NAVIGATE THE UNCHARTERED WATERS OF BYOD WITH A SECURE POLICY



Similar documents
Survey findings. Executive Summary. Subject: BYOD

"Secure insight, anytime, anywhere."

How To Protect Your Mobile Devices From Security Threats

Connect With My Team. in real time RELIABLEFAST FAST M SPEED TEAMCONNECT SURF. Know How Guide to Mobile Device Management PEACE OF MIND SPEED NEW

Symantec Mobile Management 7.1

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Bring Your Own Device (BYOD) and Mobile Device Management.

BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE

ENTERPRISE BYOD BEST PRACTICES POLICY AND SECURITY BEST PRACTICES FOR A SOUND ENTERPRISE MOBILITY PROGRAM

A Guide to Consumerization & Building a BYOD Policy June 2012

The Bring Your Own Device Era:

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Simplifying Desktop Mgmt With Novell ZENworks

Bring Your Own Device (BYOD) and Mobile Device Management

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

Use Bring-Your-Own-Device Programs Securely

BRING YOUR OWN DEVICE

Mobile Security: Top Five Security Threats for the Mobile Enterprise and How to Address Them

Enterprise Mobility & BYOD: Four Biggest Challenges And How to Solve Them WHITE PAPER

BYOD & Virtualization: Managing Mobile

Preemptive security solutions for healthcare

Athena Mobile Device Management from Symantec

Optus Future of Business Mobility Insights Paper Maximise the potential of your mobile workforce

SURVEY FINDINGS. Executive Summary. Introduction Budgets and Spending Salaries and Skills Areas of Impact Workforce Expectations

Windows Phone 8.1 in the Enterprise

CA Enterprise Mobility Management MSO

Sybase Afaria. Comprehensive Management and Security for the Mobile Enterprise PRODUCT BROCHURE.

Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations

Neoscope

10 Hidden IT Risks That Might Threaten Your Business

WHITE PAPER. Mobile Security. Top Five Security Threats for the Mobile Enterprise and How to Address Them

Acronis BRING YOUR OWN DEVICE

6 Pillars for Building a Successful BYOD Program. Protecting corporate assets while increasing employee productivity

Three Best Practices to Help Government Agencies Overcome BYOD Challenges

Symantec Mobile Management 7.1

Three Best Practices to Help Enterprises Overcome BYOD Challenges

Working With government Agencies calls for Well-DevelopeD it

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Today s Best Practices: How smart business is protecting enterprise data integrity and employee privacy on popular mobile devices. Your Device Here.

How Technology Executives are Managing the Shift to BYOD

Securing Health Data in a BYOD World

Choose Your Own Device (CYOD) and Mobile Device Management. gsolutionz.com

Insert Partner logo here. Financial Mobility Balancing Security and Success

Consumerization Survey Report The Consumerization of IT

Symantec Mobile Management for Configuration Manager 7.2

THREATS. Your Business Can t Afford to Ignore. Your business depends on intelligence, but can you count on your technology?

BYOD Policies: A Litigation Perspective

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Newcastle University Information Security Procedures Version 3

EHR IMPLEMENTATION SURVEY: Proactive Consideration and Planning Lead to Successful EHR Implementation

Mobility, Security Concerns, and Avoidance

The Expanding Role Of Mobility In The Workplace

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

Don t Let A Security Breach Put You Out of Business

BOYD- Empowering Users, Not Weakening Security

Bring Your Own Device Policy

Deep Dive BYOD, COPE & MDM

Setting BYOD Policy: A New Partnership for IT and HR

The BYOD Opportunity. Say Yes to Device Diversity and Enable New Ways to Drive Productivity WHITE PAPER

IBM Endpoint Manager for Mobile Devices

Mobile Data Security Essentials for Your Changing, Growing Workforce

Bring Your Own Device and Expense Management

CHOOSING AN MDM PLATFORM

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Setting BYOD Policy: A New Partnership for IT and HR

Putting Operators at the Centre of

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

How To Support Bring Your Own Device (Byod)

Symantec Mobile Management 7.2

Preparing your network for the mobile onslaught

Dell Connected Learning for Schools. Transforming Education for the Digital Age

Hands on, field experiences with BYOD. BYOD Seminar

10 Hidden IT Risks That Threaten Your Practice

Mobile Security Landscape in A Report

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

A number of factors contribute to the diminished regard for security:

Symantec Mobile Management 7.2

Mobile Devices Policy

Supplier IT Security Guide

Data Security in the Insurance Industry: WHAT YOU NEED TO KNOW

Mobile Devices in Healthcare: Managing Risk. June 2012

Commissioned Study. SURVEY: Mobile Threats are Real and Costly

BYOD & MOBILE SECURITY: EMPOWERING EMPLOYEES WHLE SECURING CORPORATE ASSETS

Mobile Device Management for CFAES

E-Guide. Sponsored By:

Internet threats: steps to security for your small business

10 Hidden IT Risks That Might Threaten Your Law Firm

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

BYOD. Bring Your Own Device - Mobile Device Management.

