Your SlideShare is downloading. ×
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Bring Your Own Device - Key Steps for an effective program

422

Published on

I produced this webinar. Also copy-edited the presentation and sourced some of the graphics.

I produced this webinar. Also copy-edited the presentation and sourced some of the graphics.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
422
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Bring Your Own Device (BYOD)Key Steps for an Effective ProgramCal SlempJohn HollyoakAdam BrandThe program will begin shortly. Please listen to thewebinar through your computer with the speakersturned on.
  • 2. Some Reminders . . . PRESENTATION COPY After the webinar, all attendees will receive a link to a copy of the presentation and the recording Q&A During the call, click the “ASK A QUESTION” link at the top of your screen. There will be a Q&A session at the end of the call. POLLING NEED HELP? If you need help during the webinar, click “RATE THIS”  “Not hearing audio? Click here for help”2 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 3. Agenda What do we mean by BYOD? BYOD trends So what’s the problem? “. . . the times they are a- – The fundamental challenge changin’ ” – Risks and Threats – Bob Dylan, Where do we go from here? 1964 – Key steps for an effective program Conclusions & takeaways Q&A3 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 4. The Consumerization of Business Technology Are they lined up outside the IT department for a Blackberry?4 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 5. BYOD Trends Smartphone sales in 2011: 31% of all phone sales (472 million units)  Up 58% from 2010 Historic, limited-use “corporate” Blackberry only 8.8% of market  Sales down 10% in Q4 2011 Newer, “personal” smartphones (Apple/Android) sales 75% of market  Market share up 64% from 2010 Source: Gartner (February 2012)5 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 6. The days of limited, corporate-provided smartphones . . . . . . are coming to an end6 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 7. BYOD: Bring Your Own Device – Defined Employees using their personal mobile device to access corporate resources such as email Typically refers to smartphones such as the iPhone Also includes other devices such as an iPad7 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 8. So What’s the Problem with BYOD? Devices present in riskier locations/situations – Expensive phone target for theft – Lost devices at bars End-user control over security – Freedom to install applications that may contain malware – Weak or no passwords/PINs8 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 9. So What’s the Problem with BYOD? Multiple security trust levels on same device – Angry Birds and corporate secrets on same device – Millions of apps in app stores – are they all safe? Connecting to more untrusted networks – Wi-Fi hotspots – Lack of VPN Lack of predictability: You don’t know what the device will be, where it will be, or how it will behave9 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 10. Key Steps to Building an Effective Program Establish Evaluate Consider Consider Understand Understand Business Risks & Which Operational Tools and Legal, Needs & Threats Platforms Impacts Technology Privacy, Use Cases to Support Available Other Considerations Operationalize the Program Decisions and conclusions need to be clearly documented in policies and procedures and communicated to employees.10 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 11. Establish Business Needs and Intended Use Cases What devices and models do employees want to use? What enterprise resources are employees trying access? What applications do employees want to use on their mobile devices? Where do employees want to access these resources? What are employees’ expectations around usability? What are employees already doing today?11 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 12. Evaluate Risks & Threats – Your Organization’s Risk Profile and Tolerance Review plans through the organization’s established risk assessment process Consult with key stakeholders Organizational size, industry, and desired use cases will vary What are the compliance implications? What are we most concerned about?12 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 13. Evaluate Risks & Threats – What Are We Trying To Protect Against? Data leakage or data loss Direct attacks (e.g., un-patched OS’s/app vulnerabilities) Indirect Attacks (e.g., phishing) Bridging attacks (e.g., 3G network to corporate networks) Peer-to-Peer networks (e.g., Bluetooth, Wi-Fi, USB) Authorized apps that behave badly (e.g., grab contact lists or other information on the phone) Rogue or “jailbroken” devices13 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 14. Consider Which Mobile Platforms To Support Some platforms are more "enterprise ready” than others Each platform presents a unique set of challenges or hurdles that must be considered How will older or outdated devices be handled? Will all makes/models be supported or only a few? Who supplies