This document discusses securing corporate data on employee personal devices without traditional mobile device management (MDM). It summarizes that MDM solutions can impede user privacy and experience, while agentless data-centric solutions can securely enable mobility and privacy by focusing on protecting corporate data on any device through data loss prevention and selective access controls rather than managing the device itself. The document provides examples of companies that have successfully implemented agentless BYOD security solutions from Bitglass to meet their needs.
3. cloud and mobile are inseparable...
SaaS
driving corporate data outside the firewall.
3
CONFIDENTIAL - ISG
4. STORYBOAR4
Data protection in the cloud
● Spectrum of data by value to enterprise
● Control flow of data to cloud: allow/encrypt/block
● Continued protection in cloud: unshare/quarantine/encrypt
Data protection on devices
● Spectrum of devices from trusted to untrusted
● Control access by user, device, location…
● Continued protection on device: DRM/encrypt/selective wipe
enterprises
need
data
protection
5. STORYBOAR5
mobility
● ubiquitous access to enterprise data
● any device
● anywhere
privacy
● no enterprise access to personal data
● agent legality?**
users need
mobility and
privacy
**Federal Appeals Court of Sixth Circuit: installation of agents on BYOD that monitor the private communication of users may
violate US federal laws restricting wire tapping http://www.bitglass.com/blog/federal-court-rules-casb-agents-mdm-agents-
other-spyware-is-wiretapping
7. STORYBOAR
3
top MDM vendors
do not use their
own product
Bitglass BYOD Security Survey 2015
MDM is
obsolete
~2B
devices, but only
~25m
MDM sold
38%
of IT professionals
don’t participate
in their own BYOD
programs
9. STORYBOAR
■ Impedes user privacy
■ Complex solution
deployment and
management
■ Lack of data visibility or
protection
manage
the
device
the evolution of mobile security
data-centric protection is the future
mdm
10. STORYBOAR
■ Impedes user privacy
■ Complex solution
deployment and
management
■ Lack of data visibility or
protection
■ User privacy issues
■ Prevents use of native
apps (mail/calendar)
■ 3rd party / cloud apps
non-functional
■ Challenging
manage
the
device
wrap the
app
the evolution of mobile security
data-centric protection is the future
mdm mam
11. STORYBOAR
■ Impedes user privacy
■ Complex solution
deployment and
management
■ Lack of data visibility or
protection
■ User privacy issues
■ Prevents use of native
apps (mail/calendar)
■ 3rd party / cloud apps
non-functional
■ Challenging
manage
the
device
wrap the
app
secure
the data
the evolution of mobile security:
data-centric protection is the future
■ Protection of user
privacy and
experience
■ Any device, any app
■ Full data control and
visibility for IT
mdm mam bitglass
13. STORYBOAR
agentless BYOD security
■ Secure mobile devices without invasive
agents, profiles or certificates
■ Protect data in “unwrappable” apps like
mail, contacts, calendar and cloud apps
■ Selectively wipe corporate data
■ Enforce device security policies
■ Full data control and visibility for IT
■ Control data access with context and
content aware DLP
14. STORYBOAR
data leakage prevention
a complete set of data controls
■ Apply granular DLP to sensitive data with
spectrum of actions from watermarking to outright
blocking
■ Context-aware engine can distinguish between
users, managed and unmanaged devices, and
more
■ Easily modify sharing permissions and quarantine
files for review
15. “By 2018, more than half of all bring your
own device (BYOD) users that currently
have an MDM agent will be managed by an
agentless solution”
Rob Smith, John Girard, and Dionisio Zumerle, “How to Live With Unmanaged Devices,” August 2015.
16. STORYBOAR
client:
■ 8000 employees
■ s&p 500
challenge:
■ Lack of adherence to BYOD security
measures
■ Failed MobileIron and SAP Afaria
deployments
solution:
■ Bitglass Agentless – device / OS
independent
■ Fast deployment
■ Logging for compliance with internal data
security policies
■ Seamless integration with
ActiveDirectory
fortune
500
beverage
co.
byod
security
17. STORYBOAR
HIPAA
compliant
mobility
challenge:
■ Existing solution, AT&T Toggle, was obsolete
■ HIPAA-compliant BYOD
■ Migration path to Office 365
solution:
■ Agentless deployment
■ Usability, transparency & privacy
■ DLP of PII, PCI & PHI
■ Selective wipe; device PIN & encryption
■ Improved mobility for care providers
major
US hospital
system
19. resources:
more info about byod
■ Report: BYOD Trends in Forward-Looking Industries
■ Case Study: Global Arms Giant Secures BYOD
■ Whitepaper: The Art of Compliance & BYOD Security
How well has BYOD adoption gone in your organization?
Much better than expected
Slightly better than expected
As expected
Lower than expected
We don’t allow BYOD
How well has BYOD adoption gone in your organization?
Much better than expected
Slightly better than expected
As expected
Lower than expected
We don’t allow BYOD