This document discusses bring your own device (BYOD) policies and managing security risks. It provides an overview of a presentation on BYOD given to an Orange County CIO Roundtable. The presentation addressed how widespread BYOD is, common risks, how enterprises are dealing with it, available tools to manage BYOD, and how to balance access and security. It also defined several BYOD-related acronyms and discussed major security concerns, policies that are evolving, and considerations for developing a BYOD program.
Read Navigating the Flood of BYOD to find out what challenges to secure your network architecture. When Total Application and Network Visibility is implemented, BYOD helps employees to stay in touch with their personal lives while keeping their business lives separate, preserving the confidentiality and integrity of each—all on the same device. This adds up to productivity, security and morale.
Integrating Enterprise Mobility - an Assessment WHITE PAPERMobiloitte
We offer complete satisfaction to our customers by following standardized SDLC processes, hiring the best of breed developers and mastering most of our requirements gathering, wireframing, designing, developing, testing, delivering, deploying and maintenance tasks.
Ours is an off-shore model, but we ensure that both customer and Mobiloitte are always in touch by keeping communications open, providing regular updates and iterative releases so that the customer is always well informed.
Read Navigating the Flood of BYOD to find out what challenges to secure your network architecture. When Total Application and Network Visibility is implemented, BYOD helps employees to stay in touch with their personal lives while keeping their business lives separate, preserving the confidentiality and integrity of each—all on the same device. This adds up to productivity, security and morale.
Integrating Enterprise Mobility - an Assessment WHITE PAPERMobiloitte
We offer complete satisfaction to our customers by following standardized SDLC processes, hiring the best of breed developers and mastering most of our requirements gathering, wireframing, designing, developing, testing, delivering, deploying and maintenance tasks.
Ours is an off-shore model, but we ensure that both customer and Mobiloitte are always in touch by keeping communications open, providing regular updates and iterative releases so that the customer is always well informed.
Future proof and extend your IAM to Mobile Platforms and any connected deviceAldo Pietropaolo
As businesses continue to leverage their existing investments in IAM, it's becoming increasingly critical that organizations future proof their security and IAM services. Doing this while establishing the utmost agility and delivering to the business is going to be most critical.
The Internet of Things: the 4 security dimensions of smart devicesWavestone
Like all major technological revolutions, digital transformation is spreading over many areas. The Internet of Things plays an important role in this trend, trough the emergence of numerous devices.
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCloudIDSummit
David McNeely, Director of Product Management, Centrify
When it comes to identity, thinking outside of the box benefits both end users and IT organizations alike. IDaaS allows enterprises to make identity a transparent and ubiquitous part of their cloud and mobile applications, securely. Whether you’re developing application services, in-house mobile apps or taking advantage of existing SaaS apps, gain insight into integrating and managing mobile user access with your existing Identity Services, all while ensuring consistency in authentication, authorization, security policy and compliance. Attend this session and learn how to establish one single login for users and one unified identity infrastructure for IT.
MANAGE DEVICES AND APPS FROM THE CLOUD
With the proliferation of mobile devices in the workplace, employees can, and do, work from just about anywhere. To stay productive, this mobile workforce demands consistent access to corporate resources and data from any location on any device. This trend has introduced significant challenges for IT administrators who want to enable enterprise mobility while ensuring that corporate resources are protected from unauthorized access.
Leveraging Microsoft Intune, you can deliver application and device management completely from the cloud, or on-premises through integration with System Center 2012 Configuration Manager, all via a single management console.
Microsoft has also incorporated manageability and data protection directly into the Intune-managed Office mobile apps to help maximize productivity while providing the flexibility to extend these same management capabilities to your existing line-of-business apps through the Intune App Wrapping Tool.
Intune is included as part of Microsoft’s Enterprise Mobility Suite, the most cost-effective way to leverage Microsoft’s enterprise mobility cloud services for all of your employees.
http://www.cxounplugged.com
A research whitepaper published in November by Ovum and commissioned by Logicalis, revealed a great many interesting BYOD trends – many of which were highlighted in a recent CXO post (BYOD Research) by Ian Cook. Perhaps the most startling, however, was the very low proportion of ‘BYOD-ers’ who have signed corporate BYOD policies.
