SlideShare uma empresa Scribd logo

Fulcrum Group BYOD presentation

Steve Meek
Steve Meek

Steve Meek's BYOD/BYOA tips presentation given to the Fort Worth IT Professionals group on 2014-02-19.

Tecnologia
1 de 20
“Bring Your Own” thinking Presented by Steve Meek, CISSP
Agenda Presentation goal Survey Quick definition of BYOD and BYOA What is driving BYO thinking BYO pros and cons Some BYO statistics 7 Tips to manage BYO About The Fulcrum Group, Inc. Question and Answers Copyright © 2014 The Fulcrum Group Inc.
Goal Briefly cover content applicable to business owners and technical experts Educate everyone about BYO and implications Exchange ideas Avoid mentioning any brands or specific tools though left room for discussion Copyright © 2014 The Fulcrum Group Inc.
Survey How many of your end users have iPads or use DropBox (do you know)? Do you have a formal policy use of non-company owned devices and applications at work? What policies do you have? Are you bound by industry compliances like HIPAA/HITECH, PCI, GLBA or SOX? What about any efforts towards end user security awareness programs? Do you have one thing you have done to help you along? Why is paying attention to BYO important? Copyright © 2014 The Fulcrum Group Inc.
What is BYOD or BYOA Bring Your Own Device- A business strategy where employees are allowed or encouraged to bring their own computing devices – such as smartphones, laptops and PDAs – to the workplace for use and connectivity on the corporate network. Bring Your Own Application - A business strategy where employees are allowed or encouraged to select and use applications to help them achieve company goals using personal or corporate assets. Copyright © 2014 The Fulcrum Group Inc.
What is driving BYO mentality Gartner found that 50% of employees use personal devices at work Consumerization of devices and IT – Everyone wants to show off their new phone or device Fast and ubiquitous Internet connectivity- Always connected state of people, hyperconnectivity Desire to get the job done- Higher productivity expectations and number of hours worked Employee frame of reference- Employee movement between different organizations Younger Employees in Workforce- Grown up with technology at home and having full access Addictive nature of technology- Driven by habits of social media and gaming Executives- Does it ever seem like the boss is pushing BYOD? Copyright © 2014 The Fulcrum Group Inc.
BYO pros and cons Pros Mobilize the business- companies get new people going quicker Employees more connected and able to work all the time Employees able to use preferred tools, more productive BYO devices and apps tend to be more cutting edge, upgrade more often Companies shift costs to users, may save money on purchasing assets Cons Complexity possibly managing multiple different platforms Support and management concerns (employee leaves?) Security concerns (device lost/stolen, data leakage, credentials compromised, malware increase, breach notification laws) Device and application sprawl, lose some control Lack of proper use and concerns about compliance (acceptable?) Copyright © 2014 The Fulcrum Group Inc.
BYO statistics CompTIA report 85% of employees take work home 84% of employees use a smartphone for work 40% of workers use personal devices at work even when not allowed Good Technology report (400 financial and healthcare firms) 70% of let employees bring own smartphone or tablet to work, 19% considering, 9% say NO 50% of these respondents allow BYO if paid for, 45% pay stipend SmartPhones 60% iPhone, 40% Android Tablets 95% iPad, 5% Android Fiberlink report 6.8MM Android and iOS devices activated 12/25/11 Manage device? 40% ActiveSync, 10% MDM, 24% allow but don’t manage, 26% don’t allow Manage application? 52% not managing, 23% manually, 7% specific service, 17% MDM service Copyright © 2014 The Fulcrum Group Inc.
Tip # 1- Executive Sponsorship Someone in the organization understands the business impact of deciding the approach of BYO in the organization AND can help enforce the policy side throughout the organization. If that isn’t you, you need to find a champion who can. Articulate benefits from additional access (is there an ROI?) Explain the security implications of contrasting options (I have heard company leaders limit security because “we trust our employees”) Sometimes explaining concepts but arming them with right information to make best decision helps Uncover fiduciary responsibilities or compliance requirements Copyright © 2014 The Fulcrum Group Inc.
Tip # 2- Accept that BYO is here Overwhelming emotion WILL make happen Driven by executives and managers in many cases Some end users will try to “sneak” past if not embraced Think about how you can enable (focus on business needs) What’s in the future Gartner estimated $2.1 trillion of mobile devices in 2012 3+ network devices per user will be commonplace in 1-2 years 2 out of 3 new network devices will be wireless only on next few years Personal devices re-provision more frequently than organization provided devices Copyright © 2014 The Fulcrum Group Inc.
