Byod final (2)


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Hope you enjoyed the networking, meeting your peers and some of our folks More food and wine throughoutIntroduce Mayor Kozravy, of Cisco – partner and sponsor
  • So, today we’ll talk aboutWhy you should care (or not), we’re going to cover some of the benefits and risks with people bringing in non-company technology and connecting it to you environment-----------------------------------------------------------------------------There is an impact! Good and bad: we will look at the benefits and the risks of all this..-----------------------------------------And then our recommended approach to managing the situation. We’ll show you how you can easily do a few things to help you sleep better knowing that you are addressing thisNext steps will include a Graycon led BYOD policy developed by us for you –with your input..You won’t leave with it today, but you’ll be well on your way to a policy to help manage it SHOW POLICY
  • What is BYOD, or BYOT? And why should you care?BYOD: describes the recent trend of employees bringing personally-owned mobile devices to their place of work, and using those devices to access privileged company resources such as email, file servers and databases as well as their personal applications and data. – Accessed July 12th, 2012BYOD applies to smartphones, tablets and laptops and has also been referred to as BYOT or Bring Your Own Technology.It has its own Acronym, so it must be important!!I access the network with 5 devices, 3 pcs, aniPad and an iphone – Graycon provides 2 of these.I am an example of what I’m talking about today!!!
  • Why are employees bring in their own technology?: its easier for the user. Your employees have a life outside of work. Much of this ‘life’ includes the use of mobile devices to communicate with other humans, and access non-business content. What’s changed in that the tools we use at home can be the same ones that we use at work. The blending of work and play is much easier now. Work – Life balance is being replaced with work –life BLENDING – it’s a generation Y thing!!--------------------------------------------History: A fair bit of it in a short time! RIM released its Blackberry smartphone in 2003.Apple`s iPhone June 29, 2007, and the Android`s OS in October 22, 2008but so what? Tablets were the next evolution gaining popularity in 2010 with the Apple iPad. The iPhone was marketed to the much larger public audience and with capabilities that far exceeded the bar previously set by Blackberry. Including in 2008 the ability to download applications. APPS!!Fast forward to 2012….the Apple store has 500,000 apps approved and available for sale. The Blackberry App store has 99,500 apps available for sale. The Google Play store (for Android) has over 430,000 apps available for sale. Why wouldn’t your employees want to use them? The personal use market uses the same tools (only better) as the commercial ones----------------------------------------------Employee motivation: did I mention Gen Y? can you spell entitlement? , but also spell Empowerment, and Easy (No cumbersome laptop or pc but instead can use a device that will easily fit into the palm of your hand or pocket.)Your Motivation: Why should you care, why deploy a BYOD program?2 employee satisfaction3 budget decreases1 employees will use them anyway-------------------------------------------------Should you be Flexible: What your addressing is how to connect your peoples personal devices with the corporate network, while securing sensitive data, and remaining efficient BUT There is no one right policy, but you should have one that reflects how you run your business ----------------------------------------------A little research… lots of itForrester: nearly 40% of large businesses consider smart devices the largest security threat
  • What are the benefits of a BYOD policy / and following a strategyFirst is about your People: 1a)Employee sat increases – they want the latest, coolest devices and will buy them themselves., 2) there is a blurring of work and play, work life balance is replaced by work life blending or coordination – is this a good thing? It could be if productivity goes up in line with employee sat3) Usage of current cutting edge technology – many love this, there are typically enhancements to the technology that are often beneficial to the business – access tools, productivity tools like expense accts4) When teams feel that you trust them enough to permit their devices of choice they work more like a bought in team.
