Siddhesh Narendra Hedulkar Information Security Consultant C o p y r i g h t © Siddhesh Hedulkar 1
Siddhesh Narendra Hedulkar
Information Security Consultant
C o p y r i g h t © Siddhesh Hedulkar 1
What is BYOD?
• Bring your own device (BYOD) is an alternative strategy allowing employees,
business partners and other users to utilize a personally selected and purchased client
device to execute enterprise applications and access data.
• First entered in 2009, as organizations started recognizing an increasing tendency
among its employees to bring their own devices to work and connect them to the
corporate network
• Formal BYOD programs are a relatively new but fast-growing phenomenon. The
rapid proliferation of employees mobile devices is changing the traditional IT
environment in enterprises
C o p y r i g h t © Siddhesh Hedulkar 2
Infrastructure Employee Segmentation Executive Management
•Laptop (l/w)
•Smartphone
•Video Device
Customer Facing Employees
•Laptop
•Smartphone
Research & Development
•Power PC
Manufacturing Employee
•Simple SW Monitoring
Basic Application User
•Low Cost WorkStation
•Web Browser
Supporting Roles
•Low Cost WorkStation
•Simple Software
•Limited Access
C o p y r i g h t © Siddhesh Hedulkar 3
One in four devices used for work are either
smartphones or tablets
C o p y r i g h t © Siddhesh Hedulkar 4
Source: Forrester's Forrsights Workforce Employee Survey, Q4
2012
C o p y r i g h t © Siddhesh Hedulkar 5 Source: Forrester's Forrsights Workforce Employee Survey, 2013
27% 26%
74% 80%
36% 31%
82% 82%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
Used unsupported
website/Internet
Install Unsupported
software for work
Choose own tablet/Laptop
for work
Choose own smartphone
for work
Adoption of Mobile Technology
Adoption Among Below Director Level Employee Adoption Among Above Director Level Employee
MDM + employees paying for their own phones ≠ BYOD
• BYOD (Bring your own device) is a business policy of allow employees to use their
own devices for carrying out business related work by granting access to company
resources backed by proper authentication controls
• MDM can be thought as a subset of BYOD, which is designed to securely manage
mobile device endpoints by enforcing corporate policies over-the-air to the
employees’ mobile devices
C o p y r i g h t © Siddhesh Hedulkar 6
Why BYOD
Employees are more willing to spend on their devices
Maintenance and protection of these devices is taken better care of as the employees
Allows employees to be more flexible and add more productive hours
This makes the workplace a "fun" place to work.
Reduces the burden of IT inventory maintenance tasks
Can avoid high purchase costs for laptops, smartphones, data cards and tablets for their employees (In small or medium organization)
smart devices often provide better processing speed and power for accomplishing the tasks better
Substantial Savings are made on carrier/ISP charges
C o p y r i g h t © Siddhesh Hedulkar 7
Threats To
BYOD
Software bugs
Lost devices
Buggy apps
Malicious apps
Rooting/Jail-breaking
Untrustworthy
employees
C o p y r i g h t © Siddhesh Hedulkar 8
Technology Policy
Education Support
Addressing the challenges with
C o p y r i g h t © Siddhesh Hedulkar 9
Deploy a secure technology framework
C o p y r i g h t © Siddhesh Hedulkar 10
Limited
Environment Requires Tight Controls
• Manufacturing Environment
• Trading Floor
• Classified Government Networks
• Traditional Enterprises
Basic
Focus On Basic Services, Easy Access
• Educational Environment
• Public Institutions
• Simple Guest
Enhanced
Enabled Differentiated Services, On-Boarding with Security – Onsite/Offsite
• Early BYOD Enterprise Adopters
Advance
Any Device, Any Ownership
• Innovative Enterprises
• Retails On Demand
• Mobile Sales Services
Develop a strong usage policy
C o p y r i g h t © Siddhesh Hedulkar 11
Use of personal devices for business purposes is voluntary. Eligible employees (all except privileged users) can use personal devices as long as they agree to the ABC terms and conditions. Employees must adhere to security policies and installation of security agent to ensure their device is secure. ABC or client information and data (property) maintained or stored on a device is owned by ABC.
Employee agrees to allow ABC to inspect or take possession of the device upon request. ABC can revoke the ability to use the device. ABC can do a remote wipe of the device at any time, if the device is lost or stolen, User will remove all ABC property when they stop using the device. ABC may, but is not obligated to provide any 3rd party software. User must obtain valid licenses for any 3rd party software they choose to use for ABC business or purchase it - with ABC approval - through an approved ABC procurement process.
Educate your employees
C o p y r i g h t © Siddhesh Hedulkar 12
Support personally owned devices through social software
C o p y r i g h t © Siddhesh Hedulkar 13
BYOD
Privacy
And
Security
Myths
• User Privacy Is Invaded By BYOD
Management
• Not Supporting BYOD is Akin To
Data Security
• Existing DLP Solutions Can Be
Easily Migrated To Mobile
C o p y r i g h t © Siddhesh Hedulkar 14
Securing
BYOD
Implementation
1. Identify the risk elements that BYOD introduces
2. Form a committee to embrace BYOD and understand the risks
3. Decide how to enforce policies for devices connecting to your network
4. Build a project plan
5. Evaluate solutions
6. Implement solutions
7. Periodically reassess solutions
C o p y r i g h t © Siddhesh Hedulkar 15
CONCLUSIONS
• Employee attitudes to work-life balance and single device usage drive high levels of
BYOD in high-growth markets
• Instead of denying access citing the security concerns, it would be best in business
interest to embrace this business policy which allows people to be more productive
in longer run.
• IT departments must find the right way to manage this behaviour
C o p y r i g h t © Siddhesh Hedulkar 16
C o p y r i g h t ©
Siddhesh Hedulkar
17
Email: [email protected]
twitter: @hedulkarsn
Linkedin : http://in.linkedin.com/pub/siddhesh-hedulkar/15/926/559
C o p y r i g h t © Siddhesh Hedulkar
18
18