BYOD Strategy - Advantages and Disadvantages

Similar documents
W H I T E P A P E R E m b r a c i n g C o n s u m e r i z a t i o n w i t h C o n f i d e n c e

CA Enterprise Mobility Management MSO

:: MANAGING YOUR AGENCY :: STAY COMPETITIVE WITH APPLIED DORIS

Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence

BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size.

CREATING AN EFFECTIVE SUPPORT PLAN FOR BYOD: A BEST PRACTICE GUIDE

Bridged Apps: specialise in the deployment of many well known apps, as well as building customer made apps, websites, and SEO.

How To Protect Your Mobile Devices From Security Threats

Top Ten Technology Risks Facing Colleges and Universities

The Oracle Mobile Security Suite: Secure Adoption of BYOD

Building a BYOD Strategy For Education

BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE

Survey findings. Executive Summary. Subject: BYOD

A Mobile Architecture, Not Just a Mobile App

BUYER S GUIDE. The Unified Communications Buyer s Guide: Four Steps to Prepare for the Modern, Mobile Workforce

DECISION MAKER S GUIDE: DEVELOPING A BRING YOUR OWN DEVICE STRATEGY

2016 OCR AUDIT E-BOOK

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

Endpoint protection for physical and virtual desktops

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

Samsung SDS. Enterprise Mobility Management

Building a Comprehensive Mobile Security Strategy

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Mobile and BYOD Strategy

Security and Compliance challenges in Mobile environment

Whitepaper: 7 Steps to Developing a Cloud Security Plan

BYOD: Moving toward a More Mobile and Productive Workforce

Securing end-user mobile devices in the enterprise

MSP Relevance. MSP Relevance. the Era of Cloud Computing. the Era of Cloud Computing. Brought to You By: A Channel Company White White Paper Paper

The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh. May 20 th, 2013

Data Security: Fight Insider Threats & Protect Your Sensitive Data

10 Hidden IT Risks That Might Threaten Your Law Firm

Today s Best Practices: How smart business is protecting enterprise data integrity and employee privacy on popular mobile devices. Your Device Here.

How To Manage A Mobile Device Management (Mdm) Solution

trends and audit considerations

Security and Privacy Considerations for BYOD

MDM and beyond: Rethinking mobile security in a BYOD world

WHITE PAPER. Mobile Security. Top Five Security Threats for the Mobile Enterprise and How to Address Them

How To Write A Mobile Device Policy

'Namgis Information Technology Policies

A number of factors contribute to the diminished regard for security:

Samsung Mobile Security

Managing Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense

A path to improving the end-user experience

InforCloudSuite. Business. Overview INFOR CLOUDSUITE BUSINESS 1

BRING YOUR OWN DEVICE

Optimizing the Mobile Cloud Era Through Agility and Automation

Bring Your Own Device Mobile Security

BRING YOUR OWN DEVICE

Policy Checklist. Directorate of Performance and Reform. Stephen Hylands, Head of Information Technology

BYOD BEST PRACTICES GUIDE

Behaviors and Actions That Support Leadership and Team Effectiveness, by Organizational Level

Endpoint protection for physical and virtual desktops

A BUSINESS CASE FOR ENTERPRISE MOBILITY MANAGEMENT

Technical Note. ForeScout MDM Data Security

GOVERNMENT USE OF MOBILE TECHNOLOGY

SAM Benefits Overview

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Information Security: Business Assurance Guidelines

Transcription:

BRING YOUR OWN DEVICE AN INTRODUCTION BYOD An Introduction 3 The Management Challenge and Opportunity 5 Adopting a Step by Step BYOD Strategy 8 BYOD It s Time 14 1NService Your BYOD Partner 15 Copyright 2013 1NService, Inc. 2

