Adopting A Mobile-First bYod strAtegY

Recognizing Critical Components Necessary to Complete BYOD Plans:Secure & Archived Mobile Communications

Executive Summary:

Companies have been slow to adopt strong, practical BYOD policies and use the proper tools to help enforce them. This adoption is especially important for organizations that do international business in finance, health and the public sector where laws require security and archiving ability. Without secure voice and text, mobile devices—with their potential to increase productivity, improve customer service, and ultimately drive up revenue—have instead become liabilities, ticking time bombs, just waiting for the wrong communication to end up in the right regulator’s crosshairs.

2

Whitepaper: Adopting a Mobile-First BYOD Strategy

By the time CellTrust’s Brian Panicko arrived, the damage had already been done. A large banking firm that had incorporated a “bring your own device,” or BYOD, policy had just been hit with the unthinkable: fines ranging between $7 million and $15 million.

Why such hefty fines? The bank wasn’t properly tracking and archiving mobile communications on its BYOD devices. Financial auditors found the bank’s BYOD policies weak and enforcement “wildly inconsistent.”

“They basically said this is a mess,” says Panicko, senior vice president of global sales strategy for CellTrust, a leading, pure-play enterprise mobile security provider with a rich history developing agent-based security solutions. “The users are texting on personal devices and the firm is liable because it didn’t put controls in place through policy nor use technology to prevent it.”

As BYOD gains in popularity, many companies are putting themselves in a precarious position—especially organizations that do international business in finance, health and public sector where laws require security and archiving ability. And most of these organizations have no idea how much risk they’re taking on with BYOD.

“Privacy laws are getting stronger not just in Europe, but also in Asia Pacific and South America,” warns K Royal, vice president and assistant general counsel for privacy and compliance for CellTrust. “And regulators are monitoring and penalizing companies that are non-compliant.”

When it comes to BYOD, the opportunities for regulators to fine organizations are vast and growing rapidly. Consider the following:

85%

88%

70%

85 percent say that mobile devices are a central part of everyday life, according to a 2014 Mobile Behavior Report from salesforce.com.

88 percent use mobile phones for work while on personal time, according to Gartner.

70 percent believe mobile devices will replace office phones, according to RingCentral. J.P. Morgan Chase moved in this direction recently when it eliminated all desk voice mails in favor of mobile voicemail—and announced it was dropping Blackberry in favor of BYOD devices.

3

Whitepaper: Adopting a Mobile-First BYOD Strategy

Given these statistics and trends it shouldn’t be surprising that employees are using their devices for work, especially text messaging. In fact, 72 percent say they use texting for work purposes, according to a 2015 eSamp Survey. The trouble is many of them don’t seem to understand the ramifications of doing so, the survey shows:

Analysys Mason’s 2013 Connected Consumer Survey reveals even more significant BYOD trends. While 52 percent of respondents use their personal mobile phone for work, 59 percent of BYOD activity was centered on incoming and outgoing calls, and a further 21 percent is attributable to SMS. These services do not require connection to the corporate network (either for connectivity or to access corporate data). CellTrust warns that companies small and large need to secure their data and IP and manage the proliferation of mobile devices that are accessing this data.

Nonetheless, companies have been slow to adopt strong, practical BYOD policies and use the proper tools to help them enforce it. Thus, mobile devices—with their potential to increase productivity, improve customer service, and ultimately drive up revenue—have instead become liabilities, ticking time bombs, just waiting for the wrong communication to end up in the right regulator’s crosshairs. But technologies are available today that help solve this dilemma.

44% 25%66%

44 percent use standard SMS when texting for work. That means they are using unsecure, consumer apps such as WhatsApp, WeChat or other programs.

25 percent of text messages sent include confidential information.

66 percent of employees do not think texting is a security risk for their organization.

