bYod strAtegY
Recognizing Critical Components
Necessary to Complete BYOD Plans:
Secure & Archived Mobile Communications
Executive Summary:
Companies have been slow to adopt
strong, practical BYOD policies and use
the proper tools to help enforce them.
This adoption is especially important
for organizations that do international
business in finance, health and the
public sector where laws require security
and archiving ability. Without secure
voice and text, mobile devices—with
their potential to increase productivity,
improve customer service, and ultimately
drive up revenue—have instead become
liabilities, ticking time bombs, just
waiting for the wrong communication to
By the time CellTrust’s Brian Panicko arrived, the damage had
already been done. A large banking firm that had incorporated a
“bring your own device,” or BYOD, policy had just been hit with the
unthinkable: fines ranging between $7 million and $15 million.
Why such hefty fines? The bank wasn’t properly tracking and archiving mobile
communications on its BYOD devices. Financial auditors found the bank’s BYOD policies weak and enforcement “wildly inconsistent.”
“They basically said this is a mess,” says Panicko, senior vice president of global sales strategy for CellTrust, a leading, pure-play enterprise mobile security provider with a rich history developing agent-based security solutions. “The users are texting on
personal devices and the firm is liable because it didn’t put controls in place through
policy nor use technology to prevent it.”
As BYOD gains in popularity, many companies are putting themselves in a precarious
position—especially organizations that do international business in finance, health
and public sector where laws require security and archiving ability. And most of these organizations have no idea how much risk they’re taking on with BYOD.
“Privacy laws are getting stronger not just in Europe, but also in Asia Pacific and South
America,” warns K Royal, vice president and assistant general counsel for privacy and compliance for CellTrust. “And regulators are monitoring and penalizing companies that are non-compliant.”
When it comes to BYOD,
the opportunities
for regulators to fine
organizations are vast
and growing rapidly.
Consider the following:
85%
88%
70%
85 percent say that mobile devices are a central part of everyday life, according to a 2014 Mobile Behavior Report from salesforce.com.
88 percent use mobile phones for work while on personal time, according to Gartner.
70 percent believe mobile
devices will replace office
phones, according to RingCentral. J.P. Morgan Chase moved in this direction recently when it eliminated all desk voice mails in favor of mobile voicemail—and announced it was dropping Blackberry in favor of BYOD devices.
Given these statistics and trends it shouldn’t be surprising that employees are using their devices for work, especially text messaging. In fact, 72 percent say they use texting for work purposes, according to a 2015 eSamp Survey. The trouble is many of them don’t seem to understand the ramifications of doing so, the survey shows:
Analysys Mason’s 2013 Connected Consumer Survey reveals even more significant BYOD trends.
While 52 percent of respondents use their personal mobile phone for work, 59 percent of BYOD activity was centered on incoming and outgoing calls, and a further 21 percent is attributable to SMS. These services do not require connection to the corporate network (either for connectivity or to access corporate data). CellTrust warns that companies small and large need to secure their data and IP and manage the proliferation of mobile devices that are accessing this data. Nonetheless, companies have been slow to adopt strong, practical BYOD policies and use the proper tools to help them enforce it. Thus, mobile devices—with their potential to increase productivity, improve customer service, and ultimately drive up revenue—have instead become liabilities, ticking time bombs, just waiting for the wrong communication to end up in the right regulator’s crosshairs. But technologies are available today that help solve this dilemma.
44%
66%
25%
44 percent use standard SMS when texting for work. That means they are using unsecure, consumer apps such as WhatsApp, WeChat or other programs.
25 percent of text messages
sent include confidential
information. 66 percent of employees
do not think texting is a security risk for their organization.
It’s Time to View Enterprise Mobility in a Whole New Way
Even those that have recognized the need to develop BYOD policies with Mobile Device Management (MDM), which helps control and manage smartphones and tablets, are vulnerable— and paying more than they need. That’s because most MDM strategies fail in two key areas:
They don’t optimize the revenue potential of a
mobile-first strategy
They miss the critical need to separate, secure
and archive mobile text messages and voice calls
In today’s complex, rapidly changing IT environment, businesses need a proven technology solution from a trusted partner—one that stays on top of developing technologies and device capabilities—and understands how leading with a
mobile-first strategy can result in big enterprise gains.
For example, with a comprehensive mobile strategy, organizations avoid fractured, one-off pursuits and instead encourage teams to:
• Share mobile expertise
• Measure benefits and act on insights • Foster a culture of continual improvement
Implementing a mobile-first strategy resulted in impressive gains for many
companies. According to an SAP, Enterprise Mobility Survey, companies that did so:
• Doubled employee productivity
• Saw 20 percent increases in revenue growth
• Enjoyed 4 times higher revenue margins
From revenue growth to productivity gains, enterprises with a defined mobile strategy and governance program get results. At the end of the day, IT business leaders need to ask themselves how an organization:
• Supports devices the organization did not purchase
• Handles devices residing on the network, even though they may not know the devices are on their network
• Secures the corporate networks and business data being accessed by employee- owned devices
• Differentiates corporate communications from personal communications on
The Need to Archive Text and Voice is Here
Initially, the security and compliance concerns around BYOD were somewhat solved through Enterprise Mobility Management (EMM) providers that helped deliver a secure workspace across mobile device, mobile app and mobile content management. It started with emails and progressed to full business application access.