Bring Your Own Device (BYOD) is another trend in the technology industry that is gaining momentum. By allowing employees to bring their own device into the work environment, companies can eliminate cost and transfer the burden of responsibility to the employee. Most employees are happy to do this because they can choose what technology to utilize for both personal and business use. Initially, this arrangement sounds simple and easy to execute. However, what appears simple at the surface can quickly become fraught with complexity in the detail. BYOD is an accelerating trend that raises significant new challenges for CIOs, but it is a trend that can t be ignored. According to IDC, 40% of the devices in today s environment used to access business applications are owned by the employee, not the corporation. That trend is up 33% in just one year. i In the consumerization of IT, BYOD is a phrase that has been widely adopted to refer to employees who bring their own devices such as Smartphones, PDAs and laptops to the workplace for use and connectivity on the corporate network. So, what is the problem with the use of BYOD? And most importantly--what is the payoff? Using unmanaged and unsecured devices to access corporate data creates a significant amount of compliance and personnel issues for organizations, as well as risking exposure of sensitive company information to external forces outside of the workplace. The use of VPNs and password protection does not always ensure the confidentiality of information. Too often, computers can be accessed illegally by outside forces and sensitive company data is compromised. If you are reading this and think that your company is immune to this problem because you don t have a BYOD policy, most corporations underestimate the amount of employee devices that are utilized in the workplace by as much as 50%. i i Unlike other technology trends, BYOD is being driven by employees and not the organization s IT department. BYOD is a trend that if it is properly executed will significantly increase positive opportunities for companies in the future. The payoff for organizations with a BYOD arrangement is enormous. 54% of employees surveyed led to the conclusion that a BYOD policy ultimately boosts employee productivity and morale. i i i Workers can have access anytime and anywhere to corporate applications that provide the freedom and convenience to perform their job while on the go. Allowing the use of personal technology is also crucial for the employee because only one mobile device is needed instead of juggling two devices -one for home use and one for work. A BYOD policy has become a major factor by employers to offer potential employees, as well as a factor in improving employee retention once personnel is hired. BYOD is simply not a technology trend, but an important corporate strategy utilized by organizations to attract and retain top employees. 3

The benefits of adopting a BYOD policy do not stop with providing more freedom for employees or employee retention. Investing in the tools, practices and solutions required to support BYOD will ultimately create a more efficient and effective IT delivery capability within organizations. The key benefits of such a policy will: Create adaptive IT processes that are agile and responsive to changing business requirements. For instance, using managed services will provide a way to increase company agility and power businesses that are not available through an in-house infrastructure. Adopt a centralized and comprehensive security policy that is adaptive to BYOD initiatives. When implementing any BYOD strategy, conducting network security testing is essential. It not only benefits the organization, but ensures that company privacy and confidential data is protected. Provide a flexible yet process-driven management of devices. True employee mobility is dependent on making sure that devices are allowed access to corporate systems and applications. Mobile Device Management provides flexibility while also protecting a company s assets. Improve employee support structures. Providing a cost effective way to ensure technical support keeps employees productive when issues occur with limited disruption on the business side. Corporations are looking at the adoption of Bring Your Own Device technology to not only maximize employee productivity, but to mitigate organizational risk. BYOD is not an invitation for all employees to use their own devices for personal gain but to ensure an organization s success by offering convenient way to conduct business. A carefully planned and detailed business strategy provides an end result that increases company growth, employee productivity and ensures a well-managed IT organization. 4

