SlideShare une entreprise Scribd logo

BYOD Security Challenges and Solutions

Télécharger en tant que PPT, PDF
James Sutter
James Sutter
TechnologieBusiness
1  sur  25
Copyright 2013 The Word & Brown Companies BYOD (and other acronyms of interest) Orange County CIO Roundtable September 12, 2013 Jeff Hecht, Chief Compliance & Security Officer The Word & Brown Companies
Two competing desires are increasingly at odds with each other: expanding mobility to leverage productivity gains—and controlling mobility to combat significant risks…. Agenda BYOD basic issues How widespread is it? What are the risks? How are enterprises dealing with it? What categories of tools are or soon will be available to manage BYOD? How can we develop an acceptable approach for BYOD that balances access and security? Copyright 2013 The Word & Brown Companies
BYOD Challenges and Opportunities  There is a growing demand from employees to use their own electronic devices at work to access corporate assets.  Employees argue they are more productive on devices they’ve chosen and mastered.  High level business executives often are part of this demand.  Younger employees in particular find the idea of a small list of corporate devices unacceptable.  Some studies suggest employees are more likely to work more hours and in more places when they can do it on their device of choice.  Many of these devices may be unsupported by IT departments. The versions change quickly as employees bring in the latest and greatest devices and upgrade on their schedule not their employer’s. Copyright 2013 The Word & Brown Companies
BYOD Challenges and Opportunities  The expense of always providing the latest and greatest devices is too much for most enterprises, so having the employee provide their own device appears attractive financially.  The devices offer instant connectivity to the Internet and cloud services that can easily evade traditional control measures an IT department uses with corporate assets.  Concerns about data security, device control, data ownership, patching, backups and other issues generally handled for corporate devices are not fully resolved for most IT Departments on personally owned devices. Keeping corporate data secure is largely at odds with the idea of “my device” and ubiquitous access.  Employee don’t always trust their employer with their own information, particularly geo-location data and may be reluctant to follow some policies. Copyright 2013 The Word & Brown Companies
Copyright 2013 The Word & Brown Companies Major Security Concerns and Controls
Copyright 2013 The Word & Brown Companies Moving Ahead Regardless SC Magazine
Copyright 2013 The Word & Brown Companies Moving Ahead Regardless SC Magazine
There’s plenty of hype  Many vendors have products positioned to “solve” the “BYOD problem”.  It’s unclear how big the issues are and equally unclear how effectively the current product sets address the issues.  Each organization needs to assess what their exposure is and how best to control it. Factors such as regulations, the specific type of data held and exactly what is exposed to mobile connections are key.  Many of these issues have similar concerns regardless of whether the device is owned by the organization or the employee, but they are magnified with BYOD. Copyright 2013 The Word & Brown Companies
Copyright 2013 The Word & Brown Companies Fast Growth
Copyright 2013 The Word & Brown Companies Really?
Copyright 2013 The Word & Brown Companies Policies are evolving
Copyright 2013 The Word & Brown Companies Policies are evolving
Copyright 2013 The Word & Brown Companies More devices are owned by employees
The Goals Copyright 2013 The Word & Brown Companies
The Goals  Enable employee choice and flexibility  Prohibit unauthorized access, control where corporate data goes  Manage threats and vulnerabilities  Ensure network availability and performance. Deliver predictable user experience  Understand and control the true costs (and benefits) Copyright 2013 The Word & Brown Companies
Copyright 2013 The Word & Brown Companies Alphabet Soup BYOD – Bring Your Own Device also sometimes called BYOT (Technology) This is the blanket term for the trend and the industry that’s springing up around controlling the access. Generally BYOD means an employee owns the device and the service contract for it’s connectivity. Sometimes the employer may provide a stipend to offset some of the costs but often the employee bears the whole cost. MBYOD – Managed Bring Your Own Device More of a marketing term than an actual category, there are various levels and ways the device can be controlled in a corporate environment. (More on this in the balance of the presentation). CYOD – Choose Your Own Device The employee can choose a device from a list of either specific models or levels of operating system. Depending on the program the employer may purchase and own the device (sometimes referred to as COPE Company Owned Personally Enabled) or the employee buys the device and service but must choose a device from the approved list to get connectivity to corporate resources.
Copyright 2013 The Word & Brown Companies Alphabet Soup BYOA – Bring Your Own Application BYOA intersects two of the most visible trends in technology today – mobility and cloud computing – where employees use a public application for work. The app itself could be a mobile app, a Web-based cloud app, or a combination both access methods. The app might be free or paid-for and can be “brought” into the workplace on a mobile device or through a company PC’s Web browser. Enterprises will invariably be faced with managing data in public apps. A similar idea is BYOS or Bring Your Own Service MDM – Mobile Device Management The general category of tools to control access from mobile devices regardless of their ownership. They have some method of device registration, monitoring and remote wipe in case of loss or theft. Usually they can enforce password rules and require device encryption. More advanced versions of these management suites include the ability to create separate, encrypted data partitions to store and access corporate data. Some include basic data leakage prevention systems (DLP). These tools are primarily device centric – that is you are registering a physical device and the specific controls are applied to that device.
