Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Byod security
Similar to Byod security (20)
Recently uploaded
Recently uploaded (20)
Byod security
- 1. BYOD Security Info & PlayBook
- 2. Agenda Style BYOD An Overview, List; Concerns; Why Protect; Consideration & Issue List Information01 Collective Creation PlayBook02
- 4. BYOD An Overview Bring Your Own Device (BYOD) as a trend is catching at enterprises of all sizes. The Small to Medium Business (SMB) finds this a cheap solution in spends incurred on Asset renting/purchasing. BYOD policies of even a formal BYOD initiative may seem overkill for an SMB. If an employee's personal device is accessing your corporate network and being used to conduct corporate business on a regular basis, then your SMB needs at least a basic BYOD framework that covers device security, network security, and related policies.
- 5. What Qualifies under BYOD Any device and associated devices that connects with companies network, client network or associated networks for business reasons. Laptop iPad/Tabs Mobile Phones Storage Devices Network Connectivity Devices Smart Watches IoT connected to BYOD
- 6. Concerns about BYOD security Exit Employees leaving company with insider knowledge47% Theft/Loss Theft or Loss of devices. Include servicing of devices also 44% Data Unauthorized data distribution 42% Control Lack of control over devices 42% Compliance Impact on compliance, legal, contractual, security.40%
- 7. Why do we need protection? • Out of 70 Million Devices Stolen only 7% recovered • 15% of employees have accessed sensitive data from non-work-sanctioned areas • 54% of organizations don’t include BYOD in Backup Plan • 65% of companies cannot wipe devices remotely • 76% of companies do not encrypt mobile devices ITAAS
- 8. Things to be considered 11 Clear instructions on what kind of devices are allowed and disallowed; what configuration & what apps are allowed and disallowed. Specify the devices & apps allowed and disallowed 3 A clear service policy for devices under BYOD criteria. Also, integrate the BYOD policy with already available policies as required. BYOD Service Policy & Integration 2 Establish a strict security policy for all the devices that enter the premises, physically, logically and directly to client systems. Specify Security Policy for BYOD 4 Special attention on what happens during service, device thefts & employee exit. Service, Theft & Exit Strategy
- 9. Issue List • User X using her personal laptop directly logged in to client VPN. Client security found User X system infected with virus and reported to company. • User Y using his BYOD took all the codes and transmitted through Bluetooth/WiFI to his another device. • User A dealing with sensitive data had lost his device during transit at an airport. And the device was not encrypted. • User B sharing her personal laptop with kids ended up seeing all the company files stored were deleted from network. Points to Ponder
- 11. In Scope • Organization • Employee • Clients • Transmission devices & service providers • Devices used for official work • Travel • Vendors/Contractors
- 12. Important Concerns • Exit of employee with data • Theft/data loss • Control of the employee and device • Compliance (Legal, Statutory, Contractual) • Sensitive information getting exposed due to usage in public place • Applications and Social media access beyond control • Poor mobile management • Log monitoring • Geographical based access issues • Patch management and AV updates • Encryption & Security protocols
- 13. Solutions • BYOD Policy to be defined and implemented • Awareness broadcast [scheduled] • MDM should be in place • Use SSO Services OKTA • VDI [Virtual Desktop Infrastructure] • CISCO Identify Services Engine (ISE) • Microsoft Intune • Mobileiron • Scalefusion • ManageEngine - Desktop Central
- 14. Thank YouFrom CISO Team