The Management Challenge and Opportunity All too many times, a BYOD policy that had been implemented was simply ad-hoc with little thought to the implications of the entire organization. These ad-hoc projects uncovered not only significant IT issues, but management challenges that were extremely difficult to control. The following steps are key areas of management strategy in the execution of a structured BYOD initiative. The first step in a BYOD action plan is to have a plan. The plan is not limited to the Information Technology department, but also to senior management from areas such as Human Resources, Legal and Sales. This is a corporate decision, so treat IT like one. Our work with clients has uncovered challenges and opportunities in three main areas. Policy and Corporate Governance BYOD raises very significant privacy, security and data concerns for any organization. A well-defined policy protects both the organization and the employee from liability and legal issues. When looking to create a strategy around governance, an organization needs to consider the following: What is the corporate policy for BYOD? Is it available to all employees or just a few? Are the employees paying for the device or is it at the corporation s expense? Who pays for data usage and is it fixed per month or flexible? What are the limitations of BYOD in the organization? What is the support structure or service level agreement with the employees? What are the legal ramifications of a BYOD policy? The legal department needs to be involved in policy making and it is essential to encourage their involvement right from the beginning. Who is responsible for BYOD in your organization? Ensure that they have the management authority to control and enforce policies. While the main focus needs to be on IT security, it is essential to clearly develop an overall corporate security plan to protect company assets. The Human Resource department needs to outline company expectations for employees working on-site and device privileges. Since the device is for both personal and business use, a clearly defined policy on what is acceptable for business use needs to be addressed. Employees must understand the fine line between personal use and business use. 5

Financial Considerations Early adopter organizations are moving into BYOD with the principal goal of cost savings. If that is the company goal, stop now! Although transferring responsibility of employees devices may transfer some costs, employee device usage only accounts for approximately 20% of total device ownership. A BYOD strategy is meant to create more opportunities for an organization in many areas, including employee productivity and sales generation. However, it does not necessarily provide significant cost savings and it should not be a primary motivator for employing a BYOD policy. Costs of deploying a BYOD strategy may include: Increasing data costs associated with a mobile deployment Understanding your enterprise license contracts Training of staff to support multiple devices Developing new mobile applications or virtualizing existing ones Implementing new management tools Changes to accounting procedures for BYOD Strengthening the existing network and putting in place a mobile device management infrastructure BYOD is a powerful advantage to any company when executed properly. It drives out cost discussions and savings where appropriate, but it should not be the primary driver in a company s execution mandate. Technology The definition of personal use versus business use needs to be clearly articulated but even so, some technology challenges remain. Anyone can pick up free or inexpensive applications for their devices without knowledge of where they came from, what viruses they may contain, and more importantly, what cookies are embedded in the software. Ensuring the employee has flexibility over a personal device while protecting the business applications is a key technological issue. An IT department within an organization needs to do the following: Invest in infrastructure and applications such as cloud applications and virtualized networks that support BYOD and enhance business goals. Plan and strategize how to enable access to corporate networks and determine what applications and functions can be accessed remotely. Decide on whether to invest in new infrastructure within the IT department or look at flexible models like managed services or applications. Invest in the right security and network tools and if necessary, re-engineer existing network architecture. The need to look at security services such as penetration testing should also be considered. Develop a strategy to activate, provision and manage multiple mobile devices. Policy and Corporate governance, Financial and Technology are key areas that are an integral part of a business strategy needed to execute a successful BYOD deployment. 6

THE BYOD DEPLOYMENT TRIANGLE Policy and Corporate Governance Financial Technical 7