Copyright 2013 The Word & Brown Companies Alphabet Soup MAM – Mobile Application Management/MIM Mobile Information Management Where MDM is device centric MAM/MIM are application and data centric. There are several approaches to controlling what corporate applications and data can be accessed. These can be white/black listed applications and what can or cannot be connected to remotely. Containerization may be used to segregate and control data, although this sometimes impacts the user experience. Perhaps the most promising is the use of virtualization to provide access to data without actually allowing it to be transferred to mobile devices. MDSM – Mobile Device Security Management Similar to a security suite for PCs (but not yet so comprehensive) including malware scanning and protection, enforcement of iPSec VPNs for connection to company resources, IPS, content filtering and firewalls. These tools are in their infancy and many MDM vendors claim their products provide device security, but most are very limited in what they can really do. MDDCA – Mobile Device Detection/contextual awareness MDDCA is an attempt to enforce context based policy management. This might be geographic (you can’t access Facebook from within the company facility but can from home), method of access related (your iPad will connect to full company resources on the company WiFi but only to the email server from another connection point) or day of the week or time related. Some tools can segregate down to the individual access point (ok on the IT floor, not ok in a public area).
Copyright 2013 The Word & Brown Companies Spectrum of Control
Things To Consider With A BYOD Program  Recognize these devices are going to be in your environment (no doubt already are) so figure out your position. Are you trying to prohibit them? Embrace them? Control them? Do you have money to spend on tools to do this or do you have to rely on what you already have and policy enforcement. Engage business management to understand and shape their positions. Identify the company data you want to provide access to – email access may be quite a different risk than the corporate accounting system.  Specify What Devices Are Permitted. Decide exactly what you mean when you say "bring your own device." Should you really be saying, bring your own iPhone but not your own Android phone or only your Android with an OS 4.0 or later?  Decide What Apps Will Be Allowed or Banned. Can users download, install and use an application that presents security or legal risk on devices that have access to sensitive corporate resources? Can you control it? The technology for preventing downloads of questionable apps or copyright-infringing music and media on personal phones is immature at best, but that doesn’t mean you shouldn’t have policy against it. Copyright 2013 The Word & Brown Companies
Things To Consider With A BYOD Program  Identify which employees will be allowed to use their own devices. Is this everyone? Mangers? Sales people? Only those you would have otherwise given corporate equipment? Figure out who and why, you’ll be expected to defend the decisions.  Establish a clear security requirements for all Devices. For example, If your users want to use their devices with your systems, then they'll have to accept a complex password attached to their devices at all times just as they do on the company owned equipment. They also may have to agree to a device wipe policy, timeout limit and device encryption. You almost surely want to restrict jail broken or rooted devices.  Make It Clear Who Owns What Apps and Data At a some point devices will be lost or stolen and data will have to be wiped. While some devices support selective data wipes it is always possible that all content on the phone may be erased, including personal pictures, music and applications that the individual, not the company, may have paid for. It may be impossible to replace these items. Be sure you make it clear that you assert the right to wipe these devices. Provide guidance on how employees can secure their own content and back it up so they can restore personal information if phone device has to be wiped or replaced. Can you control where they might back up the company data on the device? Copyright 2013 The Word & Brown Companies
 Figure out what level of support you can provide. Will you provide support for broken devices? Is your support basically a "wipe and reconfigure" operation? How quickly and efficiently can you respond to lost device situations? Are users on their own after initial set up?  Define ahead of time an Employee Exit Strategy. What will happen when employees with devices on your BYOD platform leave the company? How do you enforce the removal of access tokens, e-mail access, data and other proprietary applications and information? It's not as simple as having the employee return the corporate-issued phone. You may need to perform a wipe of the BYOD-enabled device as a mandatory exit strategy and make it clear that you reserve the right to issue a wipe command if the employee hasn't made alternate arrangement with your IT department prior to exit time. Copyright 2013 The Word & Brown Companies Things To Consider With A BYOD Program
 Write it all down and communicate it. There was never a more important time to have a clear detailed written policy and be prepared to revise and update it regularly as unforeseen situations change the landscape. Have your users sign an acknowledgement that they’ve read and agreed to the conditions you decide to impose. Invest in training BYOD users on the policy and the specific security threats associated with mobile access.  Integrate Your BYOD Plan With Your Acceptable Use Policy. Allowing personal devices to connect to your VPN introduces some doubt about what activities may and may not be permitted. If you set up a VPN tunnel on a personally owned device and then post to Facebook, is this a violation? What if your employees browse objectionable websites while on their device's VPN? What if they transmit inappropriate material over your network, even though they're using a device they own personally? Are there sanctions for such activity? What monitoring strategies and tools are available to enforce such policies? What rights do you have to set up rules in this arena? Copyright 2013 The Word & Brown Companies Things To Consider With A BYOD Program
Copyright 2013 The Word & Brown Companies One approach to a process
Questions And Discussion Copyright 2013 The Word & Brown Companies

