Mobile Madness or BYOD Security?



Similar documents
IT Resource Management vs. User Empowerment

IT Resource Management & Mobile Data Protection vs. User Empowerment

How To Manage A Mobile Device Management (Mdm) Solution

Protecting Your Roaming Workforce With Cloud-Based Security

Healthcare Buyers Guide: Mobile Device Management

Secure Your Mobile Device Access with Cisco BYOD Solutions

Simple Security Is Better Security

Sample Mobile Device Security Policy

Managing BitLocker With SafeGuard Enterprise

Guideline on Safe BYOD Management

Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise

Encryption Buyers Guide

Protecting Your Data On The Network, Cloud And Virtual Servers

Symantec Mobile Management 7.1

Next Gen Firewall and UTM Buyers Guide

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Symantec Mobile Management 7.1

The ForeScout Difference

Kaspersky Security for Mobile

Cisco Mobile Collaboration Management Service

ForeScout MDM Enterprise

CREATING AN EFFECTIVE SUPPORT PLAN FOR BYOD: A BEST PRACTICE GUIDE

Strengthen Microsoft Office 365 with Sophos Cloud and Reflexion

Symantec Mobile Management 7.2

Cisco BYOD Smart Solution: Take a Comprehensive Approach to Secure Mobility

Simplifying Branch Office Security

Whitepaper. How MSPs are Increasing Revenues by Solving BYOD Issues. nfrascaletm. Infrascale Phone: Web:

Mobile Device Management in the Systems Management Ecosystem. Katie Wiederholt, Dell Software

Securing Corporate on Personal Mobile Devices

How To Support Bring Your Own Device (Byod)

How To Write A Mobile Device Policy

Meru MobileFLEX Architecture

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Enrollment System GETTING TO THE BOTTOM OF BYOD... AND COMING OUT ON TOP

The. C s. of Mobile Device. Management

Meru MobileFLEX Architecture

WHITE PAPER THE CIO S GUIDE TO BUILDING A MOBILE DEVICE MANAGEMENT STRATEGY AND HOW TO EXECUTE ON IT

Enterprise Mobility Management 101

6 Things To Think About Before Implementing BYOD

IT Enterprise Services

Ibrahim Yusuf Presales Engineer at Sophos Smartphones and BYOD: what are the risks and how do you manage them?

Welcome to the era of the anywhere worker

Symantec Mobile Management Suite

When enterprise mobility strategies are discussed, security is usually one of the first topics

A guide to enterprise mobile device management.

BYOD PARTNER QUESTIONS YOU SHOULD ASK BEFORE CHOOSING A. businessresources.t-mobile.com/resources. A Buyer s Guide for Today s IT Decision Maker

Securing Enterprise Mobility for Greater Competitive Advantage

Vision on Mobile Security and BYOD BYOD Seminar

Symantec Mobile Management for Configuration Manager 7.2

Mobile Device Security: What s Coming Next?

If you can't beat them - secure them

Mobile Device Management

BEST PRACTICE GUIDE MOBILE DEVICE MANAGEMENT AND MOBILE SECURITY.

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

Providing a work-your-way solution for diverse users with multiple devices, anytime, anywhere

Athena Mobile Device Management from Symantec

Hands on, field experiences with BYOD. BYOD Seminar

Simple security is better security Or: How complexity became the biggest security threat

EasiShare Whitepaper - Empowering Your Mobile Workforce

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

IBM Endpoint Manager for Mobile Devices

The Maximum Security Marriage:

Future Focus: What s Coming in Enterprise Mobility Management (EMM) FUTURE FOCUS. What s Coming in Enterprise Mobility Management.

Choosing an MDM Platform

Endpoint Management and Mobility Solutions from Symantec. Adapting traditional IT operations for new end-user environments

W H I T E P A P E R E m b r a c i n g C o n s u m e r i z a t i o n w i t h C o n f i d e n c e

Security and Compliance challenges in Mobile environment

EndUser Protection. Peter Skondro. Sophos

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

Bring Your Own Device (BYOD) and Mobile Device Management

Multi-Platform Enterprise Mobility Management. Perfectly balancing end-user and corporate needs

Kony Mobile Application Management (MAM)

Transcription:

Mobile Madness or BYOD Security? How to take control of your mobile devices By Barbara Hudson, Senior Product Marketing Manager The Bring Your Own Device paradigm has rapidly moved from novelty to near inevitability. Even IT organizations with deep concerns about manageability and security are increasingly accommodating user-owned devices. BYOD is here to stay, and tomorrow s BYOD will involve even greater diversity in devices, form factors and platforms. In this whitepaper, we briefly assess where BYOD stands, where it s headed, and your core challenges in implementing and managing it. Then, we turn to solutions, helping you build a comprehensive action plan for your BYOD success.

