Strategic Bring Your Own Device. Implementing an Effective Program to Create Business Benefits While Reducing Risk



Similar documents
Preparing for the Change to EMV and New Fraud and Security Risks: What U.S. Merchants Need to Know

IT Audit Services. Ensuring the Right Systems and Controls Are in Place to Manage Risks Created by New Technologies

How To Manage A High Risk It Event

Member Firm Overview. Protiviti 1

Designing NetSuite ERP Application Security Leveraging Fastpath Assure Access Monitoring Solutions

Unlocking the Value of Continuous Monitoring and Control Automation Capabilities in SAP Process Control

Implementing AML Transaction Monitoring Systems: Critical Considerations

Changing Trends in Internal Audit and Advanced Analytics

Internal Audit s Role in Cloud Computing

Understanding the FFIEC Cybersecurity Assessment Tool: An Internal Audit Perspective

Designing SAP Application Security Leveraging SAP Access Monitoring Solutions During SAP Implementations, Upgrades or Security Redesign Projects

Maximizing Sales Performance Through the Use of Sales Enrollment Contact Centers

Top Priorities for Internal Audit in Telecommunications

Top Priorities for Internal Audit in Manufacturing

The Governance Portal Minimize Risk. Maximize Performance.

Bridging the Data Security Chasm. Assessing the Results of Protiviti s 2014 IT Security and Privacy Survey

Accredited TOGAF 9 and ArchiMate 2 Training Course Calendar February 2016 onwards

Accredited TOGAF 9, ArchiMate 2 and IT4IT Training Course Calendar June 2016 onwards

The Solvency Modernization Initiative. Understanding the Most Significant Insurance Regulatory Reform in a Generation

Joint General Assembly APLAC-PAC 2014 June 21-28, Guadalaja, Mexico

USER S GUIDE. Country Career Guide and USA/Canada City Career Guide. Combined Premium Collection

T&E. Where Business Travelers Spend Money

Synopsis: In the first September TripCase product release there will be several big updates.

Veolia Water. Integrating performance and risk management to develop a more responsive and more profitable global enterprise

Reaching New Levels of Supply Chain Effectiveness and Sustainability. Practical Considerations for Achieving a Strategic Sourcing Model

Global Real Estate Outlook

Growing With Governance, Risk and Compliance (GRC) Solutions. Avoiding Common Pitfalls to Maximize GRC Solutions

The World s Most Competitive Cities. A Global Investor s Perspective on True City Competitiveness

Indian E-Retail Congress 2013

Going Global Country Career Guide and USA/Canada City Career Guide Combined Premium Collection USER S GUIDE

USER S GUIDE. Country Career Guide and USA/Canada City Career Guide. Combined Premium Collection

Going Global Country Career Guide and USA/Canada City Career Guide Combined Premium Collection USER S GUIDE

Real Estate. Expertise of a boutique. Reach of a global firm.

Denied Boarding Eligibility

Digital Infrastructure and Economic Development. An Impact Assessment of Facebook s Data Center in Northern Sweden executive summary

1999 COMMUNICATIONS STUDY LINKING COMMUNICATIONS WITH STRATEGY TO ACHIEVE BUSINESS GOALS

The Data Center of the Future: Creating New Jobs in Europe

CONSTRUCTION SOLUTIONS

Financial services regulation in Australia

Denied Boarding Eligibility

ASAP implementation approach for SAP ERP implementation has five major phases as shown in below picture. Fit and Gap Analysis (FGA) is very critical


CRITICAL THINKING AT THE CRITICAL TIME CONSTRUCTION SOLUTIONS

FINANCIAL AID.

Opportunities for Action. Achieving Success in Business Process Outsourcing and Offshoring

Ken Favaro Ashish Jain Samuel Bloustein. Small Business Banking Customers An Attractive Segment for Organic Growth

Aiming for Outsourcing Excellence

DHL Global Energy Conference 2015 Outsourcing logistics Enhancing innovation or increasing risk?

GLOBAL RETAIL TRENDS IMPLICATIONS FOR COMMERCIAL REAL ESTATE

Rents continue to recover. Global Office Index Q2 2014

P R E S S R E L E A S E

at the pace of business Leadership development In-house programs available! The Leadership Express Series Ottawa, ON

Marketing and Branding in Recruitment. Robert Wegenek Squire Patton Boggs (UK) LLP

Top 10 reasons to move to the cloud

World City Millionaire Rankings. May 2013

Seamus McMahon Ashish Jain Kumar Kanagasabai. Redefining the Mission for Banks Call Centers Cut Costs, Grow Sales, or Both

IE Business School s.

