Putting IT Back in Control of BYOD


Published on

Over the past several years, one of the most important trends to impact organizations of all sizes – but particularly mid-sized and large organizations – is for employees to use their own smartphones and tablets in the course of their work. The so-called Bring Your Own Device (BYOD) trend was initiated several years ago, often by senior executives who had purchased an Apple iPhone or an Android device and then requested their IT department to support it instead of, or in addition to, the mobile device that the company had supplied to them. Osterman Research includes as a key element of the BYOD trend the various applications that employees use as part of their work, such as personal file sync services.

Published in: Business, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Putting IT Back in Control of BYOD

  1. 1. WHITE PAPER Putting IT Back in Control of BYODON An Osterman Research White Paper Published June 2012 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 • Black Diamond, Washington • 98010-1058 • USA Tel: +1 253 630 5839 • Fax: +1 253 458 0934 • info@ostermanresearch.com www.ostermanresearch.com • twitter.com/mosterman
  2. 2. Putting IT Back in Control of BYODEXECUTIVE SUMMARYOver the past several years, one of the most important trends to impact organizationsof all sizes – but particularly mid-sized and large organizations – is for employees touse their own smartphones and tablets in the course of their work. The so-calledBring Your Own Device (BYOD) trend was initiated several years ago, often by seniorexecutives who had purchased an Apple iPhone or an Android device and thenrequested their IT department to support it instead of, or in addition to, the mobiledevice that the company had supplied to them. Osterman Research includes as a keyelement of the BYOD trend the various applications that employees use as part oftheir work, such as personal file sync services.To understand just how pervasive this trend has become, Osterman Researchconducted a survey of 760 individuals with regard to the BYOD issues they face intheir organizations. We found, as shown in the following figure, that unlike RIMBlackBerry smartphones – the traditional mainstay among corporate smartphoneusers – personally owned Apple iPhone and iPads, as well as Android smartphonesand tablets, are more common than their company-supplied counterparts. The so-called Bring Your OwnPenetration of Mobile Devices by Ownership (As a % of Users) Device (BYOD) trend was initiated several years ago, often by senior executives who had purchased an Apple iPhone or an Android device and then requested their IT department to support it instead of, or in addition to, the mobile device that the company had supplied to them.Our research also found widespread use of third party, cloud-based storage and filesynchronization offerings that are sometimes used with IT’s blessing, but more oftennot: Dropbox, for example, is used in 14% of 1,000+ employee organizations withIT’s blessing – and in 44% of them without approval.KEY TAKEAWAYS• The BYOD trend for both mobile devices and employee-managed applications is pervasive and growing. Although most common in smaller organizations, even very large enterprises are experiencing the impact of BYOD.• BYOD offers various benefits, including more efficient work by employees, possibly lower IT costs and improved corporate morale.• At the same time, BYOD is fraught with risks that include reduced protection from malware and data breaches, various legal and regulatory problems, more©2012 Osterman Research, Inc. 1
  3. 3. Putting IT Back in Control of BYOD difficult management of content for activities like eDiscovery or regulatory compliance, corporate governance obligations that are more difficult to satisfy, and often higher costs.• A large proportion of organizations have not fully embraced the impact of BYOD. For example, our research found that even among organizations with 1,000 or more employees, only 54% have a formal IT policy for supporting personally owned mobile devices used for work purposes; the proportion of smaller organizations that have such an IT policy is even lower.• A failure to put IT in control of BYOD is having a negative impact: between 12% and 33% of organizations (depending on the number of employees) report that the use of smartphones is being hindered or slowed because IT cannot manage them to the extent they would like; 20% to 42% of organizations report the same for the use of tablets.