Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain

Download as PPTX, PDF
North Texas Chapter of the ISSA
North Texas Chapter of the ISSA

This document discusses bring your own device (BYOD) policies in enterprises. It notes that the mobile device market is thriving, with growing usage of personal devices for work purposes by physicians and other professionals. It outlines considerations for allowing employee-owned devices onto corporate networks, including how to provide secure access while protecting data and delivering mobile apps. The document discusses developing a holistic enterprise mobility strategy and solution that provides security, manageability, scalability and support for multiple mobile operating systems. It also raises questions that organizations should address around compliance, risk tolerance and device support when developing a BYOD policy.

Related slideshows

NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougalNTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
 
1 of 22
Bring Your Own Device: The Great Debate Brandon Swain
Client computing is evolving - giving IT and end users the power to do more 2 Users Devices Mainframe computing era Personal computing era Mobile era Less than 2000 systems sold in 1960 Over 900,000 systems sold in 1980 1 billion processors connected by 2015 Users n 1 1 1 Users 1 n DevicesDevices
The mobile device market is thriving 3 $100 million $1.7 billionMarket for mobile devices in healthcare 2011 2014 $4.7 billion U.S. hospital spending on IT $6.8 billion 2 out of 5 physicians go online during patient consultations; mostly on handheld devices 63% of physicians are using personal devices for mobile health solutions not connected to their practice 86% of physicians are interested in accessing Electronic Medical Records from mobile devices 2% Mobile device usage compared to overall IT 25% Source: TechTarget news
Enterprise Mobility Adoption Curve Mobile Workflow Mobile Intranet Corporate File& Directory Search Sales & CRM Enablement Field Service Enablement Mobile Business Intelligence Enablement UnifiedCommunications Mobile KPI Dashboards B2CApps Personal Information Management Email Internet InstantMessenger ProductivityApplications • Many organizations follow a similar mobility adoption curve. • The right strategy and roadmap must be established to help you on your journey, and design and implement the right solution to support your business needs. • Empower the workforce in a flexible and secure way maximizing ROI. • Reach out to your customers, enable them to interact with you in convenient ways, expand business value and maximise customer satisfaction 4
Handling the Smartphone & Tablet explosion presents new enterprise management challenges 5 Corporate Owned BlackBerry Devices Secure Proliferationof Smartphone/TabletPlatformsin theEnterprise o How doI providesecure access and protect corporatedata? o How doI deliverLOB mobileapps toimprove productivity? o How doI ensure my mobileapps workonsuch a wide variety of devices? o How doI keep costsfrom getting out ofcontrol? o How doI let myemployees select the mobiledevices they want while deliveringthe security and management IT requires? Enterprise Systems / Data
Why allow employee-owned devices into your environment • They are fun, and your executives and employees want them • Improved employee morale and productivity • Improved compliance and security by recognizing that employees will use device of choice and planning for these devices in corporate environment. • Ability to create customized mobile applications to solve business problems • Reduce device and plan costs • Reduced employee costs for devices and plans based on corporate agreements with carriers 6
Considerations for employee-owned devices in your environment • Control over devices to implement governance and policy requirements • Timely deletion of data in the event of loss or theft of device • Ability to restrict content on the devices, including third party applications • Control over the device platforms, operating systems, and other factors to manage vulnerabilities associated with each consumer device platform • Better support from carriers than maybe available for individual employees utilizing their own, consumer-grade device • Additional security controls may be required to meet security, compliance, and regulatory requirements. 7
Special Concerns for Some Industries • Consumer mobile devices present special challenges: – New operating environment is like the wild west – Unhardened Operating Systems are vulnerable to exploitation, with few protections compared to hardened or purpose-built devices – Devices may represent unmanaged entrance/exit points to secured, segregated ICS networks – Clear definition of allowable devices and activities is required – Security flaws in devices may not be resolved in a timely manner, if ever 8