Recommandé

BYOD- A Productivity Catalyst
BYOD- A Productivity CatalystBYOD- A Productivity Catalyst
BYOD- A Productivity CatalystPacket One
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Murray Security Services
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYODK Singh
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanShuja Ahmad
 
Navigating the Flood of BYOD
Navigating the Flood of BYODNavigating the Flood of BYOD
Navigating the Flood of BYODLiveAction Next Generation Network Management Software
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreIBM Software India
 
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERIntegrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERMobiloitte
 

Recommandé

BYOD- A Productivity Catalyst
BYOD- A Productivity CatalystBYOD- A Productivity Catalyst
BYOD- A Productivity CatalystPacket One
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Murray Security Services
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYODK Singh
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanShuja Ahmad
 
Navigating the Flood of BYOD
Navigating the Flood of BYODNavigating the Flood of BYOD
Navigating the Flood of BYODLiveAction Next Generation Network Management Software
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreIBM Software India
 
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERIntegrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERMobiloitte
 
Future proof and extend your IAM to Mobile Platforms and any connected device
Future proof and extend your IAM to Mobile Platforms and any connected deviceFuture proof and extend your IAM to Mobile Platforms and any connected device
Future proof and extend your IAM to Mobile Platforms and any connected deviceAldo Pietropaolo
 
Wp byod
Wp byodWp byod
Wp byodJ
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devicesiSSAL
 
Security that works
Security that worksSecurity that works
Security that worksJames1280
 
The Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesThe Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesWavestone
 
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCloudIDSummit
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyOracleIDM
 
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileEnabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileNuno Alves
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
Mobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - AtidanMobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - AtidanDavid J Rosenthal
 
Securing Salesforce Mobile SDK Apps with Good Dynamics
Securing Salesforce Mobile SDK Apps with Good DynamicsSecuring Salesforce Mobile SDK Apps with Good Dynamics
Securing Salesforce Mobile SDK Apps with Good DynamicsHerve Danzelaud
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD Worldmkeane
 
No byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettleNo byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettleLogicalis
 
Peregrine Guard - An Enterprise Mobile Security Product by i7 Networks
Peregrine Guard - An Enterprise Mobile Security Product by i7 NetworksPeregrine Guard - An Enterprise Mobile Security Product by i7 Networks
Peregrine Guard - An Enterprise Mobile Security Product by i7 NetworksProductNation/iSPIRT
 
Miwp mobile capture-firststep_2013
Miwp mobile capture-firststep_2013Miwp mobile capture-firststep_2013
Miwp mobile capture-firststep_2013Liberteks
 
Rochester Security Event
Rochester Security EventRochester Security Event
Rochester Security Eventcalebbarlow
 
Apple Device Management
Apple Device ManagementApple Device Management
Apple Device ManagementHexnode
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
 
BPOS sales deck
BPOS sales deckBPOS sales deck
BPOS sales deckdavidphogan
 
NODE JS OC Meetup 1
NODE JS OC Meetup 1NODE JS OC Meetup 1
NODE JS OC Meetup 1eddify
 
The evolving role of the cio mkg occiort 021011
The evolving role of the cio mkg occiort 021011The evolving role of the cio mkg occiort 021011
The evolving role of the cio mkg occiort 021011James Sutter
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013James Sutter
 

Contenu connexe

Tendances

Future proof and extend your IAM to Mobile Platforms and any connected device
Future proof and extend your IAM to Mobile Platforms and any connected deviceFuture proof and extend your IAM to Mobile Platforms and any connected device
Future proof and extend your IAM to Mobile Platforms and any connected deviceAldo Pietropaolo
 
Wp byod
Wp byodWp byod
Wp byodJ
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devicesiSSAL
 
Security that works
Security that worksSecurity that works
Security that worksJames1280
 
The Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesThe Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesWavestone
 
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCloudIDSummit
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyOracleIDM
 
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileEnabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileNuno Alves
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
Mobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - AtidanMobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - AtidanDavid J Rosenthal
 
