5 Considerations for a Successful BYOD Strategy
-
Upload
sophos -
Category
Technology
-
view
488 -
download
0
description
Transcript of 5 Considerations for a Successful BYOD Strategy
5 Considerations for aSuccessful BYOD Strategy
Barbara Hudson, Global Product Marketing Manager, Mobile Data Protection
Poll Question PlaceholderAre employees in your organization allowed to use personal devices for work?
•No and no plans•No but planning to allow•Yes, for email only•Yes, for email and other systems•Don’t know/other
What we’ll talk about• What is BYOD?• Mobile Revolution, the Post PC era?• BYOD: What to consider
1. Users
2. Devices
3. Apps
4. Infrastructure
5. Security
• Choosing a BYOD solution• Q&A
What is BYOD?
Consumerization of IT?
Personal smartphones, tablets, etc. being used at work
When employees pay for their own devices and plans
Bring Your Own Technology
Define what BYOD means – for you
There are probably no two organizations where
it means exactlythe same
The mobile revolution
The big shift
Source: Kleiner, Perkins, Caufield, Byers, Dec 2012
20001.3 million
devices
20121.2 billion devices
BUTPCs are evolving
- New interfaces
- New form factors
The Post-PC era? Not yet.
7
Data source: ZDNetPhoto source: Fujitsu
66%
29%
5%
The multi-device user
1.96 mobile devices used for
work in 2012iPass Mobile Workforce Report,
2012(Tablets, smartphones and mobile phones)
All work and no playSmartphones and tablets add
2 hours to the working day
Source: Pixmania Study, telegraph.co.uk 31.10.12, Photo: Getty Images
BYOD: 5 Considerations
BYOD: The new IT challengeNew challenges for IT departments
IT needs tools to control devices
Mixed ownership
Many different apps
Network access
User is the admin
Compliance & security
Device Diversity
Enterprise vs. Personal Apps
IT productivity
1. Users
Users have different needs
I am IT!My
smartphone is my lifeline
I need mobile access to my
sales data
iPads are great for
presenting
Know your users
100% 100% 20% 100%
50% 70% 10% 50%
30% 80% 10% 100%
5% 10% 15% 0%
100% 100% 100% 100%
2.5 2.7 1.3 2.5
SalesIT Office staff Remote workers
Smartphone
Tablet
Work remote
Manager
PC/Notebook
Devices/user
2. Devices
User devices
User-owned devices
- What happens in case of loss or theft?
- Can you wipe the device?
- What can you enforce?
- Can you block applications?
- How can you ensure data security?
Narrowing down
Look at experience in IT
Compare OS functionality
Decide which platforms
Define minimum OS version
Device model restrictions?
Device type restrictions?
The Acceptable Use PolicyScope
• Which devices does it cover?• Corporate and personal devices
Technical Requirements• Minimum OS• Encryption• Password• Anti-malware protection
User Requirements• What happens when…• Back up of personal data
3. Apps
• Potential risk from apps• Third-party app stores• Which workflows put sensitive data
on personal devices?• What regulations apply to your
region/industry?• How can apps benefit the mobile
user? • Promote collaboration with
supported tools
All about apps
• Distribute in-house apps
• Link to app store or upload
• Blacklist/Whitelist apps
• Deploy apps to devices
• Manage volume purchases
• iOS Managed Apps
• View installed apps
Mobile Application Management
Enterprise App Store
Secure collaboration, e.g. cloud
22
64% of people think cloud storage is risky but 45% still go right ahead and use it.
Sophos InfoSec Survey, 2012
Notebook
Cloud Storage
Mobile Device
The solution: End-to-end encryption
4. Infrastructure
Resources for BYODPersonnel• IT staff or dedicated resources• Decentralized management• Experience available
On premise solution, SaaS or Managed Service
Network infrastructure• WiFi set up• Connecting remote workers• Mobile access to internal systems
Stay productive
Application Control
Next Generation Firewall • Real-time reports• Completely block or
allow applications• Allocate bandwidth and
prioritize by shaping traffic to requirements
• Monitoring and reporting history
Priority for business
25
Hotspot guest accessProvide controlled and limited access• Managed, temporary
Internet access for guests and others
• Ticket management Password of the day Volume-based Time-based
26
5. Security
Widespread lack of awareness
89% = unaware
65% = unbothered
67% = unsecured
29
Explosion of Android malware
2010 2011 20120
10000
20000
30000
40000
50000
60000
70000
80000
No. of Android malware samples discovered each year
Security threats BYOD• An unsecured device means unsecured data
You can insure your devices – but what is your data worth?
• MDM helps enforce controls such as password, lock, etc. If you’re not sure, you’re not secure
• Protect Android devices with anti-malware protection Users can remove protection, so needs to be enforced
• Malicious websites can also target mobile users Apply web protection to keep web threats at bay
Keep malware at bay
Free Managed
5 Considerations for BYOD
1. Users
2. Devices
3. Apps
4. Infrastructure
5. Security
Choosing an MDM solution
Choose a flexible solution
Ensure it can grow with you
Look at security options
Look at licensing
Don’t bite off more than you can chew
Checklist for your BYOD solution
MDM Buyers Guide(registration required)
And what about costs?
1 user
2 devices
2 licenses
1 user 2 devices 1 license
Better option
@ 50$ / license = 100$
Additional resources
Mobile Security Toolkit
Smartphones and Tablets for Dummies
MDM Buyers Guide
Free Android Security App
Free Trial - Endpoint, mobile, data and web security licensed by the user—not the device
Complete Security
Email Data Endpoint Mobile Web Network
Clean up
Automation
Visibility Local self-help
WiFi security
Keep people working
Technical support
Access control
Intrusion prevention
Anti-malware User education
Data Control
Stop attacks and breaches
Firewall
Email encryption
Virtualization
Endpoint Web Protection
Mobile Control
Secure branch offices
Encryption for cloud
Live Protection
Mobile app security
Protect everywhere
Web ApplicationFirewall
URL Filtering
Anti-spam Patch Manager
ApplicationControl
Encryption
Device Control
Reduce attack surface
38
US and Canada 1-866-866-2802
UK and Worldwide + 44 1235 55 9933
nakedsecurity.sophos.com
Staying ahead of the curveStaying ahead of the curve
facebook.com/securitybysophos
twitter.com/Sophos_News
Sophos on Google+
linkedin.com/company/sophos