Security that works

BYOD SECURITY

WORKSFree Your Employees, Secure Your Data

THAT

BYOD SECURITY THAT WORKS | BITGLASS | 2014 2

The bring-your-own-device (BYOD) phenomenon hit enterprise IT faster than a knife fight in a phone booth. You were cruising along with your secure BlackBerry deployment and then your CEO bought an iPhone and demanded access to her corporate email. So you gave her access to the Microsoft Exchange server, via Microsoft ActiveSync. Before long, iPhones started popping up everywhere -- including the corporate cafeteria. A few months later you checked the logs and found more than 2,000 of them were connected via ActiveSync! Yikes!

A Knife Fight in a Phone Booth: How we got from BY-NO to BYO

BYOD SECURITY THAT WORKS

THE BYOD KNIFE FIGHT, AS IT UNFOLDED ON THE WEB

Given MDM’s failings, BYOD still presents a significant challenge for most CIOs. In this eBook, we take a step back and look at the larger problem of implementing BYOD: Defining what is important and protecting it. Cloud and mobile technologies have changed the IT security landscape irreversibly. Today, we access and store data in radically different ways from a few years ago. So why would we approach security in the same old ways?

SEARCH INTEREST FOR THE TERM “BYOD”Source: http://www.google.com/trends/explore#q=BYOD

2005 2007 2009 2011 20132005 2007 2009 2011 2013

BYOD SECURITY THAT WORKS | BITGLASS | 2014 3

If you’re like most IT security professionals, you pushed back at first, urging employees to stick with their BlackBerries. At some point, you realized this strategy was a losing battle, so you decided to embrace BYOD. You still weren’t sure how.

The Initial ResponseThe startup world stepped in to save the day, offering up Mobile Device Management (MDM) as a solution. It sounded great – now you could manage personal mobile devices the same way you managed corporate-owned laptops, locking down Bluetooth and iCloud and blacklisting applications that threatened productivity or screamed “data leak!”

Employees are People TooBut – as you might have predicted – people rebelled against the monitoring and management of their personal devices. If they wanted to back up their personal information to iCloud or play Candy Crush on their days off, they had a right to do so. Your MDM solution turned out to be more expensive and complicated than you thought. And honestly, it hasn’t offered any real peace of mind about the security of your corporate data, either. Yes, it has allowed you to configure devices, but it does nothing to prevent data leakage or control inappropriate usage of corporate data.

THE BYOD REVOLUTION

TYPICAL CIO REACTION TO BYOD THROUGH THE YEARS

2005 2007 2009 2011 2013

?

Source: http://www.google.com/trends/explore#q=BYOD

“Here’s your BlackBerry.”

“No iPhones allowed.”

“We surrender! Use what you

like!”

“Did we actually secure our

data?”

2005 2007 2009 2011 2013

BYOD SECURITY THAT WORKS | BITGLASS | 2014 4

DATA = $$$

YOUR COMPANY’S CREDIBILITY, REPUTATION, AND COMPETITIVE ADVANTAGES ARE ON THE LINE.

Think about it: Why do we concern ourselves with securing the devices that connect to our networks? Is it because the devices have some intrinsic value? Definitely not. Your CFO wouldn’t lose sleep over the extrinsic value of devices, even if they were company-owned.

Is it the applications we’re worried about, then? Of course not. Even enterprise-grade mobile apps run in the $10 range at most, and application licensing agreements likely cover apps on lost or stolen devices.

Clearly the data on these devices represents orders of magnitude more value than even a high-end tablet loaded with hundreds of costly apps. Whether it’s information that helps you forecast, make business decisions or drive efficiencies – or about the intrinsic value of customer or employee data – corporate information is almost impossible to put a price tag on.

We witness on an almost weekly basis the cost of losing control of that data. Recently, Target, Neiman Marcus, and Coca-Cola made headlines for data breaches. Who knows who’s next. From government agencies to international banking conglomerates, no organization, it seems, is safe. Each time an employee walks through the door with an iPhone and connects it to your network – or walks out the door with a company laptop, or connects in any way to a business cloud application – your company’s credibility, reputation, and competitive advantages are on the line.