9 Confidential Establishing an Enterprise Mobility Strategy Enterprise Mobility Strategy Infrastructure Management Applications Security & Compliance
Strong governance required 10
What is your risk level / appetite? 11 Government Intelligence DOD – TS/TS SCI Federal Civilian and Global 500 Financial, Engineering, Pharmaceutical PCI Data on the phone PHI data is on the phone PII data is on the phone Email is on the phone Data on the phone Recover phone
Mobility security affects/is affected by… 12 End Users Security Governance Business Strategy Architecture Applications Infrastructure Risk Posture Service Desk Data Classification WiFi VPN Policies Compliance DLP NAC Encryption
A mobility strategy leads to a solution that is secure, manageable, scalable, and open to all mobile OSs 13 Key Features: •Provide Security – SecureDeliveryof EnterpriseData – DataIsolationonDevice – Encryption – PolicyCompliance •Manage Complexity – MobileDevice Management – Multi-OSSupport – Multi-ApplicationSupport •ImproveProductivity – LOB MobileApplications – CustomMobileApplications – WirelessEmail& PIM •Manage Costs – MobileExpenseManagement – Carrierplanmanagement – Alerting – UsageTracking Customer Secure End User Secure
MDM – Making the Smartphone Enterprise Ready  Multi-Platform Support – ActiveSync, BES, Good  Security & policymanagement – Enforcement &notification  Dynamic cost management – Roaming &plan management  Application management – Enterprise application store  Device monitoring – Health &usage  Analysis and reporting – Predictive & cost avoidance Deliveringmulti-platformsecurity,visibility, controlandcostsavings “Managing how users Interactwith devices” “Managing devices, data and applications” “Managing costs of devices” “MDM should be an agnostic OS, device and carrier independent solution”
Device Management Policy Management Application Management E-Mail Deployment Functions • Userprovisioning • Migrations • Device re-provision Benefits • Reduce helpdesk calls • Reduce supportcalls • Increaseuptime • Centralizetracking ROI • Lower TCO Functions • Hardwaremgmt • Softwaremgmt • Real-time updates Benefits • Increasedvisibility • Efficientdiagnostics • Upgradeplanning& deployment • Centralizetracking • History reporting ROI • Cross platform status reporting Functions • Securitymgmt • Usagegovernance • Compliance Benefits • Reduce security risks • Increasedcompliance • Manageuserbehaviors ROI • Decreaseadminandhelp desk costs Functions • Control footprint • App. deployment • Update/upgrademgt Benefits • OTA installs • Close-loop deployments • Simple, consistent app management • ImprovedBESmgmt ROI • Decreasein admin/helpdesk support time Performance Monitoring Functions • Servermonitoring • Device monitoring • Load balancing Benefits • Quicker resolution to problems • Reduce downtimeandcosts • Analysis andtrending ROI • Decreasehelp desk costs • Enableproactivemonitoring MDM Capabilities 15
Types of Mobile Applications 16 Native Web Hybrid
Value of a Mobile Enterprise Application Platform 17
Strategies for BYOPC 18 • Establish catalog of supported operating systems: – Windows 7 & 8 – Mac OS X? – Linux Variants? • Catalog of supported AV solutions • Use Inspect to Connect technology to interrogate employee-owned PC to verify compliance • Utilize virtualized applications or virtual desktops to secure enterprise apps and data on untrusted devices. • Virtual desktop clients can be configured to control writing to local or removable media, printing, cut & paste, etc.
Questions to ask when considering BYOD 19 • Are there any specific concerns that would preclude the use of employee-owned devices? – Information may be subject to FOIA requests or other regulatory or compliance requirements. • Is there a catalog of devices that would be allowed to access enterprise applications? – With each new platform supported in the environment, complexity is added. Costs may increase as additional versions of enterprise apps are developed and maintained.
Questions to ask when considering BYOD 20 • Is the organization willing to accept a short-term increase in risk to allow newer platforms access to data while the device’s management and security tools mature? – For corporate-owned devices, it may be an easy decision to delay upgrades; however, for personally- owned devices, employees may be unwilling to forego the latest devices or updates. • Have we considered all of the risks? – Inappropriate content on personally-owned devices. ECPA considerations? Compensation considerations, especially for CA-based employees?
Questions / Comments Confidential21
Thank You. Michael_Swain@dell.com Confidential22

