Downloaded 431 times
More Related Content
![Business Case Of Bring Your Own Device[ BYOD]](https://cdn.slidesharecdn.com/ss_thumbnails/byodbusinesscase-150506072008-conversion-gate02-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
Similar to Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
- 2. INTRODUCTION • Bring Your OwnDevice (BYOD) has become one of the most influential trends that has or will touch each and every IT organization. • The term has come to define a megatrend occurring in IT that requires sweeping changes to the way devices are used in the workplace. 2
- 3. WHAT IS BYOD? • Bringyour own device (BYOD) (also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC)) refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications. Source: Wikipedia 3
- 4. THE CONFLICT Corporate space Consumerspace Devices with functionality limited to phone calls and email Mobile phones Smart phones offering tens of thousands of useful apps, typically iPhone Restricted storage for official files and email What to Store Providers such as Google and Yahoo offering virtually unlimited storage to store whatever you want Long replacement cycles – up to four years for hardware and eight years for software Update Cycles Very rapid updated hardware – immediate download of new apps and services Highly standardized, inflexible and often restricted environment Style and Customization High variety of consumer devices, systems, applications and “skins” 4
- 5.
- 6. BUSINESS DRIVERS Consumer Devices Multiple Needs andMultiple Devices Work and Personal Overlap Anywhere, Anytime Mobility Video, Collaboration, and Rich Media Applications 6
- 7. BENEFITS OF BYOD Improved employee convenience and satisfaction Higheragility in business operation Attraction and retention tool for talented workers Increased employee productivity Greater workforce mobility 7
- 8. CHALLENGES FOR ITORGANIZATION Unclear cost benefits Providing Device Choice and Support Maintaining Secure Access to the Corporate Network On-Boarding of New Devices Enforcing Company Acceptable Usage Policies Visibility of Devices on the Network Protecting Data and Loss Prevention Revoking Access Potential for New Attack Vectors Ensuring Wireless LAN Performance and Reliability Managing the Increase in Connected Devices 8
- 9. CHALLENGES FOR ENDUSER Keeping it Simple Mixing Personal Device With Work Getting the Productivity and Experience Needed 9
- 10. PRIVACY CHALLENGES • Personal natureof device and expectation of privacy • • • Mobile nature of the devices • • Remote working and travel (checking to see if employee is where they are supposed to be) Where monitoring may occur on a personal device: • • • • • Is prohibited web surfing on a company device allowed on the personal device? Personal data: pictures, videos, personal emails, bank statements, tax returns, social security numbers, chat histories, user names/passwords, medical information While connected to the network Data in transmission between personal device and network Monitoring of “sandboxed” or company area of mobile device. Monitoring of entire device (e.g. key stroke logger; recording browser history, etc.) Location 10
- 11. PRIVACY CHALLENGES –INVESTIGATIONS • Investigations (internal, criminal, audits) • Security breach response – forensic investigations • Litigation holds • eDiscovery (searching for, preserving and collecting data) • Information requests/demands/subpoenas/regulatory investigations 11
- 12. INCIDENT RESPONSE CHALLENGES • Obtainingaccess to the device and data thereon • • • Physical possession Unlocked/login credentials Unencrypted • Remote wiping • Timing issues • • • Damage to the device • • • • • Incident detection Litigation holds/tampering of evidence Installation of software may be required Data loss Software corruption Loss of use Privacy issues • • Cooperation issue Ability to tie to business need and limit scope 12
- 13. Governance & RiskAnalysis 13
- 14.
- 15. BYOD GOVERNANCE • Creation oforganization-specific BYOD policies developed in conjunction with Legal, HR, IT, Procurement, Sales, and others • Transparent guidelines on who is eligible or not for the program • New employee agreements for support, risk, and responsibility. • Adjustments to service levels and service desk training. • Funding and reimbursement strategies. • Employee education and IT publishing specifications on acceptable devices. • Customization by country and possible tax implications for both employee and employer 15
- 16. BYOD GOVERNANCE • Individual responsibilityneeds are heightened under BYOD programs • Corporate management needs to be transparent in requiring greater management control over an individual’s devices in order to allow BYOD programs to work • Internal audit team’s knowledge of the organization’s mobile strategy needs to evolve just as quickly as the mobile landscape • Governance must include an interdisciplinary Steering Committee to identify, discuss, and evaluate risks from an interdisciplinary perspective 16
- 17. RISK ANALYSIS • Performing arisk analysis prior to implementing a BYOD program is crucial • Interdisciplinary teams should be involved in the risk analysis • Risk assessment should incorporate the likelihood as well as the impact of the risks • Risk analysis should address identification of the associated BYOD information risks to the organization: • • • • Handling of personally identifiable information (PII) Handling of high value organizational information Handling of other data impacted by regulatory compliance (healthcare data, credit card data) Risk assessment mitigation plans must be owned by the business and IT stakeholders and properly implemented 17
- 18.
- 19. MOBILE DEVICE MANAGEMENT • MobileDevice Management (MDM) software secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises • MDM functionality typically includes over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones, smartphones, tablet computers, ruggedized mobile computers, mobile printers, mobile POS devices, etc. • By controlling and protecting the data and configuration settings for all mobile devices in the network, MDM can reduce support costs and business risks • The intent of MDM is to optimize the functionality and security of a mobile communications network while minimizing cost and downtime 19
- 20. MOBILE DEVICE MANAGEMENT • MobileDevice Management software (MDM) can consist of four main components: • • • • Software management - Manage and support mobile applications, content and operating systems (configuration, updates, patches/fixes) Network service management - Gain information off of the device that captures location, usage, and cellular and WLAN network info (provisioning, usage, service, reporting) Hardware management - Provisioning and support (asset/inventory, activation) beyond basic asset management. Security management - Enforcement of standard device security, authentication and encryption (remote wipe, policy enforcement). 20
- 21.
- 22.
- 23.
- 24.
- 25.
- 26. ACTION POINTS TOOVERCOME SECURITY CONCERNS 26
- 27.
- 28.