BYOD SECURITY THAT WORKS | BITGLASS | 2014 5

Data on DevicesThere’s no end in sight to the explosion of devices and data. Gartner predicts that by 2017, most large companies will require BYOD, offering to subsidize service plans instead of providing company smartphones, tablets, or even PCs. In the future workplace, BYOD policies must expand to include an increasing variety of device form factors and operating systems. Your next BYOD program may include Windows and Mac laptops. The one after that – as the Internet of Things connects buildings, data centers and cars – may need to include the break room refrigerator as well as employee shoes and automobiles.

MORE EMPLOYEES, MORE DEVICES

Analysts predict that by 2020, over 30 billion connected devices will be in use, compared to just 2.5 billion in 2009 .

- 2013 Gartner report

BYOD SECURITY THAT WORKS | BITGLASS | 2014 6

Data in the CloudIt’s impossible to talk about BYOD without talking about cloud applications. Not only do smartphones and tablets contain hundreds of apps, but your organization probably also uses cloud applications that those devices can access.

The 2014 Bitglass Cloud Adoption Report confirms the viability of the business cloud. By analyzing the publicly available, real-world traffic data of 81,253 companies, we found that 24 percent had already implemented Google Apps or Microsoft Office 365. Companies deploying those applications across large portions of their organizations are most likely moving in the direction of adopting the cloud as a strategic element of their business models. Their employees are probably accessing email and work applications from their mobile devices.

PLAN FOR A CLOUDY FUTURE

In a 2013 Gartner survey, a whopping 80 percent of enterprise IT organizations said they planned to adopt cloud applications by 2015.

- 2013 Gartner report

LET’S FACE ITTHE BUDGET FOR BYOD SECURITY PROGRAMS MUST REMAIN IN LINE WITH THE BENEFITS THAT BYOD OFFERS.

BYOD SECURITY THAT WORKS | BITGLASS | 2014 7

Many IT organizations approached the BYOD security problem by trying to control devices and apps via Mobile Device Management (MDM) and Mobile Application Management (MAM) solutions. It was a logical direction, given traditional thinking about the network perimeter: Build a wall around the entire network, including all connected devices and their applications, to keep the bad guys out and the data corralled. Unfortunately, there are several problems with this approach.

THE ELUSIVE SOLUTION: ARE WE OVER-THINKING THIS?

MDM ATTEMPTS TO LOCK ALL ACCESS INTO AND OUT OF THE DEVICE

MAM REPLACES CORPORATE APPS WITH RECOMPILED VERSIONS THAT INCLUDE SECURITY FEATURES.

•Employees give up control of their devices•Limited protection against data leaks

•Requires special development for each app on each platform

•Runs into vendor licensing problems•Mobile web and APIs are easy work arounds

BYOD SECURITY THAT WORKS | BITGLASS | 2014 8

38%

35%

29%

Found MDM hard to integrate with other security technologies

Had problems scaling to support a large number of users

Had difficulty with implementation

Problem 1: It’s too complex.A recent Network World blog post called the market status of MDM deployments “elementary and immature.” Why? The blog cited ESG research determining that: It’s no surprise. Realistically, how will you scale any MDM solution when people begin scanning email through special eyeglasses while they work out on a network-connected Stairmaster in the company gym – wearing network-connected running shoes?

Let’s face it: The budget for BYOD security programs must remain in line with the benefits that BYOD offers. In this economy, no CIO can expect ballooning headcounts and budgets to match an out-of-control BYOD program.

3 PROBLEMS WITH MDM/MAM SOLUTIONS

Problem 2: Can I get some privacy in here?The line between work and personal life grows ever more blurry, thanks in part to mobile devices that allow us to stay in touch with work from wherever we happen to be. Your phone contains grocery lists, notes to yourself, and your doctor’s phone number – as well as work email, contacts, and calendar. You may use your phone’s browser to look up terminology in a client meeting, but you probably use it just as often to manage your personal life.

Most CIOs see the blur of personal and work life as an unstoppable trend. But most solutions in use today make no distinction between corporate and personal data. If you’re routing and inspecting traffic from an iPhone, you’re sweeping up personal emails along with company data logs. Most CIOs don’t relish the Big Brother persona, but these solutions force it upon them.

To make matters worse, MDM solutions install software on employee-owned devices that try to control what they can or cannot do with that device. Ultimately, such heavy-handed solutions drive today’s employees toward circumventing IT security policies and make your data less safe.