• There is also concern about corporate data that is stored by third party, cloud- Organizations based providers: between 43% and 62% of organizations are concerned or very should concerned about this issue. implement• Organizations should implement policies and technologies that will channel the policies and BYOD trend into appropriate management of corporate data and assets instead of banning the use of personal devices and applications outright. technologies that will channel theABOUT THIS WHITE PAPERThis white paper discusses the BYOD trend and provides data from an extensive BYOD trend intosurvey conducted specifically for this document. The white paper also provides a appropriatebrief overview of its sponsors – Accellion, Colligo Networks, EdgeWave, HyperOffice,McAfee and YouSendIt – and their relevant offerings. management of corporate data and assetsTHE GROWING TREND TOWARD BYOD instead ofWHAT EXACTLY IS “BYOD”? banning the useBring Your Own Device (BYOD) is exactly what its moniker implies: the growing trendfor employees to use personally-owned smartphones, tablets, laptops and other of personalplatforms to access corporate applications like email and databases; and to create, devices andstore and manage corporate data using these devices. For example, our researchfound that business email and Web browsing are the most commonly used business applicationstasks for which mobile devices are used (employed by 99% and 93% of users, outright.respectively), but use of personal social media, corporate social media and storage ofbusiness-related documents are also commonly used.Osterman Research actually takes a somewhat broader approach to BYOD to includeapplications like personal file sync services and Skype as part of this trend, since theimplications from the use of these tools – which are typically downloaded byindividual users for their personal use – are identical: corporate data is accessed,created, stored and managed using tools that are under the direct control ofemployees, more or less independently of corporate IT departments and most oftenwithout their blessing and often without their knowledge.BYOD IS PERVASIVEJust how pervasive is the BYOD trend? The research we conducted for this whitepaper, and presented in the following figure and table, demonstrates that BYOD isquite common across organizations of all sizes.©2012 Osterman Research, Inc. 2
  4. 4. Putting IT Back in Control of BYODUse of Personally Owned Mobile Devices for Work-Related Purposesby Organization Size (As a % of Organizations) Individuals are generally freer to make impulse purchases in response to the latest and greatestPenetration of Cloud-Based Applications by Organization Size hardwareAs a % of Organizations announcements – Up to 99 100-999 1,000+ IT departments Employees Employees Employees typically make Dropbox Used w/IT’s blessing 40% 21% 14% Used w/o IT’s blessing 32% 49% 44% more well- Not used 28% 30% 42% informed, more Google Used w/IT’s blessing 24% 12% 10% well thought-out Docs Used w/o IT’s blessing 19% 39% 42% Not used 57% 48% 48% decisions about YouSendIt Used w/IT’s blessing 18% 8% 4% purchasing Used w/o IT’s blessing 14% 17% 22% capital equip- Not used 67% 75% 73% ment.The pervasiveness of BYOD is also borne out by other research. For example:• A Research and Markets study found that 65% of enterprises worldwide will adopt BYOD to some extent by the end of 2012i.• An Aberdeen Group study found that 75% of companies permit BYODii.• Equanet reports that 71% of tablets used in a business setting are employee- ownediii.• Some companies are migrating to a completely BYOD approach, such as Cisco, where 100% of mobile devices are provided by employees and not the company itselfiv.EMPLOYEES ARE DRIVING BYOD BECAUSE…There are several drivers for BYOD. For example, employees often want newer,faster and overall higher performance hardware than what their employer provides©2012 Osterman Research, Inc. 3
  5. 5. Putting IT Back in Control of BYODfor them across a variety of platforms: desktop PCs, smartphones, tablets, etc. Thisis due in part to the fact that decisions about personal devices are not constrained bythe return-on-investment and limited budget considerations that often limit ITdecision making. Moreover, individuals are generally freer to make impulsepurchases in response to the latest and greatest hardware announcements – ITdepartments typically make more well-informed, more well thought-out decisionsabout purchasing capital equipment and do so during normal hardware refreshcycles. In short, individuals who buy new hardware for themselves are notconstrained by the need to make a business case for their purchases.With regard to the widespread use of applications like personal file sync services orSkype, or the hundreds of thousands of other applications available via the Apple orAndroid apps stores, there are somewhat different drivers involved. For example:• A growing proportion of employees work at home as part of formal or informal telework programs and so are not as constrained by their IT department about downloading and installing applications that may or may not have been vetted for use on the corporate network.• Many IT departments impose file-size limits or prevent the sending of certain Many employees types of content in the corporate email system to maintain acceptable network or application performance or to protect against malware. are happy to accommodate –• Many users have multiple workplaces: their cubicle, their home office, Starbucks, airplanes, etc., and so need to have access to all of their files – and the latest or are at least versions of their files – on their laptop, their tablet and their smartphone. willing to accept• IT departments often cannot afford to deploy all the tools that users need, the – a blurring of vetting process for these applications is too slow to meet users’ expectations, or the distinction the IT department simply does not allow certain tools to be used because of concerns over corporate security, the potential for data breaches, etc. between work and personal life Finally, many employees are happy