Gross Domestic Product (GDP-PPP) Estimates for Metropolitan Regions in Western Europe, North America, Japan and Australasia

CONSULTING SERVICES Business & technology consulting and managed services

Coaching Executives: Building Emotional Intelligence

3rd Party Audited Cloud Infrastructure SOC 1, Type II SOC 2, Type II ISO Annual 3rd party application Pen Tests.

Greater than the Sum of its Parts: Professionalizing the Supervisory Board

Walid Tohme Jad Bitar. Healthy Links Bringing Interoperability to Healthcare Delivery

Human Resources Specialty Practice.

Alvarez & Marsal Global Forensic and Dispute Services Asia Pacific Regional Meeting (APRM) Tokyo, Japan April 2015

GRADUATE OPPORTUNITIES IN ECONOMIC AND FINANCIAL CONSULTING. GRADUATE OPPORTUNITIES FTI Consulting, Inc. A

Goodbye Spokesperson, Hello Steward

What Makes Cities Successful Randstad on the World Stage

AT-A-GLANCE DATA CENTER INDUSTRY SEGMENTS

CITY OF CHICAGO BUILDING ENERGY USE BENCHMARKING AND TRANSPARENCY

Launch of Mutual Recognition of Funds Between Mainland China and Hong Kong

AVANTGARD Hosting and Managed Services

How CPG manufacturers and retailers can collaborate to create offers that will make a difference. Implications of the Winning with Digital Study

Molnet öppnar nya möjligheter för kostnadseffektiv IT

JUDGMENT ON THE SPANISH TAX LEASE SYSTEM

Eight Best Practices for Conducting a Successful General Counsel Search

Mohamed Sayed SGI Cloud Executive Middle East & Africa. IBM ITIDA MoU WUP12370-USEN IBM Corporation

Transcription:

Strategic Bring Your Own Device Implementing an Effective Program to Create Business Benefits While Reducing Risk

Introduction Recent forecasts suggest that the global Bring Your Own Device (BYOD) market will reach US$266.17 billion in 2019. 1 This is impressive, considering that the basic concept of allowing employees to use their personal computing devices, such as smartphones and tablet PCs, for work is only a few years old. But today, many leading organizations have instituted some type of BYOD program, and have found that doing so not only can have a positive impact on employee productivity and innovation, but also on recruitment and retention. Potential benefits aside, BYOD presents risks for organizations, including data security and compliance risk. This is particularly worrisome for businesses in heavily regulated industries such as financial services and healthcare, where access to sensitive customer information is part of doing business. Yet too many organizations lack a defined BYOD strategy. A recent study conducted by Ponemon Institute found that nearly half (45 percent) of financial services firms that have embraced BYOD have instituted a program that is not aligned with IT objectives; more than a third (36 percent) of respondents said they have observed a disconnect between their organization s mobile strategy and business operations. 2 PROTIVITI S POINT OF VIEW With increasingly more capable and compelling mobile devices, it is inevitable that employees will bring these products to the workplace and demand that the organization support their use. An effective BYOD program and strategy can help organizations meet the challenges and seize the potential business benefits of BYOD. ADVANTAGES OF BYOD Organizations that have implemented effective BYOD programs report the following key benefits: Employee satisfaction and retention BYOD programs can create higher satisfaction among employees because they allow people to work with devices they are most comfortable using and eliminate the need to carry multiple devices. While implementing a BYOD program may not be the most important employee benefit, it can help organizations attract and retain talented professionals looking to work for companies that embrace the latest technology. And being able to appeal to the best talent ultimately enables an organization to foster a more efficient, cohesive and innovative work environment. Increased productivity and innovation BYOD programs help support an increasingly mobile workforce, allowing employees to integrate their work and personal lives in a way that is most meaningful to them. From their personal mobile devices, employees have the ability to access their work anytime they choose, from anywhere there is an Internet connection. Employees who use their own personal devices for work are generally believed to be more productive and more likely to work outside office hours. Also, because personal devices tend to feature cutting-edge technology, tech-savvy employees are especially well positioned to use their devices as platforms for new solutions and more streamlined operations. Cost savings BYOD strategies can also save costs when coupled with the right IT infrastructure and policies. With employees paying for mobile devices and data services, IT is no longer responsible for sourcing and procuring hardware such as smartphones, laptops, tablet computers and even desktops. Additionally, BYOD strategies may eliminate the responsibility for maintaining and refreshing end user devices and managing mobile service plans. 1 Bring Your Own Device (BYOD) & Enterprise Mobility Market worth $284.70 Billion by 2019, media release, MarketsandMarkets, June 2014: www.marketsandmarkets.com/pressreleases/byod.asp. 2 The Changing Mobile Landscape in Financial Services study conducted by Ponemon Institute for MobileIron, March 2014: www.mobileiron.com/en/whitepaper/changing-mobile-landscape-financial-services. PROTIVITI STRATEGIC BRING YOUR OWN DEVICE 1