4

Whitepaper: Adopting a Mobile-First BYOD Strategy

It’s Time to View Enterprise Mobility in a Whole New Way

Even those that have recognized the need to develop BYOD policies with Mobile Device Management (MDM), which helps control and manage smartphones and tablets, are vulnerable—and paying more than they need. That’s because most MDM strategies fail in two key areas:

They don’t optimize the revenue potential of a mobile-first strategy

They miss the critical need to separate, secure and archive mobile text

messages and voice calls

In today’s complex, rapidly changing IT environment, businesses need a proven technology solution from a trusted partner—one that stays on top of developing technologies and device capabilities—and understands how leading with a mobile-first strategy can result in big enterprise gains.

For example, with a comprehensive mobile strategy, organizations avoid fractured, one-off pursuits and instead encourage teams to:

• Share mobile expertise• Measure benefits and act on insights• Foster a culture of continual improvement

Implementing a mobile-first strategy resulted in impressive gains for many companies. According to an SAP, Enterprise Mobility Survey, companies that did so:

• Doubled employee productivity• Saw 20 percent increases in revenue growth• Enjoyed 4 times higher revenue margins

From revenue growth to productivity gains, enterprises with a defined mobile strategy and governance program get results. At the end of the day, IT business leaders need to ask themselves how an organization:

• Supports devices the organization did not purchase• Handles devices residing on the network, even though they may not know the

devices are on their network• Secures the corporate networks and business data being accessed by employee-

owned devices• Differentiates corporate communications from personal communications on

employee-owned devices that are accessing the network

5

Whitepaper: Adopting a Mobile-First BYOD Strategy

The Need to Archive Text and Voice is Here

Initially, the security and compliance concerns around BYOD were somewhat solved through Enterprise Mobility Management (EMM) providers that helped deliver a secure workspace across mobile device, mobile app and mobile content management. It started with emails and progressed to full business application access.

However, there’s still a significant piece of the BYOD puzzle that is left unmanaged and unsecure—voice and text messaging.

Consider that failure to meet electronic messaging compliance obligations was the No. 1 source of FINRA fines in 2013. In many cases, firms were unable to produce messages or prove appropriate supervision, according to a 2014 report from Sutherland.

For many companies, BYOD standards are just emerging, according to a report from the Association for Corporate Counsel. Employers recognize that there are both risks and benefits when employees BYOD, but before personal devices are allowed, a company must assess the privacy risks and lay down clear rules, the report warns. BP, for instance, allows some employees to BYOD, but restrictions apply; emails must be sent or received via a proprietary app, for example. If a device is lost, BP sends a kill message to the phone.

In addition, many firms overestimated the cost savings they would enjoy with their BYOD policies, Panicko says. For example, some firms were paying BYOD stipends of $100, when the employee’s entire mobile phone bill was only $90.

“But these companies had no way to measure what percentage of the use was actually for work versus personal,” Panicko says.

Clearly, businesses want this type of EMM-style solution to easily allow work and personal voice and text on a single device, yet keep the business and personal details separate. But until recently, the only options were costly, disparate solutions with device limitations or limited features and functionality, that didn’t present a viable, secure, enterprise-wide solution.

But today, thanks to CellTrust, that’s all changed.

With the CellTrust solution, businesses can pay about $40 a month for secure voice and text and know what’s work and what’s not with split billing for personal and work. “So you have this ability to not only get rid of hardware costs and reduce carrier chargers, but also to walk away and no longer have to pay a stipend,” he adds.

Minimal or no confidence in ability to produce messages if requested

email Twitter Facebook LinkedIn Text/SMS

2%

20%26% 27%

59%

Split Billing

Personal Pays $50

Business Pays $40

• Personal apps & data

• Business data not billed

• Private & secure

• Business apps & data

• One subscription

• Convenient billing

6

Whitepaper: Adopting a Mobile-First BYOD Strategy

Seamlessly Manage Work and Personal Calls and Text on a Single Device

One Solution Satisfying all StrategiesDeployed as SaaS or on-premise, customer-hosted environment, CellTrust SecureLine™ operates securely within a variety of enterprise MDM/EMM environments.