to accommodate – or are at least willing to• accept – a blurring of the distinction between work and personal life and so need and so need access to critical applications and data on every platform, whether supplied by access to critical their employer or not. applications and data on everyTHE BENEFITS OF BYOD platform.There are three fundamental benefits that the trend toward BYOD can provide:• Users are more efficient One of the primary ways in which BYOD helps users is by making them more efficient. Having access to every file and every email from any hardware platform or Web browser enables users to get more work done. For good or bad, numerous surveys have found that a large proportion of employees check email and do other work after hours on weekdays, on weekends and on vacation. BYOD is a key enabler of this phenomenon.• Corporate costs can be reduced At least in the short term, corporate costs can be reduced by having employees fund some or all of their mobile device and cloud-based application requirements. For example, while many employers will pay for employees’ mobile devices outright, some provide only partial reimbursement, if that. A comScore MobiLens study of BlackBerry users in late 2011 found that 22% of employers provide only partial reimbursement for users’ devicesv. Moreover, an Aberdeen Group study found that carrier costs for employee-owned devices are $10 per month per device lower than if the company owns the devicevi.©2012 Osterman Research, Inc. 4
  6. 6. Putting IT Back in Control of BYOD• Employee retention and satisfaction can be improved There is also some evidence to suggest that when employees are permitted to choose their own mobile device their job satisfaction is higher. For example, an Aberdeen Group study found that 61% of companies that permit employees to use their own mobile device experience higher employee satisfactionvii.THE DANGERS OF BYODSECURITYOne of the fundamental dangers of BYOD is that personally owned and manageddevices used to create, access and store corporate data will typically bypass inboundcontent filtering systems that have been deployed by IT. One result of this is apotentially greater likelihood for malware intrusion, particularly for Android devices.For example, F-Secure found that for the 12-month period ending in the first quarterof 2012, the number of new Android-focused malware families and variants hadincreased from 10 to 37, and the number of malicious Android-focused applicationpackage files had increased from 139 to 3,063viii. Moreover, personally owneddevices will normally bypass outbound content filtering systems, resulting inpotentially more violations of corporate and regulatory policies focused on encrypting One of thesensitive content or preventing disclosure of confidential information. Add to this thefact most personally owned devices cannot be remotely wiped if they are lost, leading fundamentalto a much greater likelihood of data breaches and loss of intellectual property. dangers ofThe greater security risk posed by the use of personally owned devices was borne out BYOD is thatin the research conducted for this white paper. For example, in organizations with at personally ownedleast 100 employees, we found that: and managed• 69% of company-owned smartphones can be remotely wiped if they are lost devices that are compared to only 24% of personally owned smartphones. Similarly, 54% of company-owned tablets can be remotely wiped versus only 21% of personally used to create, owned tablets. access and store• 44% of company-owned smartphones and 38% of company-owned tablets can corporate data be scanned for malware; the figures for personally owned smartphones and will typically tablets are 10% and 9%, respectively. bypass inboundMoreover, BYOD can increase the likelihood that sensitive or confidential corporate content filteringinformation will be breached. For example, researchers in a UK-based study acquired49 mobile devices that had been resold through secondary markets; forensic systems that haveexamination of the devices resulted in the discovery of information on every device been deployed byand a total of more than 11,000 pieces of information collectively from all of the IT.devicesix.LEGAL AND REGULATORY PROBLEMSAnother danger of BYOD – and one that also affects employers who provide mobiledevices themselves – is that non-exempt employees may have to be paid for theirafter-hours work using mobile devices. This applies to employers who require thiswork, as well as to those that are simply aware of it. For example, companiesincluding T-Mobile and Black & Decker have been sued by employees for their unpaidovertime as a result of doing work with their smartphones after hoursx. In the caseof Scheinder v. Landvest Corporationxi, the court ruled that “an employer is obligatedto pay an employee for all hours worked, even those in addition to his or her pre-scribed schedule, if the employer knows or has reason to know that the employee isworking additional hours”. Terremark Worldwide was sued in a 2008 class actionbecause Data Return LLC, a company that it had acquired, allegedly requiredemployees to respond to phone calls and emails after hours from their mobiledevicesxii.It is also important to note that firms registered with FINRA and the SEC are requiredto archive and monitor communications via smartphone. For example, FINRA©2012 Osterman Research, Inc. 5
