byod security that works
TRANSCRIPT
-
8/11/2019 Byod Security That Works
1/12
BYOD SECURITY
WORKSFree Your Employees, Secure Your Data
THAT
-
8/11/2019 Byod Security That Works
2/12
BYOD SECURITY THAT WORKS | BITGLASS | 2014 2
The bring-your-own-device (BYOD) phenomenon hit enterprise
IT faster than a knife fight in a phone booth. You were cruising
along with your secure BlackBerry deployment and then your
CEO bought an iPhone and demanded access to her corporate
email. So you gave her access to the Microsoft Exchange
server, via Microsoft ActiveSync. Before long, iPhones started
popping up everywhere -- including the corporate cafeteria. A
few months later you checked the logs and found more than2,000 of them were connected via ActiveSync! Yikes!
A Knife Fight in a Phone Booth:
How we got from BY-NO to BYO
BYOD SECURITY THATWORKS
THE BYOD KNIFE FIGHT,
AS IT UNFOLDED ON THE WEB
Given MDMs failings, BYOD still presents asignificant challenge for most CIOs. In this
eBook, we take a step back and look at the larger
problem of implementing BYOD: Defining what
is important and protecting it. Cloud and mobile
technologies have changed the IT security
landscape irreversibly. Today, we access and
store data in radically different ways from a few
years ago. So why would we approach security in
the same old ways?
SEARCH INTEREST FOR THE TERM BYODSource: http://www.google.com/trends/explore#q=BYOD
2005 2007 2009 2011 2013
-
8/11/2019 Byod Security That Works
3/12
BYOD SECURITY THAT WORKS | BITGLASS | 2014 3
If youre like most IT security professionals, you
pushed back at first, urging employees to stick withtheir BlackBerries. At some point, you realized
this strategy was a losing battle, so you decided to
embrace BYOD. You still werent sure how.
The Initial ResponseThe startup world stepped in to save the day, offering
up Mobile Device Management (MDM) as a solution.
It sounded great now you could manage personal
mobile devices the same way you managed corporate-owned laptops, locking down Bluetooth and iCloud and
blacklisting applications that threatened productivity
or screamed data leak!
Employees are People TooBut as you might have predicted people rebelled
against the monitoring and management of their
personal devices. If they wanted to back up their
personal information to iCloud or play Candy Crush on
their days off, they had a right to do so. Your MDM solution
turned out to be more expensive and complicated than
you thought. And honestly, it hasnt offered any real peace
of mind about the security of your corporate data, either.
Yes, it has allowed you to configure devices, but it does
nothing to prevent data leakage or control inappropriate
usage of corporate data.
THE BYODREVOLUTION
TYPICAL CIO REACTION
TO BYOD THROUGH THE YEARS
2005 2007 2009 2011 2013
?
Heres yourBlackBerry.
No iPhonesallowed.
We surrender!Use what youlike!
Did we actuallysecure ourdata?
2005 2007 2009 2011 2013
-
8/11/2019 Byod Security That Works
4/12
BYOD SECURITY THAT WORKS | BITGLASS | 2014 4
DATA =$$$
YOUR COMPANYS
CREDIBILITY, REPUTATION,
AND COMPETITIVE
ADVANTAGES
ARE ON THE LINE.
Think about it: Why do we concern ourselves with securing the devices
that connect to our networks?Is it because the devices have some intrinsicvalue? Definitely not. Your CFO wouldnt lose sleep over the extrinsic value of
devices, even if they were company-owned.
Is it the applications were worried about, then? Of course not. Even
enterprise-grade mobile apps run in the $10 range at most, and application
licensing agreements likely cover apps on lost or stolen devices.
Clearly the dataon these devices represents orders of magnitude more value
than even a high-end tablet loaded with hundreds of costly apps. Whetherits information that helps you forecast, make business decisions or drive
efficiencies or about the intrinsic value of customer or employee data
corporate information is almost impossible to put a price tag on.
We witness on an almost weekly basis the cost of losing control of that data.
Recently, Target, Neiman Marcus, and Coca-Cola made headlines for data
breaches. Who knows whos next. From government agencies to international
banking conglomerates, no organization, it seems, is safe. Each time an
employee walks through the door with an iPhone and connects it to your
network or walks out the door with a company laptop, or connects in any
way to a business cloud application your companys credibility, reputation,
and competitive advantages are on the line.