updates and security patches? How quickly? Are there limitations associated with each platform?14 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 15. Consider Which Mobile Platforms To Support Pros Cons • Rapid consumer growth and demand • Still not enterprise friendly • Tight “end-to-end” platform integration • Lacking robust options for IT to control • Improved security controls/layers and secure • Rapid consumer growth and demand • “Fragmentation” across vendors and • Open platform, lots of flexibility and carriers customization • App eco-system not tightly controlled • Decentralized patch support • Mature, established platform, built for • Closed platform the “enterprise” • Decline in consumer demand • Strong security & controls • App “eco-system” is immature and • Granular management tools lacking adoption The Next Big Consumer Device . . .15 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 16. Consider Operational Impacts How will devices be provisioned or enrolled (e.g., employee self- enrollment, IT manual enrollment)? How will users get support with issues or hardware/software problems? How will the devices be managed? – Minimal management – Partial or hybrid management – Full management – How much control do we want to impose?16 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 17. Balancing Flexibility vs. Management and Control Minimal Management Partial Management Full Management Few Controls Basic Controls Restrictive Controls Devices are heavily controlled with restrictive policies and granular management Cost & Complexity Basic management of devices and basic policies. Some functionality may be restricted. Minimal management over devices. Little to no policies or controls restricting devices. Control & Security17 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 18. Understand Existing Technologies and Tools What existing enterprise IT solutions or technologies are already in place? – Microsoft ActiveSync – BlackBerry Enterprise Server (BES) – Remote access solutions Establish the gaps in current state vs. future state – Are my existing tools good enough? If needed, identify solutions to replace or compliment existing technology – Mobile device management (MDM) solutions – “Containerization” or “sandbox” solutions18 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 19. Example Vendor Solutions Mobile Device Management (MDM) Containerization/Sandbox Solutions Solutions • Solutions designed to segregate • Tools to facilitate robust management of mobile enterprise data into secure containers devices in an enterprise environment. or “sandboxes” • Can provide mechanisms for enrollment, policy enforcement, security, application deployment, and • Does not leverage native or built-in support. device functionality • Supports wide range of mobile devices and OS’s. • Facilitates secure data storage and/or • Integrates with existing IT infrastructure data transmission Example Vendors Example Vendors Note: Protiviti is an independent firm with no relationship, ownership, or financial interest in any of the companies noted above.19 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 20. Other BYOD Considerations Legal/user privacy – Remote wiping a personal device – Use/access of personal information on device(s) – Device tracking information20 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 21. Other BYOD Considerations Establish clear organizational position and policies – Which devices (make and models) will be supported? – Who will own the devices? – Who will pay for the devices? – Who will pay for the plans? – User agrees to abide by polices (e.g., acceptable use) – Consent form, acknowledging that restrictions will be placed on their device21 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 22. Conclusions & Key Takeaways Organizations must be proactive in addressing the BYOD demand It’s critical to clearly define business needs and intended use cases There’s no single “best” approach; however there are important steps and common strategies22 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 23. Conclusions & Key Takeaways Flexibility vs. control will be unique to an organization’s risk tolerance and culture The tools and technology to manage and secure various mobile platforms are still immature and incomplete Decisions must be clearly defined and communicated23 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 24. Q&A
  • 25. Contact Information Cal Slemp Managing Director, Global Leader (203) 905-2926 Security & Privacy Services cal.slemp@protiviti.com John Hollyoak Senior Manager (312) 364-4907 IT Consulting - Security & Privacy john.hollyoak@protiviti.com Adam Brand Senior Manager (213) 327-1314 IT Consulting - Security & Privacy adam.brand@protiviti.com Powerful Insights. Proven Delivery.™25 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 26. Polling Results Note: Due to limited time and/or qualifiers, not all audience members participated in every polling question26 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  • 27. Polling Results27 © 2012 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.

×