Byod Security That Works

8/11/2019 Byod Security That Works

1/12

BYOD SECURITY

WORKSFree Your Employees, Secure Your Data

THAT


2/12

BYOD SECURITY THAT WORKS | BITGLASS | 2014 2

The bring-your-own-device (BYOD) phenomenon hit enterprise

IT faster than a knife fight in a phone booth. You were cruising

along with your secure BlackBerry deployment and then your

CEO bought an iPhone and demanded access to her corporate

email. So you gave her access to the Microsoft Exchange

server, via Microsoft ActiveSync. Before long, iPhones started

popping up everywhere -- including the corporate cafeteria. A

few months later you checked the logs and found more than2,000 of them were connected via ActiveSync! Yikes!

A Knife Fight in a Phone Booth:

How we got from BY-NO to BYO

BYOD SECURITY THATWORKS

THE BYOD KNIFE FIGHT,

AS IT UNFOLDED ON THE WEB

Given MDMs failings, BYOD still presents asignificant challenge for most CIOs. In this

eBook, we take a step back and look at the larger

problem of implementing BYOD: Defining what

is important and protecting it. Cloud and mobile

technologies have changed the IT security

landscape irreversibly. Today, we access and

store data in radically different ways from a few

years ago. So why would we approach security in

the same old ways?

SEARCH INTEREST FOR THE TERM BYODSource: http://www.google.com/trends/explore#q=BYOD

2005 2007 2009 2011 2013


3/12


If youre like most IT security professionals, you

pushed back at first, urging employees to stick withtheir BlackBerries. At some point, you realized

this strategy was a losing battle, so you decided to

embrace BYOD. You still werent sure how.

The Initial ResponseThe startup world stepped in to save the day, offering

up Mobile Device Management (MDM) as a solution.

It sounded great now you could manage personal

mobile devices the same way you managed corporate-owned laptops, locking down Bluetooth and iCloud and

blacklisting applications that threatened productivity

or screamed data leak!

Employees are People TooBut as you might have predicted people rebelled

against the monitoring and management of their

personal devices. If they wanted to back up their

personal information to iCloud or play Candy Crush on

their days off, they had a right to do so. Your MDM solution

turned out to be more expensive and complicated than

you thought. And honestly, it hasnt offered any real peace

of mind about the security of your corporate data, either.

Yes, it has allowed you to configure devices, but it does

nothing to prevent data leakage or control inappropriate

usage of corporate data.

THE BYODREVOLUTION

TYPICAL CIO REACTION

TO BYOD THROUGH THE YEARS

2005 2007 2009 2011 2013

?

Heres yourBlackBerry.

No iPhonesallowed.

We surrender!Use what youlike!

Did we actuallysecure ourdata?

2005 2007 2009 2011 2013


4/12


DATA =$$$

YOUR COMPANYS

CREDIBILITY, REPUTATION,

AND COMPETITIVE

ADVANTAGES

ARE ON THE LINE.

Think about it: Why do we concern ourselves with securing the devices

that connect to our networks?Is it because the devices have some intrinsicvalue? Definitely not. Your CFO wouldnt lose sleep over the extrinsic value of

devices, even if they were company-owned.

Is it the applications were worried about, then? Of course not. Even

enterprise-grade mobile apps run in the $10 range at most, and application

licensing agreements likely cover apps on lost or stolen devices.

Clearly the dataon these devices represents orders of magnitude more value

than even a high-end tablet loaded with hundreds of costly apps. Whetherits information that helps you forecast, make business decisions or drive

efficiencies or about the intrinsic value of customer or employee data

corporate information is almost impossible to put a price tag on.

We witness on an almost weekly basis the cost of losing control of that data.

Recently, Target, Neiman Marcus, and Coca-Cola made headlines for data

breaches. Who knows whos next. From government agencies to international

banking conglomerates, no organization, it seems, is safe. Each time an

employee walks through the door with an iPhone and connects it to your

network or walks out the door with a company laptop, or connects in any

way to a business cloud application your companys credibility, reputation,

and competitive advantages are on the line.


