SlideShare a Scribd company logo

Bring Your Own Device (BYOD)

Murray Security Services
Murray Security Services

Increased Productivity, Increased Risk, The Balancing Act

Technology
1 of 17
Download to read offline
Video Templates for PowerPoint • This is placeholder text • This is placeholder text • This is placeholder text • This is placeholder text Presented for 5th Cyber Security Training & Technology Forum
BYOD Agenda – BYOD – Defined – Evolution of BYOD – Advantages of BYOD – Case Studies – Risks and Threats – Case Studies – CIA – Data Breech – Configuration Management
A Brief Evolution of BYOD (BYOD Defined) • 2009 The Term BYOD Emerges by Intel Corporation • 2010 - IT Can’t Ignore Personal Devices • 2011 - BYOD is Here to Stay • 2012 - Data Security Takes Centre Stage • 2013 - The App Explosion • 2014 - BYOD Ceases to Exist “In 2014, BYOD evolved to become more about enablement and corporate access that goes beyond email. Employees expect the same access to workplace content on their mobile devices that they have on their laptops and PCs. MDM and MAM have shifted to EMM, as the industry evolves to cater to a broader set of mobile capabilities for the enterprise based on use cases across users, devices, apps and content.” “BYOD has ceased to exist, and has been replaced by a broader set of mobile capabilities that enable the workforce of the future. BYOD is morphing into BYOx – a new trend that takes the focus away from the specific device employees are using. It’s not just a question of phones and tablets anymore. Content, wearables and apps are all part of the BYOx spectrum. Moving forward, this will be the area that demands the most attention from a security perspective.” http://www.lifehacker.co.uk/2014/11/07/brief-history-byod-doesnt-actually-exist-anymore
Advantages & Perceptions A study by IBM says that 82% of employees think that smartphones play a critical role in business. The study also shows benefits of BYOD include: • Increased productivity - Increased productivity comes from a user being more comfortable with their personal device; being an expert user makes navigating the device easier, increasing productivity. • Cost savings for the Company - Cost savings can occur on the company end because they now would not be responsible for furnishing the employee with a device, but is not a guarantee. • Employee satisfaction - Employee satisfaction, or job satisfaction, occurs with BYOD by allowing the user to use the device they have selected as their own rather than one selected by the IT team. It also allows them to carry one device as opposed to one for work and one for personal. Additionally, personal devices are often more cutting edge as company technology refreshes don't happen as often. https://en.wikipedia.org/wiki/Bring_your_own_device
A Gartner strategic planning assumption indicates “by 2020, 85% of organizations will adopt BYOD in some form.” No turning back - Shows that the primary benefits of BYOD programs are improved employee mobility (57%), - Greater employee satisfaction (56%) - Improved productivity (54%). - The same survey indicates the biggest security concerns are loss of company or client data (67%), - Unauthorized access to company data and systems (57%) - Users downloaded apps or content with embedded security exploits (47%). http://www.net-security.org/article.php?id=2144
BYOD and Mobile Security Survey by the Information Security Group A recent survey about BYOD and Mobile Security by the Information Security Group on LinkedIn - Shows that the primary benefits of BYOD programs are improved employee mobility (57%), - Greater employee satisfaction (56%) - Improved productivity (54%). - The same survey indicates the biggest security concerns are loss of company or client data (67%), - Unauthorized access to company data and systems (57%) - Users downloaded apps or content with embedded security exploits (47%). http://www.net-security.org/article.php?id=2144
What Are we worried about?!