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
In their “Sector Insight” research study, Aberdeen Group investigated the considerations small business should take when selecting anti-malware solutions. Read this research paper to learn why Aberdeen recommends small businesses be open to endpoint security solutions from vendors other than McAfee and Symantec.
Future proof and extend your IAM to Mobile Platforms and any connected deviceAldo Pietropaolo
As businesses continue to leverage their existing investments in IAM, it's becoming increasingly critical that organizations future proof their security and IAM services. Doing this while establishing the utmost agility and delivering to the business is going to be most critical.
The Internet of Things: the 4 security dimensions of smart devicesWavestone
Like all major technological revolutions, digital transformation is spreading over many areas. The Internet of Things plays an important role in this trend, trough the emergence of numerous devices.
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCloudIDSummit
David McNeely, Director of Product Management, Centrify
When it comes to identity, thinking outside of the box benefits both end users and IT organizations alike. IDaaS allows enterprises to make identity a transparent and ubiquitous part of their cloud and mobile applications, securely. Whether you’re developing application services, in-house mobile apps or taking advantage of existing SaaS apps, gain insight into integrating and managing mobile user access with your existing Identity Services, all while ensuring consistency in authentication, authorization, security policy and compliance. Attend this session and learn how to establish one single login for users and one unified identity infrastructure for IT.
MANAGE DEVICES AND APPS FROM THE CLOUD
With the proliferation of mobile devices in the workplace, employees can, and do, work from just about anywhere. To stay productive, this mobile workforce demands consistent access to corporate resources and data from any location on any device. This trend has introduced significant challenges for IT administrators who want to enable enterprise mobility while ensuring that corporate resources are protected from unauthorized access.
Leveraging Microsoft Intune, you can deliver application and device management completely from the cloud, or on-premises through integration with System Center 2012 Configuration Manager, all via a single management console.
Microsoft has also incorporated manageability and data protection directly into the Intune-managed Office mobile apps to help maximize productivity while providing the flexibility to extend these same management capabilities to your existing line-of-business apps through the Intune App Wrapping Tool.
Intune is included as part of Microsoft’s Enterprise Mobility Suite, the most cost-effective way to leverage Microsoft’s enterprise mobility cloud services for all of your employees.
http://www.cxounplugged.com
A research whitepaper published in November by Ovum and commissioned by Logicalis, revealed a great many interesting BYOD trends – many of which were highlighted in a recent CXO post (BYOD Research) by Ian Cook. Perhaps the most startling, however, was the very low proportion of ‘BYOD-ers’ who have signed corporate BYOD policies.
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
In their “Sector Insight” research study, Aberdeen Group investigated the considerations small business should take when selecting anti-malware solutions. Read this research paper to learn why Aberdeen recommends small businesses be open to endpoint security solutions from vendors other than McAfee and Symantec.
In most of the small businesses, the employees might own latest and more advanced devices like tablets, Ultrabooks or laptops while their employers provide them with desktop computers which are at least 2 or 3 years outdated. So this would be a good opportunity for the businesses to compete with the rival companies. But there are a set of risks that go along with this concept as well, such as the data risk.
This paper analyzes the challenges involved with BYOD, the ways to leverage the benefits and also brings out the best practices in order to effectively utilize the BYOD trend.
BYOD addresses the rising need for employees to be mobile and more productive. They will appreciate the ability to customize how and where they work. With a BYOD policy, businesses will rest easier knowing there’s a level of transparency and specific rules to point to when employees have questions. By clearly communicating company BYOD policies, a business will build trust and good rapport with employees while ensuring that company information remains safe.
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaJim Kaplan CIA CFE
A presentation for the 2014 TeamMate User Conference as a guide for auditors on bring your own device and mobile device management – an important and timely topic for auditors in all organizations.