  7. 7. Putting IT Back in Control of BYODRegulatory Notice 07-59xiii states “…a firm should consider, prior to implementing newor different methods of communication, the impact on the firm’s supervisory system,particularly any updates or changes to the firm’s supervisory policies and proceduresthat might be necessary. In this way, firms can identify and timely address anyissues that may accompany the adoption of new electronic communicationstechnologies.”CONTENT RETENTION AND MANAGEMENTSmartphones and tablets contain a significant proportion of corporate data.Osterman Research has found that more than five percent of corporate data is storedjust on users’ smartphones – we expect this figure to soar during the next 24 monthsas iPads and other tablets are employed in much larger numbers. Employee-ownedand controlled devices make access to this data by corporate IT or compliancedepartments much more difficult, such as during an eDiscovery exercise. This is notonly because of the difficulty that might be encountered in physically accessing thesedevices, but also because of the potential privacy and other legal issues that areraised by companies accessing their employees’ personal property.From a purely practical standpoint, knowing what data is available on mobile devicesbecomes more difficult. This is particularly problematic for legal counsel and others Placing a hold onthat must assess the information that the organization has available to it duringeDiscovery, early case assessments, legal holds and similar types of litigation-related mobile data mayactivities. Moreover, the likelihood of spoliation of content stored on personally be more difficultowned devices is much greater simply because it is not controlled by the IT orcompliance department. than it is for traditionalWith regard to just the legal hold issue, when data that might be required in a legal systems – andaction must be held back from the normal deletion cycle or from users’ arbitrarydeletion, it is imperative that an organization immediately be able to retain all much morerelevant data, such as emails sent from senior managers to specific individuals or difficult when itclients. Placing a hold on mobile data may be more difficult than it is for traditionalsystems – and much more difficult when it is located on devices that are under the is located oncontrol and ownership of individual employees. devices that areCORPORATE GOVERNANCE under the controlThere are a growing number of corporate governance obligations with which virtually and ownership ofevery organization must comply, but particularly those in heavily regulated industries.These obligations, which are focused primarily on the archiving, encryption and individualmonitoring of certain types of communications, include the following: employees.• The Payment Card Industry Data Security Standard is a set of requirements for protecting the security of consumers’ and others’ payment account information. It includes requirements for building and maintaining a secure network, encrypting cardholder data when it is sent over public networks and assigning unique IDs to each individual that has access to cardholder information.• The Gramm-Leach-Bliley Act requires financial institutions to protect sensitive information about individuals, including their names, addresses, and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers.• The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare and other organizations to protect sensitive health records of patients and others. However, the “new” HIPAA that took effect during the first quarter of 2010 greatly expands the impact of the law. For example, while HIPAA previously applied mostly to physicians, medical practices, hospitals and the like, now the business associates of these entities will be required to comply with HIPAA’s rules about the security and privacy of protected health information (PHI). That means that accountants, benefits providers, attorneys and others©2012 Osterman Research, Inc. 6
  8. 8. Putting IT Back in Control of BYOD that are given access to PHI will now be fully obligated to comply with HIPAA.• Electronic recordkeeping rules established by the SEC, FINRA, FSA and other regulatory bodies are focused on financial services organizations’ obligations to monitor and archive communications between registered firms and their customers.• The Federal Rules of Civil Procedure obligate organizations to manage their data in such a way that it can be produced in a timely and complete manner when necessary, such as during legal discovery proceedings.• The Sarbanes-Oxley Act of 2002 obligates all public companies and their auditors to retain relevant records like audit workpapers, memoranda, correspondence and electronic records – including email -- for a period of seven years.