Heartbleed Attack on BYOD Service Hit Insurance Giant Aviva Heartbleed vulnerability was leveraged in an attack against a BYOD service provider • Allowing the attackers to potentially cause millions in damages for insurance giant Aviva • A number of the company’s fleet of employee-owned mobile devices were wiped clean. • “Aviva was using BYOD service MobileIron to manage more than 1,000 smart devices such as iPhones and iPads. • On the evening of the 20 May 2014, a hacker compromised the MobileIron admin server and posted a message to those handhelds and the email accounts, according to our source,” the report stated. “The hacker then performed a full wipe of every device and subsequently took out out the MobileIron server itself.” http://www.tripwire.com/state-of-security/latest-security-news/heartbleed-attack-on-byod-service-hit-insurance-giant-aviva/
6 Biggest Business Security Risks and How You Can Fight Back - CIO Magazine IT and security experts discuss the leading causes of security breaches and what your organization can do to reduce them. • Risk No. 1: Disgruntled Employees • Risk No. 2: Careless or Uninformed Employees • Risk No. 3: Mobile Devices (BYOD) “Data theft is at high vulnerability when employees are using mobile devices [particularly their own] to share data, access company information, or neglect to change mobile passwords,” explains Jason Cook,CTO & vice president of Security, BT Americas. “According to a BT study, mobile security breaches have affected more than two-thirds (68 percent) of global organizations in the last 12 months.” 2015 Mobile Security Survival Guide - http://www.cio.com/article/2867781/mobile-security/2015- mobile-security-survival-guide.html By Jennifer Lonoff Schiff, CIO | Jan 20, 2015 5:54 AM PT
BYOD – Data Breaches http://raconteur.net/infographics/data-security-breaches
What do you need to consider in your BYOD Policy? • Application Security (include 3rd party) • Sensitive Data Access • Loss of Devices • Sold or disposed without sanitizing • Malware • Vulnerability Management • Confiscation for Incident Response • Conflict with other policies
Mobile Security Reference Architecture • The figures for using mobile devices for work related tasks in 2016 are estimated at 350 million users of mobile devices, of which 200 million will be using their own personal devices for work- related tasks as well • The MSRA document provides reference architecture for mobile computing, released by the Federal CIO Council and the Department of Homeland Security (DHS) to assist Federal Departments and Agencies (D/As) in the secure implementation of mobile solutions through their enterprise architectures. One important assumption pointed out by the council is that this reference only applicable to mobile devices including mobile phone and tablet, but not laptops and other technology gadgets. (Gap!) • DISA has published guidance that requires DoD Service components and Agencies to develop CMD policies. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.5,October 2014
BYOD – Instituting Controls (MDAC) Implement Mobile Device Access Control (MDAC). • Designed to control network access and bandwidth for employee-owned mobile devices, including Smartphones and tablets. • Goes beyond password protection by preventing network access until the devices comply with a pre-established list of criteria. • Typically includes a certain anti-virus protection level and having the most recent system updates and patches. • With MDAC, organizations also can redirect users to self-registration portals, block usage of certain applications and control bandwidth usage by the type of device. http://minnesotabusiness.com/blog/byod-insiders-attack
BYOD – Instituting Controls (MDM issues) Mobile Device Management (MDM) “While MDM provides organizations with the ability to control applications and content on the device, research has revealed controversy related to employee privacy and usability issues that lead to resistance in some organizations.” “Corporate liability issues have also emerged when businesses wipe devices after employees leave the organization.” Issues Include: Who owns the telephone number Separating personal content from company data - being monitored Misuse of corporate access on personal devices http://minnesotabusiness.com/blog/byod-insiders-attack
References & Resources International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.5,October 2014 Detecting cyber attacks in a mobile and BYOD organization by Oliver Tavakoli CTO at Vectra Networks - Tuesday, 14 October 2014. A Brief History of BYOD and Why it Doesn't Actually Exist Anymore, By James Laird on 07 Nov 2014 http://searchmobilecomputing.techtarget.com/tip/Minimizing-BYOD-security-risks-through-policy-and- technology
Thank You! Open Discussion QUESTIONS?

