BYOD:
Managing the Risks of
Bring Your Own Device
Policies
Prof. Jonathan I. Ezor
Director
Touro Law Center for Innovation...
Wireless Devices
Key to Modern
Business
• Access to data
• Communications
– Colleagues
– Clients/Customers
– Others
• Mobi...
Challenges of Mobile
Implementation
• Cost
• Platform choice
• Updates/Upgrades
• Training
• Support
• Vendor changes (e.g...
BYOD: Leveraging
Employee Choices
• Employees increasingly buying/updating
personal devices
• May be more sophisticated th...
Balancing BYOD
Benefits and Risks
• BYOD not without risks, including
– Employee-driven vs. mission-driven
– Complexity an...
jezor@tourolaw.edu
• Choice of approved devices should reflect
business needs
– IT platform
– Applications & functionality...
jezor@tourolaw.edu
Complexity And Cost
Of Support
• Diversity of hardware/OSes means almost
unlimited potential support ob...
jezor@tourolaw.edu
Software and
Licensing
• Organization’s software may include licensing
restrictions
– Enterprise vs. pe...
jezor@tourolaw.edu
Security
• Multiple potential security breach vectors on
mobile devices
– Malware
– Insecure WiFi
– Une...
jezor@tourolaw.edu
Confidentiality
• Every mobile device a potential data breach
channel
– Mass storage
– Lost/stolen devi...
jezor@tourolaw.edu
Personal Vs.
Professional
• Boundaries always a problem for mobile
workforce
• Use of personal devices ...
http://ezor.org/a7k4n
Allen v. Chicago
jezor@tourolaw.edu
Compliance
• Requirements may not exclude personal devices
– Document/correspondence retention
– Securi...
jezor@tourolaw.edu
Litigation
• Discovery requests may/should include employee
devices
• True of home computers as well as...
jezor@tourolaw.edu
Risk Management for
BYOD
• Implementation must include awareness,
management of risks
• Involve all sta...
jezor@tourolaw.edu
• Written policy on supported devices/platforms/uses
• IT infrastructure chosen/configured to enhance s...
Professor Jonathan I. Ezor
jezor@tourolaw.edu
@ProfJonathan on Twitter
Questions?
10-8-13 BYOD Risk Presentation for Nassau County Bar Committee
Upcoming SlideShare
Loading in...5
×

10-8-13 BYOD Risk Presentation for Nassau County Bar Committee

278

Published on

Presentation on BYOD risk management by Jonathan I. Ezor of the Touro Law Center for Innovation in Business, Law and Technology for the Corporation/ Banking & Securities Law Committee of the Nassau County Bar Association in Mineola, NY on October 8. 2013.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
278
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

10-8-13 BYOD Risk Presentation for Nassau County Bar Committee

  1. 1. BYOD: Managing the Risks of Bring Your Own Device Policies Prof. Jonathan I. Ezor Director Touro Law Center for Innovation in Business, Law and Technology jezor@tourolaw.edu Nassau County Bar Association Corporation/ Banking & Securities Law Committee October 8, 2013
  2. 2. Wireless Devices Key to Modern Business • Access to data • Communications – Colleagues – Clients/Customers – Others • Mobile workforce • 24/7/365 workcycle • Instant responsiveness demands jezor@tourolaw.edu
  3. 3. Challenges of Mobile Implementation • Cost • Platform choice • Updates/Upgrades • Training • Support • Vendor changes (e.g. Blackberry) jezor@tourolaw.edu
  4. 4. BYOD: Leveraging Employee Choices • Employees increasingly buying/updating personal devices • May be more sophisticated than company standard • Employees may cover some/all costs • Personal familiarity may reduce training need • Major platforms increasingly interoperate jezor@tourolaw.edu
  5. 5. Balancing BYOD Benefits and Risks • BYOD not without risks, including – Employee-driven vs. mission-driven – Complexity and cost of support – Software and licensing – Security – Confidentiality – Personal vs. professional – Compliance – Litigation • Must balance risks with rewards jezor@tourolaw.edu
  6. 6. jezor@tourolaw.edu • Choice of approved devices should reflect business needs – IT platform – Applications & functionality – Security • Employee requests can conflict • Failure to support owned devices can undermine BYOD intention • Consumer devices for business purposes Employee-Driven Vs. Mission-Driven
  7. 7. jezor@tourolaw.edu Complexity And Cost Of Support • Diversity of hardware/OSes means almost unlimited potential support obligation • Everything from setup to chargers to software • Employees may expect or demand support from IT staff • Refresh cycle a factor as well
  8. 8. jezor@tourolaw.edu Software and Licensing • Organization’s software may include licensing restrictions – Enterprise vs. personal devices – Number of total/concurrent users – Expiration of licenses/versions/support • Older licensed software may not support new mobile platforms • Need to consider existing licenses, negotiate new ones with BYOD in mind • Interoperability of software also a factor
  9. 9. jezor@tourolaw.edu Security • Multiple potential security breach vectors on mobile devices – Malware – Insecure WiFi – Unencrypted connections – Utilities – Older versions of OS • Consumer devices may offer fewer security options than business-specific ones • Some devices support VPN, push profiles for security settings
  10. 10. jezor@tourolaw.edu Confidentiality • Every mobile device a potential data breach channel – Mass storage – Lost/stolen devices – Backups • Employees may share devices with family, others • Use may violate NDAs, regulatory/legal requirements • Risks of accidental breaches – GPS – EXIF data – Social media
  11. 11. jezor@tourolaw.edu Personal Vs. Professional • Boundaries always a problem for mobile workforce • Use of personal devices exacerbates challenges • Harder to establish, enforce limitations on personal use • Labor laws also potentially involved
  12. 12. http://ezor.org/a7k4n
  13. 13. Allen v. Chicago
  14. 14. jezor@tourolaw.edu Compliance • Requirements may not exclude personal devices – Document/correspondence retention – Security – Privacy – Tax • Auditors, enforcement officials may require access to employee devices • Also more difficult to change practices for new/changed regulations
  15. 15. jezor@tourolaw.edu Litigation • Discovery requests may/should include employee devices • True of home computers as well as BYOD • Holds, deletion policies also face challenges • Shared devices also an issue • Employees may be uncomfortable opening personal equipment to scrutiny
  16. 16. jezor@tourolaw.edu Risk Management for BYOD • Implementation must include awareness, management of risks • Involve all stakeholders – IT – Legal – Finance – Operations – HR – Employees • Plan, budget for training and support • Communicate decisions and rationale to all
  17. 17. jezor@tourolaw.edu • Written policy on supported devices/platforms/uses • IT infrastructure chosen/configured to enhance security as well as convenience • Educational materials for most-common devices – Setup – Security – Remote wiping – Encryption • Ongoing review of implementation, issues • Verify insurance and other risk management coverage Best Practices for BYOD
  18. 18. Professor Jonathan I. Ezor jezor@tourolaw.edu @ProfJonathan on Twitter Questions?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×