• Federal Energy Regulatory Commission Order No. 717 imposes various rules on regulated and vertically integrated utilities so that transmission providers do not give preferential treatment to their affiliated customers. The purpose of this order is to create an ethical wall between the marketing and transmission If a company- functions of vertically integrated companies that distribute electricity and natural gas between states. owned smartphone thatThese governance requirements apply to any platform in use by an organization,including those that are owned by and under the control of employees, if they are containsused to access or store corporate information. consumer data isPOTENTIALLY HIGHER COSTS lost and it cannotAn Aberdeen Group analysis found that a 1,000-seat organization will spend an be remotelyadditional $170 per user per year when using BYOD as compared to providing wiped, in mostsmartphones themselvesxiv. This makes sense given that support for a wide range ofmobile platforms, operating systems, operating system versions and firmware cases anversions will typically be more expensive than supporting just one or two IT-approved organization willand company-funded platforms. be obligated toHowever, BYOD can lead to other, potentially enormous costs. For example if a report this datacompany-owned smartphone that contains consumer data is lost and it cannot beremotely wiped, in most cases an organization will be obligated to report this data breach to all ofbreach to all of the affected parties. If we assume, as discussed above, that 69% of the affectedcompany-owned devices can be remotely wiped compared to only 24% of personallyowned devices, then the likelihood of losing data for the latter – and the cost of the parties.data breach – will be 2.9 times greater.STEPS TO MANAGING BYODThere are five steps that Osterman Research recommends for any organization as itattempts to manage the growth of BYOD:• Management must understand the benefits and risks The key to dealing with the BYOD phenomenon is first to understand just how pervasive it is in most organizations. While most senior managers will surmise that some of their employees are using personally owned smartphones and tablets (given that senior managers often were the instigators of the trend after the introduction of the iPhone), they may not appreciate just how widespread this use has become. Senior managers need to understand how personally- owned smartphones and tablets, as well as tools like personal file sync services or Skype, are used throughout the organization, what types of data they are used to access and store, and the reasons for their use.©2012 Osterman Research, Inc. 7
  9. 9. Putting IT Back in Control of BYOD• Evaluate the options Decision makers in IT, HR, compliance, etc. should then consider the options for managing BYOD. The available options will range from doing nothing to implementing draconian controls that will all but eliminate – or at least attempt to eliminate – the use of personally owned devices and employee-managed applications for work-related purposes. While some decision makers may opt for the latter as a sort of knee-jerk reaction to protect corporate data assets or reduce the potential for malware infiltration, there are two reasons to opt for more open, rather than more restrictive, BYOD-related attitudes: o Draconian controls are unlikely to work Faced with a requirement to eliminate use of personal devices or applications, many employees will do so secretly, particularly the growing proportion of employees who work from home at least one day per week. For organizations that need to lean in this direction, if eliminating consumer- grade options, an easy-to-use, secure and sanctioned alternative must be It is critically provided. important that o Employee productivity will suffer organizations It is important to understand that the vast majority of employees do not use faced with the their own devices or applications simply for the fun of it – they are doing so to be more productive, to bypass IT restrictions (e.g., email file-size limits) BYOD problem that prevent them from being effective in their work, or because they have implement found a way to be more efficient at no charge to their employer. To issue policies about an edict that prevents employees from using these tools will likely be counterproductive to the interests of both management and employees. acceptable use of• Implement policies to protect the organization devices and It is critically important that organizations faced with the BYOD problem applications, implement policies about acceptable use of devices and applications, perhaps perhaps creating creating a list of approved devices, operating systems, applications and other personally owned or managed solutions. These policies should be detailed and a list of approved thorough, and should be included as part of an organization’s overall acceptable devices, use policies that are focused on use of corporate computing resources. operating A key element of these policies as they apply to mobile devices should be that systems, any mobile device must be wipe-able by the IT department in the event of its loss, and that all devices that contain corporate content should be encrypted to applications and prevent the loss of sensitive data or intellectual property. Corporate policies other personally focused on employee-managed applications should include requirements for the encryption of data if stored in a third party’s cloud data center. owned or managed• Educate users on best practices It is also important to educate users on best practices with regard to accessing solutions. and managing corporate data on personally-owned devices or when using specific applications. An important reason for doing so is not only to make employees aware of the dangers that can ensue if corporate data is not adequately protected, but also to achieve employee buy-in and cooperation with corporate policies.