Learn more at CloudUniversity: www.cloudservices.education
BYOD: (Bring Your Own Device) - A trend allowing employees to use their own personal devices, like smartphones, tablets and laptops, for work purposes. By clearly communicating company BYOD policies, a business will build trust and good rapport with employees while ensuring that company information remains safe.
The allure of incredibly powerful, easy-to-use handheld devices, constant global connectivity, and an app for everything have given rise to a stunning consumer-driven transformation of the IT landscape.
Wondering About the "Bring Your Own Device to Work" Trend?Gen Re
The proliferation of smartphones and tablets has led an increasing number of companies to allow employees to bring their own devices into work. But what exactly is a BYOD program and how does it work? At Gen Re we recently installed our own BYOD program, and we'd like to share with you some information we collected when we started out on the journey.
The key business drivers for Enterprise MobilitySanjay Abraham
Big question is…Is mobility really going to change the way business is done. Will it radically improve the performance of the employees. Is it a fab or fad? There are still many doubts about the real value-add enterprise mobility would bring for enterprises.
Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...Kyron Baxter
This white paper explains how issuing smartphones or tablets to your employees can lead to lawsuits for your organization.
If you fear potential legal repercussions because of your corporate mobile offering, please email info@leanmobility.ca and someone will respond to you within 24 hours.
For more information visit www.leanmobility.ca
More and more employees are bringing their own devices and preferred applications into the enterprise, creating what we call the BYODA (BYOD plus Applications) phenomenon. Workers’ behavior and expectations are contributing to the consumerization of IT, where lines of business and users themselves are having an enormous influence on the types of technologies and applications used. While employees expect anytime, anywhere access to their content to get their work done, their CIOs are now expected to support BYOD within their corporate environment.
Ravi Namboori Equinix on BYOD Security RisksRavi namboori
Adopting BYOD can lead to many problems further down the road if you’re not aware of it. Ravi Namboori network architect discussed few risks and conclusion. Do follow him for more presentations on cloud computing, bigdata, IoT, Hadoop, Networks and SEO related topics.
The consumerization of IT is under way. Workers want tablet access to business applications, often from personal devices. Learn why VPNs are not ideal for mobile connectivity and why remote desktop is a more secure, less expensive approach to tablet access that is easier to deploy, manage and use.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
OC CIO BYOD
1. Copyright 2013 The Word & Brown Companies
BYOD
(and other acronyms of interest)
Orange County CIO Roundtable
September 12, 2013
Jeff Hecht, Chief Compliance & Security Officer
The Word & Brown Companies
2. Two competing desires are increasingly at odds with each other:
expanding mobility to leverage productivity gains—and controlling
mobility to combat significant risks….
Agenda
BYOD basic issues
How widespread is it?
What are the risks?
How are enterprises dealing with it?
What categories of tools are or soon will be available to manage
BYOD?
How can we develop an acceptable approach for BYOD that balances
access and security?
Copyright 2013 The Word & Brown Companies
3. BYOD Challenges and Opportunities
There is a growing demand from employees to use their own
electronic devices at work to access corporate assets.
Employees argue they are more productive on devices they’ve
chosen and mastered.
High level business executives often are part of this demand.
Younger employees in particular find the idea of a small list of corporate devices
unacceptable.
Some studies suggest employees are more likely to work more
hours and in more places when they can do it on their device of
choice.
Many of these devices may be unsupported by IT departments. The
versions change quickly as employees bring in the latest and
greatest devices and upgrade on their schedule not their
employer’s.
Copyright 2013 The Word & Brown Companies
4. BYOD Challenges and Opportunities
The expense of always providing the latest and greatest devices is
too much for most enterprises, so having the employee provide their
own device appears attractive financially.
The devices offer instant connectivity to the Internet and cloud
services that can easily evade traditional control measures an IT
department uses with corporate assets.
Concerns about data security, device control, data ownership,
patching, backups and other issues generally handled for corporate
devices are not fully resolved for most IT Departments on personally
owned devices. Keeping corporate data secure is largely at odds
with the idea of “my device” and ubiquitous access.