Securing Salesforce Mobile SDK Apps with Good Dynamics
Securing Salesforce Mobile SDK Apps with Good DynamicsSecuring Salesforce Mobile SDK Apps with Good Dynamics
Securing Salesforce Mobile SDK Apps with Good DynamicsHerve Danzelaud
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD Worldmkeane
 
No byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettleNo byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettleLogicalis
 
Peregrine Guard - An Enterprise Mobile Security Product by i7 Networks
Peregrine Guard - An Enterprise Mobile Security Product by i7 NetworksPeregrine Guard - An Enterprise Mobile Security Product by i7 Networks
Peregrine Guard - An Enterprise Mobile Security Product by i7 NetworksProductNation/iSPIRT
 
Miwp mobile capture-firststep_2013
Miwp mobile capture-firststep_2013Miwp mobile capture-firststep_2013
Miwp mobile capture-firststep_2013Liberteks
 
Rochester Security Event
Rochester Security EventRochester Security Event
Rochester Security Eventcalebbarlow
 
Apple Device Management
Apple Device ManagementApple Device Management
Apple Device ManagementHexnode
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
 

Tendances (19)

Future proof and extend your IAM to Mobile Platforms and any connected device
Future proof and extend your IAM to Mobile Platforms and any connected deviceFuture proof and extend your IAM to Mobile Platforms and any connected device
Future proof and extend your IAM to Mobile Platforms and any connected device
 
Wp byod
Wp byodWp byod
Wp byod
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devices
 
Security that works
Security that worksSecurity that works
Security that works
 
The Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesThe Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devices
 
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
 
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileEnabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdata
 
Mobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - AtidanMobile Device Management for Office 365 - Atidan
Mobile Device Management for Office 365 - Atidan
 
Securing Salesforce Mobile SDK Apps with Good Dynamics
Securing Salesforce Mobile SDK Apps with Good DynamicsSecuring Salesforce Mobile SDK Apps with Good Dynamics
Securing Salesforce Mobile SDK Apps with Good Dynamics
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD World
 
No byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettleNo byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettle
 
Peregrine Guard - An Enterprise Mobile Security Product by i7 Networks
Peregrine Guard - An Enterprise Mobile Security Product by i7 NetworksPeregrine Guard - An Enterprise Mobile Security Product by i7 Networks
Peregrine Guard - An Enterprise Mobile Security Product by i7 Networks
 
Miwp mobile capture-firststep_2013
Miwp mobile capture-firststep_2013Miwp mobile capture-firststep_2013
Miwp mobile capture-firststep_2013
 
Rochester Security Event
Rochester Security EventRochester Security Event
Rochester Security Event
 
Apple Device Management
Apple Device ManagementApple Device Management
Apple Device Management
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
 
BPOS sales deck
BPOS sales deckBPOS sales deck
BPOS sales deck
 

En vedette

NODE JS OC Meetup 1
NODE JS OC Meetup 1NODE JS OC Meetup 1
NODE JS OC Meetup 1eddify
 
The evolving role of the cio mkg occiort 021011
The evolving role of the cio mkg occiort 021011The evolving role of the cio mkg occiort 021011
The evolving role of the cio mkg occiort 021011James Sutter
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013James Sutter
 
Scrum Agile by David Mann
Scrum Agile by David Mann Scrum Agile by David Mann
Scrum Agile by David MannJames Sutter
 
Future of intelligent transportation CIO Roundtable 080214
Future of intelligent transportation CIO Roundtable 080214Future of intelligent transportation CIO Roundtable 080214
Future of intelligent transportation CIO Roundtable 080214James Sutter
 
Security in the News
Security in the NewsSecurity in the News
Security in the NewsJames Sutter
 
3-D Printing_feb_13_2014
3-D Printing_feb_13_20143-D Printing_feb_13_2014
3-D Printing_feb_13_2014James Sutter
 

En vedette (8)

NODE JS OC Meetup 1
NODE JS OC Meetup 1NODE JS OC Meetup 1
NODE JS OC Meetup 1
 
The evolving role of the cio mkg occiort 021011
The evolving role of the cio mkg occiort 021011The evolving role of the cio mkg occiort 021011
The evolving role of the cio mkg occiort 021011
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
 
Scrum Agile by David Mann
Scrum Agile by David Mann Scrum Agile by David Mann
Scrum Agile by David Mann
 
Future of intelligent transportation CIO Roundtable 080214
Future of intelligent transportation CIO Roundtable 080214Future of intelligent transportation CIO Roundtable 080214
Future of intelligent transportation CIO Roundtable 080214
 
Mobile Security
Mobile Security Mobile Security
Mobile Security
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
 
3-D Printing_feb_13_2014
3-D Printing_feb_13_20143-D Printing_feb_13_2014
3-D Printing_feb_13_2014
 