BYOD CHALLENGES While the advantages of BYOD are appealing, there are challenges for organizations to consider when implementing a BYOD program: Data Protection The risk of data loss and data exposure is significantly increased with BYOD. This is because basic security controls may no longer be effective on mobile devices, or consistently implemented across the wide range of device types available to employees. Consequently, protecting sensitive information and preventing data loss becomes more challenging for IT teams. Well-developed BYOD programs should be based on a clear understanding and an evaluation of potential data loss threats, including: Lost or stolen personal devices Some organizations have implemented ways to encrypt data and remotely wipe information from a lost or stolen device. However, pushback from employees who don t want to give their employer unrestricted access to their device has prompted companies to take a closer look at options for successfully preventing data loss while also considering employees privacy. Mobile third-party applications Applications may expose sensitive nonpublic data, presenting yet another challenge for organizations to protect sensitive data. Security experts indicate that such applications could expose client information, corporate contact information, sensitive emails and device locations, among other things. Unauthorized cloud-based storage services These services, accessed through mobile platforms, could be another pathway for data leakage. If proper controls to monitor mobile devices and restrict data transmissions are not in place, employees could use these storage services from their personal devices to store company data, putting that data at risk of compromise. Application Security With personal devices offering an easy way to bypass the security limits normally imposed on corporate devices, employees are putting a strain on the corporate network and exposing it to additional security risks, including: Personal applications Personal applications installed on employees devices may contain malicious code or security holes. Malware protection and control over personal devices running different platforms and different software versions are needed. Corporate applications Applications developed or deployed by the organization may contain security vulnerabilities and weaknesses that may enable attackers to compromise employees personal devices and launch an attack in the corporate IT environment. The risk of application vulnerabilities is increased when devices are owned by employees and remote administrative capabilities are not managed by the IT department. This highlights the need for compartmentalization and protection of sensitive data on employees personal devices. Hidden IT Costs While an effective BYOD program is mostly viewed as a cost-saving model, financial institutions, healthcare organizations and other businesses should closely evaluate hidden IT costs associated with the management and support of personal devices in a secure environment. A BYOD environment is almost certain to result in significantly more unpredictability in the hardware and software versions of personal devices. It requires additional IT resources to manage the increased number of personal devices and to accommodate the support of a wide range of device types. The variation in platforms also will complicate the process and add to the cost of wiping personal devices when employees leave the company, or when employees devices are lost or stolen. PROTIVITI STRATEGIC BRING YOUR OWN DEVICE 2

It is important for organizations to choose the right governance and support models to control these hidden costs prior to implementation. Streamlining the enrollment and deprovisioning processes will help organizations control costs and achieve a more secure BYOD deployment. Another hidden cost relates to reimbursement of data plans. Organizations may see a significant spike in data usage, especially when rolling out mobile computing options. Setting data usage caps and providing secure and appropriate connectivity options for mobile workers are effective means to control costs. FINDING THE RIGHT BYOD STRATEGY A comprehensive BYOD program and strategy starts with an assessment of your organization s unique business needs and current IT infrastructure. IT consulting and internal audit experts can contribute to a successful BYOD strategy through: BYOD policy and security gap assessment BYOD policy design and implementation BYOD security design and implementation BYOD vendor evaluation and selection There is no one-size-fits-all plan for BYOD. There are many considerations, including which approach will work best and whether CYOD (see sidebar) might be an option for your business. Organizations should adopt BYOD strategies that balance the use of employees personal devices with privacy and security requirements as well as help to promote business agility. The CYOD Option CYOD Choose Your Own Device is an alternative to BYOD that more businesses are considering. In a CYOD program, the employer owns the device as well as the application licenses. Even if an employee leaves, the licenses stay with the company. Companies that embrace CYOD still need to provide employees up-to-date mobile technology. They also must allow their workers to use their devices for personal reasons, in line with the company s acceptable use policies, as they would with BYOD. CYOD is a logical approach for companies that want more control over mobility or are in heavily regulated industries (e.g., financial). Businesses that operate in countries or regions with strict labor and privacy laws and other regulations that impact mobile device usage may find that CYOD is a good option. THE BENEFITS OF THE CYOD APPROACH INCLUDE: Ability to control access/security more effectively Potential cost savings through the bulk purchase of devices and/or service contracts of pooled minutes/data Reduced reimbursement overhead Easier implementation and support LAPTOP SMARTPHONE TABLET PROTIVITI STRATEGIC BRING YOUR OWN DEVICE 3