Employee don’t always trust their employer with their own
information, particularly geo-location data and may be reluctant to
follow some policies.
Copyright 2013 The Word & Brown Companies
5. Copyright 2013 The Word & Brown Companies
Major Security Concerns and
Controls
6. Copyright 2013 The Word & Brown Companies
Moving Ahead Regardless
SC Magazine
7. Copyright 2013 The Word & Brown Companies
Moving Ahead Regardless
SC Magazine
8. There’s plenty of hype
Many vendors have products positioned to “solve” the “BYOD
problem”.
It’s unclear how big the issues are and equally unclear how
effectively the current product sets address the issues.
Each organization needs to assess what their exposure is and how
best to control it. Factors such as regulations, the specific type of
data held and exactly what is exposed to mobile connections are
key.
Many of these issues have similar concerns regardless of whether
the device is owned by the organization or the employee, but they
are magnified with BYOD.
Copyright 2013 The Word & Brown Companies
15. The Goals
Enable employee choice and flexibility
Prohibit unauthorized access, control where corporate data goes
Manage threats and vulnerabilities
Ensure network availability and performance. Deliver predictable
user experience
Understand and control the true costs (and benefits)
Copyright 2013 The Word & Brown Companies
16. Copyright 2013 The Word & Brown Companies
Alphabet Soup
BYOD – Bring Your Own Device also sometimes called BYOT (Technology)
This is the blanket term for the trend and the industry that’s springing up around controlling the
access. Generally BYOD means an employee owns the device and the service contract for it’s
connectivity. Sometimes the employer may provide a stipend to offset some of the costs but
often the employee bears the whole cost.
MBYOD – Managed Bring Your Own Device
More of a marketing term than an actual category, there are various levels and ways the device
can be controlled in a corporate environment. (More on this in the balance of the presentation).
CYOD – Choose Your Own Device
The employee can choose a device from a list of either specific models or levels of operating
system. Depending on the program the employer may purchase and own the device
(sometimes referred to as COPE Company Owned Personally Enabled) or the employee buys
the device and service but must choose a device from the approved list to get connectivity to
corporate resources.
17. Copyright 2013 The Word & Brown Companies
Alphabet Soup
BYOA – Bring Your Own Application
BYOA intersects two of the most visible trends in technology today – mobility and cloud
computing – where employees use a public application for work. The app itself could be a
mobile app, a Web-based cloud app, or a combination both access methods. The app might
be free or paid-for and can be “brought” into the workplace on a mobile device or through a
company PC’s Web browser. Enterprises will invariably be faced with managing data in public
apps. A similar idea is BYOS or Bring Your Own Service
MDM – Mobile Device Management
The general category of tools to control access from mobile devices regardless of their
ownership. They have some method of device registration, monitoring and remote wipe in case
of loss or theft. Usually they can enforce password rules and require device encryption. More
advanced versions of these management suites include the ability to create separate,
encrypted data partitions to store and access corporate data. Some include basic data leakage
prevention systems (DLP). These tools are primarily device centric – that is you are registering
a physical device and the specific controls are applied to that device.
18. Copyright 2013 The Word & Brown Companies
Alphabet Soup
MAM – Mobile Application Management/MIM Mobile Information Management
Where MDM is device centric MAM/MIM are application and data centric. There are several
approaches to controlling what corporate applications and data can be accessed. These can
be white/black listed applications and what can or cannot be connected to remotely.
Containerization may be used to segregate and control data, although this sometimes impacts
the user experience. Perhaps the most promising is the use of virtualization to provide access
to data without actually allowing it to be transferred to mobile devices.
MDSM – Mobile Device Security Management
Similar to a security suite for PCs (but not yet so comprehensive) including malware scanning
and protection, enforcement of iPSec VPNs for connection to company resources, IPS, content
filtering and firewalls. These tools are in their infancy and many MDM vendors claim their
products provide device security, but most are very limited in what they can really do.