5/12


Data on DevicesTheres no end in sight to the explosion of devices and data. Gartner predicts

that by 2017, most large companies will require BYOD,offering to subsidize

service plans instead of providing company smartphones, tablets, or even

PCs. In the future workplace, BYOD policies must expand to include an

increasing variety of device form factors and operating systems. Your next

BYOD program may include Windows and Mac laptops. The one after that

as the Internet of Things connects buildings, data centers and cars may

need to include the break room refrigerator as well as employee shoes and

automobiles.

MORE EMPLOYEES,MORE DEVICES

Analysts predict that by 2020,over 30 billion connected deviceswill be in use, compared to just

2.5 billion in 2009 .

- 2013 Gartner report


6/12


Data in the CloudIts impossible to talk about BYOD without talking about cloud applications.

Not only do smartphones and tablets contain hundreds of apps, but your

organization probably also uses cloud applications that those devices can

access.

The 2014 Bitglass Cloud Adoption Report confirms the viability of the business

cloud. By analyzing the publicly available, real-world traffic data of 81,253

companies, we found that 24 percent had already implemented Google Apps

or Microsoft Office 365. Companies deploying those applications across

large portions of their organizations are most likely moving in the directionof adopting the cloud as a strategic element of their business models. Their

employees are probably accessing email and work applications from their

mobile devices.

PLAN FOR A CLOUDY FUTURE

In a 2013 Gartner survey,a whopping 80 percent ofenterprise IT organizations saidthey planned to adopt cloudapplications by 2015.

- 2013 Gartner report

LETS FACE ITTHE BUDGET FOR BYOD SECURITY PROGRAMSMUST REMAIN IN LINE WITH THE BENEFITS

THAT BYOD OFFERS.


7/12BYOD SECURITY THAT WORKS | BITGLASS | 2014 7

Many IT organizations approached the BYOD

security problem by trying to control devices

and apps via Mobile Device Management

(MDM) and Mobile Application Management

(MAM) solutions. It was a logical direction,

given traditional thinking about the network

perimeter: Build a wall around the entire

network, including all connected devices and

their applications, to keep the bad guys out and

the data corralled. Unfortunately, there areseveral problems with this approach.

THE ELUSIVE SOLUTION:ARE WE OVER-THINKING THIS?

MDM ATTEMPTS TO LOCK

ALL ACCESS INTO AND OUT

OF THE DEVICE

MAM REPLACES CORPORATE APPS

WITH RECOMPILED VERSIONS THAT

INCLUDE SECURITY FEATURES.

Employees give up control of their devices

Limited protection against data leaks

Requires special development for each app on

each platformRuns into vendor licensing problems

Mobile web and APIs are easy work arounds



38%

35%

29%

Found MDM hard to integrate

with other security technologies

Had problems scaling to support

a large number of users

Had difficulty with

implementation

Problem 1: Its too complex.

A recent Network World blog post calledthe market status of MDM deployments

elementary and immature. Why? The blog

cited ESG research determining that:Its no surprise. Realistically, how will you

scale any MDM solution when people begin

scanning email through special eyeglasses

while they work out on a network-connected

Stairmaster in the company gym wearing

network-connected running shoes?

Lets face it: The budget for BYOD security

programs must remain in line with the benefits

that BYOD offers. In this economy, no CIO can

expect ballooning headcounts and budgets to

match an out-of-control BYOD program.

3 PROBLEMS WITH MDM/MAM SOLUTIONS

Problem 2: Can I get some privacy in here?

The line between work and personal life grows ever more blurry, thanks inpart to mobile devices that allow us to stay in touch with work from wherever

we happen to be. Your phone contains grocery lists, notes to yourself, and

your doctors phone number as well as work email, contacts, and calendar.

You may use your phones browser to look up terminology in a client meeting,

but you probably use it just as often to manage your personal life.

Most CIOs see the blur of personal and work life as an unstoppable trend.

But most solutions in use today make no distinction between corporate and

personal data. If youre routing and inspecting traffic from an iPhone, youresweeping up personal emails along with company data logs. Most CIOs dont

relish the Big Brother persona, but these solutions force it upon them.

To make matters worse, MDM solutions install software on employee-

owned devices that try to control what they can or cannot do with that device.

Ultimately, such heavy-handed solutions drive todays employees toward

circumventing IT security policies and make your data less safe.