• Deploy the appropriate technologies Finally, it is imperative that organizations deploy technologies, such as mobile device management solutions, that will enable their policies to be satisfied and for overall corporate risk to be managed at an appropriate level. For example, an organization in which a consumer-focused file-sharing application is used should deploy an alternative that is just as easy to use, but one that provides IT control over how content is shared (expiration dates for content, tracking managing and reporting of files downloads and sharing, control over file types that can be sent, automatic encryption of content sent beyond the corporate firewall, etc.). Similarly, an organization that allows employees to use personal tablets should deploy a solution that enables full disk encryption, under IT’s©2012 Osterman Research, Inc. 8
  10. 10. Putting IT Back in Control of BYOD control, that will protect sensitive data if the device is lost. Other technologies that should be on the short list of those deployed include anti-virus, malware detection and remediation, role-based access, content inspection and archiving – these apply to both personally owned devices, as well as to employee-managed applications.SPONSORS OF THIS WHITE PAPERAccellion, Inc. provides enterprise-class mobile file sharing solutions that enablesecure anytime, anywhere access to information while ensuring enterprise security !and compliance. The world’s leading corporations and government agencies useAccellion to protect intellectual property, ensure compliance, improve business www.accellion.comproductivity and reduce IT costs. twitter.com/accellion info@accellion.comFounded in 1999, Accellion file sharing solutions can be deployed on public, privateand hybrid cloud environments and provide the ease-of-use business users needwhile giving the enterprise organization the flexibility, scalability and protection it +1 855 485 4300needs. +1 650 485 4300 !Accellion is a profitable, well-funded, private company with more than 10 millionusers and 1,500 enterprise organizations that have deployed Accellion with a morethan 96 percent annual renewal rate. Current customers include Procter & Gamble;Activision; Indiana University Health; Kaiser Permanente; Foley & Mansfield; Lovells;Bridgestone; Ogilvy & Mather; Harvard University; Guinness World Records; USSecurities and Exchange Commission; and NASA.For more information please visit www.accellion.com or call (650) 485-4300.Connect with Accellion:Web: http://www.accellion.comTwitter: http://www.twitter.com/accellionFacebook: http://www.facebook.com/accellionLinkedIn: http://www.linkedin.com/companies/accellionColligo Networks is the leader in SharePoint apps for email and documentmanagement in the enterprise. Our unified, centrally managed solutions make it easyto access and manage SharePoint content from everyday apps and devices likeMicrosoft Outlook, Windows File Explorer, Apple iPads and smartphones. ! www.colligo.comMore than 4,800 organizations rely on Colligo’s SharePoint apps to improve twitter.com/colligocollaboration, increase productivity, and mitigate corporate risk by increasing sales@colligo.comSharePoint adoption. Global and Fortune 500 customers include Microsoft, KraftFoods, Novartis, Charter Communications, General Motors, Siemens, and many more +1 866 685 7962industry leaders around the world. +1 604 685 7962 !iPrism Web SecurityiPrism is a self-contained, appliance-based solution, that combines a number ofenforcement methods to protect corporate networks from threats whether users areconnected locally or remotely via their own or company-owned devices. !• Cloud-Based Remote Filtering www.edgewave.com Assures that policies are enforced consistently for all users, local and remote, twitter.com/edgewave without having use VPN, DMZ proxy deployments or browser-specific PAC files. sales@edgewave.com• Solution for Mobile Device Management +1 800 782 3762 Corporate network administrators can easily manage employee use of devices +1 858 676 2277 such as iPhones and iPads with an easy-to-configure iPrism solution using a VPN connection. !©2012 Osterman Research, Inc. 9
  11. 11. Putting IT Back in Control of BYOD• Exclusive Outbound Botnet Defense iPrism protects your network by blocking bots from connecting with their command and control contacts outside your network. When a bot communication is detected, you receive an alert allowing you to remediate the problem immediately.• Circumvention Defense Network Prevents circumvention attempts with real-time technology that leverages hundreds of virtual machines hosted in a scalable cloud data center to detect external circumvention tools that proxy or re-route users web requests. iPrism stays current by continuously detecting new sites so the corporate network is protected from emerging threats.