BYOD SECURITY THAT WORKS | BITGLASS | 2014 9

Problem 3: You can’t wrap the cloud.Many MDM and MAM solutions work well if your company is developing its own applications, but don’t extend so readily to those apps your employees want to download from the app store, or even to third-party business cloud apps. In many cases, cloud apps break when you try to “wrap” them with MAM solutions. In other cases, wrapping breaks app vendor licensing agreements or the vendors simply refuse to provide the binaries required to accomplish such wrapping.

Real clouds don’t have edges, and the clouds we use to store and manipulate data don’t either. They’re porous, full of networked API connections that lead to places you may never think of, and they change constantly. The idea that you could contain them in a manageable way is simply unrealistic.

3 PROBLEMS WITH MDM/MAM SOLUTIONS

“We’re finally reaching the point where I.T. officially recognizes what has always been going on: People use their business device for non-work purposes. They often use a personal device in business. Once you realize that, you’ll understand your need to protect data in another way besides locking down the full device.”

- David WillisVice President and Distinguished Analyst,

Gartner, Inc.

BYOD SECURITY THAT WORKS | BITGLASS | 2014 10

TODAY’S SOLUTION: FREE PEOPLE, SECURED DATA

To get to the good news in all this, you have to get past the old way of thinking about your company’s network perimeter. While it used to make sense to protect data by securing the devices and applications within that perimeter, the reality is that you no longer own or manage the devices and applications, but you still own your data. It’s more useful to think of “perimeter” in terms of the smallest possible unit – that of the data itself.

Today’s emerging security technologies for cloud and mobile give IT organizations more control, while also protecting employee privacy. Persistent digital watermarking technology and data leakage prevention make it possible to protect each piece of important data, rather than trying to control an entire device or application. The advantages of this strategy offer a revolution in the way today’s CIO can approach IT security.

BITGLASS PROTECTS AND MONITORS ONLY THE CORPORATE DATA.

•Device and app agnostic•Leaves employee data alone

BYOD SECURITY THAT WORKS | BITGLASS | 2014 11

TODAY’S EMERGING SECURITY TECHNOLOGIES FOR CLOUD AND MOBILE GIVE IT ORGANIZATIONS MORE CONTROL, WHILE ALSO PROTECTING EMPLOYEE PRIVACY.

Time to Put the Knife AwayWhen you focus on what matters – sensitive corporate data – answers to security in today’s cloud- and mobile-enabled workplace become clear and relatively simple. So step out of that cramped and bloody phone booth and into a world of data you can control. Things are a lot more relaxed – and a lot more secure – out here.

1. This strategy frees people to work productively.Happy and productive employees are much more likely to abide by security policies than those who are handcuffed to “containerized” mail clients or apps that make their job less efficient and enjoyable. Let employees use the applications and devices that help them to be productive, and offer them a familiar, native experience they won’t think twice about following.

2. It simplifies mobile security.By securing each piece of data, you take complexity out of the system along with a mountain of policies, management tasks, and other headaches. You also create a security strategy that is completely independent of device type or third party apps. Bonus!

3. It frees your organization to embrace new technology.Yes, you will continue to face new technology hurdles. That’s life in the modern age. It’s also how you stay competitive and become a leader in your industry. Now your security team can help enable new apps and devices, instead of looking at them with dread.

4. It minimizes costs.Today, it’s possible – and advisable – to deploy a simple, effective security solution with low overhead. Compare that to the ballooning costs of traditional solutions, and it’s a no-brainer.

5. It respects employee privacy.Security solutions that transport, handle, or even inspect personal employee communications are bad for morale, bad for productivity, and often ineffective. Now you can put the security focus squarely on corporate data, completely ensuring personal employee privacy.

THE NEW BYOD

BYOD SECURITY THAT WORKS | BITGLASS | 2014 12

WHY BITGLASS?BYOD and Cloud are unstoppable trends. The benefits are huge, but you can lose control of your data.

Regain control with Bitglass.

Secure BYOD• Secure corporate data without MDM or agents• Prevent data leakage• Track and manage sensitive data• Supports all PC and mobile platforms

Learn more at www.bitglass.com

+

FOR I.T.SECURE CLOUD AND MOBILE.

FOR EMPLOYEESPRIVACY AND UNENCUMBERED MOBILITY.

SECURE BYOD IN MINUTES