BYOD

Siddhesh Narendra Hedulkar

Information Security Consultant

C o p y r i g h t © Siddhesh Hedulkar 1

What is BYOD?

• Bring your own device (BYOD) is an alternative strategy allowing employees,

business partners and other users to utilize a personally selected and purchased client

device to execute enterprise applications and access data.

• First entered in 2009, as organizations started recognizing an increasing tendency

among its employees to bring their own devices to work and connect them to the

corporate network

• Formal BYOD programs are a relatively new but fast-growing phenomenon. The

rapid proliferation of employees mobile devices is changing the traditional IT

environment in enterprises


Infrastructure Employee Segmentation Executive Management

•Laptop (l/w)

•Smartphone

•Video Device

Customer Facing Employees

•Laptop

•Smartphone

Research & Development

•Power PC

Manufacturing Employee

•Simple SW Monitoring

Basic Application User

•Low Cost WorkStation

•eMail

•Web Browser

Supporting Roles

•Low Cost WorkStation

•Simple Software

•Limited Access


One in four devices used for work are either

smartphones or tablets


Source: Forrester's Forrsights Workforce Employee Survey, Q4

2012

C o p y r i g h t © Siddhesh Hedulkar 5 Source: Forrester's Forrsights Workforce Employee Survey, 2013

27% 26%

74% 80%

36% 31%

82% 82%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

Used unsupported

website/Internet

Install Unsupported

software for work

Choose own tablet/Laptop

for work

Choose own smartphone

for work

Adoption of Mobile Technology

Adoption Among Below Director Level Employee Adoption Among Above Director Level Employee

MDM + employees paying for their own phones ≠ BYOD

• BYOD (Bring your own device) is a business policy of allow employees to use their

own devices for carrying out business related work by granting access to company

resources backed by proper authentication controls

• MDM can be thought as a subset of BYOD, which is designed to securely manage

mobile device endpoints by enforcing corporate policies over-the-air to the

employees’ mobile devices


Why BYOD

Employees are more willing to spend on their devices

Maintenance and protection of these devices is taken better care of as the employees

Allows employees to be more flexible and add more productive hours

This makes the workplace a "fun" place to work.

Reduces the burden of IT inventory maintenance tasks

Can avoid high purchase costs for laptops, smartphones, data cards and tablets for their employees (In small or medium organization)

smart devices often provide better processing speed and power for accomplishing the tasks better

Substantial Savings are made on carrier/ISP charges


Threats To

BYOD

Software bugs

Lost devices

Buggy apps

Malicious apps

Rooting/Jail-breaking

Untrustworthy

employees


Technology Policy

Education Support

Addressing the challenges with


Deploy a secure technology framework


Limited

Environment Requires Tight Controls

• Manufacturing Environment

• Trading Floor

• Classified Government Networks

• Traditional Enterprises

Basic

Focus On Basic Services, Easy Access

• Educational Environment

• Public Institutions

• Simple Guest

Enhanced

Enabled Differentiated Services, On-Boarding with Security – Onsite/Offsite

• Early BYOD Enterprise Adopters

Advance

Any Device, Any Ownership

• Innovative Enterprises

• Retails On Demand

• Mobile Sales Services

Develop a strong usage policy


Use of personal devices for business purposes is voluntary. Eligible employees (all except privileged users) can use personal devices as long as they agree to the ABC terms and conditions. Employees must adhere to security policies and installation of security agent to ensure their device is secure. ABC or client information and data (property) maintained or stored on a device is owned by ABC.

Employee agrees to allow ABC to inspect or take possession of the device upon request. ABC can revoke the ability to use the device. ABC can do a remote wipe of the device at any time, if the device is lost or stolen, User will remove all ABC property when they stop using the device. ABC may, but is not obligated to provide any 3rd party software. User must obtain valid licenses for any 3rd party software they choose to use for ABC business or purchase it - with ABC approval - through an approved ABC procurement process.

Educate your employees


Support personally owned devices through social software


BYOD

Privacy

And

Security

Myths

• User Privacy Is Invaded By BYOD

Management

• Not Supporting BYOD is Akin To

Data Security

• Existing DLP Solutions Can Be

Easily Migrated To Mobile


Securing

BYOD

Implementation

1. Identify the risk elements that BYOD introduces

2. Form a committee to embrace BYOD and understand the risks

3. Decide how to enforce policies for devices connecting to your network

4. Build a project plan

5. Evaluate solutions

6. Implement solutions

7. Periodically reassess solutions


CONCLUSIONS

• Employee attitudes to work-life balance and single device usage drive high levels of

BYOD in high-growth markets

• Instead of denying access citing the security concerns, it would be best in business

interest to embrace this business policy which allows people to be more productive

in longer run.

• IT departments must find the right way to manage this behaviour


C o p y r i g h t ©

Siddhesh Hedulkar

17

Email: [email protected]

twitter: @hedulkarsn

Linkedin : http://in.linkedin.com/pub/siddhesh-hedulkar/15/926/559

C o p y r i g h t © Siddhesh Hedulkar

18

18

http://in.linkedin.com/pub/siddhesh-hedulkar/15/926/559




BYOD

Mobile

byod employees

device byod

phones byod byod

eligible employees

byod management

byod privacy

abc business

client device