• iPrism Social Media Security This cloud-based service allows you to seamlessly monitor, filter and report on end-user interactions with social media such as Facebook, Twitter, YouTube and others. It includes standard policy templates or you can customize, with the ability to add unlimited policies, or text-based rules per your requirements. When a policy violation is detected, the user receives a message within the application itself and is prevented from posting.ePrism Email Security SuiteePrism Email Security Suite is a cloud-based, comprehensive solution that offers ZeroMinute Defense antispam and antimalware protection, Email Continuity, DataProtection Services with Encryption and DLP, and secure Email Archive.• Email Filtering Inbound/outbound filtering stops spam, viruses and malware with email policy enforcement, TLS encryption and Zero Minute Defense to identify and block threats before other solutions know they are present.• Email Continuity Automatically spools all your email in case of unplanned or planned shutdown, assuring that your users have access to their email.• Data Protection Services DLP and Encryption are integrated so that a DLP violation can automatically trigger encryption.• Email Encryption ePrism’s next-generation encryption technology is easy to deploy and simple to use. As a completely hosted service, there is no hardware or software to implement and encryption can be enabled on a per user basis or as part of an automated routing policy.• Data Loss Protection ePrism DLP protects the outbound communication of all types of private or objectionable data, including patient healthcare information, financial information, Social Security and credit card numbers and objectionable content.• Secure Archive Retains your email in an unalterable state to help meet requirements for regulatory compliance, litigation issues, storage management needs, or to fulfill business best practices guidelines.©2012 Osterman Research, Inc. 10
  12. 12. Putting IT Back in Control of BYODFounded in 1998, HyperOffice is a recognized leader in the white-hot onlinecommunication and collaboration solutions industry for small to mid sized businesses.Our mission is to empower growing organizations with technology traditionallyavailable only to large enterprises, and help them achieve business growth,competitive advantage and success. Having spent more than ten years offering onlinecollaboration solutions, HyperOffice was one of the first companies to offer software-as-a-service - the buzzword in information technology today, and widely hailed as the www.hyperoffice.comfuture of corporate software. Since its inception, more than 300,000 users worldwide twitter.com/have harnessed the power of HyperOffice. hyperoffice corpsales@HyperOffice aims at bringing messaging and collaboration technologies traditionally hyperoffice.comavailable to large enterprises, to growing organizations through the SaaS, on-demandmodel. HyperOffice out of the box solutions allow customers to do what they do +1 800 434 5136best, and reap the benefits of robust functionality without any technical know how +1 240 428 1700and high upfront costs. Moreover, they can get started almost immediately with just !an internet connection, without having to go through long implementation cycles,invest in expensive IT infrastructure, or hire expert staff for ongoing maintenance.Our integrated suite of online tools covers the entire range of productivity needs thatexist in every organization - business email, contact management, calendaring,document management, intranet and extranet workspaces, forums, online databases,web forms and much more.In addition to the HyperOffice Collaboration Suite, our core offering, our range ofsolutions include:• HyperMobile for push email and mobile messaging• HyperBase for online database management and web formsThe attempt is to constantly expand our offerings, and to be the one stop shopbringing the best and latest in enterprise class information technology to our smalland mid sized business customers. All solutions can be fully integrated, bringing ourcustomers the synergies of the only "total collaboration" solution in the market forgrowing businesses.HyperOffice solutions have been developed bottom up based on years of experienceworking closely with our customers. We continue to add to the HyperOfficeCollaboration Suite, and add new products to our list of offerings, based on invaluablefeedback from our customers, and as business needs, markets and technologiesevolve. Our SaaS approach ensures that all upgrades to HyperOffice are instantlyavailable to our customers without charge, allowing them to effortlessly keep at thecutting edge. Moreover, we realize that our customers require more than merelytechnological tools. Our solutions are fully outsourced and we offer a range of freeand enhanced services, so that customers can truly make the most of their SaaSinvestment with minimum hassle - free webinars, live phone support, implementationsupport, business consultation and on-demand customization. And we continue tohave our sights fixed firmly on the core needs of our customers - speed, ease of use,and a balance of integrated functionality and customizability.HyperOffice is a signatory to the Company-Customer Pact, which lays down modelstandards of behavior for companies. The Pact underlines our values of honesty,sincerity, transparency, community and continuous improvement. This is what wehave strived for in 10 years in business, in a market where our success is completelylinked to ongoing patronage from each of our customers.©2012 Osterman Research, Inc. 11