Recommended

Honda hr
Honda hr Honda hr
Honda hr
Harsh Yadav
 
a Case study on A V Birla Group - Legacy of Free Enterprise and Diversification
a Case study on A V Birla Group - Legacy of Free Enterprise and Diversification a Case study on A V Birla Group - Legacy of Free Enterprise and Diversification
a Case study on A V Birla Group - Legacy of Free Enterprise and Diversification
MARAM SRAVAN KUMAR
 
IBM presentation
IBM presentationIBM presentation
IBM presentation
Keith Miller
 
Raymond ltd.
Raymond ltd.Raymond ltd.
Raymond ltd.
chauhansunny
 
Management foundation, ITC Company Organizational Structure ,AMITY UNIVERSITY...
Management foundation, ITC Company Organizational Structure ,AMITY UNIVERSITY...Management foundation, ITC Company Organizational Structure ,AMITY UNIVERSITY...
Management foundation, ITC Company Organizational Structure ,AMITY UNIVERSITY...
AditiBhadani2
 
levis jeans supply chain management
levis jeans supply chain managementlevis jeans supply chain management
levis jeans supply chain management
Aliya .
 
management information system
management information systemmanagement information system
management information system
Kumudini Alwis
 
Study on 7Ps of Reliance Jio in Bhubaneswar
Study on 7Ps of Reliance Jio in BhubaneswarStudy on 7Ps of Reliance Jio in Bhubaneswar
Study on 7Ps of Reliance Jio in Bhubaneswar
Pratikshya Parida
 

Recommended

Honda hr
Honda hr Honda hr
Honda hr
Harsh Yadav
 
a Case study on A V Birla Group - Legacy of Free Enterprise and Diversification
a Case study on A V Birla Group - Legacy of Free Enterprise and Diversification a Case study on A V Birla Group - Legacy of Free Enterprise and Diversification
a Case study on A V Birla Group - Legacy of Free Enterprise and Diversification
MARAM SRAVAN KUMAR
 
IBM presentation
IBM presentationIBM presentation
IBM presentation
Keith Miller
 
Raymond ltd.
Raymond ltd.Raymond ltd.
Raymond ltd.
chauhansunny
 
Management foundation, ITC Company Organizational Structure ,AMITY UNIVERSITY...
Management foundation, ITC Company Organizational Structure ,AMITY UNIVERSITY...Management foundation, ITC Company Organizational Structure ,AMITY UNIVERSITY...
Management foundation, ITC Company Organizational Structure ,AMITY UNIVERSITY...
AditiBhadani2
 
levis jeans supply chain management
levis jeans supply chain managementlevis jeans supply chain management
levis jeans supply chain management
Aliya .
 
management information system
management information systemmanagement information system
management information system
Kumudini Alwis
 
Study on 7Ps of Reliance Jio in Bhubaneswar
Study on 7Ps of Reliance Jio in BhubaneswarStudy on 7Ps of Reliance Jio in Bhubaneswar
Study on 7Ps of Reliance Jio in Bhubaneswar
Pratikshya Parida
 
Ibm
IbmIbm
Ibm
regie8
 
Airtel ppt new
Airtel ppt newAirtel ppt new
Airtel ppt new
Nikhil AR
 
Crm strategies & tools vodafone and airtel
Crm strategies & tools vodafone and airtelCrm strategies & tools vodafone and airtel
Crm strategies & tools vodafone and airtel
sarthak omer
 
Vodafone
VodafoneVodafone
Vodafone
Sudhir Singh Rajput
 
Leather & Tannery Industry in Bangladesh.
Leather & Tannery Industry in Bangladesh.Leather & Tannery Industry in Bangladesh.
Leather & Tannery Industry in Bangladesh.
Farabi Ahmed
 
Dabur india 2014
Dabur india 2014Dabur india 2014
Dabur india 2014
Arpit Singh
 
MIS Case Study
MIS Case StudyMIS Case Study
MIS Case Study
Saeed Siddik
 
MARKETING STRATEGY OF DABUR
MARKETING STRATEGY OF DABURMARKETING STRATEGY OF DABUR
MARKETING STRATEGY OF DABUR
akash9453638626
 
Siemens hr strategy
Siemens hr strategySiemens hr strategy
Siemens hr strategy
Ajajul Hoque
 
Ibm presentation ppt
Ibm presentation pptIbm presentation ppt
Ibm presentation ppt
ravish28
 
Strategic Management Analysis - Airtel
Strategic Management Analysis - AirtelStrategic Management Analysis - Airtel
Strategic Management Analysis - Airtel
Arjun Parekh
 
Deloitte case presentation
Deloitte case presentationDeloitte case presentation
Deloitte case presentation
Abrity Bhattacharya
 
Amy's Ice cream
Amy's Ice creamAmy's Ice cream
Amy's Ice cream
Nikita James
 
Nokia's Supply Chain Management - Case Study
Nokia's Supply Chain Management - Case StudyNokia's Supply Chain Management - Case Study
Nokia's Supply Chain Management - Case Study
Namrata Chatterjee
 
HMSI HR Failure
HMSI HR FailureHMSI HR Failure
HMSI HR Failure
Manas Tripathy
 
Fmcg industry- Organisation Structure
Fmcg industry- Organisation StructureFmcg industry- Organisation Structure
Fmcg industry- Organisation Structure
Meghana Kalmady
 
Hr policies
Hr policiesHr policies
Hr policies
Pratibha Mishra
 
Apple vs USG, Ethics
Apple vs USG, EthicsApple vs USG, Ethics
Apple vs USG, Ethics
Kate Organ
 
