1 / 19

BYOx

BYOx. John Spaid, CISA, CISSP. What is BYOx ?. Any device Anywhere Anytime Any application Any data. Current Trends. By 2015, the number of employees using mobile applications in the workplace will double.

ryann
Download Presentation

BYOx

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BYOx John Spaid, CISA, CISSP

  2. What is BYOx? • Any device • Anywhere • Anytime • Any application • Any data

  3. Current Trends • By 2015, the number of employees using mobile applications in the workplace will double. • By 2017, half of employers will require employees to supply their own device for work purposes. • By 2016, the average amount a qualified employee currently receives for the business use of a personal smartphone will be reduced by 30%. • By 2016, most employees using a personal device in business will receive no direct subsidy for its use. • By 2016, the typical organization will spend over $300 per year per employee on mobile applications, security, management and support. David A. Willis, 11 April 2013, “Bring Your Own Device: The Facts and Future”, gartner.com

  4. Current Trends • 54% of organizations offer a tablet BYOD program • Smartphone programs are available in 34% • 14% offer PC programs • “Bring anything!”, 0.5% • 37% of US workers are using technology before formal policies & procedures are in place for it If you don’t do anything, your employees will do anything Benjamin Gray and Christian Kane, “Fifteen Mobile Policy Best Practices,” Forrester Research, January 2011

  5. Primary Risks • Cost • Organizations save by contracting with one service provider (e.g. Verizon) • Savings disappear when cost is transferred to employees and split among any number of vendors • Implementation of an MDM solution can be expensive • Data • The extremely heterogeneous mobile OS & app environment means that organizations need to control their data on employee devices • Cloud • Cloud is built-in to Android and iOS • Organizations need to offer alternatives to public cloud services that meet employees’ demands • Collaboration • Users can collaborate on numerous social platforms, instantly and with little effort • Organizations need to control their employees’ collaboration while being flexible enough to allow social media on employee-owned devices2

  6. Controlling Costs • Define your strategy and policy • Communicate it • Pay for the service & device • Pay for service • Pay for device • Pay percentage • Pay fixed amount (average is $45/month)

  7. Controlling Data • Virtualization • Closed file systems • Limited co-mingling

  8. Controlling DataVirtualization • No data on device • Accessible anywhere via VPN or other remote access tool • Familiar environment • Ideal for remote workers • Remote access is a comparable option if employees use dedicated workstations

  9. Controlling DataClosed File Systems/Containerization • Applications can only access their own data • Sharing data with other applications is initiated within the app • App wrapping and other solutions allow restricted sharing with secure/approved apps

  10. Controlling DataLimited Co-mingling of Data • Externally-facing application • Most common with email • Customer applications • Customer-service apps • Internal-only apps

  11. Controlling Cloud • Provide alternatives • Encrypt on-site • Encrypt with another cloud service

  12. Controlling Collaboration • Offer enterprise-ready alternatives • Set policy and clearly communicate expectations • Filter web traffic • Restrict functions

  13. Risk-based Approach

  14. Identify Requirements • Identify & Prioritize Applications • Align to business demands • Assign risk category • Create policy • Choose approach…

  15. Identify & Prioritize Applications • Target applications that: • Everyone accesses • Provide greatest value • Are easy to expose and control • Use web interfaces • Already have a mobile app • Avoid applications that: • Small groups use exclusively • Have extremely high-risk data • Are legacy • Have custom GUIs • Require custom apps • Have no app support or API Align to business demands

  16. Options Virtualization Container Limited Co-mingling No data on device Connectivity required Difficult to implement Most secure Data on device Offline use Requires in-house apps Controls improving the fastest Data on device Offline use Suitable for non-sensitive data Easiest to implement Definitely consider a data loss prevention integration

  17. Hybridized Approach

  18. Examples of Fine-Grained Controls • Passcode/word • Required? • Type • Complexity • Length • Rotation • Auto-lock • Failed access attempts • Encrypted backups • Block after no check-in • Camera, Bluetooth, WiFi • Roaming options • App activity logging • Location logging

  19. Thank You John Spaid www.johnspaid.com

More Related