Similaire à BYOD Security Challenges and Solutions

BYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of ItBYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of ItArlette Measures
 
Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]IBM Software India
 
How To Do BYOD Right
How To Do BYOD RightHow To Do BYOD Right
How To Do BYOD RightRapidScale
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaJim Kaplan CIA CFE
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessDMIMarketing
 
5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD Implementation5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD ImplementationJumpCloud
 
Wondering About the "Bring Your Own Device to Work" Trend?
Wondering About the "Bring Your Own Device to Work" Trend?Wondering About the "Bring Your Own Device to Work" Trend?
Wondering About the "Bring Your Own Device to Work" Trend?Gen Re
 
The key business drivers for Enterprise Mobility
The key business drivers for Enterprise MobilityThe key business drivers for Enterprise Mobility
The key business drivers for Enterprise MobilitySanjay Abraham
 
Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...
Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...
Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...Kyron Baxter
 
Ravi Namboori Equinix on BYOD Security Risks
Ravi Namboori Equinix on BYOD Security RisksRavi Namboori Equinix on BYOD Security Risks
Ravi Namboori Equinix on BYOD Security RisksRavi namboori
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications Array Networks
 
The Essential BYOD Handbook
The Essential BYOD HandbookThe Essential BYOD Handbook
The Essential BYOD HandbookBarcoding, Inc.
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing InvestmentsCaston Thomas
 
Bring Your Own Device (BYOD) is Here to Stay, But What About The Risks
Bring Your Own Device (BYOD) is Here to Stay, But What About The RisksBring Your Own Device (BYOD) is Here to Stay, But What About The Risks
Bring Your Own Device (BYOD) is Here to Stay, But What About The RisksLogicalis
 

Similaire à BYOD Security Challenges and Solutions (20)

BYOD
BYODBYOD
BYOD
 
Leveraging byod
Leveraging byodLeveraging byod
Leveraging byod
 
BYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of ItBYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of It
 
Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]
 
How To Do BYOD Right
How To Do BYOD RightHow To Do BYOD Right
How To Do BYOD Right
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
 
How to Do BYOD Right
How to Do BYOD RightHow to Do BYOD Right
How to Do BYOD Right
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for Success
 
5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD Implementation5 Steps to Successful BYOD Implementation
5 Steps to Successful BYOD Implementation
 
Wondering About the "Bring Your Own Device to Work" Trend?
Wondering About the "Bring Your Own Device to Work" Trend?Wondering About the "Bring Your Own Device to Work" Trend?
Wondering About the "Bring Your Own Device to Work" Trend?
 
The key business drivers for Enterprise Mobility
The key business drivers for Enterprise MobilityThe key business drivers for Enterprise Mobility
The key business drivers for Enterprise Mobility
 
Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...
Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...
Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...
 
Managing BYOD in Corporate Environments
Managing BYOD in Corporate EnvironmentsManaging BYOD in Corporate Environments
Managing BYOD in Corporate Environments
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
 
Ravi Namboori Equinix on BYOD Security Risks
Ravi Namboori Equinix on BYOD Security RisksRavi Namboori Equinix on BYOD Security Risks
Ravi Namboori Equinix on BYOD Security Risks
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications
 
The Essential BYOD Handbook
The Essential BYOD HandbookThe Essential BYOD Handbook
The Essential BYOD Handbook
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments
 
Byod
ByodByod
Byod
 
Bring Your Own Device (BYOD) is Here to Stay, But What About The Risks
Bring Your Own Device (BYOD) is Here to Stay, But What About The RisksBring Your Own Device (BYOD) is Here to Stay, But What About The Risks
Bring Your Own Device (BYOD) is Here to Stay, But What About The Risks
 

Plus de James Sutter

CIO evolution 10102013
CIO evolution 10102013CIO evolution 10102013
CIO evolution 10102013James Sutter
 
CIO RoundtableIot IOT
CIO RoundtableIot IOTCIO RoundtableIot IOT
CIO RoundtableIot IOTJames Sutter
 
Technology business management_7.13
Technology business management_7.13Technology business management_7.13
Technology business management_7.13James Sutter
 
Oc cio roundtable mooney management imperatives for realizing value from clou...
Oc cio roundtable mooney management imperatives for realizing value from clou...Oc cio roundtable mooney management imperatives for realizing value from clou...
Oc cio roundtable mooney management imperatives for realizing value from clou...James Sutter
 
Erp governance methodology and case studies v rjt
Erp governance methodology and case studies v rjtErp governance methodology and case studies v rjt
Erp governance methodology and case studies v rjtJames Sutter
 
Controlling project costs
Controlling project costsControlling project costs
Controlling project costsJames Sutter
 