-
8/11/2019 Byod Security That Works
5/12
BYOD SECURITY THAT WORKS | BITGLASS | 2014 5
Data on DevicesTheres no end in sight to the explosion of devices and data. Gartner predicts
that by 2017, most large companies will require BYOD,offering to subsidize
service plans instead of providing company smartphones, tablets, or even
PCs. In the future workplace, BYOD policies must expand to include an
increasing variety of device form factors and operating systems. Your next
BYOD program may include Windows and Mac laptops. The one after that
as the Internet of Things connects buildings, data centers and cars may
need to include the break room refrigerator as well as employee shoes and
automobiles.
MORE EMPLOYEES,MORE DEVICES
Analysts predict that by 2020,over 30 billion connected deviceswill be in use, compared to just
2.5 billion in 2009 .
- 2013 Gartner report
-
8/11/2019 Byod Security That Works
6/12
BYOD SECURITY THAT WORKS | BITGLASS | 2014 6
Data in the CloudIts impossible to talk about BYOD without talking about cloud applications.
Not only do smartphones and tablets contain hundreds of apps, but your
organization probably also uses cloud applications that those devices can
access.
The 2014 Bitglass Cloud Adoption Report confirms the viability of the business
cloud. By analyzing the publicly available, real-world traffic data of 81,253
companies, we found that 24 percent had already implemented Google Apps
or Microsoft Office 365. Companies deploying those applications across
large portions of their organizations are most likely moving in the directionof adopting the cloud as a strategic element of their business models. Their
employees are probably accessing email and work applications from their
mobile devices.
PLAN FOR A CLOUDY FUTURE
In a 2013 Gartner survey,a whopping 80 percent ofenterprise IT organizations saidthey planned to adopt cloudapplications by 2015.
- 2013 Gartner report
LETS FACE ITTHE BUDGET FOR BYOD SECURITY PROGRAMSMUST REMAIN IN LINE WITH THE BENEFITS
THAT BYOD OFFERS.
-
8/11/2019 Byod Security That Works
7/12BYOD SECURITY THAT WORKS | BITGLASS | 2014 7
Many IT organizations approached the BYOD
security problem by trying to control devices
and apps via Mobile Device Management
(MDM) and Mobile Application Management
(MAM) solutions. It was a logical direction,
given traditional thinking about the network
perimeter: Build a wall around the entire
network, including all connected devices and
their applications, to keep the bad guys out and
the data corralled. Unfortunately, there areseveral problems with this approach.
THE ELUSIVE SOLUTION:ARE WE OVER-THINKING THIS?
MDM ATTEMPTS TO LOCK
ALL ACCESS INTO AND OUT
OF THE DEVICE
MAM REPLACES CORPORATE APPS
WITH RECOMPILED VERSIONS THAT
INCLUDE SECURITY FEATURES.
Employees give up control of their devices
Limited protection against data leaks
Requires special development for each app on
each platformRuns into vendor licensing problems
Mobile web and APIs are easy work arounds
-
8/11/2019 Byod Security That Works
8/12BYOD SECURITY THAT WORKS | BITGLASS | 2014 8
38%
35%
29%
Found MDM hard to integrate
with other security technologies
Had problems scaling to support
a large number of users
Had difficulty with
implementation
Problem 1: Its too complex.
A recent Network World blog post calledthe market status of MDM deployments
elementary and immature. Why? The blog
cited ESG research determining that:Its no surprise. Realistically, how will you
scale any MDM solution when people begin
scanning email through special eyeglasses
while they work out on a network-connected
Stairmaster in the company gym wearing
network-connected running shoes?
Lets face it: The budget for BYOD security
programs must remain in line with the benefits
that BYOD offers. In this economy, no CIO can
expect ballooning headcounts and budgets to
match an out-of-control BYOD program.
3 PROBLEMS WITH MDM/MAM SOLUTIONS
Problem 2: Can I get some privacy in here?
The line between work and personal life grows ever more blurry, thanks inpart to mobile devices that allow us to stay in touch with work from wherever
we happen to be. Your phone contains grocery lists, notes to yourself, and
your doctors phone number as well as work email, contacts, and calendar.
You may use your phones browser to look up terminology in a client meeting,
but you probably use it just as often to manage your personal life.
Most CIOs see the blur of personal and work life as an unstoppable trend.
But most solutions in use today make no distinction between corporate and
personal data. If youre routing and inspecting traffic from an iPhone, youresweeping up personal emails along with company data logs. Most CIOs dont
relish the Big Brother persona, but these solutions force it upon them.
To make matters worse, MDM solutions install software on employee-
owned devices that try to control what they can or cannot do with that device.
Ultimately, such heavy-handed solutions drive todays employees toward
circumventing IT security policies and make your data less safe.