ADOPTING A STEP BY STEP BYOD STRATEGY As stated before, many organizations leap into BYOD with little thought to strategy or risk assessment. Adopting a step by step approach for the execution of BYOD is clearly the winning strategy. A four-step detailed process will ensure success. STEP 1: DEFINE YOUR BYOD OBJECTIVES BYOD objectives should be rooted by business objectives and aligned to corporate strategy. The very first question to ask is why is the BYOD strategy being implemented? One of three objectives usually tops the list when talking to customers, which includes cost savings, risk mitigation, and/or productivity enablement. A clear objective will ensure that the company is making the right investments and trade-offs. A key point to note is that the three objectives are not always mutually compatible. For example, if the main objective is productivity enablement, the broadest possible BYOD policy should be implemented to allow employees the maximum freedom to do their job. This objective may conflict and not complement the areas of risk mitigation and cost savings. Clearly understanding what the main objective is will also lead to a greater degree of clarity and success in deployment. For instance, if the organization decides that sales employees would make more effective calls by having the ability to demonstrate or draw up proposals on the spot with a mobile device, than the company s highest priority should be the accomplishment of that productivity goal when determining trade-offs. Once the specific goals and BYOD deployment is determined, an adoption strategy must be articulated, including deciding who are the target employees and what level of adoption should be considered. Every company is different, but as noted in the diagram below, employee roles must be evaluated against BYOD goals in order to clearly articulate whether a strategy is all inclusive or limited to employee segments that have a higher need for mobility. As demonstrated in the sales example from above, if the corporate goal is to generate more sales by giving sales people access to demonstrations and proposals remotely, then it is best to proceed with a limited deployment of BYOD. Very Limited Standard Enhanced Sophisticated Very Tight Control Limited to corporate device only Basic Internet Usage Multiple device types Enable onsite/offsite limited services with secure access methods Multiple device types Full BYOD with native apps and new services All devices/ all owners 8

A clearly defined goal for BYOD is the successful start of a company strategy. It cannot be overstated enough that this goal is a decision that needs to be determined by the corporation and not the IT department. STEP 2: Understand and Mitigate Risks Understanding key risks factors and executing a risk mitigation strategy before the implementation of a BYOD strategy is a crucial factor for success. Successful organizations understand and mitigate risks on a regular basis. Whether it is confidential information, the use of corporate assets or another business initiative, these risk factors should always be considered in the decision-making process. However, a BYOD policy can come with its share of new challenges. Employee dissatisfaction, the liability of devices or issues of employee privacy are also risk factors that need to be analyzed. For example, allowing employees the freedom to do their jobs anywhere with any device is a significant employee motivator. However, with this freedom may come a corporate expectation of always being at work. It is essential that organizations clearly articulate their expectations of these factors when executing a BYOD strategy or these job motivators quickly turn to job morale issues. Talking about the protection of corporate assets on mobile devices is also important, but organizations must think through employee privacy issues with devices meant for both personal and business use. Exposing employee personal data is a definite liability to an organization. By identifying and defining potential risk factors early in a BYOD initiative, the implementation of a policy will go much smoother. More importantly, a detailed policy sets the parameters for future initiatives. Strong risk evaluation and mitigation is essential in rolling out a corporate BYOD strategy. 9

Here are some common BYOD implementation risks: Risk Type Risk Why? Internal Supporting too many devices There are too many platforms, applications and different security options for an IT department to manage Liability of device issue Device at work for personal use Employee morale Liability could be the responsibility of the organization if not thought out properly. A device-loss strategy needs to be articulated It s too easy for employees to spend time at work on personal business which causes productivity and security issues. Employees need clear and concise reasons for who is and is not included in the BYOB policy. External BYOD may have employee Employees may be entitled to overtime rights issues or other compensation if working after hours. Regulatory issues with data Misuse of personal information Loss of control Management of devices Lack of management of data on the device can lead to security issues and possible regulatory issues Compromising employee personal information can lead to severe privacy issues Giving employees real-time data access anytime may lead to control issues. For example, sales employees having access to real-time pricing takes some control away from the organization and policies must be in place. Increasing number of devices and types of devices eliminates the simplistic way to manage them. Device master management is a key solution. 10

