5 Considerations for aSuccessful BYOD Strategy

Barbara Hudson, Global Product Marketing Manager, Mobile Data Protection

Poll Question PlaceholderAre employees in your organization allowed to use personal devices for work?

•No and no plans•No but planning to allow•Yes, for email only•Yes, for email and other systems•Don’t know/other

What we’ll talk about• What is BYOD?• Mobile Revolution, the Post PC era?• BYOD: What to consider

1. Users

2. Devices

3. Apps

4. Infrastructure

5. Security

• Choosing a BYOD solution• Q&A

What is BYOD?

Consumerization of IT?

Personal smartphones, tablets, etc. being used at work

When employees pay for their own devices and plans

Bring Your Own Technology

Define what BYOD means – for you

There are probably no two organizations where

it means exactlythe same

The mobile revolution

The big shift

Source: Kleiner, Perkins, Caufield, Byers, Dec 2012

20001.3 million

devices

20121.2 billion devices

BUTPCs are evolving

- New interfaces

- New form factors

The Post-PC era? Not yet.

7

Data source: ZDNetPhoto source: Fujitsu

66%

29%

5%

The multi-device user

1.96 mobile devices used for

work in 2012iPass Mobile Workforce Report,

2012(Tablets, smartphones and mobile phones)

All work and no playSmartphones and tablets add

2 hours to the working day

Source: Pixmania Study, telegraph.co.uk 31.10.12, Photo: Getty Images

BYOD: 5 Considerations

BYOD: The new IT challengeNew challenges for IT departments

IT needs tools to control devices

Mixed ownership

Many different apps

Network access

User is the admin

Compliance & security

Device Diversity

Enterprise vs. Personal Apps

IT productivity

1. Users

Users have different needs

I am IT!My

smartphone is my lifeline

I need mobile access to my

sales data

iPads are great for

presenting

Know your users

100% 100% 20% 100%

50% 70% 10% 50%

30% 80% 10% 100%

5% 10% 15% 0%

100% 100% 100% 100%

2.5 2.7 1.3 2.5

SalesIT Office staff Remote workers

Smartphone

Tablet

Work remote

Manager

PC/Notebook

Devices/user

2. Devices

User devices

User-owned devices

- What happens in case of loss or theft?

- Can you wipe the device?

- What can you enforce?

- Can you block applications?

- How can you ensure data security?

Narrowing down

Look at experience in IT

Compare OS functionality

Decide which platforms

Define minimum OS version

Device model restrictions?

Device type restrictions?

The Acceptable Use PolicyScope

• Which devices does it cover?• Corporate and personal devices

Technical Requirements• Minimum OS• Encryption• Password• Anti-malware protection

User Requirements• What happens when…• Back up of personal data

3. Apps

• Potential risk from apps• Third-party app stores• Which workflows put sensitive data

on personal devices?• What regulations apply to your

region/industry?• How can apps benefit the mobile

user? • Promote collaboration with

supported tools

All about apps

• Distribute in-house apps

• Link to app store or upload

• Blacklist/Whitelist apps

• Deploy apps to devices

• Manage volume purchases

• iOS Managed Apps

• View installed apps

Mobile Application Management

Enterprise App Store

Secure collaboration, e.g. cloud

22

64% of people think cloud storage is risky but 45% still go right ahead and use it.

Sophos InfoSec Survey, 2012

Notebook

Cloud Storage

Mobile Device

The solution: End-to-end encryption

4. Infrastructure

Resources for BYODPersonnel• IT staff or dedicated resources• Decentralized management• Experience available

On premise solution, SaaS or Managed Service

Network infrastructure• WiFi set up• Connecting remote workers• Mobile access to internal systems

Stay productive

Application Control

Next Generation Firewall • Real-time reports• Completely block or

allow applications• Allocate bandwidth and

prioritize by shaping traffic to requirements

• Monitoring and reporting history

Priority for business

25

Hotspot guest accessProvide controlled and limited access• Managed, temporary

Internet access for guests and others

• Ticket management Password of the day Volume-based Time-based

26

5. Security

Widespread lack of awareness

89% = unaware

65% = unbothered

67% = unsecured

29

Explosion of Android malware

2010 2011 20120

10000

20000

30000

40000

50000

60000

70000

80000

No. of Android malware samples discovered each year

Security threats BYOD• An unsecured device means unsecured data

You can insure your devices – but what is your data worth?

• MDM helps enforce controls such as password, lock, etc. If you’re not sure, you’re not secure

• Protect Android devices with anti-malware protection Users can remove protection, so needs to be enforced

• Malicious websites can also target mobile users Apply web protection to keep web threats at bay

Keep malware at bay

Free Managed

5 Considerations for BYOD

1. Users

2. Devices

3. Apps

4. Infrastructure

5. Security

Choosing an MDM solution

Choose a flexible solution

Ensure it can grow with you

Look at security options

Look at licensing

Don’t bite off more than you can chew

Checklist for your BYOD solution

MDM Buyers Guide(registration required)

And what about costs?

1 user

2 devices

2 licenses

1 user 2 devices 1 license

Better option

@ 50$ / license = 100$

Additional resources

Mobile Security Toolkit

Smartphones and Tablets for Dummies

MDM Buyers Guide

Free Android Security App

Free Trial - Endpoint, mobile, data and web security licensed by the user—not the device

Complete Security

Email Data Endpoint Mobile Web Network

Clean up

Automation

Visibility Local self-help

WiFi security

Keep people working

Technical support

Access control

Intrusion prevention

Anti-malware User education

Data Control

Stop attacks and breaches

Firewall

Email encryption

Virtualization

Endpoint Web Protection

Mobile Control

Secure branch offices

Encryption for cloud

Live Protection

Mobile app security

Protect everywhere

Web ApplicationFirewall

URL Filtering

Anti-spam Patch Manager

ApplicationControl

Encryption

Device Control

Reduce attack surface

38

US and Canada 1-866-866-2802

NASales@sophos.com

UK and Worldwide + 44 1235 55 9933

Sales@sophos.com

nakedsecurity.sophos.com

Staying ahead of the curveStaying ahead of the curve

facebook.com/securitybysophos

twitter.com/Sophos_News

Sophos on Google+

linkedin.com/company/sophos