how multi-national organizations deal with data privacy on mobile devices
TRANSCRIPT
How Multi-National Organizations Deal with Data Privacy on Mobile Devices IBM MAAS360 AND IDC RESEARCH
Phil Hochmuth
September 7, 2016
Program Director, Enterprise Mobility IDC
Kaushik Srinivas IBM MaaS360 Product Management & Strategy IBM Security
2 IBM Security
Housekeeping items
Duration – 60 minutes
Submit your questions in the Q&A box located on
the left-hand side of your screen
Recording and slides will be emailed to you
How Multi-National Organizations Deal with Data Privacy on Mobile Devices
Sponsored by IBM
Phil Hochmuth
Program Director, Enterprise Mobility
IDC
Agenda Device definitions and BYOD trends
Adoption of BYOD, and mobility challenges
facing Multi-National Organizations
(MNOs)
Regional trends in BYOD, corporate-liable
device usage and device/OS types
Solutions for BYOD complexity: Enterprise
Mobility Management/Cloud-based
Solutions
Buyer Guidance
Q&A
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 4
Definitions of device types
Corporate-Liable Smartphones
• Corporate-liable smartphones include devices that
are purchased with company funds and owned by
the organization.
Individual-Liable Smartphones
• An individual-liable business smartphone is
purchased outright and owned by the individual
user, brought into the workplace.
Choose Your Own Device (CYOD)
• Employees are provided with a list of specific
mobile devices supported/approved by the
organization, and are able to choose their preferred
device from the list. Applies to both CL & IL.
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 5
BYOD
Poll Question
Does your organization have a formal BYOD
policy?
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 6
The BYOD Explosion
16.46
238.70
13.82
81.20
0.00
50.00
100.00
150.00
200.00
250.00
300.00
2007 2015
Business Device Shipment Growth 2007-2015
IL CL
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 7
8-year
CAGR: 40%
8-year
CAGR: 25%
Drivers for BYOD adoption
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 8
Why has your company decided to adopt an employee-liable model? (N=476)
31.1%
55.0%
63.0%
63.7%
0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0%
To demonstrate progressiveness from the IT Staffand company
To ensure that devices accessing the corporatenetwork have the correct security/policies in place
To allow users device choice
Cost savings for the company
(% of Respondents)
BYOD results: cost savings
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 9
Has your company, thus far, saved money by implementing an employee-liable model? (N=476)
(% of respondents)
5.7%
1.5%
23.7%
69.1%
0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0%
Don't know
Net loss – spending more than before through either greater Opex or Capex spending
No savings – same as before
Yes, net savings through reduced Opex or Capex spending
BYOD mobile OS support
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 10
Of the mobile operating systems you will be deploying, which operating systems are deployed for
employee-liable devices (individual pays for device and data plan) that access corporate data such as
corporate email or other corporate applications? (N=508)
(% of respondents)
24.2%
46.9%
47.0%
51.2%
0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0%
BlackBerry
Windows OS
Android
iOS
Formal BYOD adoption
[VALUE] [VALUE]
39%
37%
6%
10%
14% 20%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
MNO Domestic
Device Deployment Approaches
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 11
Governance around BYO and corporate mobile
devices lags the reality of broadening adoption
Similar maturity profiles for security, TEM,
apps…
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 12
BYOD Regional Variance
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 13
[VALUE]
23%
80% 77%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2015 2020
USA
81% 73%
19% 27%
2015 2020
WE
Corporate Liable
8% 10%
92% 90%
2015 2020
APeJ
Corpor…
73%
61%
27%
39%
2015 2020
JAPAN
Percentage split of CL/BYOD device shipments per region: 2015 & 2020
Mobile Deployments among MNOs:
It gets more complicated
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 14
0% 5% 10% 15% 20% 25%
Vendor or provider did not have the necessary expertiseto deliver the project
Uncertain or negative ROI
Version control issues between mobile OSes,applications, and/or enterprise applications
Project scope extended or changed leading up to, orduring, the actual deployment
Minimal interest/adoption by mobile workers in theorganization
Lack of resources to support projects (IT staff,application developers, etc.)
Too complicated to install, manage, and support
Cost Overruns
Integration Issues
Security/compliance issues
MNOs Non-MNOs
Poll Question 2
What are the main drivers for EMM data privacy
in your organization?
A. Regulations & Compliance
B. Company policy
C. Both
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 15
Regulatory/Security Specifics
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 16
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
Leaked or exposed sensitive data as a result of mobileapp usage by contractor or partner
Unauthorized access to sensitive data/systems via amobile app by an a contractor or partner
Leaked or exposed sensitive data as a result of mobileapp usage by employees
Unauthorized access to sensitive data/systems via amobile app by an employee
Lost/stolen device with sensitive data
Regulatory/Compliance-related issues (i.e. HIPPA, PCI,SOX, GLBA, etc.)