  • The reality is that due to new APPS,and new device FEATURES people are encouraged to buy morefrequently, and will likely have more than 1 device----------------------------------------------So, where can a shared mobile device strategy save a company money?1) Reducing the TCO for the business by shifting the CapEx of net new and replacement devices to the employee. Sharing?2) Lower communication costs – wifi is cheaper than cell costs3) Lower support costs – depends on who owns this but could be the vendor4) lower training costsAt the moment, both the employee and the company are paying these costs!! Not 1 cost, but two!! – personal and business
  • Other than lowering costs, can such a program assist the business achieve its goals?1) Increased productivity – lower training costs, faster to respond, work longer, all hours, (or at least, when needed – not just 9 to 5)2)Increased employee efficiency – using their device of choice is often better than the one we’re providing3) One less technology to worry about from an IT support point if view (unless Graycon is providing the support, then no change)4) All of these things and a faster to respond workforce could results in a competitive advantage. NOW ON TO RISKS
  • Now, a few of the risks of NOT addressing this Security:1) Wireless network security: older networks may not be able to handle the number of new devices (and remember, they’re going to bring these devices in anyway!)2) Having limited or no control of the security of the device for management, patching, antivirus. You wont know what is on the device3) Security of sensitive business data could be lost or stolen, or simply compromised by an imported virus4) Industry legislated compliancy privacy,csox etc.
  • Other Network concerns: 1) Device management – how many, where are they etc, most companies don’t really know how many devices are accessing their network (if an employee lost a machine with sensitive info on it today – would you know?)2) Manually provisioning the devices – support and upgrades almost impossible, and expensive, like new anti-X on some but not others, etc3) Network saturation – users on your network, was your network built to adequately handle 2X as much traffic, because of the additional devices? Could slow it down, or shut it down…4) Cost again, will your network have to be upgraded to handle this flow? Additional security devices?5) Potential interruption of daily business activities
  • And of course, your people again…1) Disgruntled with company not providing newest technology. How do they show it, quit, work slowly, etc2) Employee stealing information – your biggest security risk3) HR, Finance and Legal implications of personal data loss. PIPA, social insurance numbers, etc4) Lost Productivity: employees using company time for personal social mediaQUESTION: Mayor: Cisco has done a lot of work in this area, what do you see as the larger benefits and risks our audience should be aware of?
  • There are benefits to controlling it, for sure, andRisks of not addressing it
  • Our thoughts;;Get your thoughts on paper(policy), it’s a good first step to a secure, strategyvet them internally and then ensure that you can enforce the policy SHOW OUR AGAIN------------------------------Ensure that your technology provides a secure environment, but also allows the environment to extend to the mobile users, make it easy, make it safe------------------------------------Take it to the employees to make sure they understand the policy-----------------------------------SO LETS LOOK AT A POLICY..
  • First of all, keep it Simple: so it becomes second nature, Not something on a shelfIt should be Updateable so it can adjust to your business and new technology. -----------------------------------Your policy should at least cover…What do you have to do technically. Who takes care of what What can they do and what’s verboten, Who pays for whatWho owns and administers---------------------------------------------Balance the benefits: company wins (greater efficiency – productivity, happier people, versus happier people, lower costs of ownership, etc) -----------------------------------Now lets look at each of these a little closer…
  • Security is important to every business and every businesses IT network..Only you will know how much security is needed - just like you need understand your risk tolerance for your network in general terms. ---------------------Who is the policy for? Employees only – guests/ contractors? Small point but important-----------------------------------------------------If your infrastructure is not capable of enforcing your requirements and strategy, the policy will end up on the shelf. Plus of course all the potential data loss, money lost, law suits, etcTelling your employees they must password protect their mobile devices and not knowing if they are doing it, is time well wasted-------------------------------------You will at least need to be able to :Provide Physical security of the device Track the personal device Deal with a lost or stolen deviceRespond to Sharing of the device AntivirusPatchingDealing with application securityDealing with sensitive data securityMayor: WHAT ARE SOME OF CISCO’S RECOMMENDATIONS AROUND THE SECURING OF THE NETWORK?
  • Who pays for and who provides support?With many personal devices..Typically the vendor is looked to to support the device, via the employee who must initiateandYou manage their access to your network and data Managing really means at least knowing who does.
  • This slide is fairly self explanatory. Do you have an acceptable use policy in the organization today? Does it apply to thisThere is no point or need to lock everyone out of everything – or allow everyone in to everything either.Finally, are you ok if your employee’s spouse or kid can access your network?
