byod: striking a balance. employee privacy and it governance
DESCRIPTION
Special guest Chris Hazelton of the 451 Group joins Fiberlink to discuss how mobile device management can meet the needs of IT and employees by protecting personal information. Learn more: http://trials.maas360.com/forms/register_service_m.php?id=320&A=SM_slideshare&O=RPTRANSCRIPT
1
BYOD: Striking a BalanceEmployee Privacy and IT Governance
Presented by Jonathan Dale and special guest Chris Hazelton from 451
Research
2
Today’s agenda
• Setting the scene
• The need for control
• Greater impact of BYOD
• Risk/benefit assessment
• Striking a balance
2
BYOD: Striking a BalanceEmployee Privacy and IT Governance
Chris Hazelton Research Director, Mobile & Wireless
451 Research is the flagship brand of The 451 Group and is focused on the business of enterprise IT innovation. 451 Research analysts provide critical and timely insight into the competitive dynamics of innovation in emerging technology segments including Information Management, Security, Mobility and Datacenter Technologies.
The 451 Group
Tier1 Research is a single-source research and advisory firm covering the multi-tenant datacenter, hosting, IT and cloud-computing sectors, blending the best of industry and financial research.
Uptime Institute is ‘The Global Data Center Authority’ and a pioneer in the creation and facilitation of end-user knowledge communities to improve reliability and uninterruptible availability in datacenter facilities.
TheInfoPro is a leading IT advisory and research firm that provides real-world perspectives on the customer and market dynamics of the enterprise information technology landscape, harnessing the collective knowledge and insight of leading IT organizations worldwide.
ChangeWave Research is a research firm that identifies and quantifies ‘change’ in consumer spending behavior, corporate purchasing, and industry, company and technology trends.
IT spending for Q2 2012
451 Research, ChangeWave Research, Feb 2012n: 1,604
Growth of tablet use in the enterprise
451 Research, ChangeWave Research, Feb 2012n: 1,604
7
Fiberlink Poll – Question Number One
Describe your organization’s tablet adoption strategyA. Not purchasing, nor permitting
personally-owned tabletsB. Not purchasing, but allowing
personally-owned tabletsC. Purchasing tablets in bulk, no
personally-owned tabletsD. Purchasing tablets in bulk and
allowing personally-owned tablets
Tablet market by OS for Q2 2012
451 Research, ChangeWave Research, Feb 2012n: 1,604
iOS vs. Android in the Enterprise
451 Research, ChangeWave Research, Feb 2012n: 1,604
19.4%
76.9% Employee owned devices not allowed
Aggregate of policies that allow BYOD
Consumerization outpacing corporate liable
• Overwhelming majority permit employee liable devices• 67.8% aware of devices, have
policies in place• 9.1% have no policy
451 Research Enterprise Mobility Survey, April2012n: 165
11
Fiberlink Poll – Question Number Two
What approach has your organization taken towards BYOD program implementation?A. Already implemented a BYOD programB. Will implement BYOD in next 6 monthsC. Plans to evaluate and purchase a MDM
solution prior to BYOD implementationD. No BYOD program; no plans for
implementation
Why is Mobile Device Management needed for BYOD
• Implement iOS and Android as alternative to BlackBerry devices• Increase mobile security and compliance enforcement• Extend applications and content to devices• Reduce the cost of supporting mobile assets• Allow employees to use their own devices
Why MDM is good for End-Users and IT
Mobile is your primary device in work and life…protect enterprise data
…also protect your personal data
What BYOD means to End-Users
BYOD provides…• More flexible work schedule • Mobile extends work day – but work how you want• Users can choose the device they want• Multiple devices – same apps and services
What BYOD means to IT
BYOD
iOSAndroidBlackBerryWindows
Tablets & Smartphones
Apps
Data SecurityCompliance & Regulations
End User Privacy
Competitive Advantage
Customer Experience
Real world risks
Protect your customers, protect your company • Mass 201 CMR 17.03• 3(c) Developing security policies for employees relating to the storage,
access and transportation of records containing personal information outside of business premises.
• 3(e) Preventing terminated employees from accessing records containing personal information
What MDM allows IT to do
Where MDM brings value• Quickly configure your device• Set security policies and enforcement rules• E-mail enablement• Troubleshoot device issues• Find your lost device• Wipe personal data when needed• Wipe only corporate data • Push the apps you need• Be compliant with regulations• … and much more
What End-Users are concerned about
Can “Big Brother”• Locate where I am at 3am on a Saturday night?• See which personal apps I have installed?• Wipe my personal music and pictures without asking?• View my browser history?
19
Fiberlink Poll – Question Number Three
What measures have your organization taken to account for end-user privacy?A. Not fully aware of privacy implications;
looking to address moving forwardB. Have implemented specific measures
to account for privacy needsC. No plans to protect privacy of
personally identifiable information at this time
What can IT do?
What IT can do to satisfy corporate governance and end-user privacy1. Educate end-users2. Don’t go it alone3. Set the ground rules4. Hands off personal data5. PII is TMI
Educate, educate, educate…
Successful BYOD programs• Openly inform users why it is important to have MDM solution• Explain what IT can and can not do to their personal device• Has formal acceptable use policies• Educate users about the additional risks posed by mobile devices• Both corporate data and personal data risks
Don’t go it alone
Engage Human Resources and Legal• Communicate business need to current employees• Continuation of business • Security for all data – personal, customer, and IP
• Include mobile policies in new employee training• Device choice is an employee benefit• Set the expectation of device responsibility from the start
Setting the ground rules
Rolling out MDM• Start with basic but critical policies • Password protection is good for everyone
• Strong but acceptable passwords• Limit password attempts• Control device inactivity
Hands off personal data
Corporate data and personal data• Awareness of apps access corporate data• Control the movement of corporate documents
Privacy for personal mobile apps• Mobile Banking• Social Networks• Healthcare apps
PII is TMI
Certain MDM vendors make it possible to satisfy end-user concerns about privacy of their personal information• Disable administrators from viewing end-user’s personal application
inventory; restricted only to apps that appear in the corporate app catalog• Deactivation of location services; geographical coordinates, WiFi SSID
and IP address all remain private
26
MaaS360: Agility of the cloud for the pace of change in mobility
• Fast deployment– Simple provisioning processes– Intuitive user interface
• Effortless scalability– Instantly turn up devices, users,
apps– Start small and easily expand up
• Automatic upgrades– Continuous updates available
instantly– No ongoing maintenance
• Unmatched affordability– Zero infrastructure needed– All inclusive subscription price
model
27
Thank You! Questions?