Tip # 3- Create policies Estimates only 22% of firms have a mobility policy 48% in survey say downloading unauthorized applications a SERIOUS concern Understand senior management’s role Management has to understand and set example Ideal targets for APTs, travels more and access Articulate support that is provided Verify compliance requirements Define acceptable use in policy including mobile users Define mobile device practices (report lost/stolen, terminated employees, inventory regularly) Establish privacy and reimbursement understanding http://csrc.nist.gov/publications/PubsSPs.html#800-124 Copyright © 2014 The Fulcrum Group Inc.
Tip # 4- Develop an implementation plan Don’t “jump in” to save money, without an onboarding and management plan Better to pay a fixed amount than have employees submit expenses (costs about $25/emp. to process expense reports), for emp. Perhaps limit to employees who have moderate needs Possibly continue to provision for heavy users (so you have better control, better coverage plans) Understand your tools to manage and how to do things like remote wipe, change pin, lock system Establish standards (what is supported) Have requirements for applications Copyright © 2014 The Fulcrum Group Inc.
Tip # 5- Map out your application workflows What are your key applications Identify what data gets accessed where Understand how data flows through your processes Protect data in transit or at rest, as needed Don’t forget to follow secure coding strategies for internal application development https://www.isc2.org/uploadedFiles/(ISC)2_Public _Content/Certification_Programs/CSSLP/ISC2_ WPIV.pdf https://www.owasp.org/index.php/Category:OWA SP_Top_Ten_Project Security test web and public facing apps Copyright © 2014 The Fulcrum Group Inc.
Tip # 6- Remember security concepts in design Confidentiality – Integrity – Availability Borderless or bordered access Will local devices mix with LAN traffic or separate wireless network Will you create a policy that identifies devices and treats differently Will devices be subject to business web filter Understand the inverse relationships between concepts such as Security and usability Availability and cost Hyperconnectivity and trust Copyright © 2014 The Fulcrum Group Inc.
Tip # 7- Enforce policy with tools (if needed) Mobile Device Management (MDM) Virtualization/ Virtual Desktop Infrastructure (VDI) Remote access/Virtual Private Network (VPN) Encryption (disk or email) Data Loss Protection (DLP) Network Access Control (NAC) Identity Services Engine (ISE) Wireless management/guest Web filtering Copyright © 2014 The Fulcrum Group Inc.
Gartner Report “The BYOD phenomenon is driving growth in the NAC market as organizations seek to apply policies specific to personally owned mobile devices.” and “Because there are multiple approaches for enforcing NAC policies (for example, virtual LANs, firewalls, access control lists and others), look for solutions that best fit your existing network infrastructure.” Analyst: Lawrence Orans and John Pescatore Research Date: Dec. 8, 2011 Copyright © 2014 The Fulcrum Group Inc.
List of some players What tools do you use? What do you like/not like about them? Is it combo of NAC and MDM? AirWatch Aruba- ClearPass Bradford Networks- Network Sentry Cisco Systems- Identity Services Engine GoodTechnology- Good Mobile Manager IBM- IBM Endpoint Manager for Mobile Devices Symantec- acquires Nukona Zenprise BYOD Tool Kit Others? Service providers might also have tools Copyright © 2014 The Fulcrum Group Inc.
Bonus Tip- End user awareness programs Build your own Security Awareness Program to complement Acceptable Use Policies To click or not to click, that is the question A little education goes a long way Don’t enforce, reassure Communicate early, communicate often NIST document http://csrc.nist.gov/publications/nistpubs/800-50/NISTSP800-50.pdf STOP- THINK – CONNECT campaign, poster, materials http://www.dhs.gov/files/events/stop-think-connectcampaign-materials.shtm#1 Information for individuals http://www.staysafeonline.org/ Copyright © 2014 The Fulcrum Group Inc.
Summary BYO is like a tsunami bearing down on us Time is running out to establish policy and standards before it creates itself As administrators and owners, we need to understand both the business and technology sides of the decision Be or find an executive champion for cause Create strategy, policy and procedures for however we decide to handle BYO IT has to be part of thinking to implement security concepts BYO may require acquiring some new technology tools, but may not You can add much more security with some end user training Copyright © 2014 The Fulcrum Group Inc.
Any questions? The Fulcrum Group 5600 Egg Farm Road, Suite 452, Keller, TX 76248 Phone: 817-337-0300 Help Desk: 817-898-1277 Web: www.fulcrum.pro Email: info@fulcrumgroup.net Copyright © 2014 The Fulcrum Group Inc.

