how multi-national organizations deal with data privacy on mobile devices

How Multi-National Organizations Deal with Data Privacy on Mobile Devices IBM MAAS360 AND IDC RESEARCH

Phil Hochmuth

September 7, 2016

Program Director, Enterprise Mobility IDC

Kaushik Srinivas IBM MaaS360 Product Management & Strategy IBM Security

2 IBM Security

Housekeeping items

Duration – 60 minutes

Submit your questions in the Q&A box located on

the left-hand side of your screen

Recording and slides will be emailed to you

How Multi-National Organizations Deal with Data Privacy on Mobile Devices

Sponsored by IBM

Phil Hochmuth

Program Director, Enterprise Mobility

IDC

Agenda Device definitions and BYOD trends

Adoption of BYOD, and mobility challenges

facing Multi-National Organizations

(MNOs)

Regional trends in BYOD, corporate-liable

device usage and device/OS types

Solutions for BYOD complexity: Enterprise

Mobility Management/Cloud-based

Solutions

Buyer Guidance

Q&A

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 4

Definitions of device types

Corporate-Liable Smartphones

• Corporate-liable smartphones include devices that

are purchased with company funds and owned by

the organization.

Individual-Liable Smartphones

• An individual-liable business smartphone is

purchased outright and owned by the individual

user, brought into the workplace.

Choose Your Own Device (CYOD)

• Employees are provided with a list of specific

mobile devices supported/approved by the

organization, and are able to choose their preferred

device from the list. Applies to both CL & IL.


BYOD

Poll Question

Does your organization have a formal BYOD

policy?


The BYOD Explosion

16.46

238.70

13.82

81.20

0.00

50.00

100.00

150.00

200.00

250.00

300.00

2007 2015

Business Device Shipment Growth 2007-2015

IL CL


8-year

CAGR: 40%

8-year

CAGR: 25%

Drivers for BYOD adoption


Why has your company decided to adopt an employee-liable model? (N=476)

31.1%

55.0%

63.0%

63.7%

0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0%

To demonstrate progressiveness from the IT Staffand company

To ensure that devices accessing the corporatenetwork have the correct security/policies in place

To allow users device choice

Cost savings for the company

(% of Respondents)

BYOD results: cost savings


Has your company, thus far, saved money by implementing an employee-liable model? (N=476)

(% of respondents)

5.7%

1.5%

23.7%

69.1%

0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0%

Don't know

Net loss – spending more than before through either greater Opex or Capex spending

No savings – same as before

Yes, net savings through reduced Opex or Capex spending

BYOD mobile OS support


Of the mobile operating systems you will be deploying, which operating systems are deployed for

employee-liable devices (individual pays for device and data plan) that access corporate data such as

corporate email or other corporate applications? (N=508)

(% of respondents)

24.2%

46.9%

47.0%

51.2%

0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0%

BlackBerry

Windows OS

Android

iOS

Formal BYOD adoption

[VALUE] [VALUE]

39%

37%

6%

10%

14% 20%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

MNO Domestic

Device Deployment Approaches


Governance around BYO and corporate mobile

devices lags the reality of broadening adoption

Similar maturity profiles for security, TEM,

apps…


BYOD Regional Variance


[VALUE]

23%

80% 77%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

2015 2020

USA

81% 73%

19% 27%

2015 2020

WE

Corporate Liable

8% 10%

92% 90%

2015 2020

APeJ

Corpor…

73%

61%

27%

39%

2015 2020

JAPAN

Percentage split of CL/BYOD device shipments per region: 2015 & 2020

Mobile Deployments among MNOs:

It gets more complicated


0% 5% 10% 15% 20% 25%

Vendor or provider did not have the necessary expertiseto deliver the project

Uncertain or negative ROI

Version control issues between mobile OSes,applications, and/or enterprise applications

Project scope extended or changed leading up to, orduring, the actual deployment

Minimal interest/adoption by mobile workers in theorganization

Lack of resources to support projects (IT staff,application developers, etc.)

Too complicated to install, manage, and support

Cost Overruns

Integration Issues

Security/compliance issues

MNOs Non-MNOs

Poll Question 2

What are the main drivers for EMM data privacy

in your organization?

A. Regulations & Compliance

B. Company policy

C. Both


Regulatory/Security Specifics


0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Leaked or exposed sensitive data as a result of mobileapp usage by contractor or partner

Unauthorized access to sensitive data/systems via amobile app by an a contractor or partner

Leaked or exposed sensitive data as a result of mobileapp usage by employees

Unauthorized access to sensitive data/systems via amobile app by an employee

Lost/stolen device with sensitive data

Regulatory/Compliance-related issues (i.e. HIPPA, PCI,SOX, GLBA, etc.)

Security/Compliance Challenges

MNOs NON-MNOs

Regional business device considerations


LATAM: Android

dominates both

BYO & CL:

>75% of all

devices

iOS

dominates

Japan: 74%

BYO, 64% IL >50% of US

BYOD and CL

smartphones

are Apple iOS

EMEA: ~50% of

IL devices are

Android; 40%

iOS. Windows

is ~8%

APeJ: Android

90% BYO

67% CL

Two examples of regional regulatory/legal

challenges to BYOD


! EU GDPR

General Data

Protection Regulation

! CA

Court Ruling Colin Cochran v.