-
8/11/2019 Byod Security That Works
9/12BYOD SECURITY THAT WORKS | BITGLASS | 2014 9
Problem 3: You cant wrap the cloud.Many MDM and MAM solutions work well if your company is developing its
own applications, but dont extend so readily to those apps your employees
want to download from the app store, or even to third-party business cloud
apps. In many cases, cloud apps break when you try to wrap them with MAM
solutions. In other cases, wrapping breaks app vendor licensing agreements
or the vendors simply refuse to provide the binaries required to accomplish
such wrapping.
Real clouds dont have edges, and the clouds we use to store and manipulate
data dont either. Theyre porous, full of networked API connections that leadto places you may never think of, and they change constantly. The idea that
you could contain them in a manageable way is simply unrealistic.
3 PROBLEMS WITH MDM/MAM SOLUTIONS
Were finally reaching the pointwhere I.T. officially recognizeswhat has always been going on:People use their business devicefor non-work purposes. Theyoften use a personal device inbusiness. Once you realize that,youll understand your needto protect data in another waybesides locking down the fulldevice.
- David WillisVice President and Distinguished Analyst,
Gartner, Inc.
-
8/11/2019 Byod Security That Works
10/12BYOD SECURITY THAT WORKS | BITGLASS | 2014 10
TODAYS SOLUTION:FREE PEOPLE, SECURED DATA
To get to the good news in all this, you have to get past the old way of thinking
about your companys network perimeter. While it used to make sense toprotect data by securing the devices and applications within that perimeter,
the reality is that you no longer own or manage the devices and applications,
but you still own your data. Its more useful to think of perimeter in terms of
the smallest possible unit that of the data itself.
Todays emerging security technologies for cloud and mobile give IT
organizations more control, while also protecting employee privacy.
Persistent digital watermarking technology and data leakage prevention
make it possible to protect each piece of important data, rather than trying to
control an entire device or application. The advantages of this strategy offer a
revolution in the way todays CIO can approach IT security.
BITGLASS PROTECTS AND
MONITORS ONLY THE
CORPORATE DATA.
Device and app agnostic
Leaves employee data alone
-
8/11/2019 Byod Security That Works
11/12BYOD SECURITY THAT WORKS | BITGLASS | 2014 11
TODAYS EMERGING SECURITYTECHNOLOGIES FOR CLOUD AND
MOBILE GIVE IT ORGANIZATIONS
MORE CONTROL, WHILE ALSO
PROTECTING EMPLOYEE PRIVACY.
Time to Put the Knife AwayWhen you focus on what matters sensitivecorporate data answers to security
in todays cloud- and mobile-enabled
workplace become clear and relatively
simple. So step out of that cramped and
bloody phone booth and into a world of
data you can control. Things are a lot more
relaxed and a lot more secure out here.
1. This strategy frees people to work productively.
Happy and productive employees are much more likely to abide by securitypolicies than those who are handcuffed to containerized mail clients or
apps that make their job less efficient and enjoyable. Let employees use the
applications and devices that help them to be productive, and offer them a
familiar, native experience they wont think twice about following.
2. It simplifies mobile security.By securing each piece of data, you take complexity out of the system along
with a mountain of policies, management tasks, and other headaches. You
also create a security strategy that is completely independent of device typeor third party apps. Bonus!
3. It frees your organization to embrace new technology.Yes, you will continue to face new technology hurdles. Thats life in the
modern age. Its also how you stay competitive and become a leader in your
industry. Now your security team can help enable new apps and devices,
instead of looking at them with dread.
4. It minimizes costs.Today, its possible and advisable to deploy a simple, effective securitysolution with low overhead. Compare that to the ballooning costs of traditional
solutions, and its a no-brainer.
5. It respects employee privacy.Security solutions that transport, handle, or even inspect personal employee
communications are bad for morale, bad for productivity, and often ineffective.
Now you can put the security focus squarely on corporate data, completely
ensuring personal employee privacy.
THE NEW BYOD
-
8/11/2019 Byod Security That Works
12/12BYOD SECURITY THAT WORKS | BITGLASS | 2014 12
WHY BITGLASS?BYOD and Cloud are unstoppable trends. The benefits
are huge, but you can lose control of your data.
Regain control with Bitglass.
Secure BYOD Secure corporate data without MDM or agents
Prevent data leakage
Track and manage sensitive data Supports all PC and mobile platforms
Learn more at www.bitglass.com
+
FOR I.T.
SECURE CLOUD AND MOBILE.
FOR EMPLOYEES
PRIVACY AND UNENCUMBERED
MOBILITY.
SECURE BYOD IN MINUTES