Recomendados

Profecion docente
Profecion docenteProfecion docente
Profecion docenteORQUIDIA31
 
Organizaciòn de los seres vivos
Organizaciòn de los seres vivosOrganizaciòn de los seres vivos
Organizaciòn de los seres vivosyekaortiz
 
APRENDIENDO A APRENDER
APRENDIENDO A APRENDERAPRENDIENDO A APRENDER
APRENDIENDO A APRENDERAnelin Montero
 
Sampling
SamplingSampling
Samplingumarpk4all
 
1p3
1p31p3
1p3Jose Rentero
 
Kardex Remstar Shuttle XP
Kardex Remstar Shuttle XPKardex Remstar Shuttle XP
Kardex Remstar Shuttle XPАО "Компания инноваций и технологий"
 
123266188 general-objective-per-units-2
123266188 general-objective-per-units-2123266188 general-objective-per-units-2
123266188 general-objective-per-units-2Erick Perdomo
 
ಪ್ರವಾದಿ ಮುಹಮ್ಮದ್ [ಸ]ರವರು ಅನುಯಾಯಿಗಳ ಹತ್ತಿರ ಬಂದರೆ ನಿಲ್ಲುವುದು ಅವರಿಗೆ ಇಷ್ಟವಿರುವಿರ...
ಪ್ರವಾದಿ ಮುಹಮ್ಮದ್ [ಸ]ರವರು ಅನುಯಾಯಿಗಳ ಹತ್ತಿರ ಬಂದರೆ ನಿಲ್ಲುವುದು ಅವರಿಗೆ ಇಷ್ಟವಿರುವಿರ...ಪ್ರವಾದಿ ಮುಹಮ್ಮದ್ [ಸ]ರವರು ಅನುಯಾಯಿಗಳ ಹತ್ತಿರ ಬಂದರೆ ನಿಲ್ಲುವುದು ಅವರಿಗೆ ಇಷ್ಟವಿರುವಿರ...
ಪ್ರವಾದಿ ಮುಹಮ್ಮದ್ [ಸ]ರವರು ಅನುಯಾಯಿಗಳ ಹತ್ತಿರ ಬಂದರೆ ನಿಲ್ಲುವುದು ಅವರಿಗೆ ಇಷ್ಟವಿರುವಿರ...FAHIM AKTHAR ULLAL
 

Recomendados

Profecion docente
Profecion docenteProfecion docente
Profecion docenteORQUIDIA31
 
Organizaciòn de los seres vivos
Organizaciòn de los seres vivosOrganizaciòn de los seres vivos
Organizaciòn de los seres vivosyekaortiz
 
APRENDIENDO A APRENDER
APRENDIENDO A APRENDERAPRENDIENDO A APRENDER
APRENDIENDO A APRENDERAnelin Montero
 
Sampling
SamplingSampling
Samplingumarpk4all
 
1p3
1p31p3
1p3Jose Rentero
 
Kardex Remstar Shuttle XP
Kardex Remstar Shuttle XPKardex Remstar Shuttle XP
Kardex Remstar Shuttle XPАО "Компания инноваций и технологий"
 
123266188 general-objective-per-units-2
123266188 general-objective-per-units-2123266188 general-objective-per-units-2
123266188 general-objective-per-units-2Erick Perdomo
 
