Bring Your Own Device (BYOD)

980 views

Published on

Bring Your Own Device

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
980
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
50
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Bring Your Own Device (BYOD)

  1. 1. INTRODUCTION • Bring Your Own Device (BYOD) has become one of the most influential trends that has or will touch each and every IT organization. • The term has come to define a megatrend occurring in IT that requires sweeping changes to the way devices are used in the workplace. 2
  2. 2. WHAT IS BYOD? • Bring your own device (BYOD) (also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC)) refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications. Source: Wikipedia 3
  3. 3. THE CONFLICT Corporate space Consumer space Devices with functionality limited to phone calls and email Mobile phones Smart phones offering tens of thousands of useful apps, typically iPhone Restricted storage for official files and email What to Store Providers such as Google and Yahoo offering virtually unlimited storage to store whatever you want Long replacement cycles – up to four years for hardware and eight years for software Update Cycles Very rapid updated hardware – immediate download of new apps and services Highly standardized, inflexible and often restricted environment Style and Customization High variety of consumer devices, systems, applications and “skins” 4
  4. 4. BALANCE 5
  5. 5. BUSINESS DRIVERS Consumer Devices Multiple Needs and Multiple Devices Work and Personal Overlap Anywhere, Anytime Mobility Video, Collaboration, and Rich Media Applications 6
  6. 6. BENEFITS OF BYOD Improved employee convenience and satisfaction Higher agility in business operation Attraction and retention tool for talented workers Increased employee productivity Greater workforce mobility 7
  7. 7. CHALLENGES FOR IT ORGANIZATION Unclear cost benefits Providing Device Choice and Support Maintaining Secure Access to the Corporate Network On-Boarding of New Devices Enforcing Company Acceptable Usage Policies Visibility of Devices on the Network Protecting Data and Loss Prevention Revoking Access Potential for New Attack Vectors Ensuring Wireless LAN Performance and Reliability Managing the Increase in Connected Devices 8
  8. 8. CHALLENGES FOR END USER Keeping it Simple Mixing Personal Device With Work Getting the Productivity and Experience Needed 9
  9. 9. PRIVACY CHALLENGES • Personal nature of device and expectation of privacy • • • Mobile nature of the devices • • Remote working and travel (checking to see if employee is where they are supposed to be) Where monitoring may occur on a personal device: • • • • • Is prohibited web surfing on a company device allowed on the personal device? Personal data: pictures, videos, personal emails, bank statements, tax returns, social security numbers, chat histories, user names/passwords, medical information While connected to the network Data in transmission between personal device and network Monitoring of “sandboxed” or company area of mobile device. Monitoring of entire device (e.g. key stroke logger; recording browser history, etc.) Location 10
  10. 10. PRIVACY CHALLENGES – INVESTIGATIONS • Investigations (internal, criminal, audits) • Security breach response – forensic investigations • Litigation holds • eDiscovery (searching for, preserving and collecting data) • Information requests/demands/subpoenas/regulatory investigations 11
  11. 11. INCIDENT RESPONSE CHALLENGES • Obtaining access to the device and data thereon • • • Physical possession Unlocked/login credentials Unencrypted • Remote wiping • Timing issues • • • Damage to the device • • • • • Incident detection Litigation holds/tampering of evidence Installation of software may be required Data loss Software corruption Loss of use Privacy issues • • Cooperation issue Ability to tie to business need and limit scope 12
  12. 12. Governance & Risk Analysis 13
  13. 13. QUADRANT DIAGRAM High Embrace Contain Disregard Block Value to Business Low Security pressure High 14
  14. 14. BYOD GOVERNANCE • Creation of organization-specific BYOD policies developed in conjunction with Legal, HR, IT, Procurement, Sales, and others • Transparent guidelines on who is eligible or not for the program • New employee agreements for support, risk, and responsibility. • Adjustments to service levels and service desk training. • Funding and reimbursement strategies. • Employee education and IT publishing specifications on acceptable devices. • Customization by country and possible tax implications for both employee and employer 15
  15. 15. BYOD GOVERNANCE • Individual responsibility needs are heightened under BYOD programs • Corporate management needs to be transparent in requiring greater management control over an individual’s devices in order to allow BYOD programs to work • Internal audit team’s knowledge of the organization’s mobile strategy needs to evolve just as quickly as the mobile landscape • Governance must include an interdisciplinary Steering Committee to identify, discuss, and evaluate risks from an interdisciplinary perspective 16
  16. 16. RISK ANALYSIS • Performing a risk analysis prior to implementing a BYOD program is crucial • Interdisciplinary teams should be involved in the risk analysis • Risk assessment should incorporate the likelihood as well as the impact of the risks • Risk analysis should address identification of the associated BYOD information risks to the organization: • • • • Handling of personally identifiable information (PII) Handling of high value organizational information Handling of other data impacted by regulatory compliance (healthcare data, credit card data) Risk assessment mitigation plans must be owned by the business and IT stakeholders and properly implemented 17
  17. 17. Mobile Device Management 18
  18. 18. MOBILE DEVICE MANAGEMENT • Mobile Device Management (MDM) software secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises • MDM functionality typically includes over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones, smartphones, tablet computers, ruggedized mobile computers, mobile printers, mobile POS devices, etc. • By controlling and protecting the data and configuration settings for all mobile devices in the network, MDM can reduce support costs and business risks • The intent of MDM is to optimize the functionality and security of a mobile communications network while minimizing cost and downtime 19
  19. 19. MOBILE DEVICE MANAGEMENT • Mobile Device Management software (MDM) can consist of four main components: • • • • Software management - Manage and support mobile applications, content and operating systems (configuration, updates, patches/fixes) Network service management - Gain information off of the device that captures location, usage, and cellular and WLAN network info (provisioning, usage, service, reporting) Hardware management - Provisioning and support (asset/inventory, activation) beyond basic asset management. Security management - Enforcement of standard device security, authentication and encryption (remote wipe, policy enforcement). 20
  20. 20. Deployment Basics 21
  21. 21. 3 MODELS 22
  22. 22. APPLICATION STRATEGIES 23
  23. 23. HIGH LEVEL ARCHITECTURE 24
  24. 24. 25
  25. 25. ACTION POINTS TO OVERCOME SECURITY CONCERNS 26
  26. 26. Q&A 27
  27. 27. THANK YOU 28

×