Schwan’s Home Service

Enforces reimbursement for employees using BYO devices

Broad-reaching implications around data protection, encryption, privacy, breach notifications

Cost, speed, scale, and simplicity

catalyze cloud adoption


Source: IDC 2015 Mobile Enterprise Software Survey

Enterprise Mobility Management’s Expanding

Functional Horizons

20

Mobile Device Management

Mobile Application Management

Mobile Enterprise App Store

App Containerization Mobile Content

Management Managing the Internet

of Things

Data security and policy enforcement are essential elements across

functional areas

Common policy enforcement across mobile devices, apps and data,

regardless of deployment model (BYOD, CYOD, CL)

Deployed from the cloud (EMM-as-a-Service), functionality can be

extended to employees spanning multiple regions

Buyer Guidance

Regional Knowledge: Become familiar with regional privacy laws and regulations around mobile devices, data and cloud service usage in all regions your organization has operations or personnel.

• What types of workers are operating in these regions: “badged” employees, contractors, subsidiary employees, etc. Native/local employees or relocated/transplant workers from headquarters

• Adapt to device usage trends and preferences in specific regions. Plan to accommodate BYO (LATAM/APAC) and CL (i.e. W. Europe/Japan).

Build mobile device and application policies first, device polices should follow. Building a data- and app-centric management/security infrastructure will scale better across both BYOD and CL scenarios

Data-First: Mobility means corporate data will be at rest and in motion on a large, heterogeneous set of endpoints. Security philosophy and policy should safely start with the integrity of data, compliance, and corporate governance.

Usability a Close Second: Security should be part of every major decision related to data access – but you also need to think about people/processes and how they might disrupt your best laid plans.

© IDC Visit us at IDC.com and follow us on Twitter: @IDC #EMMSecurity 21

Poll Question 3

What would be the biggest hindrance to

adoption of SaaS for EMM in your organization?

A. Regulations

B. Data Security & Privacy concerns

C. Other


IBM MaaS360 SaaS Security and Privacy Controls Local Presence with Global Reach

Kaushik Srinivas Strategy & Offering Management @ IBM

24 IBM Security

Advanced data

protection

Apply configuration-based

malware detection

Browse securely with global

threat intelligence

Enable device-agnostic,

network-based protection

Enterprise visibility

and control

Extend visibility to any

endpoint, anywhere

Create intelligent policies &

compliance rules

Detect and remediate risks &

advanced threats

Secure, seamless

access

Contain data with secure

productivity apps

Grant contextual access &

SSO to cloud apps

Provide multi-factor

authentication

IBM MaaS360 delivers secure productivity for enterprise

25 IBM Security

What is the Value of MaaS360 Enterprise Mobility Management (EMM)?

MaaS360 EMM enables enterprises to secure data on mobile devices –

with no visibility to the data itself

• Configure and de-configure mobile devices

• Distribute, configure and delete managed apps

• Deliver and delete documents

What MaaS360 does not do:

• Does not read or have access to any end user data, such as emails, documents and

app data

• MaaS360 is not in-line – emails do not flow through MaaS360, but flow directly from the

email server to the device

• Encrypted traffic through IBM MaaS360 Mobile Enterprise Gateway for per-app VPN,

document management, and secure browsing

• On-device container apps are encrypted – with no data access by MaaS360 cloud

26 IBM Security

Local Presence with Global Reach

Location proximity to customer

• Customer Data not moved out of data center to a different geo

• Customers have choice of which data center to deploy on

Data center locations:

• USA

• Europe

• Asia-Pacific

Security of data centers

• All data centers encrypted AES-256

Certifications and regulatory approvals to operate best-in-class cloud

27 IBM Security

Complete privacy & security… Along with best in class UX

• SaaS with IBM MaaS360 is the best way

to deploy EMM

• Minimal user information is visible to

MaaS360 cloud and admins

• Customer and end user privacy is always

respected, with no information available

on the MaaS360 cloud

• Certifications and compliance with

regulations, include NIST, ISO 27001,

AICPA SOC-2 Type II, FISMA and

FedRAMP, ensuring the highest levels of

security and privacy controls

28 IBM Security

Next steps

Demo

Participate in a

deep-dive demo

with our experts

Deploy

Start managing and

securing your mobile

environment

Evaluate

Set up and

configure your

custom trial service

1 2 3

Questions? SUBMIT YOUR QUESTIONS TO THE Q&A WIDGET

ibm.com/security

securityintelligence.com

xforce.ibmcloud.com

@ibmsecurity

youtube/user/ibmsecuritysolutions

© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express

or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of,

creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these

materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may

change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and

other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks

or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise.

Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or

product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are

designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective.

IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT

OF ANY PARTY.

FOLLOW US ON:

THANK YOU