Working with its partner Good Technology™, which made a name for itself in the EMM space, CellTrust has developed an app that works on iOS or Android, that allows businesses to manage voice and text messages on personal devices with the same level of control, security and integration they enjoy with data applications.

Because the solution is bundled with the Good app, the user-friendly interface helps ensure that workers will actually use the app and comply with mobile use policies.

“Users don’t want to be bogged down with mobile apps that don’t improve their efficiency,” Panicko says. “Giving them the ability to keep work and personal text and voice calls separate gives them the tools they need to be more productive.”

Under the hood, the app also ensures firms maintain security. For example, any data that’s used within the app can only be shared within the app. That means a

user can’t copy a link from the CellTrust SecureLine™ app and paste into their personal text messaging app.

“So you’re protecting yourself just like you would with a separate corporate liable device,” Panicko says.

That combination of security and ease of use convinced Arizona Cyber Threat Response Alliance (ACTRA), Inc. to work with CellTrust for its BYOD government-focused security solution.

“The representatives of the multiple organizations all work for different companies, so consequently it is ‘BYOD on steroids’—we need to have secure, compartmentalized communication capability between us and the iOS and Android users,” said Frank Grimmelmann, ACTRA’s President, CEO and Intelligence Liaison Officer. “It is important to communicate seamlessly across our member organizations with the representatives, and CellTrust is the solution.”

7

Whitepaper: Adopting a Mobile-First BYOD Strategy

CellTrust SecureLine is an enterprise-level app that captures all incoming and outgoing calls made on a mobile device and provides audio recordings to help meet supervision and compliance needs. The app allows businesses to issue their workforce an Apple iOS™ or Android™ mobile phone, or allow employees to bring their own device—and be in support of compliance. It offers voice, text and archiving. Here’s a closer look at each of those components.

Dual Persona: Employees can confidently communicate with colleagues, partners and clients knowing that their personal communications remain private. Businesses have assurance that corporate assets, intellectual property and client contacts are protected.

• Mobile business number: The user gets two numbers—one for business, one for personal clearly separating data on a single device.

• Split billing: Eliminate mobile device reimbursements. Now the employee can be charged for personal calls, while business calls are applied to the company.

• Single number reach: Redirect calls to any phone or device giving employees the ability engage in secure business calls.

Archiving Capabilities: To help mitigate risk and respond to eDiscovery and compliance, CellTrust delivers out-of-the-box integration with leading archivers to provide long-term archiving capabilities. Also, all administrative and operator activities are logged for server audit trails, and intrusion attempts are logged for intrusion detection reports. Key features:

• Voice archiving: Efficiently and affordably store voice conversations, particularly for highly regulated industries such as financial services, healthcare and government.

• SMS archiving: Keep electronic records of text messages ahead of regulatory audits.

• Reporting: Leverage administrative access in order to audit content, receive intrusion reports and follow audit trails.

• Email journaling: CellTrust SecureLine app users receive a daily email journal report with a convenient summary of their messaging.

Secure Text Messaging: Efficiently stamp, track, log and archive business text messages featuring:

• Compliance: All text communications made using the app are time and date stamped, tracked, logged and can be archived for e-discovery in support of compliance.

• Secure messaging: A mix of server registration, multi-factor authentication and AES encryption, featuring unique dynamic keys and full key lifecycle management.

• Critical messaging: Ability to override the silent mode of a device for urgent messages.

• Message status: Know when a message has been delivered, opened and deleted.

• Discreet message lifespan: Define the duration of a sent message’s availability and storage on the receiving device.

• Extended message size: Up to 5,000 characters by default through the mobile control channel and unlimited characters when messages are sent through data.

Secure Voice: Simple, powerful and secure voice management featuring:

• Compliance: Ensure calls made to and from the Mobile Business Number are in support of compliance with a variety of regulations, including SOX, GLBA and the Dodd-Frank Act in the United States; FSA and FCA in the United Kingdom; and MiFID II in Europe.