STEP 3: POLICY DEFINITION Now that the BYOD objectives are clear and the risks are understood and can be mitigated, it is time to clearly define policy for the initiative. A clearly defined and communicated policy removes all ambiguity from the initiative before proceeding to execution. Policy areas such as device management, remote management expectations, loss of device and reimbursement of costs are examples of decisions that need to be included. A BYOD strategy also needs to outline the consequences of policy violations. All BYOD decisions are also corporate decisions, so an executive team from all functions needs to be involved and agree on the outcome. An executive team should include representatives from Human Resources, Legal, Finance, Sales and Marketing, IT as well as Executive Management. The following table provides guidance on possible policy decisions for an organization: Topic Policy Decisions Lost/Stolen Device Eligibility Reimbursement Usage of device Support Device Management Security Violations to Policy What is the employee process for a lost/stolen device? How will the device be wiped of data? Who is financially responsible for a lost/stolen device? Who is participating in the BYOD initiative and why? What are the rules around staying in the program? Who pays for the device? Who pays for usage costs? Is there a set maximum the company will pay the employee? What is the expectation for personal use of devices? In the workplace? What types of devices will be allowed in the program? What applications are involved? What level of device and application support is available? How is support clearly defined from manufacturer vs. organization? What is the network strategy to support device (VPN, other)? What is the master device management strategy? What is the security policy? What is needed to protect employee privacy? What is the process to deal with policy violations? Enacting a policy is only the first step. Policies need to be enforced and adjusted over time to meet the changing needs of the business. Key policies also need to be tracked. Executing a successful BYOD strategy should include tracking mechanisms for device usage, enforcing policy infringements, and dealing with loss or stolen devices. All these factors enable a strong execution of a living and breathing policy document that is adjusted according to the data and the needs of the business. 11

STEP 4: IMPLEMENTATION With proper planning as outlined in this document, the business and policy issues will be agreed upon and it is time for implementation. The IT department now steps into the limelight to deliver the program and monitor progress on a consistent basis. While many of the IT processes are still valid and will continue to be used, invariably new processes will be introduced along the way. Examples of these processes include mobile application management, device backup and recovery, and a clear outline on the separation of personal and business use on devices. The IT department steps into the limelight. The meeting of business strategy and technology implementation should consider the following: NETWORK ACCESS CONTROL IS ESSENTIAL Network Access Control (NAC) is an extremely effective way to manage new devices and is a cornerstone technology that embraces mobility while enhancing overall security. In short, NAC allows corporations to control the access of each device that is connected to the network. It provides visibility and control across all network entry points while providing profile data on all of the device types accessing the corporate system. With proper Network Access Controls, a business can allow basic authorization with some devices that have simple access needs, but also provide a more granular and stringent authorization process for users who need sensitive data (i.e. pricing information). Other advantages of NAC include the use of email encryption and mobile VPN. An organization should not consider moving forward on a mobile platform without introducing NAC as an important piece of the BYOD strategy. CONTAINERIZATION CONTROLS THE DATA Containerization is a process that separates the personal data on a device from the organizational data. Remote access VPN is a cost effective way to make this separation. VPN is not new to many organizations with a mobile workforce in place, but considering that the vast majority of new mobile devices may access business systems outside the traditional network (i.e. a third party wireless carrier), a VPN infrastructure needs to be current and secure. With this method of containerization, the organization is effectively controlling the information, not necessarily the whole personal device. Containerization is a cost effective and secure way to manage corporate data. MOBILE DEVICE MANAGEMENT SHOULD BE CONSIDERED Extending beyond simple containerization, Mobile Device Management (MDM) essentially allows an organization to control all mobile devices, such as the control of in-house systems and devices. Mobile Device Management ties users to mobile devices and allows application and system control of the individual device. With MDM, system administrators can install software on mobile devices, such as anti-virus solutions and wipe devices remotely. The administrators should treat the installation of new mobile devices as part of the administration of the entire IT environment. 12