MDDCA – Mobile Device Detection/contextual awareness
MDDCA is an attempt to enforce context based policy management. This might be geographic
(you can’t access Facebook from within the company facility but can from home), method of
access related (your iPad will connect to full company resources on the company WiFi but only
to the email server from another connection point) or day of the week or time related. Some
tools can segregate down to the individual access point (ok on the IT floor, not ok in a public
area).
20. Things To Consider With A BYOD Program
Recognize these devices are going to be in your environment (no
doubt already are) so figure out your position.
Are you trying to prohibit them? Embrace them? Control them? Do you have money to spend on
tools to do this or do you have to rely on what you already have and policy enforcement. Engage
business management to understand and shape their positions. Identify the company data you
want to provide access to – email access may be quite a different risk than the corporate
accounting system.
Specify What Devices Are Permitted.
Decide exactly what you mean when you say "bring your own device." Should you really be
saying, bring your own iPhone but not your own Android phone or only your Android with an OS
4.0 or later?
Decide What Apps Will Be Allowed or Banned.
Can users download, install and use an application that presents security or legal risk on devices
that have access to sensitive corporate resources? Can you control it? The technology for
preventing downloads of questionable apps or copyright-infringing music and media on personal
phones is immature at best, but that doesn’t mean you shouldn’t have policy against it.
Copyright 2013 The Word & Brown Companies
21. Things To Consider With A BYOD Program
Identify which employees will be allowed to use their own devices.
Is this everyone? Mangers? Sales people? Only those you would have otherwise given corporate
equipment? Figure out who and why, you’ll be expected to defend the decisions.
Establish a clear security requirements for all Devices.
For example, If your users want to use their devices with your systems, then they'll have to accept
a complex password attached to their devices at all times just as they do on the company owned
equipment. They also may have to agree to a device wipe policy, timeout limit and device
encryption. You almost surely want to restrict jail broken or rooted devices.
Make It Clear Who Owns What Apps and Data
At a some point devices will be lost or stolen and data will have to be wiped. While some devices
support selective data wipes it is always possible that all content on the phone may be erased,
including personal pictures, music and applications that the individual, not the company, may
have paid for. It may be impossible to replace these items. Be sure you make it clear that you
assert the right to wipe these devices. Provide guidance on how employees can secure their own
content and back it up so they can restore personal information if phone device has to be wiped
or replaced. Can you control where they might back up the company data on the device?
Copyright 2013 The Word & Brown Companies
22. Figure out what level of support you can provide.
Will you provide support for broken devices?
Is your support basically a "wipe and reconfigure" operation?
How quickly and efficiently can you respond to lost device situations?
Are users on their own after initial set up?
Define ahead of time an Employee Exit Strategy.
What will happen when employees with devices on your BYOD platform leave the company? How
do you enforce the removal of access tokens, e-mail access, data and other proprietary
applications and information?
It's not as simple as having the employee return the corporate-issued phone. You may need to
perform a wipe of the BYOD-enabled device as a mandatory exit strategy and make it clear that
you reserve the right to issue a wipe command if the employee hasn't made alternate
arrangement with your IT department prior to exit time.
Copyright 2013 The Word & Brown Companies
Things To Consider With A BYOD Program
23. Write it all down and communicate it.
There was never a more important time to have a clear detailed written policy and be prepared to
revise and update it regularly as unforeseen situations change the landscape.
Have your users sign an acknowledgement that they’ve read and agreed to the conditions you
decide to impose.
Invest in training BYOD users on the policy and the specific security threats associated with
mobile access.
Integrate Your BYOD Plan With Your Acceptable Use Policy.
Allowing personal devices to connect to your VPN introduces some doubt about what activities
may and may not be permitted.
If you set up a VPN tunnel on a personally owned device and then post to Facebook, is this a
violation?
What if your employees browse objectionable websites while on their device's VPN?
What if they transmit inappropriate material over your network, even though they're using a
device they own personally? Are there sanctions for such activity?
What monitoring strategies and tools are available to enforce such policies?
What rights do you have to set up rules in this arena?
Copyright 2013 The Word & Brown Companies
Things To Consider With A BYOD Program