• Security: Offers powerful AES encryption and traceability for highly sensitive calls using Wi-Fi, 3G, 4G and LTE network protocols for reliability and cost savings on roaming.

Here’s a Look at CellTrust’s Secure Lineup of Services

8

Whitepaper: Adopting a Mobile-First BYOD Strategy

CellTrust Helps Deliver a Secure, End-to-End Mobile Strategy

CARRIERS

MDM/EMM ARCHIVE

DE

VICES

CellTrust is much more than an app provider. Using its vast knowledgebase, CellTrust helps deliver a secure, end-to-end mobile BYOD strategy. It provides workforces with the most complete, secure and integrated mobile enterprise solution —from planning, integration, implementation and execution—and takes device, carrier, EMM and archiving needs into full consideration.

Businesses that work with CellTrust benefit from its deep security roots and commitment to staying on top of the latest protocols. The company follows ISO standards and maintains the highest levels of security certifications. “We’re a company with a security backbone,” Panicko says.

And because CellTrust works with so many different organizations, it can show firms where they should be with BYOD voice and text security protocols and policies. “We’ve done a lot of homework and spent a lot of time to come in and provide a benchmark of what’s going on with their peers,” Panicko says.

One of the keys to creating smart, effective BYOD policies is involving the right stakeholders.

“We connect privacy officers with compliance, IT with security

and cyber security teams,” Panicko says. “If you’re

not engaging the right people and getting feedback from all the stakeholders, you’re setting yourself up for failure.”

Additionally, CellTrust provides a helpful library of video-driven

training materials to ensure workers understand the technology—and that

they will actually use it.

In the end, Panicko says the biggest mistake companies can make is ignoring the implications of BYOD voice and text security issues. “If you’re thinking about it now for the first time, you’re already late to the game,” he warns. “You can’t ignore it because it’s here.”

Brain PanickoSVP, Global Sales Strategy

Brian Panicko is responsible for leading CellTrust’s sales and business acquisition. Under Brian’s leadership, CellTrust’s customer base has grown to over 1,000 global organizations.

K RoyalVP, Assistant General Counsel and Privacy Officer

Ms. Royal brings a thorough perspective in global program implementation. Skilled in privacy law, breach management, compliance, training and program development, her areas of expertise center on privacy and regulatory law.

© Copyright 2015 CellTrust® Corporation, All Rights Reserved. Android™ is a trademark of Google, Inc. Trademarks featured or referred to within this CellTrust® document are the property of their respective trademark holders. Such use of non-CellTrust trademarks is intended for reference of identification purposes only and does not indicate affiliation, sponsorship or endorsements of CellTrust® or any CellTrust® product or service.

About CellTrustCellTrust is a global leader in collaborative and secure mobile communication with tracing and archiving capabilities and mobile aggregation across 200+ countries and over 800 carriers and mobile operators. CellTrust SecureLine archives and protects mobile communication content supporting enterprise mobile collaboration, eDiscovery and major global regulatory compliance for financial services, government and healthcare. Learn more at www.celltrust.com.

Lead with a Mobile-First Strategy

We know it’s not easy. In today’s complex, rapidly changing IT environment, businesses need of a trusted partner—one that stays on top of developing technologies and device capabilities—and understands how leading with a mobile-first strategy can result in big enterprise gains. That’s where CellTrust steps in as a trusted advisor, partner and expert, dedicated to guiding you through planning, integration, implementation and execution, resulting in a successful mobile-first strategy.

We’re the mobility partner of choice across industries.Whether it’s allowing your vast network of financial services professionals to engage in secure mobile business conversations, next-generation paging capabilities for healthcare providers, or ensuring staff privacy in accordance with federal and local regulations—CellTrust offers tailored solutions for the following highly regulated industries.

Meet our CellTrust contributors:

Don’t wait for a security breach or compliance fine. Protect and transform your enterprise through secure and archived mobile communications with CellTrust SecureLine.

Contact us today at +1-480-515-5200 or visit www.celltrust.com, to get started.

Financial Healthcare Government Energy Enterprise