  13. 13. Putting IT Back in Control of BYODMcAfee is the world’s largest dedicated security technology company. Deliveringproactive and proven solutions and services that help secure systems and networksaround the world, McAfee protects consumers and businesses of all sizes from thelatest malware and emerging online threats. Our solutions are designed to worktogether, integrating antimalware, antispyware, and antivirus software with security !management features that deliver unsurpassed real-time visibility and analytics,reduce risk, ensure compliance, improve Internet security, and help businesses www.mcafee.comachieve operational efficiencies. twitter.com/mcafee sales@mcafee.comBacked by an award-winning research team, McAfee security technologies use aunique, predictive capability that is powered by McAfee Global Threat Intelligence — +1 888 847 8766enabling home users and businesses to stay one step ahead of online threats. +1 408 988 3832McAfee’s security products and solutions span the following areas: !• Data Protection• Database Security• Email & Web Security• Endpoint Protection• Mobile Security• Network Security• Risk & Compliance• Security-as-a-Service (Security SaaS)• Security Management• Security Information and Event Management (SIEM)McAfee solutions deliver the highest levels of threat visibility and antimalwareprotection, including comprehensive system and endpoint protection, networksecurity, cloud security, database security, and data protection. McAfee’s completesecurity solutions extend beyond virus software. Backed by McAfee Global ThreatIntelligence, our solutions help companies enhance visibility into their securitypostures, allowing business to embrace Web 2.0 technology, virtualization, cloudcomputing, and personal and mobile devices, while protecting critical assets andsensitive data.YouSendIt, Inc. is the first business content collaboration service to offer anintegrated approach for sending, sharing and signing documents online. With 28million registered users in 193 countries, YouSendIt helps enterprises and businessprofessionals streamline collaboration by enabling them to instantly sync and accesscontent in the cloud and easily send files, share folders and sign documents from !anywhere—the desktop, Web or mobile devices. YouSendIt offers a suite ofproductivity tools that integrate seamlessly into common desktop and mobile www.yousendit.comenvironments. With YouSendIt, companies can alleviate the burden placed on e-mail twitter.com/yousenditsystems by offloading attachments, improving performance and productivity andreducing costs and IT security risks. Headquartered in Campbell, Calif., YouSendIt is sales@yousendit.coma privately held company backed by venture capital firms Adams Street Partners,Alloy Ventures, Emergence Capital, Sevin Rosen and Sigma Partners. Visit +1 866 558 7363www.yousendit.com or the YouSendIt Blog for more information. +1 408 879 9118 !©2012 Osterman Research, Inc. 12
  14. 14. Putting IT Back in Control of BYOD© 2012 Osterman Research, Inc. All rights reserved.No part of this document may be reproduced in any form by any means, nor may it bedistributed without the permission of Osterman Research, Inc., nor may it be resold ordistributed by any entity other than Osterman Research, Inc., without prior written authorizationof Osterman Research, Inc.Osterman Research, Inc. does not provide legal advice. Nothing in this document constituteslegal advice, nor shall this document or any software product or other offering referenced hereinserve as a substitute for the reader’s compliance with any laws (including but not limited to anyact, statue, regulation, rule, directive, administrative order, executive order, etc. (collectively,“Laws”)) referenced in this document. If necessary, the reader should consult with competentlegal counsel regarding any Laws referenced herein. Osterman Research, Inc. makes norepresentation or warranty regarding the completeness or accuracy of the information containedin this document.THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS ORIMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIEDWARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AREDISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BEILLEGAL.i http://www.researchandmarkets.com/research/pwsr9h/bring_your_own_devii http://www.xigo.com/byod/iii http://www.equanet.co.uk/cms/apple/ipad-in-business/bring-your-own-device.htmliv http://www.zdnet.com/blog/sybase/cisco-the-biggest-mobile-byod-deployment- around-slides/2671v http://www.bgr.com/2012/01/27/blackberry-users-are-older-and-wealthier-than- average-smartphone-users-study-suggests/vi http://www.xigo.com/byod/vii http://www.xigo.com/byod/viii Source: Mobile Threat Report Q1/2012, F-Secureix Electronic Retention: What Does Your Mobile Phone Reveal About You? http://EzineArticles.com/7068075x http://cspalaw.com/pdf/Smartphones.pdfxi Schneider v. Landvest Corp., 2006 WL 322590 (D. Col. Feb. 9, 2006)xii http://www.munckwilson.com/media-center/in-the-news/audrey-mross-quoted-in- dallas-business-journal-article-employee-smartphone-xiii http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/ p037553.pdfxiv http://www.vcinsight.com/116/ExecutiveIntervierws/807/ ToBYODornottoBYOD–thatisthequestion!©2012 Osterman Research, Inc. 13