipalAnalyst serving Content and Collaborationprofessionals, ForresterMaking the bring your own device (BYOD) trend work for you
  5. 5. Making BYOD work for youIt’s simple: say ‘yes’.BYOD is a disruptive trend you need to meet head-on,anticipating the changes it will bring and exploitingthose changes for competitive advantage. You winagainst BYOD by embracing it; drawing it in to youroverall mobility and security policies and making itwork for you.But how you say ‘yes’ is crucial; and the policy,platforms and practices you put in place are thecritical success factors. It’s about a proactive approachto working with business partners (consumers andpartners, as well as employees) to understand needsand help develop solutions that increase business valueand productivity, while protecting corporate assets andmanaging costs at the same time.The key to this is continuity in security policies betweenlaptops and tablets/smartphones, personal devices BYOD highlights security weak spots:and corporate devices — with a focus on securing • Only 50 per cent of organisations enforcecorporate information rather than securing the device. a password policy for mobile devices and even fewer deploy device loss protection technologies — and yet the cost of lost data continues to grow year-on-year2.“It’s irrelevant if it’s your own device. If usersare accessing corporate data, the rules revertto the corporate polices.” • One fifth of people admit to letting their family use their work device to access the internet4.Ray Stanton, Vice President, Professional Services,BT Global Services
  6. 6. People are the key to security Jeff Schmidt, Executive Global Head of Business Continuity, Security & Governance, BT Global Services “Educating the end-users regarding security is essential. In many cases, it’s a user who’s not educated on process and policy who ends up exposing the company, in the spirit of trying to do the right thing. It doesn’t take a lot to explain why policies are in place and why they are important to protecting corporate data. When someone understands the rationale behind policies, they’re more likely to steer clear of actions that could potentially harm the company and its assets.” With BYOD the more you seek to constrain users, the more they will actively work against you, finding alternative ways to achieve their aims. So treat it less as an IT policing issue and more as a business risk-management question.Making the bring your own device (BYOD) trend work for you
  7. 7. Eight essentials for an effectiveBYOD policy1. You can’t control the end point, so you’ve got to 6. Look after your data: classify it so access is control the gateways between the end point and appropriate to the user; encrypt the commercially the network. The best way to do this is by using sensitive; and monitor network traffic on a 24/7 SSL VPNs to encrypt sensitive data coupled with basis to detect threats and understand events. strong authentication to validate users. 7. Put in place a robust process for revoking2. Explain your policy and the reasoning behind it access to your gateways when a user leaves to gain acceptance and compliance. your organisation.3. Enforce a strong authentication policy, 8. Incorporate a spirit of constant review into your including passwords. BYOD policies to make sure you’re staying ahead4. Use a mobile device management (MDM) system, of the consumerisation wave and continually allowing administrators to set policy and then making it work to your advantage. apply that policy across multiple device platforms.5. Get users to put in writing agreement to a remote wipe of their device in the event of loss, decommissioning or theft, as well as agreement to password requirements to access corporate email and general file shares.
  8. 8. BYOD in action — CiscoCisco introduced a BYOD policy in 2009.Now, more than 17,000 Cisco employees use theirown smartphones for work and 400 new iPads areadded each month by employees who prefer touse their own device. They register equipment anddownload a VPN client for connecting with corporatedata, sign a disclaimer that allows remote wipe, andsupport their own IT via an online forum.Company research found that offering a choiceof device was an important consideration topotential employees:“We found globally that 40 per cent ofcollege students and 45 per cent of employeeswould accept a lower-paying job with achoice of device, than a higher-paying jobwith less flexibility.” The BT Global Services portfolio brings youBYOD in action — Citrix powerful security and risk management products to build a sustainable business with added security and resilience in every process. BT Assure combinesCitrix has about 10 per cent of its workforce the necessary elements of IT security managementparticipating in BYOD. with the seamless transition between cloud, hosted, and on-premise — offering well-builtThe company provides an allowance to buy a device solutions to complex problems that are adaptableand employees are required to install antivirus software to the most elaborate network environments in theprovided by Citrix. Citrix provides application support, world. We can help you with all aspects of security,but not device support, so employees have to buy a including the issues raised by BYOD.service contract with a recognised outside provider.And employees must connect through Citrix’s SSL VPN, Please get in touch if you’d like to find out more.Secure Access Gateway.Citrix save between 15 and 20 per cent on TCO.Making the bring your own device (BYOD) trend work for you
  9. 9. Absolute Software.12 Forrester, Tablets Pave Way for Mobile Development: Security Pros Must GetAhead Of App Dev Wave, 2011.IDC 2011 Consumerisation of IT study: Closing the Consumerisation Gap.3BT White Paper: Six things you need to know in 2010.4
  10. 10. Offices worldwideThe telecommunications services described in thispublication are subject to availability and may bemodified from time to time. Services and equipmentare provided subject to British Telecommunications plc’srespective standard conditions of contract. Nothing in thispublication forms any part of any contract.© British Telecommunications plc 2012Registered office: 81 Newgate Street, London EC1A 7AJRegistered in England No: 1800000