However, there’s still a significant piece of the BYOD puzzle that is left unmanaged and unsecure—voice and
text messaging.
Consider that failure to meet electronic messaging compliance obligations was the No. 1 source of FINRA
fines in 2013. In many cases, firms were unable to
produce messages or prove appropriate supervision, according to a 2014 report from Sutherland.
For many companies, BYOD standards are just emerging, according to a report from the Association for Corporate Counsel. Employers recognize that there are both risks
and benefits when employees BYOD, but before personal
devices are allowed, a company must assess the privacy risks and lay down clear rules, the report warns. BP, for instance, allows some employees to BYOD, but restrictions apply; emails must be sent or received via a proprietary app, for example. If a device is lost, BP sends a kill message to the phone.
In addition, many firms overestimated the cost savings
they would enjoy with their BYOD policies, Panicko
says. For example, some firms were paying BYOD
stipends of $100, when the employee’s entire mobile phone bill was only $90.
“But these companies had no way to measure what percentage of the use was actually for work versus personal,” Panicko says.
Clearly, businesses want this type of EMM-style solution to easily allow work and personal voice and text on a single device, yet keep the business and personal details separate. But until recently, the only options were costly, disparate solutions with device limitations or limited features and functionality, that didn’t present a viable, secure, enterprise-wide solution.
But today, thanks to CellTrust, that’s all changed.
With the CellTrust solution, businesses can pay about $40 a month for secure voice and text and know what’s work and what’s not with split billing for personal and work. “So you have this ability to not only get rid of hardware costs and reduce carrier chargers, but also to walk away and no longer have to pay a stipend,” he adds.
Minimal or no confidence in ability
to produce messages if requested
email Twitter Facebook LinkedIn Text/SMS
2%
20%
26%
27%
59%
Split Billing Personal
Pays $50 Business Pays $40
• Personal apps & data • Business data not
billed
• Private & secure
• Business apps & data • One subscription • Convenient billing
Seamlessly Manage Work and Personal Calls and Text on a Single Device
One Solution Satisfying all Strategies
Deployed as SaaS or on-premise, customer-hosted environment, CellTrust SecureLine™ operates securely within a variety of enterprise MDM/EMM environments.
Working with its partner Good Technology™, which made a name for itself in the EMM space, CellTrust has developed an app that works on iOS or Android, that allows businesses to manage voice and text messages on personal devices with the same level of control, security and integration they enjoy with data applications.
Because the solution is bundled with the Good app, the user-friendly interface helps ensure that workers will actually use the app and comply with mobile use policies.
“Users don’t want to be bogged down with mobile
apps that don’t improve their efficiency,” Panicko says.
“Giving them the ability to keep work and personal text and voice calls separate gives them the tools they need to be more productive.”
Under the hood, the app also ensures firms maintain
security. For example, any data that’s used within the app can only be shared within the app. That means a
user can’t copy a link from the CellTrust SecureLine™ app and paste into their personal text messaging app. “So you’re protecting yourself just like you would with a separate corporate liable device,” Panicko says. That combination of security and ease of use convinced Arizona Cyber Threat Response Alliance (ACTRA), Inc. to work with CellTrust for its BYOD government-focused security solution.
“The representatives of the multiple organizations
all work for different companies, so consequently
it is ‘BYOD on steroids’—we need to have secure, compartmentalized communication capability between us and the iOS and Android users,” said Frank Grimmelmann, ACTRA’s President, CEO
and Intelligence Liaison Officer. “It is important
to communicate seamlessly across our member organizations with the representatives, and CellTrust is the solution.”
CellTrust SecureLine is an enterprise-level app that captures all incoming and outgoing calls made on a mobile device and provides audio recordings to help meet supervision and compliance needs. The app allows businesses to issue their workforce an Apple iOS™ or Android™ mobile phone, or allow employees to bring their own device—and be in
support of compliance. It offers voice, text and archiving. Here’s a closer look at each of those components.
Dual Persona:
Employees can confidentlycommunicate with colleagues, partners and clients knowing that their personal
communications remain private. Businesses have assurance that corporate assets, intellectual property and client contacts are protected. • Mobile business number: The user gets two
numbers—one for business, one for personal clearly separating data on a single device. • Split billing: Eliminate mobile device
reimbursements. Now the employee can be charged for personal calls, while business calls are applied to the company.
• Single number reach: Redirect calls to any phone or device giving employees the ability engage in secure business calls.
Archiving Capabilities: To help mitigate risk
and respond to eDiscovery and compliance, CellTrust delivers out-of-the-box integration with leading archivers to provide long-term archiving capabilities. Also, all administrative and operator activities are logged for server audit trails, and intrusion attempts are logged for intrusion detection reports. Key features:• Voice archiving: Efficiently and affordably
store voice conversations, particularly for highly
regulated industries such as financial services,
healthcare and government.
