Your SlideShare is downloading. ×
“Bring Your Own” thinking
Presented by Steve Meek, CISSP
Agenda
Presentation goal
Survey
Quick definition of BYOD and BYOA
What is driving BYO thinking
BYO pros and cons
Some BYO ...
Goal
Briefly cover content
applicable to business owners
and technical experts
Educate everyone about BYO
and implications...
Survey
How many of your end users have iPads or use
DropBox (do you know)?

Do you have a formal policy use of non-company...
What is BYOD or BYOA
Bring Your Own Device- A business strategy
where employees are allowed or encouraged to
bring their o...
What is driving BYO mentality
Gartner found that 50% of employees use personal devices at work

Consumerization of devices...
BYO pros and cons
Pros

Mobilize the business- companies get new people going quicker
Employees more connected and able to...
BYO statistics
CompTIA report
85% of employees take work home
84% of employees use a smartphone for work
40% of workers us...
Tip # 1- Executive Sponsorship
Someone in the organization understands the
business impact of deciding the approach of BYO...
Tip # 2- Accept that BYO is here
Overwhelming emotion WILL make happen

Driven by executives and managers in many cases
So...
Tip # 3- Create policies
Estimates only 22% of firms have a mobility policy
48% in survey say downloading unauthorized
app...
Tip # 4- Develop an implementation plan
Don’t “jump in” to save money, without an onboarding and
management plan

Better t...
Tip # 5- Map out your application
workflows
What are your key applications
Identify what data gets accessed where
Understa...
Tip # 6- Remember security concepts in design
Confidentiality – Integrity – Availability

Borderless or bordered access
Wi...
Tip # 7- Enforce policy with tools (if needed)
Mobile Device Management (MDM)
Virtualization/ Virtual Desktop Infrastructu...
Gartner Report
“The BYOD phenomenon is
driving growth in the NAC market
as organizations seek to apply
policies specific t...
List of some players
What tools do you use? What do you like/not like about them? Is it
combo of NAC and MDM?
AirWatch
Aru...
Bonus Tip- End user awareness programs
Build your own Security Awareness Program to
complement Acceptable Use Policies
To ...
Summary
BYO is like a tsunami bearing down on us
Time is running out to establish policy and standards
before it creates i...
Any questions?
The Fulcrum Group
5600 Egg Farm Road, Suite 452,
Keller, TX 76248
Phone: 817-337-0300
Help Desk: 817-898-12...
Upcoming SlideShare
Loading in...5
×

Fulcrum Group BYOD presentation

116

Published on

Steve Meek's BYOD/BYOA tips presentation given to the Fort Worth IT Professionals group on 2014-02-19.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
116
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Fulcrum Group BYOD presentation"