BYOD Will Soon Be Everywhere Figure 1 clearly establishes the context for BYOD in today s increasingly diverse, mobile and consumerized environments. Shipments of Apple and Android devices now outnumber Wintel shipments. Global Market Share of Personal Computing Platforms by Operating System Shipments, 1975-2012E Market Share of Personal Computing Platforms by Operating Systems (%) 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% TRS-80 Other 1983 Wintel - 25% Atari Commodore Amiga 1998-2005 Wintel - 96% WinTel 2012E Wintel - 35% Apple Android 0% 1975 1977 1979 1981 1983 1985 1987 1989 1991 1993 1995 1997 1999 2001 2003 2005 2007 2009 2011 Source: Asymco.com (as of 2011), Public Filings, Morgan Stanley Research, Gartner for 2012E data. 2012E data as of Q3:12. Figure 1. Global Market Share of Personal Computing Platforms by Operating System Shipments, 1975-2012E, Kleiner Perkins Caufield Byers, December 2012 During 2013, Kleiner Perkins expects the global installed base of smartphones and tablets to surpass the installed base of PCs that took decades to build. By 2015, smartphones and tablets in use will outnumber PCs by nearly two to one. According to ipass, the average user now works with 3.5 devices. 1 A new generation of apps has also arrived some sanctioned (or even authored) by IT, many of them unsanctioned. Beyond this, employees are using more cloud-based services, including storage services that can place confidential data outside your control. Some companies have responded by supporting nearly any recent device, app or service. Others support only one or two mobile platforms. Some permit BYOD for executives or certain employees, such as salespeople. Still others offer CYOD users can choose company-owned devices from an approved list. 1. The ipass Global Mobile Workforce Report, March 2012, wballiance.com/wba/wp-content/uploads/downloads/2012/07/ ipass_mobileworkforcereport_q1_2012.pdf A Sophos Whitepaper July 2013 2

BYOD adoption patterns have also varied widely by region, with North America moving forward more rapidly than Europe. The takeaway: just as BYOD can encompass many technologies, so too can it encompass diverse strategies. Business Opportunities, Not Just Problems There are positive reasons to promote BYOD, not merely tolerate it. BYOD improves productivity. According to research by Cisco, companies providing comprehensive BYOD support average nearly three hours of productivity gains per week. 2 Forrester says more than 80% of BYOD adopters base their business case on increased productivity. 3 BYOD promotes business agility. BYOD helps employees collaborate more quickly, efficiently and creatively. BYOD responds to employee demand. Supporting users own devices has been a recruitment selling point. Soon, failing to do so will hinder recruiting and retention. Core Challenges of BYOD Today Wherever you stand with BYOD today, you face several challenges in maximizing its value and mitigating its risks. The core issue is balancing the needs of IT and the organization with users desires to work with the tools they prefer. With out-of-the-box consumerized IT, users power typically grows, while IT s enforcement power tends to shrink. Below are some specific challenges you will face. Mixed ownership. By mid-2011, reports IDC, employees already owned 40.7% of the devices they used to access business applications. 4 On most consumer-oriented devices, users are admins: they choose apps and sites, and can even compromise built-in platform security. Security enforcement. BYOD creates more weak links that can be exploited both internally and externally. In many industries, the urgency of meeting these security challenges is reinforced by tough compliance rules. But even the best BYOD security can t simply be mandated from above. It requires significant user education and buy-in. 2. Comprehensive BYOD Implementation Increases Productivity, Decreases Costs, Cisco Internet Business Solutions Group, May 22, 2013, blogs.cisco.com/news/new-analysis-comprehensive-byod-implementation-increases-productivity-decreasescosts/ 3. Key Strategies to Capture and Measure the Value of Consumerization of IT, Forrester Research, May 2012, trendmicro.com/ cloud-content/us/pdfs/business/white-papers/wp_forrester_measure-value-of-consumerization.pdf 4. IT Hasn t Grasped Consumerization Trend, IDC, cio.com.au/article/393246/idc_it_hasn_t_grasped_consumerization_trend/ A Sophos Whitepaper July 2013 3