Google apps CIO Peer Group presentation
Google apps CIO Peer Group presentationGoogle apps CIO Peer Group presentation
Google apps CIO Peer Group presentationJames Sutter
 
CIO Roundtable 10-12
CIO Roundtable 10-12CIO Roundtable 10-12
CIO Roundtable 10-12James Sutter
 
CIO presentation aug 2012
CIO presentation aug 2012 CIO presentation aug 2012
CIO presentation aug 2012 James Sutter
 
Mobile security v2
Mobile security v2Mobile security v2
Mobile security v2James Sutter
 
Peer group itsm presentation 6.12
Peer group itsm presentation 6.12Peer group itsm presentation 6.12
Peer group itsm presentation 6.12James Sutter
 
Google apps cio peer group presentation
Google apps cio peer group presentationGoogle apps cio peer group presentation
Google apps cio peer group presentationJames Sutter
 
Cio roundtable microsoft update - 9-8-11
Cio roundtable microsoft update - 9-8-11 Cio roundtable microsoft update - 9-8-11
Cio roundtable microsoft update - 9-8-11 James Sutter
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing presentJames Sutter
 
Enterprise social networking v1.2
Enterprise social networking v1.2Enterprise social networking v1.2
Enterprise social networking v1.2James Sutter
 
The value of QA CIO peer group
The value of QA CIO peer groupThe value of QA CIO peer group
The value of QA CIO peer groupJames Sutter
 

Plus de James Sutter (20)

CIO evolution 10102013
CIO evolution 10102013CIO evolution 10102013
CIO evolution 10102013
 
CIO RoundtableIot IOT
CIO RoundtableIot IOTCIO RoundtableIot IOT
CIO RoundtableIot IOT
 
Technology business management_7.13
Technology business management_7.13Technology business management_7.13
Technology business management_7.13
 
Oc cio roundtable mooney management imperatives for realizing value from clou...
Oc cio roundtable mooney management imperatives for realizing value from clou...Oc cio roundtable mooney management imperatives for realizing value from clou...
Oc cio roundtable mooney management imperatives for realizing value from clou...
 
Erp governance methodology and case studies v rjt
Erp governance methodology and case studies v rjtErp governance methodology and case studies v rjt
Erp governance methodology and case studies v rjt
 
Controlling project costs
Controlling project costsControlling project costs
Controlling project costs
 
CIO Branding
CIO BrandingCIO Branding
CIO Branding
 
Google apps CIO Peer Group presentation
Google apps CIO Peer Group presentationGoogle apps CIO Peer Group presentation
Google apps CIO Peer Group presentation
 
CIO Roundtable 10-12
CIO Roundtable 10-12CIO Roundtable 10-12
CIO Roundtable 10-12
 
CIO presentation aug 2012
CIO presentation aug 2012 CIO presentation aug 2012
CIO presentation aug 2012
 
Mobile security v2
Mobile security v2Mobile security v2
Mobile security v2
 
Peer group itsm presentation 6.12
Peer group itsm presentation 6.12Peer group itsm presentation 6.12
Peer group itsm presentation 6.12
 
CIO Value Issue
CIO Value IssueCIO Value Issue
CIO Value Issue
 
Google apps cio peer group presentation
Google apps cio peer group presentationGoogle apps cio peer group presentation
Google apps cio peer group presentation
 
Rjt analytics
Rjt analyticsRjt analytics
Rjt analytics
 
Cio roundtable microsoft update - 9-8-11
Cio roundtable microsoft update - 9-8-11 Cio roundtable microsoft update - 9-8-11
Cio roundtable microsoft update - 9-8-11
 
Mobility
MobilityMobility
Mobility
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing present
 
Enterprise social networking v1.2
Enterprise social networking v1.2Enterprise social networking v1.2
Enterprise social networking v1.2
 
The value of QA CIO peer group
The value of QA CIO peer groupThe value of QA CIO peer group
The value of QA CIO peer group
 

Dernier

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Dernier (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

