190 likes | 297 Views
BYOx. John Spaid, CISA, CISSP. What is BYOx ?. Any device Anywhere Anytime Any application Any data. Current Trends. By 2015, the number of employees using mobile applications in the workplace will double.
E N D
BYOx John Spaid, CISA, CISSP
What is BYOx? • Any device • Anywhere • Anytime • Any application • Any data
Current Trends • By 2015, the number of employees using mobile applications in the workplace will double. • By 2017, half of employers will require employees to supply their own device for work purposes. • By 2016, the average amount a qualified employee currently receives for the business use of a personal smartphone will be reduced by 30%. • By 2016, most employees using a personal device in business will receive no direct subsidy for its use. • By 2016, the typical organization will spend over $300 per year per employee on mobile applications, security, management and support. David A. Willis, 11 April 2013, “Bring Your Own Device: The Facts and Future”, gartner.com
Current Trends • 54% of organizations offer a tablet BYOD program • Smartphone programs are available in 34% • 14% offer PC programs • “Bring anything!”, 0.5% • 37% of US workers are using technology before formal policies & procedures are in place for it If you don’t do anything, your employees will do anything Benjamin Gray and Christian Kane, “Fifteen Mobile Policy Best Practices,” Forrester Research, January 2011
Primary Risks • Cost • Organizations save by contracting with one service provider (e.g. Verizon) • Savings disappear when cost is transferred to employees and split among any number of vendors • Implementation of an MDM solution can be expensive • Data • The extremely heterogeneous mobile OS & app environment means that organizations need to control their data on employee devices • Cloud • Cloud is built-in to Android and iOS • Organizations need to offer alternatives to public cloud services that meet employees’ demands • Collaboration • Users can collaborate on numerous social platforms, instantly and with little effort • Organizations need to control their employees’ collaboration while being flexible enough to allow social media on employee-owned devices2
Controlling Costs • Define your strategy and policy • Communicate it • Pay for the service & device • Pay for service • Pay for device • Pay percentage • Pay fixed amount (average is $45/month)
Controlling Data • Virtualization • Closed file systems • Limited co-mingling
Controlling DataVirtualization • No data on device • Accessible anywhere via VPN or other remote access tool • Familiar environment • Ideal for remote workers • Remote access is a comparable option if employees use dedicated workstations
Controlling DataClosed File Systems/Containerization • Applications can only access their own data • Sharing data with other applications is initiated within the app • App wrapping and other solutions allow restricted sharing with secure/approved apps
Controlling DataLimited Co-mingling of Data • Externally-facing application • Most common with email • Customer applications • Customer-service apps • Internal-only apps
Controlling Cloud • Provide alternatives • Encrypt on-site • Encrypt with another cloud service
Controlling Collaboration • Offer enterprise-ready alternatives • Set policy and clearly communicate expectations • Filter web traffic • Restrict functions
Identify Requirements • Identify & Prioritize Applications • Align to business demands • Assign risk category • Create policy • Choose approach…
Identify & Prioritize Applications • Target applications that: • Everyone accesses • Provide greatest value • Are easy to expose and control • Use web interfaces • Already have a mobile app • Avoid applications that: • Small groups use exclusively • Have extremely high-risk data • Are legacy • Have custom GUIs • Require custom apps • Have no app support or API Align to business demands
Options Virtualization Container Limited Co-mingling No data on device Connectivity required Difficult to implement Most secure Data on device Offline use Requires in-house apps Controls improving the fastest Data on device Offline use Suitable for non-sensitive data Easiest to implement Definitely consider a data loss prevention integration
Examples of Fine-Grained Controls • Passcode/word • Required? • Type • Complexity • Length • Rotation • Auto-lock • Failed access attempts • Encrypted backups • Block after no check-in • Camera, Bluetooth, WiFi • Roaming options • App activity logging • Location logging
Thank You John Spaid www.johnspaid.com