More Related Content

NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain

  • 1. Bring Your Own Device: The Great Debate Brandon Swain
  • 2. Client computing is evolving - giving IT and end users the power to do more 2 Users Devices Mainframe computing era Personal computing era Mobile era Less than 2000 systems sold in 1960 Over 900,000 systems sold in 1980 1 billion processors connected by 2015 Users n 1 1 1 Users 1 n DevicesDevices
  • 3. The mobile device market is thriving 3 $100 million $1.7 billionMarket for mobile devices in healthcare 2011 2014 $4.7 billion U.S. hospital spending on IT $6.8 billion 2 out of 5 physicians go online during patient consultations; mostly on handheld devices 63% of physicians are using personal devices for mobile health solutions not connected to their practice 86% of physicians are interested in accessing Electronic Medical Records from mobile devices 2% Mobile device usage compared to overall IT 25% Source: TechTarget news
  • 4. Enterprise Mobility Adoption Curve Mobile Workflow Mobile Intranet Corporate File& Directory Search Sales & CRM Enablement Field Service Enablement Mobile Business Intelligence Enablement UnifiedCommunications Mobile KPI Dashboards B2CApps Personal Information Management Email Internet InstantMessenger ProductivityApplications • Many organizations follow a similar mobility adoption curve. • The right strategy and roadmap must be established to help you on your journey, and design and implement the right solution to support your business needs. • Empower the workforce in a flexible and secure way maximizing ROI. • Reach out to your customers, enable them to interact with you in convenient ways, expand business value and maximise customer satisfaction 4
  • 5. Handling the Smartphone & Tablet explosion presents new enterprise management challenges 5 Corporate Owned BlackBerry Devices Secure Proliferationof Smartphone/TabletPlatformsin theEnterprise o How doI providesecure access and protect corporatedata? o How doI deliverLOB mobileapps toimprove productivity? o How doI ensure my mobileapps workonsuch a wide variety of devices? o How doI keep costsfrom getting out ofcontrol? o How doI let myemployees select the mobiledevices they want while deliveringthe security and management IT requires? Enterprise Systems / Data
  • 6. Why allow employee-owned devices into your environment • They are fun, and your executives and employees want them • Improved employee morale and productivity • Improved compliance and security by recognizing that employees will use device of choice and planning for these devices in corporate environment. • Ability to create customized mobile applications to solve business problems • Reduce device and plan costs • Reduced employee costs for devices and plans based on corporate agreements with carriers 6
  • 7. Considerations for employee-owned devices in your environment • Control over devices to implement governance and policy requirements • Timely deletion of data in the event of loss or theft of device • Ability to restrict content on the devices, including third party applications • Control over the device platforms, operating systems, and other factors to manage vulnerabilities associated with each consumer device platform • Better support from carriers than maybe available for individual employees utilizing their own, consumer-grade device • Additional security controls may be required to meet security, compliance, and regulatory requirements. 7
  • 8. Special Concerns for Some Industries • Consumer mobile devices present special challenges: – New operating environment is like the wild west – Unhardened Operating Systems are vulnerable to exploitation, with few protections compared to hardened or purpose-built devices – Devices may represent unmanaged entrance/exit points to secured, segregated ICS networks – Clear definition of allowable devices and activities is required – Security flaws in devices may not be resolved in a timely manner, if ever 8
  • 9. 9 Confidential Establishing an Enterprise Mobility Strategy Enterprise Mobility Strategy Infrastructure Management Applications Security & Compliance
  • 11. What is your risk level / appetite? 11 Government Intelligence DOD – TS/TS SCI Federal Civilian and Global 500 Financial, Engineering, Pharmaceutical PCI Data on the phone PHI data is on the phone PII data is on the phone Email is on the phone Data on the phone Recover phone
  • 12. Mobility security affects/is affected by… 12 End Users Security Governance Business Strategy Architecture Applications Infrastructure Risk Posture Service Desk Data Classification WiFi VPN Policies Compliance DLP NAC Encryption
  • 13. A mobility strategy leads to a solution that is secure, manageable, scalable, and open to all mobile OSs 13 Key Features: •Provide Security – SecureDeliveryof EnterpriseData – DataIsolationonDevice – Encryption – PolicyCompliance •Manage Complexity – MobileDevice Management – Multi-OSSupport – Multi-ApplicationSupport •ImproveProductivity – LOB MobileApplications – CustomMobileApplications – WirelessEmail& PIM •Manage Costs – MobileExpenseManagement – Carrierplanmanagement – Alerting – UsageTracking Customer Secure End User Secure
  • 14. MDM – Making the Smartphone Enterprise Ready  Multi-Platform Support – ActiveSync, BES, Good  Security & policymanagement – Enforcement &notification  Dynamic cost management – Roaming &plan management  Application management – Enterprise application store  Device monitoring – Health &usage  Analysis and reporting – Predictive & cost avoidance Deliveringmulti-platformsecurity,visibility, controlandcostsavings “Managing how users Interactwith devices” “Managing devices, data and applications” “Managing costs of devices” “MDM should be an agnostic OS, device and carrier independent solution”
  • 15. Device Management Policy Management Application Management E-Mail Deployment Functions • Userprovisioning • Migrations • Device re-provision Benefits • Reduce helpdesk calls • Reduce supportcalls • Increaseuptime • Centralizetracking ROI • Lower TCO Functions • Hardwaremgmt • Softwaremgmt • Real-time updates Benefits • Increasedvisibility • Efficientdiagnostics • Upgradeplanning& deployment • Centralizetracking • History reporting ROI • Cross platform status reporting Functions • Securitymgmt • Usagegovernance • Compliance Benefits • Reduce security risks • Increasedcompliance • Manageuserbehaviors ROI • Decreaseadminandhelp desk costs Functions • Control footprint • App. deployment • Update/upgrademgt Benefits • OTA installs • Close-loop deployments • Simple, consistent app management • ImprovedBESmgmt ROI • Decreasein admin/helpdesk support time Performance Monitoring Functions • Servermonitoring • Device monitoring • Load balancing Benefits • Quicker resolution to problems • Reduce downtimeandcosts • Analysis andtrending ROI • Decreasehelp desk costs • Enableproactivemonitoring MDM Capabilities 15
  • 16. Types of Mobile Applications 16 Native Web Hybrid
  • 17. Value of a Mobile Enterprise Application Platform 17
  • 18. Strategies for BYOPC 18 • Establish catalog of supported operating systems: – Windows 7 & 8 – Mac OS X? – Linux Variants? • Catalog of supported AV solutions • Use Inspect to Connect technology to interrogate employee-owned PC to verify compliance • Utilize virtualized applications or virtual desktops to secure enterprise apps and data on untrusted devices. • Virtual desktop clients can be configured to control writing to local or removable media, printing, cut & paste, etc.
  • 19. Questions to ask when considering BYOD 19 • Are there any specific concerns that would preclude the use of employee-owned devices? – Information may be subject to FOIA requests or other regulatory or compliance requirements. • Is there a catalog of devices that would be allowed to access enterprise applications? – With each new platform supported in the environment, complexity is added. Costs may increase as additional versions of enterprise apps are developed and maintained.
  • 20. Questions to ask when considering BYOD 20 • Is the organization willing to accept a short-term increase in risk to allow newer platforms access to data while the device’s management and security tools mature? – For corporate-owned devices, it may be an easy decision to delay upgrades; however, for personally- owned devices, employees may be unwilling to forego the latest devices or updates. • Have we considered all of the risks? – Inappropriate content on personally-owned devices. ECPA considerations? Compensation considerations, especially for CA-based employees?