How To Write A Mobile Device Policy

How to Prevent a Data Breach and Protect Your Business

How To Secure Your Mobile Devices

Whitepaper. Written by Info-Tech Research Group MOBILITY IN THE CLOUD

BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size.

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

10 Hidden IT Risks That Threaten Your Financial Services Firm

IT Resource Management & Mobile Data Protection vs. User Empowerment

HIPAA Security Training Manual

A number of factors contribute to the diminished regard for security:

Transcription:

IT INDUSTRY TRENDS NAVIGATE THE UNCHARTERED WATERS OF BYOD WITH A SECURE POLICY Any successful sailing trip must be carefully planned to avoid danger and ensure a safe return. The captain evaluates the ship s crew, equipment and timing, maximizing the strengths of each to develop a successful route to port. While at sea, the ship will also face variable, unpredictable factors like wind conditions and currents that require quick decisions to stay on course. An experienced captain anticipates the changing conditions, adjusts and adapts to new circumstances. In a business setting, organizations are faced with obstacles every day. Leaders leverage the skills of their employees, their strengths in the market and other differentiators to develop a strategy to keep their company profitable and successful. Along the way, they must respond to challenges from developing technologies, competitors, regulation and other external forces. Bring Your Own Device (BYOD), the practice of employees bringing their own mobile devices to the workplace in order to connect to the corporate network, is a more recent opportunity and threat to organizational operating rhythms. While the right BYOD strategy can offer benefits such as improved productivity and cost savings, it can also open the door for risks to corporate data security and protection. Navigating to the optimal approach will capitalize on these benefits while reducing the potential business risks of BYOD. TEKsystems surveyed more than 2,000 IT professionals and more than 1,500 IT leaders on the topic of BYOD. IT professionals provided specific insight from the employee s perspective, and the leaders who responded provided their insight from the employer s perspective. We asked each group to share their viewpoints on how important a BYOD policy is to their organization, the challenges most organizations face and the elements of an effective BYOD policy. TEKsystems.com 1

Wind of Change: The Impact of BYOD Increased adoption of mobile devices has led to heightened reliance on mobile technology. While the sole reason for owning a mobile device was once for personal use, the reliance on mobile has expanded to the workplace. More and more employees want to bring their devices to work, and IT leaders and professionals alike rely on personal phones, laptops and tablets for work activities. Employees like using their own devices and claim the familiarity and the portability of the device increases their productivity and can lead to increased retention. Employers also benefit, as they can achieve lower hardware costs by allowing employees to use personal, non corporate-owned devices. Yet, many organizations struggle to define the terms of such an arrangement. The process of synching a device to a server varies based on the user s device and operating system, and organizations must therefore define levels of support for various devices or platforms. Once the policy is set, the burden on the IT department often results in higher expenses as additional resources or training may be required to meet the added demand. Organizations must also determine who owns the data and how to retrieve it should the employee leave the company. Companies who forbid their employees to access data on their devices face additional challenges, as many employees will create an alternative solution, such as forwarding emails to personal devices or creating ad hoc applications to replicate the functionality of corporate programs. The trend of BYOD is not going away, and organizations should proactively plan for how not if it will affect their business. Percentage of time spent on personal devices for work-related activities mobile phone laptop tablet 89% 83% 82% 72% 58% 54% IT Leaders IT Professionals Staying Afloat: Guidelines for Creating an Effective BYOD Strategy Organizations must find a way to satisfy internal data security concerns and meet employee desires for increased flexibility. A successful BYOD policy will eliminate ambiguity, address user confusion and clearly define acceptable behavior. As organizations differ in user population, risk tolerance, workforce needs, type of data shared and culture, a one-size-fits-all policy can t address the needs of every organization. Instead, the best BYOD policy requires customization. Organizations should begin by analyzing what makes their employees most productive and enables them to succeed. Based on these insights, leadership can begin to establish specific parameters around acceptable behavior for their unique organization. TEKsystems.com 2