Management and governance. Without carefully thought-out governance arrangements, BYOD can quickly run out of control. Effective governance requires IT to actively collaborate across the organization to identify workable solutions. Direct and indirect costs. BYOD often reduces device acquisition costs. However, it can increase direct costs associated with network infrastructure. It also introduces indirect costs associated with managing greater complexity. IT must acquire appropriate tools to simplify, centralize and automate support tasks, ranging from device onboarding to decommissioning. Organizing Your BYOD Action Plan Since BYOD has major implications and since mistakes can be costly and disruptive you need to approach the issue systematically and strategically. It s never too soon to start. It s also never too late. Organizations that have informally supported or tolerated BYOD can bring greater structure and control to their programs. And as new technologies, use cases and risks arise, they must. Planning requires you to understand where you are today, where you want to go, and what you have to do to get there. 5 Key BYOD Elements BYOD challenges can be organized into five buckets: users, devices, apps, infrastructure, and security. For each, you need to ask the right questions, analyze the answers, and map answers to solutions. Of course, all five must be considered in the context of your unique corporate strategy, priorities, legal requirements and culture. Users Even more than most IT services, BYOD is built around users. Start your analysis there by asking: Who is using BYOD? Who wants to use it? What business functions and processes are they using BYOD for? Are users needs limited to email, or do they extend to mission-critical systems? What new use-cases are emerging? What data do your BYOD (or potential BYOD) users work with? What problems are users encountering, or likely to encounter? A Sophos Whitepaper July 2013 4

How technically sophisticated and educated are each group of users? What guests must you support? Based on the answers, you can organize users into groups with distinct requirements for BYOD such as salespeople, product support people or executives. You can then prioritize user groups, rather than supporting every user and device all at once. Devices Many BYOD problems are actually issues with mobile devices in general; others are specific to devices your organization doesn t own. To clarify both sets of challenges, ask: Which user-owned devices and platforms are widely used? Which new devices do your people want? What are the unique security and management characteristics of these platforms? What restrictions can you enforce? What happens in case of loss or theft? How often do BYOD device owners change or add devices? Have any platforms or device types presented unique support issues so far? Much of what you can do on a mobile device is dictated by the operating system. For instance, Apple s ios offers robust profiles that enable enterprises to place and upgrade apps remotely, and to selectively remove apps and data. The management infrastructure built into Android devices is currently less mature. Even within individual platforms, capabilities vary by version, and many users own older devices. As of April 2013, 46% of Android devices were still running older versions such as Gingerbread (2.3). 5 Device manufacturers are also addressing the shortcomings of the native Android platform by providing their own versions. Samsung, for example, has managed to achieve near ios-like manageability features with Samsung SAFE devices. Based on the answers to the above questions, you can refine and narrow your list of platforms and devices to support now (or later). You should then make sure that your IT organization has the skills to support those platforms, and identify tools to streamline tasks such as onboarding, device tracking, remote wipe and decommissioning. 5. Android Fragmentation Complicates Enterprise BYOD Support, TechTarget, http://searchconsumerization.techtarget.com/ news/2240180826/android-fragmentation-complicates-enterprise-byod-support A Sophos Whitepaper July 2013 5

Apps and Services If BYOD was really just about devices it would be far easier to manage. But it encompasses an entirely new generation of small, downloadable apps as well as cloud-based services that run on servers you don t control. You need to ask and analyze: Which apps are in use, and which will soon be added (either by users or the organization)? Can you identify and block risky apps? Which app stores do employees use? Can/should these be restricted? Which cloud-based storage services are in use? Which apps and workflows store sensitive data on personal devices? With answers in hand, you can collaborate with users to create acceptable use policies that work for everyone. You can identify requirements for client anti-malware software. And you may wish to seriously consider end-to-end encryption for data where it is stored and while it is in transit. Finally, review possible requirements for mobile application management (MAM) tools that can ban unauthorized app stores and/or create app whitelists and blacklists. Infrastructure Users typically don t notice your network and support infrastructure unless something s going wrong. To keep that from happening, answer these questions: Will you support BYOD with full-time IT staff, dedicated resources and/or managed services? Will you manage BYOD centrally or use a decentralized approach? Will you increasingly rely on video, collaborative tools and other high-bandwidth services? How will you manage Wi-Fi setup, management and performance monitoring, and handle faster rates of change within your network? How will you provide secure mobile access to internal systems where required especially when users are operating on insecure networks such as public Wi-Fi hotspots? Based on the answers to these questions, you can plan to ensure that your wireless network can handle more devices, greater usage and other new stresses. Your solution may include next-generation firewall application control; as well as real-time wireless network reporting and monitoring to identify emerging trends. A Sophos Whitepaper July 2013 6