  • Models vary of course, depends on you..Currently, in many companies it varies with the position in the company, senior guys yes, others no76% of tablet are funded by the employee, 44% of smartphonesYou can provide..Monthly compensation for BYOD devicesCompensation for purchasing BYOD devicesApplication licensing responsibilityEncouraging BYOD usage by providing purchasing incentives.
  • And finally, Enforcing the policy takes both a governance model that works and the technology to enforce it. Policies affect more than just IT, they have implications with HR, legal and security. So they all need to take part-------------------------------If there is some damage - We don’t want someone saying “I didn’t know we weren’t allowed to access this info / play on Facebook all day long / share my office-access iPhone with a friend, etc…Someone needs to be accountable – at Graycon its IT.What happens if someone breaks the policy? Warning / fired / slapped / etc.---------------------------------When will you review it. ---------------------------MAYOR; How does Cisco propose a company manage / enforce their policy? (ISE)
  • So, to close, decide on your strategy – we can help build one for you We will send you a questionaire to fill outYou fill it out – we can help with thatSend it back to usWe will develop a policy based on your responses. ---------------------------------------------------You may need to upgrade your network to ensure that risks are mitigatedPromote it with your people…
  • Thank you all for coming – I hope it was helpful, and if not, I hope you enjoyed yourselfAnd thanks to MAYOR KOZ RAVY of Cisco for his support
  • Byod final (2)

    2. 2. • What is BYOD and why are we talking about it?• The impact on your organization• Our recommended approach• Developing a BYOD policy• Next steps
    3. 3. Bring Your Own Device (BYOD) according to the Great God – Wikipedia refers to employees bringing personally-owned mobile devices to their place of work, and using them to access privileged company resources.
    4. 4. • Why are they doing it?• History• Motivation – theirs / yours• Flexible: yes or no?• Research
    5. 5. • Your People – Employee satisfaction increases – Work life balance vs work life blending – Everyone gets the use of new, cutting edge technology – Empowered Teams
    6. 6. • Your Costs – Reduces the TCO for the business – Lower communication costs – Lower support costs – Lower training costs
    7. 7. • Your Operation – Increased productivity – Increased employee efficiency – One less technology to worry about – Maybe even become more competitive
    8. 8. • Security – Wireless network security – Lack of control over devices used – Protecting sensitive business data – Industry legislated compliancy
    9. 9. • Other network concerns – The Devices themselves – Manually provisioning devices – Network Saturation – Cost – Potential interruption of daily business activities
    10. 10. • People – Disgruntled with company not providing newest technology – Employee stealing information – HR, Finance and Legal implications of personal data loss – Productivity - Employees using company time on personal social media
    11. 11. • Benefits for your people, your costs, and your operation• Mitigate the risks to your security, network and your people• And, employees will use their devices anyway!
    12. 12. Create a BYOD PolicyUpgrade IT – Security & other Infrastructure Onboard employee personal devices
    13. 13. • Keep it simple! – Security – Support – Acceptable Usage – Financial Management – Governance• Understand and Balance the Benefits
    14. 14. Your acceptance of the level of risk will be dependent on the trust level between your business and its team members, partners and guests.• First of all; who can participate?• A secure IT infrastructure is needed to enforce the policy – Mobile Device Management – Network Security – Application Security – Remote Desktop – Wireless Security
    15. 15. Who will be on the hook for supporting personal mobile devices?• Support costs – Technical support – Acceptable usage training for employees – Technical training for your IT department• What devices are allowed for BYOD?• The network they connect with
    16. 16. Even though this is your personal device what is considered acceptable usage while connected to your business network or applications?• Does your business have an Acceptable Usage Policy? (not just BYOD, but in general)• Who can have access to sensitive business data.• What can be accessed using personal devices? What can’t?• Who can have access to the employee’s personal device?
    17. 17. Who is financially responsible for personal mobile devices used in your business?• Various models – depends on strategy – Company pays nothing – Company pays everything – Somewhere the middle? – Capital costs – Monthly costs – The device, apps, peripherals, network fees, etc
    18. 18. • Who owns and administers the policy?• Will there be a reward / consequence?• Will it be reviewed?
    19. 19. Create a BYOD Policy – Decide on and institute a governance model Upgrade IT – Security & Infrastructure Onboard employee personal devices