ಪ್ರವಾದಿ ಮುಹಮ್ಮದ್ [ಸ]ರವರು ಅನುಯಾಯಿಗಳ ಹತ್ತಿರ ಬಂದರೆ ನಿಲ್ಲುವುದು ಅವರಿಗೆ ಇಷ್ಟವಿರುವಿರ...
ಪ್ರವಾದಿ ಮುಹಮ್ಮದ್ [ಸ]ರವರು ಅನುಯಾಯಿಗಳ ಹತ್ತಿರ ಬಂದರೆ ನಿಲ್ಲುವುದು ಅವರಿಗೆ ಇಷ್ಟವಿರುವಿರ...ಪ್ರವಾದಿ ಮುಹಮ್ಮದ್ [ಸ]ರವರು ಅನುಯಾಯಿಗಳ ಹತ್ತಿರ ಬಂದರೆ ನಿಲ್ಲುವುದು ಅವರಿಗೆ ಇಷ್ಟವಿರುವಿರ...
ಪ್ರವಾದಿ ಮುಹಮ್ಮದ್ [ಸ]ರವರು ಅನುಯಾಯಿಗಳ ಹತ್ತಿರ ಬಂದರೆ ನಿಲ್ಲುವುದು ಅವರಿಗೆ ಇಷ್ಟವಿರುವಿರ...FAHIM AKTHAR ULLAL
 
Barndoorhardware.com Distributor of Sugatsune Sliding Door Hardware
Barndoorhardware.com Distributor of Sugatsune Sliding Door Hardware Barndoorhardware.com Distributor of Sugatsune Sliding Door Hardware
Barndoorhardware.com Distributor of Sugatsune Sliding Door Hardware Barn Door Hardware
 
Mitos y leyendas ejercicioos mitologicos
Mitos y leyendas ejercicioos mitologicosMitos y leyendas ejercicioos mitologicos
Mitos y leyendas ejercicioos mitologicosNellyfachelly
 
ಪ್ರವಾದಿ [ಸ] ನಂತರ ನೀವು ಪರಸ್ಪರ ಕತ್ತು ಕೊಯ್ಯುತ್ತಾ ಕಾಫಿರ್'ಗಳಾಗಬೇಡಿ
ಪ್ರವಾದಿ [ಸ] ನಂತರ ನೀವು ಪರಸ್ಪರ ಕತ್ತು ಕೊಯ್ಯುತ್ತಾ ಕಾಫಿರ್'ಗಳಾಗಬೇಡಿಪ್ರವಾದಿ [ಸ] ನಂತರ ನೀವು ಪರಸ್ಪರ ಕತ್ತು ಕೊಯ್ಯುತ್ತಾ ಕಾಫಿರ್'ಗಳಾಗಬೇಡಿ
ಪ್ರವಾದಿ [ಸ] ನಂತರ ನೀವು ಪರಸ್ಪರ ಕತ್ತು ಕೊಯ್ಯುತ್ತಾ ಕಾಫಿರ್'ಗಳಾಗಬೇಡಿFAHIM AKTHAR ULLAL
 
Fulcrum Group Storage And Storage Virtualization Presentation
Fulcrum Group Storage And Storage Virtualization PresentationFulcrum Group Storage And Storage Virtualization Presentation
Fulcrum Group Storage And Storage Virtualization PresentationSteve Meek
 
Online consumer-behavior
Online consumer-behaviorOnline consumer-behavior
Online consumer-behaviorChakrapani Anumula
 
Google ad words
Google ad wordsGoogle ad words
Google ad wordsChakrapani Anumula
 
Web analytics an intro
Web analytics an introWeb analytics an intro
Web analytics an introAshokkumar T A
 
Kertas konsep bicara berirama tahun 6 skep
Kertas konsep bicara berirama tahun 6 skepKertas konsep bicara berirama tahun 6 skep
Kertas konsep bicara berirama tahun 6 skepRiduan Mohd Yassin
 
Foko
FokoFoko
Fokomehdi88992003
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 

Mais conteúdo relacionado

Destaque

Barndoorhardware.com Distributor of Sugatsune Sliding Door Hardware
Barndoorhardware.com Distributor of Sugatsune Sliding Door Hardware Barndoorhardware.com Distributor of Sugatsune Sliding Door Hardware
Barndoorhardware.com Distributor of Sugatsune Sliding Door Hardware Barn Door Hardware
 
Mitos y leyendas ejercicioos mitologicos
Mitos y leyendas ejercicioos mitologicosMitos y leyendas ejercicioos mitologicos
Mitos y leyendas ejercicioos mitologicosNellyfachelly
 