IT leaders and IT professionals agree that their organizations current BYOD policies: Provide greater employee access to company data Improve employee satisfaction through freedom of choice Increase efficiency and productivity At its core, an effective policy will guide employees on the protection of sensitive information and define the organization s role in supporting the policy. IT leaders and IT professionals agree that their organizations current BYOD policies provide greater employee access to company data through the use of personal devices, improve employee satisfaction through freedom of choice with device management, and increase efficiency and productivity. Approximately half of IT leaders and IT professionals (53 percent and 47 percent, respectively) cite their organization s policy is neither effective nor ineffective at providing responses to end-user questions or issues, suggesting there is room for improvement in the IT support function. Similarly, IT leaders and IT professionals report ambiguity around their organizations policy for covering the cost of their mobile devices, as 80 percent of leaders and 83 percent of professionals claim the end user pays for all or a portion of the expenses associated with their device. of IT professionals say they either haven t received communication on BYOD or there is no policy in place, and 29 percent of IT leaders report the same. Leadership also needs to periodically evaluate the policy for relevancy and effectiveness in addressing new security threats or device management issues. For example, a policy written to support the use of mobile devices may not fully address user questions around tablets. Navigating to Port: Key Components of a Successful BYOD Policy While a successful BYOD policy will address information security and enable productivity, the strongest policies will cover the following specific areas: Battening down the hatches: Protect the security of company data As soon as employees connect personal devices to their organization s network, they place company data at risk. IT often lacks insight into the security profile of personal devices and the safety measures implemented by the employee, such as password lock, will vary depending on the device and the employee s personal preferences. The repercussions to a lost or stolen personal device are severe: 38 percent of IT professionals believe more than half of their organizations sensitive data is at risk, and 20 percent think all company data could be compromised. 38% of IT professionals believe more than half of their organizations sensitive data is at risk, and 20 percent think all company data could be compromised. Once the policy is established, it must be promoted and enforced within the organization and revisited to ensure it continues to meet business goals. Forty percent TEKsystems.com 3

In order to protect company data, a BYOD policy must address the specific security needs of the organization. As a first line of defense, personal devices should be password-protected and include a timeout feature to prompt password entry after a set period of inactivity. Organizations should guard against malicious software programmed to disrupt operations, known as malware, by requiring anti-virus protection, limiting application download capabilities and pushing system scanning technology to user devices. Once users have passed these basic security requirements, some organizations may also need to enact advanced measures based on the nature of their company data. Organizations that allow their employees to access their customers personal information, such as social security numbers, should require data encryption measures to further protect sensitive information. As a fail-safe measure, IT should have the ability to remotely wipe data if a personal device becomes compromised. Nearly half (46 percent) of IT professionals and 33 percent of IT leaders report that their organization does not have remote wipe capabilities. Only 53% of IT leaders AND 50% of IT professionals feel their IT department supports a sufficient amount of different devices and platforms, limiting their mobile device s functionality at work and counteracting any productivity gains from BYOD practices. Clearing the decks: Limit unauthorized access to company data Maintaining security of end-user devices is an important component of any organization s BYOD policy, and highly regulated industries like healthcare and financial services require even greater attention to data security. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires certain policy controls to restrict data access, control access and data rights on applications, and conduct compliance reporting across mobile devices. Per the Dodd-Frank Act of 2010, financial companies must comply with Securities and Exchange Commission (SEC) requirements to retrieve and review employee communication records. Thirty-five percent of IT leaders and one-quarter of IT professionals claim their organization s policy does not adhere to government-mandated regulation, such as HIPAA or Dodd-Frank. Organizations must first identify any regulation that impacts their line of business and ensure their policy will comply with the requirements. Next, to further promote data security, IT should conduct an analysis of user access rights and set proper access to applications. Access levels should be periodically reviewed and audited to ensure ongoing compliance. Running aground: Alleviate pressures on IT support While granting employees permission to use personal devices can increase productivity and morale, opening up access will also place more pressure on IT. As more devices access company systems or platforms such as email, remote desktop and applications, more support issues will arise. Only 53 percent of IT leaders and 50 percent of IT professionals feel their IT department supports a sufficient amount of different devices and platforms, limiting their mobile device s functionality at work and counteracting any productivity gains from BYOD practices. The strain on IT is often more than just a personnel issue; the number and complexity of mobile devices in the market means that IT is challenged to support a variety of devices and operating systems in addition to managing existing corporate-owned hardware. TEKsystems.com 4