Strategy analysis of madura f&l
Strategy analysis of madura f&lStrategy analysis of madura f&l
Strategy analysis of madura f&l
jerry christo
 
Erp pantaloon case study
Erp pantaloon case studyErp pantaloon case study
Erp pantaloon case study
Muhamad Mohaideen
 
Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy on
ijmnct
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01
ijmnct
 

More Related Content

What's hot

MARKETING STRATEGY OF DABUR
MARKETING STRATEGY OF DABURMARKETING STRATEGY OF DABUR
MARKETING STRATEGY OF DABUR
akash9453638626
 
Ibm presentation ppt
Ibm presentation pptIbm presentation ppt
Ibm presentation ppt
ravish28
 
Apple vs USG, Ethics
Apple vs USG, EthicsApple vs USG, Ethics
Apple vs USG, Ethics
Kate Organ
 

What's hot (20)

Ibm
IbmIbm
Ibm
 
Airtel ppt new
Airtel ppt newAirtel ppt new
Airtel ppt new
 
Crm strategies & tools vodafone and airtel
Crm strategies & tools vodafone and airtelCrm strategies & tools vodafone and airtel
Crm strategies & tools vodafone and airtel
 
Vodafone
VodafoneVodafone
Vodafone
 
Leather & Tannery Industry in Bangladesh.
Leather & Tannery Industry in Bangladesh.Leather & Tannery Industry in Bangladesh.
Leather & Tannery Industry in Bangladesh.
 
Dabur india 2014
Dabur india 2014Dabur india 2014
Dabur india 2014
 
MIS Case Study
MIS Case StudyMIS Case Study
MIS Case Study
 
MARKETING STRATEGY OF DABUR
MARKETING STRATEGY OF DABURMARKETING STRATEGY OF DABUR
MARKETING STRATEGY OF DABUR
 
Siemens hr strategy
Siemens hr strategySiemens hr strategy
Siemens hr strategy
 
Ibm presentation ppt
Ibm presentation pptIbm presentation ppt
Ibm presentation ppt
 
Strategic Management Analysis - Airtel
Strategic Management Analysis - AirtelStrategic Management Analysis - Airtel
Strategic Management Analysis - Airtel
 
Deloitte case presentation
Deloitte case presentationDeloitte case presentation
Deloitte case presentation
 
Amy's Ice cream
Amy's Ice creamAmy's Ice cream
Amy's Ice cream
 
Nokia's Supply Chain Management - Case Study
Nokia's Supply Chain Management - Case StudyNokia's Supply Chain Management - Case Study
Nokia's Supply Chain Management - Case Study
 
HMSI HR Failure
HMSI HR FailureHMSI HR Failure
HMSI HR Failure
 
Fmcg industry- Organisation Structure
Fmcg industry- Organisation StructureFmcg industry- Organisation Structure
Fmcg industry- Organisation Structure
 
Hr policies
Hr policiesHr policies
Hr policies
 
Apple vs USG, Ethics
Apple vs USG, EthicsApple vs USG, Ethics
Apple vs USG, Ethics
 
Strategy analysis of madura f&l
Strategy analysis of madura f&lStrategy analysis of madura f&l
Strategy analysis of madura f&l
 
Erp pantaloon case study
Erp pantaloon case studyErp pantaloon case study
Erp pantaloon case study
 

Similar to Bring Your Own Device (BYOD)

Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy on
ijmnct
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01
ijmnct
 
BYOD- A Productivity Catalyst
BYOD- A Productivity CatalystBYOD- A Productivity Catalyst
BYOD- A Productivity Catalyst
Packet One
 
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trendBring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
Martin Perry
 

Similar to Bring Your Own Device (BYOD) (20)

Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy on
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
 
Leveraging byod
Leveraging byodLeveraging byod
Leveraging byod
 
BYOD
BYODBYOD
BYOD
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in Pakistan
 
BYOD- A Productivity Catalyst
BYOD- A Productivity CatalystBYOD- A Productivity Catalyst
BYOD- A Productivity Catalyst
 
The Essential BYOD Handbook
The Essential BYOD HandbookThe Essential BYOD Handbook
The Essential BYOD Handbook
 
Navigating the Flood of BYOD
Navigating the Flood of BYODNavigating the Flood of BYOD
Navigating the Flood of BYOD
 
BYOD - Highlights of "Consumerization"
BYOD - Highlights of "Consumerization"BYOD - Highlights of "Consumerization"
BYOD - Highlights of "Consumerization"
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 
ACT 2014 Business or Pleasure the Challenges of Bring Your Own Device Policie...
ACT 2014 Business or Pleasure the Challenges of Bring Your Own Device Policie...ACT 2014 Business or Pleasure the Challenges of Bring Your Own Device Policie...
ACT 2014 Business or Pleasure the Challenges of Bring Your Own Device Policie...
 