ಪ್ರವಾದಿ [ಸ] ನಂತರ ನೀವು ಪರಸ್ಪರ ಕತ್ತು ಕೊಯ್ಯುತ್ತಾ ಕಾಫಿರ್'ಗಳಾಗಬೇಡಿ
ಪ್ರವಾದಿ [ಸ] ನಂತರ ನೀವು ಪರಸ್ಪರ ಕತ್ತು ಕೊಯ್ಯುತ್ತಾ ಕಾಫಿರ್'ಗಳಾಗಬೇಡಿಪ್ರವಾದಿ [ಸ] ನಂತರ ನೀವು ಪರಸ್ಪರ ಕತ್ತು ಕೊಯ್ಯುತ್ತಾ ಕಾಫಿರ್'ಗಳಾಗಬೇಡಿ
ಪ್ರವಾದಿ [ಸ] ನಂತರ ನೀವು ಪರಸ್ಪರ ಕತ್ತು ಕೊಯ್ಯುತ್ತಾ ಕಾಫಿರ್'ಗಳಾಗಬೇಡಿFAHIM AKTHAR ULLAL
 
Fulcrum Group Storage And Storage Virtualization Presentation
Fulcrum Group Storage And Storage Virtualization PresentationFulcrum Group Storage And Storage Virtualization Presentation
Fulcrum Group Storage And Storage Virtualization PresentationSteve Meek
 
Web analytics an intro
Web analytics an introWeb analytics an intro
Web analytics an introAshokkumar T A
 
Kertas konsep bicara berirama tahun 6 skep
Kertas konsep bicara berirama tahun 6 skepKertas konsep bicara berirama tahun 6 skep
Kertas konsep bicara berirama tahun 6 skepRiduan Mohd Yassin
 

Destaque (9)

Barndoorhardware.com Distributor of Sugatsune Sliding Door Hardware
Barndoorhardware.com Distributor of Sugatsune Sliding Door Hardware Barndoorhardware.com Distributor of Sugatsune Sliding Door Hardware
Barndoorhardware.com Distributor of Sugatsune Sliding Door Hardware
 
Mitos y leyendas ejercicioos mitologicos
Mitos y leyendas ejercicioos mitologicosMitos y leyendas ejercicioos mitologicos
Mitos y leyendas ejercicioos mitologicos
 
ಪ್ರವಾದಿ [ಸ] ನಂತರ ನೀವು ಪರಸ್ಪರ ಕತ್ತು ಕೊಯ್ಯುತ್ತಾ ಕಾಫಿರ್'ಗಳಾಗಬೇಡಿ
ಪ್ರವಾದಿ [ಸ] ನಂತರ ನೀವು ಪರಸ್ಪರ ಕತ್ತು ಕೊಯ್ಯುತ್ತಾ ಕಾಫಿರ್'ಗಳಾಗಬೇಡಿಪ್ರವಾದಿ [ಸ] ನಂತರ ನೀವು ಪರಸ್ಪರ ಕತ್ತು ಕೊಯ್ಯುತ್ತಾ ಕಾಫಿರ್'ಗಳಾಗಬೇಡಿ
ಪ್ರವಾದಿ [ಸ] ನಂತರ ನೀವು ಪರಸ್ಪರ ಕತ್ತು ಕೊಯ್ಯುತ್ತಾ ಕಾಫಿರ್'ಗಳಾಗಬೇಡಿ
 
Fulcrum Group Storage And Storage Virtualization Presentation
Fulcrum Group Storage And Storage Virtualization PresentationFulcrum Group Storage And Storage Virtualization Presentation
Fulcrum Group Storage And Storage Virtualization Presentation
 
Online consumer-behavior
Online consumer-behaviorOnline consumer-behavior
Online consumer-behavior
 
Google ad words
Google ad wordsGoogle ad words
Google ad words
 
Web analytics an intro
Web analytics an introWeb analytics an intro
Web analytics an intro
 
Kertas konsep bicara berirama tahun 6 skep
Kertas konsep bicara berirama tahun 6 skepKertas konsep bicara berirama tahun 6 skep
Kertas konsep bicara berirama tahun 6 skep
 
Foko
FokoFoko
Foko
 

Último

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Último (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Fulcrum Group BYOD presentation

