Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
B9: Essential strategies and tools to
manage Bring Your Own Devices (BYOD)
and data
Speaker: Tim Cowland
Senior Consultant Sovereign Business Integration Group
November 2013
Tim Cowland Senior Consultant
National Housing Federation Conference 2013
Agenda
• What is BYOD?
• What are the benefits to your organisation?
• What are the potential problems?
• Technical tools you should adopt
• Policy development
• Suggested next steps
What is BYOD?
‘BYOD is a company policy which refers to employees being permitted to use their own computing devices – such as
smartphones, laptops and PDAs – to connect to the corporate network’
What is BYOD? • BYOD has become a commonly accepted practice in many
organisations
• Proliferation of Smartphones and tablets for domestic use has increased the demand for BYOD
• How many devices in your household?
• All of you will be at different stages of adopting formal policies, but it is likely it is already happening
• Convenience and the demands of staff needs to be balanced against security issues and the protection of corporate data
• Issues of policy are equally as important as technical issues
Historical challenges • Pre – IT days staff would take paperwork home to work on
• As e-mail became more common, staff would forward work home to work on and then send it back
• As the first PDAs became popular, there was an issue of conflicting information being held on multiple devices & in hard copy
• Constant frustration of staff needing to carry two mobile phones
Historical challenges • With advent of home working, more discussion over
re-imbursement of costs
• Local Government users had challenge of Government Connect Code of Connection – personal devices not permitted
• Departments developing their own mobile strategies and adopting their own devices
• Information Management challenges have always existed in various guises. BYOD addresses some of these but also brings its own challenges.
Facts and figures
11% of employees have used their own cloud services to
store work documents
12% store work passwords on their personal device
19% store work documents on their own device
Android malware instances predicted to hit 1m by the end of 2013
Facts and figures
34% of businesses have lost customer data as a result of personal mobile
devices being used by employees for work
53% of companies do not allow personal devices
47% of companies have reported that staff are better engaged as a result
of being able to use their own device for business
33% have said they have spent their own money on devices to help them
do their job
The case ‘for’ BYOD • Improved staff morale
• Added convenience / flexibility for employees
• Martini information
• Reduced capital cost of investing in devices
• Reduced IT overhead of dealing with device issues (repair / replace / fix, etc.)
• Users more au fait with devices
• Devices are usually more up to date and better looked after!
• Supports mobile / cloud strategy
• Productivity increase
… and the case ‘against’! • ‘Security Risks’ is number one on most peoples list
• Increased IT management overhead - monitoring tools
• Increased IT overhead supporting a multitude of devices
• Who is responsible for the device and the data
• Reputational impact of illegal use
• Device envy!
• Responsibility for cost of data plans
• Licencing implications
• Additional policies to maintain / monitor against
• Communication of policy and staff sign-up
• Productivity reduction
Two Requirements for successful BYOD
Technology to manage the security of information
Policies to manage the responsible use of
information
Requirement 1: Technology Solutions - MDM • Mobile Device Manager (MDM)
• Allows administrators to see mobile devices as if they were network PCs
• Manages data and configuration settings and patches for all devices
• Should be compatible with all
mobile platforms you use
• File synchronization and sharing
Requirement 1: Technology Solutions - MDM • Includes data security tools – remote wipe, etc.
• Support for either a corporate-owned or personally owned device
• Should be implemented directly ‘over the air’, targeting specific devices as necessary
• Should be flexible to deal with future requirements.
• Should be able to add or remove devices from the network as necessary
• Mobile Application Manager (MAM)
• Can sit alongside MDM or be combined
• Tool used to remotely install, update, remove, audit, and monitor software programs on devices
• Focus on software delivery, licensing, configuration, maintenance, usage tracking and policy enforcement.
• Can manage an enterprise app store
Requirement 1: Technology Solutions - MAM
• Can determine which mobile applications should be provisioned to new devices
• May assist with configuring application settings or supplying new apps
• Can audit which users have installed each application and which version
• Can enforce application white lists or black lists and disable devices accordingly
• Can monitor application usage
• Application de-installation
Requirement 1: Technology Solutions - MAM
Requirement 2: Policy • Don’t make Policy too restrictive or you end up back where
you started!
• Likely that you already have an IT Policy covering some of the issues - consolidate
• Employers and employees have a responsibility towards data security regardless of the format/device – ICO
• Potentially high fines for data breach
• Communicate & train – obtain sign-up
• Review regularly as the landscape changes
What’s needed in a Policy? • Specify what devices are permitted at your organisation
• Agree and specify acceptable use and security requirements
• Specify support offered
• Clarify who owns different apps and data
• Agree what apps are permitted
• Specify levels of reimbursement
• Disclaimers – i.e. loss of personal
Data
• Link to Disciplinary Policy
Proposed Steps
Identify the demand
•Speak to Colleagues – Is BOYD being used informally?
•What plans / Strategies exist for mobile working
Check the existing technical landscape (As Is)
•What technology is in place at your organisation already?
•What technologies exist in the market to support your goals?
Develop the business case
•Expect case to be based upon benefits not costs
Develop a flexible BYOD Strategy
•Have a flexible strategy
•Blend CYOD, COPE, BYOA!!!
Agree policy document
•Agree in consultation with staff
•Incorporate into existing Policies
Implement chosen solution
•Consider phased implementation
•Train and educate
Communicate and Consult
Project Management Control
Sovereign Business Integration Group • The Sovereign Group
– Operating since 1994 (13 years in the
Housing sector)
– Approximately 80 staff
– Turnover > £8m
• Housing Consultancy
– Team of 10 providing management
and application consultancy
– Significant Housing Sector
knowledge across the team
– System and supplier independent
– Wide range of assignments including IT Strategy development, Interim Management, Procurement management, IT Service Reviews, Business Continuity Planning, software selection, etc.
Business Integration Group
Business Resources
Data Connect
November 2013
Tim Cowland Senior Consultant
National Housing Federation Conference 2013
www.sovereign-plc.co.uk
020 8216 3333