  1. 1. “Bring Your Own” thinking Presented by Steve Meek, CISSP
  2. 2. Agenda Presentation goal Survey Quick definition of BYOD and BYOA What is driving BYO thinking BYO pros and cons Some BYO statistics 7 Tips to manage BYO About The Fulcrum Group, Inc. Question and Answers Copyright © 2014 The Fulcrum Group Inc.
  3. 3. Goal Briefly cover content applicable to business owners and technical experts Educate everyone about BYO and implications Exchange ideas Avoid mentioning any brands or specific tools though left room for discussion Copyright © 2014 The Fulcrum Group Inc.
  4. 4. Survey How many of your end users have iPads or use DropBox (do you know)? Do you have a formal policy use of non-company owned devices and applications at work? What policies do you have? Are you bound by industry compliances like HIPAA/HITECH, PCI, GLBA or SOX? What about any efforts towards end user security awareness programs? Do you have one thing you have done to help you along? Why is paying attention to BYO important? Copyright © 2014 The Fulcrum Group Inc.
  5. 5. What is BYOD or BYOA Bring Your Own Device- A business strategy where employees are allowed or encouraged to bring their own computing devices – such as smartphones, laptops and PDAs – to the workplace for use and connectivity on the corporate network. Bring Your Own Application - A business strategy where employees are allowed or encouraged to select and use applications to help them achieve company goals using personal or corporate assets. Copyright © 2014 The Fulcrum Group Inc.
  6. 6. What is driving BYO mentality Gartner found that 50% of employees use personal devices at work Consumerization of devices and IT – Everyone wants to show off their new phone or device Fast and ubiquitous Internet connectivity- Always connected state of people, hyperconnectivity Desire to get the job done- Higher productivity expectations and number of hours worked Employee frame of reference- Employee movement between different organizations Younger Employees in Workforce- Grown up with technology at home and having full access Addictive nature of technology- Driven by habits of social media and gaming Executives- Does it ever seem like the boss is pushing BYOD? Copyright © 2014 The Fulcrum Group Inc.
  7. 7. BYO pros and cons Pros Mobilize the business- companies get new people going quicker Employees more connected and able to work all the time Employees able to use preferred tools, more productive BYO devices and apps tend to be more cutting edge, upgrade more often Companies shift costs to users, may save money on purchasing assets Cons Complexity possibly managing multiple different platforms Support and management concerns (employee leaves?) Security concerns (device lost/stolen, data leakage, credentials compromised, malware increase, breach notification laws) Device and application sprawl, lose some control Lack of proper use and concerns about compliance (acceptable?) Copyright © 2014 The Fulcrum Group Inc.
  8. 8. BYO statistics CompTIA report 85% of employees take work home 84% of employees use a smartphone for work 40% of workers use personal devices at work even when not allowed Good Technology report (400 financial and healthcare firms) 70% of let employees bring own smartphone or tablet to work, 19% considering, 9% say NO 50% of these respondents allow BYO if paid for, 45% pay stipend SmartPhones 60% iPhone, 40% Android Tablets 95% iPad, 5% Android Fiberlink report 6.8MM Android and iOS devices activated 12/25/11 Manage device? 40% ActiveSync, 10% MDM, 24% allow but don’t manage, 26% don’t allow Manage application? 52% not managing, 23% manually, 7% specific service, 17% MDM service Copyright © 2014 The Fulcrum Group Inc.
  9. 9. Tip # 1- Executive Sponsorship Someone in the organization understands the business impact of deciding the approach of BYO in the organization AND can help enforce the policy side throughout the organization. If that isn’t you, you need to find a champion who can. Articulate benefits from additional access (is there an ROI?) Explain the security implications of contrasting options (I have heard company leaders limit security because “we trust our employees”) Sometimes explaining concepts but arming them with right information to make best decision helps Uncover fiduciary responsibilities or compliance requirements Copyright © 2014 The Fulcrum Group Inc.
  10. 10. Tip # 2- Accept that BYO is here Overwhelming emotion WILL make happen Driven by executives and managers in many cases Some end users will try to “sneak” past if not embraced Think about how you can enable (focus on business needs) What’s in the future Gartner estimated $2.1 trillion of mobile devices in 2012 3+ network devices per user will be commonplace in 1-2 years 2 out of 3 new network devices will be wireless only on next few years Personal devices re-provision more frequently than organization provided devices Copyright © 2014 The Fulcrum Group Inc.