• SMS archiving: Keep electronic records of text messages ahead of regulatory audits.
• Reporting: Leverage administrative access in order to audit content, receive intrusion reports and follow audit trails.
• Email journaling: CellTrust SecureLine app users receive a daily email journal report with a convenient summary of their messaging.
Secure Text Messaging:
Efficiently stamp,track, log and archive business text messages featuring:
• Compliance: All text communications made using the app are time and date stamped, tracked, logged and can be archived for e-discovery in support of compliance.
• Secure messaging: A mix of server registration, multi-factor authentication and AES encryption, featuring unique dynamic keys and full key lifecycle management.
• Critical messaging: Ability to override the silent mode of a device for urgent messages. • Message status: Know when a message has
been delivered, opened and deleted.
• Discreet message lifespan: Define the duration
of a sent message’s availability and storage on the receiving device.
• Extended message size: Up to 5,000 characters by default through the mobile control channel and unlimited characters when messages are sent through data.
Secure Voice: Simple, powerful and secure voice
management featuring:• Compliance: Ensure calls made to and from the Mobile Business Number are in support of compliance with a variety of regulations, including SOX, GLBA and the Dodd-Frank Act in the United States; FSA and FCA in the United Kingdom; and MiFID II in Europe.
• Security: Offers powerful AES encryption and
traceability for highly sensitive calls using Wi-Fi, 3G, 4G and LTE network protocols for reliability and cost savings on roaming.
CellTrust Helps Deliver a Secure, End-to-End Mobile Strategy
CARR
IER
S
M
DM
/EM
M
ARC
HI
VE
DE
VIC
ES
CellTrust is much more than an app provider. Using its vast knowledgebase, CellTrust helps deliver a secure, end-to-end mobile BYOD strategy. It provides workforces with the most complete, secure and
integrated mobile enterprise solution —from planning, integration, implementation and execution— and takes device, carrier, EMM and archiving needs into full consideration.
Businesses that work with
CellTrust benefit from its
deep security roots and commitment to staying on top of the latest protocols. The company follows ISO standards and maintains the highest levels of security
certifications. “We’re a company
with a security backbone,” Panicko says.
And because CellTrust works with so many
different organizations, it can show firms where they
should be with BYOD voice and text security protocols and policies. “We’ve done a lot of homework and spent a lot of time to come in and provide a benchmark of what’s going on with their peers,” Panicko says.
One of the keys to creating smart, effective BYOD
policies is involving the right stakeholders.
“We connect privacy officers with
compliance, IT with security
and cyber security teams,”
Panicko says. “If you’re
not engaging the right
people and getting
feedback from all the
stakeholders, you’re
setting yourself up
for failure.”
Additionally, CellTrust provides a helpful library of video-driven training materials to ensure workers understand the technology—and that they will actually use it.
In the end, Panicko says the biggest mistake companies can make is ignoring the implications of BYOD voice and text security issues. “If you’re thinking about it now
for the first time, you’re already late to the game,” he
Brain Panicko
SVP, Global Sales Strategy Brian Panicko is responsible for leading CellTrust’s sales and business acquisition. Under Brian’s leadership, CellTrust’s customer base has grown to over 1,000 global organizations.
K Royal
VP, Assistant General Counsel and Privacy Officer
Ms. Royal brings a thorough perspective in global program implementation. Skilled in privacy law, breach management, compliance, training and program development, her areas of expertise center on privacy and regulatory law.
© Copyright 2015 CellTrust® Corporation, All Rights Reserved. Android™ is a trademark of Google, Inc. Trademarks featured or referred to within this CellTrust® document are the property of their respective trademark holders. Such use of non-CellTrust trademarks is intended for reference of identification purposes only and does not indicate affiliation, sponsorship or endorsements of
About CellTrust
CellTrust is a global leader in collaborative and secure mobile communication with tracing and archiving capabilities and mobile aggregation across 200+ countries and over 800 carriers and mobile operators. CellTrust SecureLine archives and protects mobile communication content supporting enterprise mobile collaboration, eDiscovery and
major global regulatory compliance for financial services, government and healthcare. Learn more at www.celltrust.com.
We know it’s not easy. In today’s complex, rapidly changing IT environment, businesses need of a trusted partner—one that stays on top of developing technologies and device capabilities—and understands how leading with a
mobile-first strategy can result in big enterprise gains. That’s where CellTrust
steps in as a trusted advisor, partner and expert, dedicated to guiding you through planning, integration, implementation and execution, resulting in a successful
mobile-first strategy.
We’re the mobility partner of choice across industries.
Whether it’s allowing your vast network of financial services professionals
to engage in secure mobile business conversations, next-generation paging
capabilities for healthcare providers, or ensuring staff privacy in accordance with federal and local regulations—CellTrust offers tailored solutions for the following
highly regulated industries.