Editor's Notes

  1. *** Should we copy into non-Dell presentation template?
  2. *** KEEP or DROP – maybe change third column to “Mobile Era?”
  3. *** I Think this is a good slide showing the adoption curve, will need to revise title and remove dell consulting references in text
  4. In a recent study – 75% of surveyed companies indicated that they currently allowed, or were considering allowing personally-owned devices to access company information Smartphone device sales are forecasted to exceed Notebooks + Desktops (combined) by 2012 [Morgan Stanley] End user preference is driving enterprises to offer more device choices Security is #1 concern; must protect enterprise data on growing population of mobile devices Wireless Email & PIM (contacts, calendar, tasks) is core application that most solutions are build around today LOB apps and collaboration are next logical opportunities
  5. Good Strategy Overview Slide – may need to revise some text in boxes to more accurately meet audience’s needs
  6. ***Change title to reflect benefits of using consumer devices Personal information management (PIM) refers to both the practice and the study of the activities people perform in order to acquire, organize, maintain, retrieve and use information items such as documents (paper-based and digital), web pages and email messages for everyday use to complete tasks (work-related or not) and fulfill a person’s various roles (as parent, employee, friend, member of community, etc.). E*Trade’s mobile trading app on BlackBerry  Coca-Cola Enterprises (CCE) mobilized its merchandisers to make the jobs they do on a daily basis as easy and intuitive as possible Heineken - refreshed its mobility platform to empower field and merchandising representatives Xerox – front line employee mobile app for enterprise data access
  7. Good overview of MDM
  8. More in-depth review of MDM capabilities