ABOUT PROTIVITI Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000 and 35 percent of Fortune Global 500 companies. Protiviti and our independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Named one of the 2015 Fortune 100 Best Companies to Work For, Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index. How Protiviti Can Help Protiviti develops thought leadership that is meaningful and directly applicable to our clients. We also seek to make contributions to the industries we serve through active participation in industry groups, and we support research and information-sharing through organizations such as the Open Web Application Security Project (OWASP), Financial Services Information Sharing and Analysis Center (FS-ISAC), Payment Card Industry Security Standards Council (PCI Council), Information Systems Security Association (ISSA), Computer Security Institute (CSI), InfraGard, SANS and ISACA. We are a member of the Shared Assessments Program steering committee, the Board and Advisors Committee for FS-ISAC, and the International Information Integrity Institute (I-4) industry think tank focused on information security. Based on our research and industry participation, it is apparent that there is enormous pressure for financial services IT leaders to transform their organizations to become more nimble and adaptive, yet there is also intense pressure to maintain controls and manage costs. Our blend of consulting expertise and deep industry experience uniquely positions us to design and deliver pragmatic, risk-sensitive solutions in response to these challenges. Ultimately, our goal is to help our customers protect and enhance the value of their enterprises in the face of ever-increasing demands. We have assisted many of the world s largest financial services organizations in areas including, but not limited to: IT strategy and governance Enterprise architecture Risk and compliance Security and privacy Service assurance Operations improvement Data management Technology Contacts Scott Erven +1.213.327.1414 scott.erven@protiviti.com Ed Page +1.312.476.6093 ed.page@protiviti.com Jeffrey Sanchez +1.213.327.1433 jeffrey.sanchez@protiviti.com Acknowledgement Contributors to this white paper include Katie Stevens. PROTIVITI STRATEGIC BRING YOUR OWN DEVICE 4

THE AMERICAS EUROPE/MIDDLE EAST/AFRICA UNITED STATES FRANCE ITALY THE NETHERLANDS Alexandria Atlanta Baltimore Boston Charlotte Chicago Cincinnati Cleveland Dallas Denver Fort Lauderdale Houston Kansas City Los Angeles Milwaukee Minneapolis New York Orlando Philadelphia Phoenix Pittsburgh Portland Richmond Sacramento Salt Lake City San Francisco San Jose Seattle Stamford St. Louis Tampa Washington, D.C. Winchester Woodbridge Paris GERMANY Frankfurt Munich BAHRAIN* Manama KUWAIT* Kuwait City OMAN* Milan Rome Turin QATAR* Doha SAUDI ARABIA* Riyadh Amsterdam UNITED KINGDOM London UNITED ARAB EMIRATES* ARGENTINA* Buenos Aires BRAZIL* Rio de Janeiro São Paulo CHILE* Santiago MEXICO* Mexico City PERU* Lima VENEZUELA* Caracas Muscat SOUTH AFRICA* Johannesburg Abu Dhabi Dubai CANADA Kitchener-Waterloo Toronto ASIA-PACIFIC AUSTRALIA INDIA* JAPAN Brisbane Canberra Melbourne Sydney CHINA Bangalore Hyderabad Kolkota Mumbai New Delhi Osaka Tokyo SINGAPORE Singapore Beijing Hong Kong Shanghai Shenzhen * Protiviti Member Firm 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet. PRO-0615-103062 Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information