BYOD Security Challenges and Solutions

  • 1. Copyright 2013 The Word & Brown Companies BYOD (and other acronyms of interest) Orange County CIO Roundtable September 12, 2013 Jeff Hecht, Chief Compliance & Security Officer The Word & Brown Companies
  • 2. Two competing desires are increasingly at odds with each other: expanding mobility to leverage productivity gains—and controlling mobility to combat significant risks…. Agenda BYOD basic issues How widespread is it? What are the risks? How are enterprises dealing with it? What categories of tools are or soon will be available to manage BYOD? How can we develop an acceptable approach for BYOD that balances access and security? Copyright 2013 The Word & Brown Companies
  • 3. BYOD Challenges and Opportunities  There is a growing demand from employees to use their own electronic devices at work to access corporate assets.  Employees argue they are more productive on devices they’ve chosen and mastered.  High level business executives often are part of this demand.  Younger employees in particular find the idea of a small list of corporate devices unacceptable.  Some studies suggest employees are more likely to work more hours and in more places when they can do it on their device of choice.  Many of these devices may be unsupported by IT departments. The versions change quickly as employees bring in the latest and greatest devices and upgrade on their schedule not their employer’s. Copyright 2013 The Word & Brown Companies
  • 4. BYOD Challenges and Opportunities  The expense of always providing the latest and greatest devices is too much for most enterprises, so having the employee provide their own device appears attractive financially.  The devices offer instant connectivity to the Internet and cloud services that can easily evade traditional control measures an IT department uses with corporate assets.  Concerns about data security, device control, data ownership, patching, backups and other issues generally handled for corporate devices are not fully resolved for most IT Departments on personally owned devices. Keeping corporate data secure is largely at odds with the idea of “my device” and ubiquitous access.  Employee don’t always trust their employer with their own information, particularly geo-location data and may be reluctant to follow some policies. Copyright 2013 The Word & Brown Companies
  • 5. Copyright 2013 The Word & Brown Companies Major Security Concerns and Controls
  • 6. Copyright 2013 The Word & Brown Companies Moving Ahead Regardless SC Magazine
  • 7. Copyright 2013 The Word & Brown Companies Moving Ahead Regardless SC Magazine
  • 8. There’s plenty of hype  Many vendors have products positioned to “solve” the “BYOD problem”.  It’s unclear how big the issues are and equally unclear how effectively the current product sets address the issues.  Each organization needs to assess what their exposure is and how best to control it. Factors such as regulations, the specific type of data held and exactly what is exposed to mobile connections are key.  Many of these issues have similar concerns regardless of whether the device is owned by the organization or the employee, but they are magnified with BYOD. Copyright 2013 The Word & Brown Companies
  • 9. Copyright 2013 The Word & Brown Companies Fast Growth
  • 10. Copyright 2013 The Word & Brown Companies Really?
  • 11. Copyright 2013 The Word & Brown Companies Policies are evolving
  • 12. Copyright 2013 The Word & Brown Companies Policies are evolving
  • 13. Copyright 2013 The Word & Brown Companies More devices are owned by employees
  • 14. The Goals Copyright 2013 The Word & Brown Companies
  • 15. The Goals  Enable employee choice and flexibility  Prohibit unauthorized access, control where corporate data goes  Manage threats and vulnerabilities  Ensure network availability and performance. Deliver predictable user experience  Understand and control the true costs (and benefits) Copyright 2013 The Word & Brown Companies
  • 16. Copyright 2013 The Word & Brown Companies Alphabet Soup BYOD – Bring Your Own Device also sometimes called BYOT (Technology) This is the blanket term for the trend and the industry that’s springing up around controlling the access. Generally BYOD means an employee owns the device and the service contract for it’s connectivity. Sometimes the employer may provide a stipend to offset some of the costs but often the employee bears the whole cost. MBYOD – Managed Bring Your Own Device More of a marketing term than an actual category, there are various levels and ways the device can be controlled in a corporate environment. (More on this in the balance of the presentation). CYOD – Choose Your Own Device The employee can choose a device from a list of either specific models or levels of operating system. Depending on the program the employer may purchase and own the device (sometimes referred to as COPE Company Owned Personally Enabled) or the employee buys the device and service but must choose a device from the approved list to get connectivity to corporate resources.
  • 17. Copyright 2013 The Word & Brown Companies Alphabet Soup BYOA – Bring Your Own Application BYOA intersects two of the most visible trends in technology today – mobility and cloud computing – where employees use a public application for work. The app itself could be a mobile app, a Web-based cloud app, or a combination both access methods. The app might be free or paid-for and can be “brought” into the workplace on a mobile device or through a company PC’s Web browser. Enterprises will invariably be faced with managing data in public apps. A similar idea is BYOS or Bring Your Own Service MDM – Mobile Device Management The general category of tools to control access from mobile devices regardless of their ownership. They have some method of device registration, monitoring and remote wipe in case of loss or theft. Usually they can enforce password rules and require device encryption. More advanced versions of these management suites include the ability to create separate, encrypted data partitions to store and access corporate data. Some include basic data leakage prevention systems (DLP). These tools are primarily device centric – that is you are registering a physical device and the specific controls are applied to that device.