  11. 11. Tip # 3- Create policies Estimates only 22% of firms have a mobility policy 48% in survey say downloading unauthorized applications a SERIOUS concern Understand senior management’s role Management has to understand and set example Ideal targets for APTs, travels more and access Articulate support that is provided Verify compliance requirements Define acceptable use in policy including mobile users Define mobile device practices (report lost/stolen, terminated employees, inventory regularly) Establish privacy and reimbursement understanding http://csrc.nist.gov/publications/PubsSPs.html#800-124 Copyright © 2014 The Fulcrum Group Inc.
  12. 12. Tip # 4- Develop an implementation plan Don’t “jump in” to save money, without an onboarding and management plan Better to pay a fixed amount than have employees submit expenses (costs about $25/emp. to process expense reports), for emp. Perhaps limit to employees who have moderate needs Possibly continue to provision for heavy users (so you have better control, better coverage plans) Understand your tools to manage and how to do things like remote wipe, change pin, lock system Establish standards (what is supported) Have requirements for applications Copyright © 2014 The Fulcrum Group Inc.
  13. 13. Tip # 5- Map out your application workflows What are your key applications Identify what data gets accessed where Understand how data flows through your processes Protect data in transit or at rest, as needed Don’t forget to follow secure coding strategies for internal application development https://www.isc2.org/uploadedFiles/(ISC)2_Public _Content/Certification_Programs/CSSLP/ISC2_ WPIV.pdf https://www.owasp.org/index.php/Category:OWA SP_Top_Ten_Project Security test web and public facing apps Copyright © 2014 The Fulcrum Group Inc.
  14. 14. Tip # 6- Remember security concepts in design Confidentiality – Integrity – Availability Borderless or bordered access Will local devices mix with LAN traffic or separate wireless network Will you create a policy that identifies devices and treats differently Will devices be subject to business web filter Understand the inverse relationships between concepts such as Security and usability Availability and cost Hyperconnectivity and trust Copyright © 2014 The Fulcrum Group Inc.
  15. 15. Tip # 7- Enforce policy with tools (if needed) Mobile Device Management (MDM) Virtualization/ Virtual Desktop Infrastructure (VDI) Remote access/Virtual Private Network (VPN) Encryption (disk or email) Data Loss Protection (DLP) Network Access Control (NAC) Identity Services Engine (ISE) Wireless management/guest Web filtering Copyright © 2014 The Fulcrum Group Inc.
  16. 16. Gartner Report “The BYOD phenomenon is driving growth in the NAC market as organizations seek to apply policies specific to personally owned mobile devices.” and “Because there are multiple approaches for enforcing NAC policies (for example, virtual LANs, firewalls, access control lists and others), look for solutions that best fit your existing network infrastructure.” Analyst: Lawrence Orans and John Pescatore Research Date: Dec. 8, 2011 Copyright © 2014 The Fulcrum Group Inc.
  17. 17. List of some players What tools do you use? What do you like/not like about them? Is it combo of NAC and MDM? AirWatch Aruba- ClearPass Bradford Networks- Network Sentry Cisco Systems- Identity Services Engine GoodTechnology- Good Mobile Manager IBM- IBM Endpoint Manager for Mobile Devices Symantec- acquires Nukona Zenprise BYOD Tool Kit Others? Service providers might also have tools Copyright © 2014 The Fulcrum Group Inc.
  18. 18. Bonus Tip- End user awareness programs Build your own Security Awareness Program to complement Acceptable Use Policies To click or not to click, that is the question A little education goes a long way Don’t enforce, reassure Communicate early, communicate often NIST document http://csrc.nist.gov/publications/nistpubs/800-50/NISTSP800-50.pdf STOP- THINK – CONNECT campaign, poster, materials http://www.dhs.gov/files/events/stop-think-connectcampaign-materials.shtm#1 Information for individuals http://www.staysafeonline.org/ Copyright © 2014 The Fulcrum Group Inc.
  19. 19. Summary BYO is like a tsunami bearing down on us Time is running out to establish policy and standards before it creates itself As administrators and owners, we need to understand both the business and technology sides of the decision Be or find an executive champion for cause Create strategy, policy and procedures for however we decide to handle BYO IT has to be part of thinking to implement security concepts BYO may require acquiring some new technology tools, but may not You can add much more security with some end user training Copyright © 2014 The Fulcrum Group Inc.
  20. 20. Any questions? The Fulcrum Group 5600 Egg Farm Road, Suite 452, Keller, TX 76248 Phone: 817-337-0300 Help Desk: 817-898-1277 Web: www.fulcrum.pro Email: info@fulcrumgroup.net Copyright © 2014 The Fulcrum Group Inc.

×