Phil Cracknell, Head of Security & Privacy Services at Company85 - BYO A good thing?


Published on

Phil Cracknell, Head of Security & Privacy Services at Company85 spoke at the CIO Event April 2014

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Phil Cracknell, Head of Security & Privacy Services at Company85 - BYO A good thing?

  1. 1. BYO: BYO A GOOD THING?………………………………… Head of Information Security Company85 Phil Cracknell, FBCS, CISSP, MIRM
  2. 2. DILBERT © (2013) Scott Adams. Used by permission of Universal Uclick. All rights reserved.
  3. 3. BYOD grows like a weed The ability of corporations to deal with it grows like… petrified wood
  4. 4. BYOD has stirred plenty of controversy Companies are either embracing it to its fullest extent or avoiding it like the plague It is one of the few technology shifts that can ‘creep’ into an organisation from the top down! Current Adoption
  5. 5. BYOD or BYO seemed to emerge around 2009 as a questionable solution to rising IT costs • More functional/sexy technology now available for personal consumption • Company or user initiated? • Is it inevitable? • How should businesses approach it? Where did BYO come from?
  6. 6. So why is there a greater apparent fear of BYO than any other recent technology shift? – Less control of IT? – Less ownership? – Implied greater personal use? Fear
  7. 7. When employees invest their own money in a device, they naturally feel “it’s mine, so I should be able to do what I want with it.” When the company pays for a device, employees are more inclined to accept rules and restrictions The Balancing Act
  8. 8. From the user perspective “I don’t want to carry my own phone and a company one” “I don’t want to use my personal phone for work” “I can’t use my work phone to the degree I require for personal use” “I want the latest technology of my choice, not the ones my company choose”
  9. 9. A good thing BYOD can potentially save your company money and help make your employees happier and more productive It could drive massive and essential changes to larger businesses in terms of network zoning, data segregation and classification (Internal security defences)
  10. 10. There’s always a ‘however’ BYOD brings along with it a number of risks, from security to compatibility and everything in between – Legal – HR issues – Device loss/insurance/replacement – Policy
  11. 11. BYOD Risks 1: Exposed data 2: Passwords in the wild 3: Declining productivity 4: Compatibility issues 5: Bandwidth overuse/wireless bottlenecks 6: Device management 7: Virus infections
  12. 12. People BYOD presents several technical risks but ultimately they are linked to people and behaviour BYOD brings out the best and worst in people, and the user types can be easily categorised
  13. 13. The Millennials I blame them for it all!!! It's the Millennials pouring into all our workplaces. They put the pressure on management to allow them to use their own mobile devices on the job, not some antiquated corporate-issued BlackBerry. That's sooo 1998!! They want to work odd hours and over weekends. They actually want their business lives and personal lives to blend.
  14. 14. The Techies They've found a friend in Android. With BYOD in place, they are free to poke fun at the consumerised Apple-users, compare App stores, support and functionality – and all in the name of work! Android offers the flexibility that techies crave, and also serves up some pretty cool apps for monitoring systems remotely and other IT job functions.
  15. 15. The Main Board CEOs and the like have a hallowed place in the BYOD world. Whatever they want, they get. Like Captain Kirk with an MBA, these business leaders shout for more power, “all you can give me and then more!” and the trusty IT engine room shall provide it. From Apple devices on the day of launch, to an IT throwback such as the BlackBerry it’s pretty clear where the BYOD fire started...
  16. 16. The Older Generation BYOD isn't for everyone, but that hasn't stopped some companies from mandating the policy across the workforce. Half of employers will require employees to supply their own device for work purposes by 2017, says a Gartner survey of CIOs. Pity the worker who doesn't want to put up the cash for a fancy mobile device, sign over privacy rights, and then be expected to surf social networks for support when things go wrong.
  17. 17. Who loves the iPhone and iPad more than anyone else? Salespeople, of course! They like to keep things simple, love to give dynamic presentations, and hate typing on keyboards. They also like to blend their personal and work lives. The iPad with its bold Retina display was simply made for salespeople in the workplace. The Salespeople
  18. 18. The Clock-watchers Entry-level and hourly workers have much to gain from BYOD, many of whom don't qualify for a corporate-issued device. Now they can tap into the power of personal mobile technology to do their jobs. It's a freedom they've never had before. Great, right? Well, BYOD also opens the doors to work outside of defined work hours, in the form of work-related email and text messages bombarding hourly workers after they have punched out. Expect a slew of lawsuits for unpaid overtime.
  19. 19. The Moaners Every workforce has moaners. Nothing is ever good enough, and BYOD is no exception. BYOD was trumpeted by moaners who wanted to use their own devices instead of a corporate-issued relic. They complained about having to carry around two devices all the time. Now that BYOD has arrived, they're still complaining. Expectations of privacy, security controls on personal devices, and policies chock full of legal jargon. The moaner makes the remote wipe capability of MDM a must!
  20. 20. The Social Networkers Social networking addicts love BYOD. It makes social networking easier to do at work. One of the top concerns with BYOD is that it will lead to less productive workers. Some companies even ban or limit the use of Facebook and others at work. On a related note, companies also better not infringe on an employee's right to social media privacy in a BYOD policy.
  21. 21. The Bad Employees In the wrong hands, BYOD can be disastrous. The problem for us is that it will soon be in every employees hands! Most companies have disgruntled employees. BYOD effectively makes it easier for a ‘bad’ employee to steal stuff and hide it somewhere in the cloud, even claiming ignorance to the actual location of where the data was ‘moved’ or coped to ;-)
  22. 22. Vendor FUD Despite the inevitable flood of Fear, Uncertainty and Doubt spewed from our vendor community – many of the risks with BYO are INTERNAL and staff-related Use BYOD to clean up your wild west – embrace it! BYOD will, if done right, make your world more secure not less
  23. 23. Some essentials for survival of BYO Get a clear mandate from the board – What is in scope? BYOD doesn’t have to mean mobiles, tablets and laptops – ask the hard questions Data Classification and Zoning – Ensure you know where your important/confidential data is – Ensure policies and technology control access to this data – Control entry to and placement on your network – a BYO DMZ? Hell yes! Get an MDM (Mobile Device Management) solution – Remote wipe – Device barring and exclusion – Remote enforcement of PIN lock and other features
  24. 24. BYO – A good thing? Thank you! Phil Cracknell, FBCS, CISSP, MIRM Head of Security and Privacy services at Company85 @pcracknell