  • 18. Copyright 2013 The Word & Brown Companies Alphabet Soup MAM – Mobile Application Management/MIM Mobile Information Management Where MDM is device centric MAM/MIM are application and data centric. There are several approaches to controlling what corporate applications and data can be accessed. These can be white/black listed applications and what can or cannot be connected to remotely. Containerization may be used to segregate and control data, although this sometimes impacts the user experience. Perhaps the most promising is the use of virtualization to provide access to data without actually allowing it to be transferred to mobile devices. MDSM – Mobile Device Security Management Similar to a security suite for PCs (but not yet so comprehensive) including malware scanning and protection, enforcement of iPSec VPNs for connection to company resources, IPS, content filtering and firewalls. These tools are in their infancy and many MDM vendors claim their products provide device security, but most are very limited in what they can really do. MDDCA – Mobile Device Detection/contextual awareness MDDCA is an attempt to enforce context based policy management. This might be geographic (you can’t access Facebook from within the company facility but can from home), method of access related (your iPad will connect to full company resources on the company WiFi but only to the email server from another connection point) or day of the week or time related. Some tools can segregate down to the individual access point (ok on the IT floor, not ok in a public area).
  • 19. Copyright 2013 The Word & Brown Companies Spectrum of Control
  • 20. Things To Consider With A BYOD Program  Recognize these devices are going to be in your environment (no doubt already are) so figure out your position. Are you trying to prohibit them? Embrace them? Control them? Do you have money to spend on tools to do this or do you have to rely on what you already have and policy enforcement. Engage business management to understand and shape their positions. Identify the company data you want to provide access to – email access may be quite a different risk than the corporate accounting system.  Specify What Devices Are Permitted. Decide exactly what you mean when you say "bring your own device." Should you really be saying, bring your own iPhone but not your own Android phone or only your Android with an OS 4.0 or later?  Decide What Apps Will Be Allowed or Banned. Can users download, install and use an application that presents security or legal risk on devices that have access to sensitive corporate resources? Can you control it? The technology for preventing downloads of questionable apps or copyright-infringing music and media on personal phones is immature at best, but that doesn’t mean you shouldn’t have policy against it. Copyright 2013 The Word & Brown Companies
  • 21. Things To Consider With A BYOD Program  Identify which employees will be allowed to use their own devices. Is this everyone? Mangers? Sales people? Only those you would have otherwise given corporate equipment? Figure out who and why, you’ll be expected to defend the decisions.  Establish a clear security requirements for all Devices. For example, If your users want to use their devices with your systems, then they'll have to accept a complex password attached to their devices at all times just as they do on the company owned equipment. They also may have to agree to a device wipe policy, timeout limit and device encryption. You almost surely want to restrict jail broken or rooted devices.  Make It Clear Who Owns What Apps and Data At a some point devices will be lost or stolen and data will have to be wiped. While some devices support selective data wipes it is always possible that all content on the phone may be erased, including personal pictures, music and applications that the individual, not the company, may have paid for. It may be impossible to replace these items. Be sure you make it clear that you assert the right to wipe these devices. Provide guidance on how employees can secure their own content and back it up so they can restore personal information if phone device has to be wiped or replaced. Can you control where they might back up the company data on the device? Copyright 2013 The Word & Brown Companies
  • 22.  Figure out what level of support you can provide. Will you provide support for broken devices? Is your support basically a "wipe and reconfigure" operation? How quickly and efficiently can you respond to lost device situations? Are users on their own after initial set up?  Define ahead of time an Employee Exit Strategy. What will happen when employees with devices on your BYOD platform leave the company? How do you enforce the removal of access tokens, e-mail access, data and other proprietary applications and information? It's not as simple as having the employee return the corporate-issued phone. You may need to perform a wipe of the BYOD-enabled device as a mandatory exit strategy and make it clear that you reserve the right to issue a wipe command if the employee hasn't made alternate arrangement with your IT department prior to exit time. Copyright 2013 The Word & Brown Companies Things To Consider With A BYOD Program
  • 23.  Write it all down and communicate it. There was never a more important time to have a clear detailed written policy and be prepared to revise and update it regularly as unforeseen situations change the landscape. Have your users sign an acknowledgement that they’ve read and agreed to the conditions you decide to impose. Invest in training BYOD users on the policy and the specific security threats associated with mobile access.  Integrate Your BYOD Plan With Your Acceptable Use Policy. Allowing personal devices to connect to your VPN introduces some doubt about what activities may and may not be permitted. If you set up a VPN tunnel on a personally owned device and then post to Facebook, is this a violation? What if your employees browse objectionable websites while on their device's VPN? What if they transmit inappropriate material over your network, even though they're using a device they own personally? Are there sanctions for such activity? What monitoring strategies and tools are available to enforce such policies? What rights do you have to set up rules in this arena? Copyright 2013 The Word & Brown Companies Things To Consider With A BYOD Program
  • 24. Copyright 2013 The Word & Brown Companies One approach to a process