  • 1. “Bring Your Own” thinking Presented by Steve Meek, CISSP
  • 2. Agenda Presentation goal Survey Quick definition of BYOD and BYOA What is driving BYO thinking BYO pros and cons Some BYO statistics 7 Tips to manage BYO About The Fulcrum Group, Inc. Question and Answers Copyright © 2014 The Fulcrum Group Inc.
  • 3. Goal Briefly cover content applicable to business owners and technical experts Educate everyone about BYO and implications Exchange ideas Avoid mentioning any brands or specific tools though left room for discussion Copyright © 2014 The Fulcrum Group Inc.
  • 4. Survey How many of your end users have iPads or use DropBox (do you know)? Do you have a formal policy use of non-company owned devices and applications at work? What policies do you have? Are you bound by industry compliances like HIPAA/HITECH, PCI, GLBA or SOX? What about any efforts towards end user security awareness programs? Do you have one thing you have done to help you along? Why is paying attention to BYO important? Copyright © 2014 The Fulcrum Group Inc.
  • 5. What is BYOD or BYOA Bring Your Own Device- A business strategy where employees are allowed or encouraged to bring their own computing devices – such as smartphones, laptops and PDAs – to the workplace for use and connectivity on the corporate network. Bring Your Own Application - A business strategy where employees are allowed or encouraged to select and use applications to help them achieve company goals using personal or corporate assets. Copyright © 2014 The Fulcrum Group Inc.
  • 6. What is driving BYO mentality Gartner found that 50% of employees use personal devices at work Consumerization of devices and IT – Everyone wants to show off their new phone or device Fast and ubiquitous Internet connectivity- Always connected state of people, hyperconnectivity Desire to get the job done- Higher productivity expectations and number of hours worked Employee frame of reference- Employee movement between different organizations Younger Employees in Workforce- Grown up with technology at home and having full access Addictive nature of technology- Driven by habits of social media and gaming Executives- Does it ever seem like the boss is pushing BYOD? Copyright © 2014 The Fulcrum Group Inc.
  • 7. BYO pros and cons Pros Mobilize the business- companies get new people going quicker Employees more connected and able to work all the time Employees able to use preferred tools, more productive BYO devices and apps tend to be more cutting edge, upgrade more often Companies shift costs to users, may save money on purchasing assets Cons Complexity possibly managing multiple different platforms Support and management concerns (employee leaves?) Security concerns (device lost/stolen, data leakage, credentials compromised, malware increase, breach notification laws) Device and application sprawl, lose some control Lack of proper use and concerns about compliance (acceptable?) Copyright © 2014 The Fulcrum Group Inc.
  • 8. BYO statistics CompTIA report 85% of employees take work home 84% of employees use a smartphone for work 40% of workers use personal devices at work even when not allowed Good Technology report (400 financial and healthcare firms) 70% of let employees bring own smartphone or tablet to work, 19% considering, 9% say NO 50% of these respondents allow BYO if paid for, 45% pay stipend SmartPhones 60% iPhone, 40% Android Tablets 95% iPad, 5% Android Fiberlink report 6.8MM Android and iOS devices activated 12/25/11 Manage device? 40% ActiveSync, 10% MDM, 24% allow but don’t manage, 26% don’t allow Manage application? 52% not managing, 23% manually, 7% specific service, 17% MDM service Copyright © 2014 The Fulcrum Group Inc.
  • 9. Tip # 1- Executive Sponsorship Someone in the organization understands the business impact of deciding the approach of BYO in the organization AND can help enforce the policy side throughout the organization. If that isn’t you, you need to find a champion who can. Articulate benefits from additional access (is there an ROI?) Explain the security implications of contrasting options (I have heard company leaders limit security because “we trust our employees”) Sometimes explaining concepts but arming them with right information to make best decision helps Uncover fiduciary responsibilities or compliance requirements Copyright © 2014 The Fulcrum Group Inc.
  • 10. Tip # 2- Accept that BYO is here Overwhelming emotion WILL make happen Driven by executives and managers in many cases Some end users will try to “sneak” past if not embraced Think about how you can enable (focus on business needs) What’s in the future Gartner estimated $2.1 trillion of mobile devices in 2012 3+ network devices per user will be commonplace in 1-2 years 2 out of 3 new network devices will be wireless only on next few years Personal devices re-provision more frequently than organization provided devices Copyright © 2014 The Fulcrum Group Inc.