SECURITY SECURITY SECURITY With the introduction of the solutions like NAC, VPNs and MDM, organizations will be on their way towards a secure mobile device strategy. However, it doesn t start or stop with these technologies alone. Security is an everyday concern for most corporations. Organizations should conduct a network security assessment before embarking on a mobile strategy. A network security assessment is an independent verification of the operational security of an organization s network. A proper assessment includes verification of policy compliance, identification and evaluation of possible security risks, and an overall assessment of the readiness of a corporation to execute a mobile device policy. Similarly, a web-application penetration testing will determine if the company s on-line community (employees, customers, suppliers) presents a risk to security. All of these security solutions are cost effective ways to ensure that an organization is prepared for an effective mobile strategy. If consistently applied, these security measures will serve as official procedures that are applied to the company s overall mobile device policies. CONSIDER MANAGED SERVICES A managed services strategy can quickly operationalize mobile execution by embracing best of breed solutions and technology by expert organizations. Managed network services, for example, can include your entire network systems (email, wireless, directories) as well as remote access (mobile access, secure remote access). Working with experts in these areas, an organization can create a cost effective, secure environment with rapid deployment and payback. Furthermore, increased complexity in areas such as HelpDesk will make a managed services option very attractive. With an increased number and variety of devices in a corporation, a diagnosis of user problems becomes more challenging. A managed services option with an expert team needs to meet all device requirements, which will increase user satisfaction and reduce on-going costs in the long run. READINESS ASSESSMENTS CAN SAVE TIME AND MONEY Readiness assessments are a valuable, inexpensive way of having an independent third-party work with an organization on a business or a technology strategy. Business strategy assessment experts work with companies to define the objectives of the BYOD project by helping them to understand the risks, assisting them with putting a business plan in place and monitoring the plan s progress. Technology readiness assessments help gauge an organization s technology and infrastructure state against its BYOD business strategy. With the help of experienced consultants, readiness assessments will become a valuable asset in the execution of a BYOD policy. 13

BYOD IT S TIME BYOD has the capability of delivering solid returns to an organization s bottom-line and make the employees more productive and happy. Building an effective BYOD strategy is a critical exercise. In this day and age, the alignment of business and technology strategy has never been more important. Unfortunately, most organizations have reacted to BYOD pressures by simply executing with very limited structure and little planning. Traditional business strategies with traditional technology infrastructure simply won t cut it in today s workplace. The key question is: Why execute BYOD? The entire business must work hand-in-hand and be engaged in all facets of a BYOD policy. The key question to begin with is - why is it necessary to execute BYOD? An implementation of this strategy must flow from the answer to this question. A sound corporate strategy with clearly defined objectives, a keen sense of risk factors and a strong technology platform to execute a BYOD policy are the essential ingredients to a successful implementation within an organization. The end result is a BYOD program that brings monetized value to the organization and employees who are able to do their jobs in a flexible work environment. 14

1NService YOUR BYOD PARTNER 1NService is the leading international community of advanced technology partners that through formal collaboration and trusted partnerships, delivers complex technology solutions to world-class organizations. It is the single-source for business and technology solutions to improve business processes, efficiencies and effectiveness. With proven long-term customer engagements and stellar customer satisfaction, our clients can count on 1NService to provide the right business or technology service needed. 1NService s BYOD strategy is to work with customers at the beginning of the BYOD strategy discussion and not just discuss technology solutions. A thorough and managed process includes: Mobility readiness assessments both business and technical All aspects of security including penetration testing and network security Network Access Control execution Mobile Device Management Containerization Management (including remote access VPN) Wireless LAN infrastructure Managed Services 1NService commits the best and brightest and we work hard for our clients, so your organization can reap BYOD benefits and ensure a successful execution. Contact us at the following: 1NService Atrion Corporation Dynamic Strategies Tom Turchet Mark Moretti Stan Kornaga Business Development Executive Vice President Director 905-825-9049 401-825-4134 610-574-5065 tomturchet@1nservice.com mmoretti@atrion.net Stan.Kornaga@ds-inc.com 15

ENDNOTES i IDC (2011). Closing the Consumerization Gap i i Bradford Networks (2011). Bring Your Own Device (BYOD) Unleased in the Age of IT Consumerization i i i Marsh, Chris (September 2010). Latest Enterprise Mobility Survey. Sometimes Less Controls Means More Productivity. Yankee Group Research Inc. 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information