Securely adopting mobile technology innovations for your enterprise using ibm...
Securely adopting mobile technology innovations for your enterprise using ibm...Securely adopting mobile technology innovations for your enterprise using ibm...
Securely adopting mobile technology innovations for your enterprise using ibm...
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are Asking
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
 
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERIntegrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPER
 
Embracing BYOD
Embracing BYODEmbracing BYOD
Embracing BYOD
 
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trendBring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
 

More from Murray Security Services

More from Murray Security Services (15)

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
 
Accidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 VersionAccidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 Version
 
Manufacturing Hacks
Manufacturing HacksManufacturing Hacks
Manufacturing Hacks
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & Meltdown
 
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
 
Cybersecurity for Small Business
Cybersecurity for Small BusinessCybersecurity for Small Business
Cybersecurity for Small Business
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 
How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good Policies
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 

Recently uploaded

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 

Bring Your Own Device (BYOD)

  • 1. Video Templates for PowerPoint • This is placeholder text • This is placeholder text • This is placeholder text • This is placeholder text Presented for 5th Cyber Security Training & Technology Forum
  • 2. BYOD Agenda – BYOD – Defined – Evolution of BYOD – Advantages of BYOD – Case Studies – Risks and Threats – Case Studies – CIA – Data Breech – Configuration Management
  • 3.
  • 4. A Brief Evolution of BYOD (BYOD Defined) • 2009 The Term BYOD Emerges by Intel Corporation • 2010 - IT Can’t Ignore Personal Devices • 2011 - BYOD is Here to Stay • 2012 - Data Security Takes Centre Stage • 2013 - The App Explosion • 2014 - BYOD Ceases to Exist “In 2014, BYOD evolved to become more about enablement and corporate access that goes beyond email. Employees expect the same access to workplace content on their mobile devices that they have on their laptops and PCs. MDM and MAM have shifted to EMM, as the industry evolves to cater to a broader set of mobile capabilities for the enterprise based on use cases across users, devices, apps and content.” “BYOD has ceased to exist, and has been replaced by a broader set of mobile capabilities that enable the workforce of the future. BYOD is morphing into BYOx – a new trend that takes the focus away from the specific device employees are using. It’s not just a question of phones and tablets anymore. Content, wearables and apps are all part of the BYOx spectrum. Moving forward, this will be the area that demands the most attention from a security perspective.” http://www.lifehacker.co.uk/2014/11/07/brief-history-byod-doesnt-actually-exist-anymore
  • 5. Advantages & Perceptions A study by IBM says that 82% of employees think that smartphones play a critical role in business. The study also shows benefits of BYOD include: • Increased productivity - Increased productivity comes from a user being more comfortable with their personal device; being an expert user makes navigating the device easier, increasing productivity. • Cost savings for the Company - Cost savings can occur on the company end because they now would not be responsible for furnishing the employee with a device, but is not a guarantee. • Employee satisfaction - Employee satisfaction, or job satisfaction, occurs with BYOD by allowing the user to use the device they have selected as their own rather than one selected by the IT team. It also allows them to carry one device as opposed to one for work and one for personal. Additionally, personal devices are often more cutting edge as company technology refreshes don't happen as often. https://en.wikipedia.org/wiki/Bring_your_own_device
  • 6. A Gartner strategic planning assumption indicates “by 2020, 85% of organizations will adopt BYOD in some form.” No turning back - Shows that the primary benefits of BYOD programs are improved employee mobility (57%), - Greater employee satisfaction (56%) - Improved productivity (54%). - The same survey indicates the biggest security concerns are loss of company or client data (67%), - Unauthorized access to company data and systems (57%) - Users downloaded apps or content with embedded security exploits (47%). http://www.net-security.org/article.php?id=2144
  • 7. BYOD and Mobile Security Survey by the Information Security Group A recent survey about BYOD and Mobile Security by the Information Security Group on LinkedIn - Shows that the primary benefits of BYOD programs are improved employee mobility (57%), - Greater employee satisfaction (56%) - Improved productivity (54%). - The same survey indicates the biggest security concerns are loss of company or client data (67%), - Unauthorized access to company data and systems (57%) - Users downloaded apps or content with embedded security exploits (47%). http://www.net-security.org/article.php?id=2144
