Key Points To Be Discussed :
Introduction
Inscope items
Statistics on BYOD issues worldwide
Why we need to think about protection
Used Cases before going to create a Playbook
[Open to all for discussion continued on Key Takeaways]
Key Takeaways: Inscope items, Important concerns, & Solutions sharing
Speaker - J. Gokulavan
Designation: Senior Manager Compliance
4. BYOD An Overview
Bring Your Own Device (BYOD) as a trend is catching at enterprises of
all sizes. The Small to Medium Business (SMB) finds this a cheap
solution in spends incurred on Asset renting/purchasing.
BYOD policies of even a formal BYOD initiative may seem overkill for
an SMB. If an employee's personal device is accessing your corporate
network and being used to conduct corporate business on a regular
basis, then your SMB needs at least a basic BYOD framework that
covers device security, network security, and related policies.
5. What Qualifies under BYOD
Any device and associated devices that connects with companies
network, client network or associated networks for business reasons.
Laptop
iPad/Tabs
Mobile Phones
Storage Devices
Network Connectivity Devices
Smart Watches
IoT connected to BYOD
6. Concerns about BYOD security
Exit
Employees leaving company
with insider knowledge47%
Theft/Loss
Theft or Loss of devices.
Include servicing of devices
also
44%
Data
Unauthorized data distribution
42%
Control
Lack of control over devices
42%
Compliance
Impact on compliance, legal,
contractual, security.40%
7. Why do we need protection?
• Out of 70 Million Devices Stolen only 7% recovered
• 15% of employees have accessed sensitive data from
non-work-sanctioned areas
• 54% of organizations don’t include BYOD in Backup Plan
• 65% of companies cannot wipe devices remotely
• 76% of companies do not encrypt mobile devices
ITAAS
8. Things to be considered
11 Clear instructions on what kind of devices are allowed and
disallowed; what configuration & what apps are allowed and
disallowed.
Specify the devices & apps allowed and disallowed
3 A clear service policy for devices under BYOD criteria. Also,
integrate the BYOD policy with already available policies as
required.
BYOD Service Policy & Integration
2 Establish a strict security policy for all the devices that enter the
premises, physically, logically and directly to client systems.
Specify Security Policy for BYOD
4 Special attention on what happens during service, device thefts &
employee exit.
Service, Theft & Exit Strategy
9. Issue List
• User X using her personal laptop directly logged in to client VPN.
Client security found User X system infected with virus and
reported to company.
• User Y using his BYOD took all the codes and transmitted
through Bluetooth/WiFI to his another device.
• User A dealing with sensitive data had lost his device during
transit at an airport. And the device was not encrypted.
• User B sharing her personal laptop with kids ended up seeing all
the company files stored were deleted from network.
Points to Ponder
11. In Scope
• Organization
• Employee
• Clients
• Transmission devices & service providers
• Devices used for official work
• Travel
• Vendors/Contractors
12. Important Concerns
• Exit of employee with data
• Theft/data loss
• Control of the employee and device
• Compliance (Legal, Statutory, Contractual)
• Sensitive information getting exposed due to usage in public place
• Applications and Social media access beyond control
• Poor mobile management
• Log monitoring
• Geographical based access issues
• Patch management and AV updates
• Encryption & Security protocols
13. Solutions
• BYOD Policy to be defined and implemented
• Awareness broadcast [scheduled]
• MDM should be in place
• Use SSO Services OKTA
• VDI [Virtual Desktop Infrastructure]
• CISCO Identify Services Engine (ISE)
• Microsoft Intune
• Mobileiron
• Scalefusion
• ManageEngine - Desktop Central