Security/Compliance Challenges
MNOs NON-MNOs
Regional business device considerations
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 17
LATAM: Android
dominates both
BYO & CL:
>75% of all
devices
iOS
dominates
Japan: 74%
BYO, 64% IL >50% of US
BYOD and CL
smartphones
are Apple iOS
EMEA: ~50% of
IL devices are
Android; 40%
iOS. Windows
is ~8%
APeJ: Android
90% BYO
67% CL
Two examples of regional regulatory/legal
challenges to BYOD
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 18
! EU GDPR
General Data
Protection Regulation
! CA
Court Ruling Colin Cochran v.
Schwan’s Home Service
Enforces reimbursement for employees using BYO devices
Broad-reaching implications around data protection, encryption, privacy, breach notifications
Cost, speed, scale, and simplicity
catalyze cloud adoption
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 19
Source: IDC 2015 Mobile Enterprise Software Survey
Enterprise Mobility Management’s Expanding
Functional Horizons
20
Mobile Device Management
Mobile Application Management
Mobile Enterprise App Store
App Containerization Mobile Content
Management Managing the Internet
of Things
Data security and policy enforcement are essential elements across
functional areas
Common policy enforcement across mobile devices, apps and data,
regardless of deployment model (BYOD, CYOD, CL)
Deployed from the cloud (EMM-as-a-Service), functionality can be
extended to employees spanning multiple regions
Buyer Guidance
Regional Knowledge: Become familiar with regional privacy laws and regulations around mobile devices, data and cloud service usage in all regions your organization has operations or personnel.
• What types of workers are operating in these regions: “badged” employees, contractors, subsidiary employees, etc. Native/local employees or relocated/transplant workers from headquarters
• Adapt to device usage trends and preferences in specific regions. Plan to accommodate BYO (LATAM/APAC) and CL (i.e. W. Europe/Japan).
Build mobile device and application policies first, device polices should follow. Building a data- and app-centric management/security infrastructure will scale better across both BYOD and CL scenarios
Data-First: Mobility means corporate data will be at rest and in motion on a large, heterogeneous set of endpoints. Security philosophy and policy should safely start with the integrity of data, compliance, and corporate governance.
Usability a Close Second: Security should be part of every major decision related to data access – but you also need to think about people/processes and how they might disrupt your best laid plans.
© IDC Visit us at IDC.com and follow us on Twitter: @IDC #EMMSecurity 21
Poll Question 3
What would be the biggest hindrance to
adoption of SaaS for EMM in your organization?
A. Regulations
B. Data Security & Privacy concerns
C. Other
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 22
IBM MaaS360 SaaS Security and Privacy Controls Local Presence with Global Reach
Kaushik Srinivas Strategy & Offering Management @ IBM
24 IBM Security
Advanced data
protection
Apply configuration-based
malware detection
Browse securely with global
threat intelligence
Enable device-agnostic,
network-based protection
Enterprise visibility
and control
Extend visibility to any
endpoint, anywhere
Create intelligent policies &
compliance rules
Detect and remediate risks &
advanced threats
Secure, seamless
access
Contain data with secure
productivity apps
Grant contextual access &
SSO to cloud apps
Provide multi-factor
authentication
IBM MaaS360 delivers secure productivity for enterprise
25 IBM Security
What is the Value of MaaS360 Enterprise Mobility Management (EMM)?
MaaS360 EMM enables enterprises to secure data on mobile devices –
with no visibility to the data itself
• Configure and de-configure mobile devices
• Distribute, configure and delete managed apps
• Deliver and delete documents
What MaaS360 does not do:
• Does not read or have access to any end user data, such as emails, documents and
app data
• MaaS360 is not in-line – emails do not flow through MaaS360, but flow directly from the
email server to the device
• Encrypted traffic through IBM MaaS360 Mobile Enterprise Gateway for per-app VPN,
document management, and secure browsing
• On-device container apps are encrypted – with no data access by MaaS360 cloud
26 IBM Security
Local Presence with Global Reach
Location proximity to customer
• Customer Data not moved out of data center to a different geo
• Customers have choice of which data center to deploy on
Data center locations:
• USA
• Europe
• Asia-Pacific
Security of data centers
• All data centers encrypted AES-256
Certifications and regulatory approvals to operate best-in-class cloud
27 IBM Security
Complete privacy & security… Along with best in class UX
• SaaS with IBM MaaS360 is the best way
to deploy EMM
• Minimal user information is visible to
MaaS360 cloud and admins
• Customer and end user privacy is always
respected, with no information available
on the MaaS360 cloud
• Certifications and compliance with
regulations, include NIST, ISO 27001,
AICPA SOC-2 Type II, FISMA and
FedRAMP, ensuring the highest levels of
security and privacy controls
28 IBM Security
Next steps
Demo
Participate in a
deep-dive demo
with our experts
Deploy
Start managing and
securing your mobile
environment
Evaluate
Set up and
configure your
custom trial service
1 2 3
Questions? SUBMIT YOUR QUESTIONS TO THE Q&A WIDGET
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express
or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of,
creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these
materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may
change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and
other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks
or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise.
Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or
product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are
designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective.
IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT
OF ANY PARTY.
FOLLOW US ON:
THANK YOU