Problem 3: You cant wrap the cloud.Many MDM and MAM solutions work well if your company is developing its

own applications, but dont extend so readily to those apps your employees

want to download from the app store, or even to third-party business cloud

apps. In many cases, cloud apps break when you try to wrap them with MAM

solutions. In other cases, wrapping breaks app vendor licensing agreements

or the vendors simply refuse to provide the binaries required to accomplish

such wrapping.

Real clouds dont have edges, and the clouds we use to store and manipulate

data dont either. Theyre porous, full of networked API connections that leadto places you may never think of, and they change constantly. The idea that

you could contain them in a manageable way is simply unrealistic.

3 PROBLEMS WITH MDM/MAM SOLUTIONS

Were finally reaching the pointwhere I.T. officially recognizeswhat has always been going on:People use their business devicefor non-work purposes. Theyoften use a personal device inbusiness. Once you realize that,youll understand your needto protect data in another waybesides locking down the fulldevice.

- David WillisVice President and Distinguished Analyst,

Gartner, Inc.



TODAYS SOLUTION:FREE PEOPLE, SECURED DATA

To get to the good news in all this, you have to get past the old way of thinking

about your companys network perimeter. While it used to make sense toprotect data by securing the devices and applications within that perimeter,

the reality is that you no longer own or manage the devices and applications,

but you still own your data. Its more useful to think of perimeter in terms of

the smallest possible unit that of the data itself.

Todays emerging security technologies for cloud and mobile give IT

organizations more control, while also protecting employee privacy.

Persistent digital watermarking technology and data leakage prevention

make it possible to protect each piece of important data, rather than trying to

control an entire device or application. The advantages of this strategy offer a

revolution in the way todays CIO can approach IT security.

BITGLASS PROTECTS AND

MONITORS ONLY THE

CORPORATE DATA.

Device and app agnostic

Leaves employee data alone



TODAYS EMERGING SECURITYTECHNOLOGIES FOR CLOUD AND

MOBILE GIVE IT ORGANIZATIONS

MORE CONTROL, WHILE ALSO

PROTECTING EMPLOYEE PRIVACY.

Time to Put the Knife AwayWhen you focus on what matters sensitivecorporate data answers to security

in todays cloud- and mobile-enabled

workplace become clear and relatively

simple. So step out of that cramped and

bloody phone booth and into a world of

data you can control. Things are a lot more

relaxed and a lot more secure out here.

1. This strategy frees people to work productively.

Happy and productive employees are much more likely to abide by securitypolicies than those who are handcuffed to containerized mail clients or

apps that make their job less efficient and enjoyable. Let employees use the

applications and devices that help them to be productive, and offer them a

familiar, native experience they wont think twice about following.

2. It simplifies mobile security.By securing each piece of data, you take complexity out of the system along

with a mountain of policies, management tasks, and other headaches. You

also create a security strategy that is completely independent of device typeor third party apps. Bonus!

3. It frees your organization to embrace new technology.Yes, you will continue to face new technology hurdles. Thats life in the

modern age. Its also how you stay competitive and become a leader in your

industry. Now your security team can help enable new apps and devices,

instead of looking at them with dread.

4. It minimizes costs.Today, its possible and advisable to deploy a simple, effective securitysolution with low overhead. Compare that to the ballooning costs of traditional

solutions, and its a no-brainer.

5. It respects employee privacy.Security solutions that transport, handle, or even inspect personal employee

communications are bad for morale, bad for productivity, and often ineffective.

Now you can put the security focus squarely on corporate data, completely

ensuring personal employee privacy.

THE NEW BYOD



WHY BITGLASS?BYOD and Cloud are unstoppable trends. The benefits

are huge, but you can lose control of your data.

Regain control with Bitglass.

Secure BYOD Secure corporate data without MDM or agents

Prevent data leakage

Track and manage sensitive data Supports all PC and mobile platforms

Learn more at www.bitglass.com

+

FOR I.T.

SECURE CLOUD AND MOBILE.

FOR EMPLOYEES

PRIVACY AND UNENCUMBERED

MOBILITY.

SECURE BYOD IN MINUTES

Documents

Byod Security That Works