To reduce pressure on the IT department, organizations should assess the capabilities of their help desk and adjust device support accordingly, assume a greater role in device management through push technology and empower users to resolve device issues on their own. First, organizations can maximize help desk productivity by examining the skills and bandwidth in their IT departments and using this analysis to determine their level of device support. These decisions will depend on the capabilities and support currently Organizations lack visibility into their end-user activity. 37% of IT leaders 39% of IT professionals claim their site visits are not monitored offered by the help desk; a help desk already struggling to respond to user questions on email platforms will benefit from limiting the number or type of devices allowed, while a more advanced help desk may be able to support a wider variety of devices. Second, the very nature of a personal device limits IT s ability to connect remotely to that device to solve an issue or ensure compliance. In order to best exert control over device management, IT needs to be able to push updates through to personal devices on mandatory business applications. Push technology also decreases support time and increases control over the network, but only slightly more than half of IT departments have this capability today, as reported by 61 percent of IT leaders and 58 percent of IT professionals. Finally, organizations can enable users to perform self-help when possible, further reducing the number of support calls into the help desk. Self-service enablement giving employees ownership over enrolling their devices, adding new devices as well as completing any other general task without IT intervention will decrease the number of support requests, allowing IT to spend more time on the organization s complex support issues and other technology priorities. Dragging the anchor: Reduce network strain Employees who bring personal devices to work need to rely on the corporate wireless network to connect their devices. Most networks buckle under the pressure of these added devices, resulting in slower or disrupted connection speeds and increased security threats. While the network must support the increased traffic on corporate sites and applications, organizations should also understand that some users are relying on the network to access personal content which can include high-volume requests for video streaming or updating an operating system. Organizations lack visibility into their end-user activity, as 37 percent of IT leaders and 39 percent of IT professionals claim their site visits are not monitored. By gaining insight into the demands on the network, organizations can properly limit activity and ensure the network can respond appropriately. IT leaders and IT professionals report that nearly one-third of organizations (31 percent) currently don t restrict access to personal content or limit website visits, compromising their network s ability to handle their volume needs. An effective BYOD policy will determine how users can access the network, including which sites and applications are available on the corporate network. By placing parameters on the information available for download, organizations can reduce strain on and leverage the network for the transactions that need to occur. TEKsystems.com 5

Learning the ropes: Provide end-user education Finally, organizations should optimize their best weapon to ensuring BYOD success: their workforce. Most IT leaders and IT professionals claim to understand their organization s overall stance on BYOD, at 73 percent and 78 percent, respectively. But nearly one-quarter of IT leaders (22 percent) and 11 percent of IT professionals report that they don t understand the risks associated with BYOD, indicating that further education is needed. Only 36 percent of IT professionals claim that their organizations offered mandatory training on BYOD. An educated employee will be more inclined to follow the company policy and will take more responsibility for protecting company data. Organizations need to offer mandatory training, tailored to the needs and learning styles of their workforce, to teach employees how to protect sensitive data and understand the importance of security compliance. As the technology landscape is continually changing, training courses must also be updated and relevant, and employees should be required to take continuing education to stay knowledgeable on the latest changes to corporate policy. Only 36% of IT professionals claim that their organizations offered mandatory training on BYOD Arriving at Port: Conclusion The momentum of BYOD continues to penetrate the workplace. Like a sea captain and his crew, organizations and IT leadership can only take precautions that are within their control. Establishing a successful BYOD policy is critical for businesses to proactively rise to the challenge and embrace BYOD as an opportunity. Implement a policy that speaks to the unique needs of the business, culture, user population and data at risk. Consider the nature of company data users have access to and determine what parameters and user controls need to be in place to protect that data. It s important to also take into account the conditions of IT infrastructure and support. To reduce network strain and mitigate additional pressure on IT help desk support--two potential negative impacts stemming directly from BYOD organizations should take proper measures and setting expectations around usage. Ultimately, having a successful BYOD presence relies on the cooperation and partnership of organization decision-makers and employees. End-user education initiatives will ensure your BYOD strategy stays on course. TEKsystems 7437 Race Road, Hanover, MD 21076 888.835.7978 www.teksystems.com TEKsystems, Inc. is an Allegis Group, Inc. company. Certain names, products and services listed in the document are trademarks, register trademarks, or service marks of their respective companies. Copyright 2013 TEKsystems, Inc. All Rights Reserved.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information