In connection with wireless network capacity planning, consider traffic shaping to allocate and prioritize bandwidth. To improve both network performance and security, consider capabilities to block or allow individual apps. Finally, clarify the types of problems IT will and won t solve to prevent scarce support staff from being sidetracked by personal technology problems. Security Of course, much of what we ve already discussed touches on security either directly or indirectly. And security is the issue that must be managed well, and can t be managed perfectly. To arrive at the best balance of security and business effectiveness, ask: Which BYOD/mobile security and compliance problems have already arisen (for example, lost devices and data loss)? How do you prevent and remove malware on BYOD devices? Sample Mobile Device Security Policy Download a customizable security policy at Sophos.com What do your users know about mobile security and data protection? What compliance and privacy rules must you follow? Do users co-mingle personal and company data? Based on the answers to these and preceding questions, Sophos recommends that you plan to evolve your security model to: Assume all systems are insecure Follow individual users across each device they work with Focus on securing data from end to end, in storage and in motion On the all-important human side, work with HR and legal counsel to create clear policies addressing security, privacy and the responsibilities of both the company and its employees. Actively educate users about BYOD security. To gain buy-in, show how your security procedures will also protect them personally. Where possible, implement employee agreements permitting you to install security software on user-owned devices that run on the company s network. Especially educate executives who may demand exceptions to security rules, yet have access to data that places the company at highest risk. On the technical side, enforce controls such as passwords and locks via mobile device management (MDM). Seriously consider wider use of end-to-end encryption. Protect Android devices with anti-malware software, and enforce the ongoing presence of anti-malware software through policies. Apply web protection to avoid malicious websites that target mobile users, consider implementing two-factor authentication where appropriate, and deploy remote-wipe capabilities for lost or stolen mobile devices. Finally, carefully plan to develop the new network and security skills IT will need to do all this. A Sophos Whitepaper July 2013 7

Executing Your BYOD Strategy As you integrate what you ve learned in the preceding sections into a plan for deploying or improving BYOD, consider the following: Focus on opportunities to add value, not just reduce risk. Opportunities to drive value from BYOD may include: greater line-of-business process efficiencies; lower costs for equipment, mobile voice service and client application support; faster and more agile responses to customers; and better IT help desk productivity and performance. Consider data and processes holistically, from end to end. Now that it s almost impossible to assume total security anywhere, end-to-end encryption is an increasingly important tool. Don t take on more devices than you can handle. You needn t support every device or app and you probably can t. Consider starting with platforms that have more mature security functionality or wider installed bases. Choose BYOD security solutions that serve both long- and short-term needs. Consider a comprehensive, integrated solution that systematically reduces attack surfaces, and integrates with existing security and policy infrastructures. Ideally, such a solution would encompass data encryption, mobile anti-malware, laptop security, protection for removable media and cloud storage, and data loss protection. Evaluate potential solutions for features, flexibility, scalability, growth, manageability and support. Solutions should support full device and user lifecycles, simplify multiple aspects of management, fully utilize the control exposed by device OS platforms, and automate wherever possible. Automation minimizes the need for hands-on interaction with devices. Expect assistance from a global 24/7 support organization, and instant cloud-based updates in response to new threats. Demand value. Reflecting the skyrocketing number of devices associated with each user, consider solutions that charge per user, not per device. A Sophos Whitepaper July 2013 8

Sophos: Helping You Safely Profit from BYOD Whether you re deploying BYOD for the first time, or evolving your existing BYOD initiative, Sophos can help you every step of the way. Our global security organization is at your service to help you solve BYOD problems today, and to prepare for future threats and opportunities, wherever they may arise. Sophos Mobile Control Sign up for a free trial at Sophos.com United Kingdom Sales: Tel: +44 (0)8447 671131 Email: sales@sophos.com North American Sales: Toll Free: 1-866-866-2802 Email: nasales@sophos.com Australia & New Zealand Sales: Tel: +61 2 9409 9100 Email: sales@sophos.com.au Boston, USA Oxford, UK Copyright 2013. Sophos Ltd. All rights reserved. All trademarks are the property of their respective owners. A Sophos Whitepaper 6.13v1.sNA

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information