  • 11. Tip # 3- Create policies Estimates only 22% of firms have a mobility policy 48% in survey say downloading unauthorized applications a SERIOUS concern Understand senior management’s role Management has to understand and set example Ideal targets for APTs, travels more and access Articulate support that is provided Verify compliance requirements Define acceptable use in policy including mobile users Define mobile device practices (report lost/stolen, terminated employees, inventory regularly) Establish privacy and reimbursement understanding http://csrc.nist.gov/publications/PubsSPs.html#800-124 Copyright © 2014 The Fulcrum Group Inc.
  • 12. Tip # 4- Develop an implementation plan Don’t “jump in” to save money, without an onboarding and management plan Better to pay a fixed amount than have employees submit expenses (costs about $25/emp. to process expense reports), for emp. Perhaps limit to employees who have moderate needs Possibly continue to provision for heavy users (so you have better control, better coverage plans) Understand your tools to manage and how to do things like remote wipe, change pin, lock system Establish standards (what is supported) Have requirements for applications Copyright © 2014 The Fulcrum Group Inc.
  • 13. Tip # 5- Map out your application workflows What are your key applications Identify what data gets accessed where Understand how data flows through your processes Protect data in transit or at rest, as needed Don’t forget to follow secure coding strategies for internal application development https://www.isc2.org/uploadedFiles/(ISC)2_Public _Content/Certification_Programs/CSSLP/ISC2_ WPIV.pdf https://www.owasp.org/index.php/Category:OWA SP_Top_Ten_Project Security test web and public facing apps Copyright © 2014 The Fulcrum Group Inc.
  • 14. Tip # 6- Remember security concepts in design Confidentiality – Integrity – Availability Borderless or bordered access Will local devices mix with LAN traffic or separate wireless network Will you create a policy that identifies devices and treats differently Will devices be subject to business web filter Understand the inverse relationships between concepts such as Security and usability Availability and cost Hyperconnectivity and trust Copyright © 2014 The Fulcrum Group Inc.
  • 15. Tip # 7- Enforce policy with tools (if needed) Mobile Device Management (MDM) Virtualization/ Virtual Desktop Infrastructure (VDI) Remote access/Virtual Private Network (VPN) Encryption (disk or email) Data Loss Protection (DLP) Network Access Control (NAC) Identity Services Engine (ISE) Wireless management/guest Web filtering Copyright © 2014 The Fulcrum Group Inc.
  • 16. Gartner Report “The BYOD phenomenon is driving growth in the NAC market as organizations seek to apply policies specific to personally owned mobile devices.” and “Because there are multiple approaches for enforcing NAC policies (for example, virtual LANs, firewalls, access control lists and others), look for solutions that best fit your existing network infrastructure.” Analyst: Lawrence Orans and John Pescatore Research Date: Dec. 8, 2011 Copyright © 2014 The Fulcrum Group Inc.
  • 17. List of some players What tools do you use? What do you like/not like about them? Is it combo of NAC and MDM? AirWatch Aruba- ClearPass Bradford Networks- Network Sentry Cisco Systems- Identity Services Engine GoodTechnology- Good Mobile Manager IBM- IBM Endpoint Manager for Mobile Devices Symantec- acquires Nukona Zenprise BYOD Tool Kit Others? Service providers might also have tools Copyright © 2014 The Fulcrum Group Inc.
  • 18. Bonus Tip- End user awareness programs Build your own Security Awareness Program to complement Acceptable Use Policies To click or not to click, that is the question A little education goes a long way Don’t enforce, reassure Communicate early, communicate often NIST document http://csrc.nist.gov/publications/nistpubs/800-50/NISTSP800-50.pdf STOP- THINK – CONNECT campaign, poster, materials http://www.dhs.gov/files/events/stop-think-connectcampaign-materials.shtm#1 Information for individuals http://www.staysafeonline.org/ Copyright © 2014 The Fulcrum Group Inc.
  • 19. Summary BYO is like a tsunami bearing down on us Time is running out to establish policy and standards before it creates itself As administrators and owners, we need to understand both the business and technology sides of the decision Be or find an executive champion for cause Create strategy, policy and procedures for however we decide to handle BYO IT has to be part of thinking to implement security concepts BYO may require acquiring some new technology tools, but may not You can add much more security with some end user training Copyright © 2014 The Fulcrum Group Inc.
  • 20. Any questions? The Fulcrum Group 5600 Egg Farm Road, Suite 452, Keller, TX 76248 Phone: 817-337-0300 Help Desk: 817-898-1277 Web: www.fulcrum.pro Email: info@fulcrumgroup.net Copyright © 2014 The Fulcrum Group Inc.