  • 8. What Are we worried about?!
  • 9. Heartbleed Attack on BYOD Service Hit Insurance Giant Aviva Heartbleed vulnerability was leveraged in an attack against a BYOD service provider • Allowing the attackers to potentially cause millions in damages for insurance giant Aviva • A number of the company’s fleet of employee-owned mobile devices were wiped clean. • “Aviva was using BYOD service MobileIron to manage more than 1,000 smart devices such as iPhones and iPads. • On the evening of the 20 May 2014, a hacker compromised the MobileIron admin server and posted a message to those handhelds and the email accounts, according to our source,” the report stated. “The hacker then performed a full wipe of every device and subsequently took out out the MobileIron server itself.” http://www.tripwire.com/state-of-security/latest-security-news/heartbleed-attack-on-byod-service-hit-insurance-giant-aviva/
  • 10. 6 Biggest Business Security Risks and How You Can Fight Back - CIO Magazine IT and security experts discuss the leading causes of security breaches and what your organization can do to reduce them. • Risk No. 1: Disgruntled Employees • Risk No. 2: Careless or Uninformed Employees • Risk No. 3: Mobile Devices (BYOD) “Data theft is at high vulnerability when employees are using mobile devices [particularly their own] to share data, access company information, or neglect to change mobile passwords,” explains Jason Cook,CTO & vice president of Security, BT Americas. “According to a BT study, mobile security breaches have affected more than two-thirds (68 percent) of global organizations in the last 12 months.” 2015 Mobile Security Survival Guide - http://www.cio.com/article/2867781/mobile-security/2015- mobile-security-survival-guide.html By Jennifer Lonoff Schiff, CIO | Jan 20, 2015 5:54 AM PT
  • 11. BYOD – Data Breaches http://raconteur.net/infographics/data-security-breaches
  • 12. What do you need to consider in your BYOD Policy? • Application Security (include 3rd party) • Sensitive Data Access • Loss of Devices • Sold or disposed without sanitizing • Malware • Vulnerability Management • Confiscation for Incident Response • Conflict with other policies
  • 13. Mobile Security Reference Architecture • The figures for using mobile devices for work related tasks in 2016 are estimated at 350 million users of mobile devices, of which 200 million will be using their own personal devices for work- related tasks as well • The MSRA document provides reference architecture for mobile computing, released by the Federal CIO Council and the Department of Homeland Security (DHS) to assist Federal Departments and Agencies (D/As) in the secure implementation of mobile solutions through their enterprise architectures. One important assumption pointed out by the council is that this reference only applicable to mobile devices including mobile phone and tablet, but not laptops and other technology gadgets. (Gap!) • DISA has published guidance that requires DoD Service components and Agencies to develop CMD policies. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.5,October 2014
  • 14. BYOD – Instituting Controls (MDAC) Implement Mobile Device Access Control (MDAC). • Designed to control network access and bandwidth for employee-owned mobile devices, including Smartphones and tablets. • Goes beyond password protection by preventing network access until the devices comply with a pre-established list of criteria. • Typically includes a certain anti-virus protection level and having the most recent system updates and patches. • With MDAC, organizations also can redirect users to self-registration portals, block usage of certain applications and control bandwidth usage by the type of device. http://minnesotabusiness.com/blog/byod-insiders-attack
  • 15. BYOD – Instituting Controls (MDM issues) Mobile Device Management (MDM) “While MDM provides organizations with the ability to control applications and content on the device, research has revealed controversy related to employee privacy and usability issues that lead to resistance in some organizations.” “Corporate liability issues have also emerged when businesses wipe devices after employees leave the organization.” Issues Include: Who owns the telephone number Separating personal content from company data - being monitored Misuse of corporate access on personal devices http://minnesotabusiness.com/blog/byod-insiders-attack
  • 16. References & Resources International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.5,October 2014 Detecting cyber attacks in a mobile and BYOD organization by Oliver Tavakoli CTO at Vectra Networks - Tuesday, 14 October 2014. A Brief History of BYOD and Why it Doesn't Actually Exist Anymore, By James Laird on 07 Nov 2014 http://searchmobilecomputing.techtarget.com/tip/Minimizing-BYOD-security-risks-through-policy-and- technology