• No results found

The Bring Your Own Device Era:

N/A
N/A
Protected

Academic year: 2021

Share "The Bring Your Own Device Era:"

Copied!
5
0
0

Loading.... (view fulltext now)

Full text

(1)

White Paper

End Users Driving the Requirement

for BYOD Platforms

The Bring-Your-Own-Device (BYOD) to work phenomenon is already prevalent in many businesses. Although the percentage of employees using personal smartphones and tablets to access corporate applications may still be relatively small, studies estimate personal devices are in use at approximately 75 percent of all companies.

Whether or not your company has deployed a BYOD platform and developed usage policies, chances are good that many employees use their personal devices to tap into your corporate applications every day. This can happen via your wireless network, remote access or e-mail systems. In some cases, the IT department is not aware of all the personal devices accessing corporate networks. Such companies run a high risk of corporate data breaches and compliance violations.

As the popularity of smartphones and tablets grows exponentially, and as employees realize the benefits of instant access to the Internet and e-mail wherever they go, they now want to bring personal devices to work with the freedom to also interact with business applications. Employees also want to limit the number of devices they have to carry for business and personal use.

This trend, often referred to as the “Consumerization of IT,” has prompted many enterprises to create a BYOD environment so employees don’t have to carry separate devices for work and personal use. Many studies illustrate just how strong the movement is and why all businesses need to consider deploying a BYOD platform and policies—right now.

For example, Aberdeen reports 75% of all enterprise businesses are currently in the process of deploying a BYOD platform and policies. Gartner predicts 90% of all large enterprises will have completed the effort by 2012. But at the same time, it appears many firms may not be ready for BYOD as demonstrated by a SANS survey of 500 IT executives to measure their comfort level in taking on BYOD. In the report, less than 10% of IT executives indicated that they can document all the personal mobile devices connecting to their network. 31% revealed that their companies don’t have a BYOD policy.

The Bring Your Own Device Era:

Benefits Clearly Justify BYOD, but Businesses Must

Mitigate Security, Compliance and Application

Performance Risks

The Bring-Your-Own-Device (BYOD) era of corporate computing is here, and without a doubt, the demand by employees to use their own personal smartphones and tablets to conduct business tasks will continue to grow exponentially in the coming years. Businesses that do not meet this demand run the risk of data breaches and compliance violations.

BYOD is part of an evolution commonly referred to as the “Consumerization of IT,” where end-users insist on interacting with their business and personal applications their way—not as dictated by their corporate IT departments. Businesses must balance data security and compliance along with personal-device management and employee efficiency. However, relatively few companies have deployed mobile-device management platforms and policies that protect against lost or stolen devices, employee attrition, or malware. Without the proper measures in place, BYOD challenges can negate the multiple benefits that can be gained. This white paper presents a framework for successful BYOD implementation and how CIOs and their teams can effectively deploy and manage BYOD platforms.

(2)

White Paper

As shown by the data in these analyst reports, the time for organizations to prepare for BYOD has arrived. Those that act proactively before the number of personal-device users accessing the network increases substantially can protect their corporate assets while also capitalizing on the benefits that BYOD offers.

Corporate Benefits

Justify BYOD Platform

Deployment

The good news for businesses is that in addition to addressing the demands of end-users, adopting a BYOD platform with clearly-defined usage policies also generates multiple benefits:

Productivity Increase: With the ability for employees to easily switch from personal applications to corporate applications,

businesses are more likely to see increased productivity at night and on weekends outside of traditional working hours—especially if the mobile platform creates an easy-to-use, interactive environment.

Total Cost of Ownership Decrease: Many employees will opt to use their own personal devices for business purposes; enterprises thus reduce capital expenditures since fewer devices need to be purchased. Businesses also avoid mobile-device usage and Internet-access data plan costs. End users with their own devices also typically understand how the devices work to a greater degree; they thus do not require as much technical support.

Morale Improvement: Giving employees the freedom to bring their own device gives them more control over their

Benefits of Adopting BYOD Platform

Productivity Increase

Morale Improvement Total Cost of Ownership Decrease

computing environment and acknowledges the fact that business life and personal life both sometimes need attention. In addition to keeping current employees happy, the BYOD approach facilitates recruiting and employee retention.

Business Challenges

Require Specific Controls

Along with the benefits of BYOD come several challenges that businesses must address. This is particularly true of companies at which employees have already started using their personal devices before a platform with documented usage policies has been deployed. The problem may be much bigger than companies realize because it’s almost impossible to restrict access without very specific controls. Many businesses don’t have mechanisms in place—with both the visibility and access—for the following areas: Policy to Clearly Define Privileges and Expectations

The creation of a detailed policy is important so the company and all users are clearly aware of what’s allowed and the consequences for violating policies. This includes specifying which devices employees can use and the permission the company retains to wipe corporate data and applications should devices be lost or stolen, or should

employees leave the company. At the same time, the policy also needs to clearly state how personal applications will not be accessed and to what lengths the company will go to avoid wiping personal files. Creating BYOD policy can be

particularly challenging because many companies are not sure what to allow users to do and which restrictions to deploy. Many policies start out weak because BYOD privileges are usually first granted to senior managers who resist restrictions. This may be good for these end users, but it leaves the network vulnerable as other users are given privileges. Businesses need defined, role-based access rules that provide a framework against which security controls can be built to enforce the policy.

Technology to Allow Access While Maintaining Security

This involves investing in the design, configuration and deployment of technologies to support BYOD, such as a mobile-device management platform, which allows employees to access data and applications while giving IT control over the devices. The platform must also keep corporate data and applications secure should a device be hacked, stolen or lost

Compliance with Industry Regulations

For those companies in heavily-regulated industries, such as

(3)

White Paper

healthcare and financial services, the BYOD platform and policies must also ensure compliance with industry and government regulations when allowing personal devices to access corporate data—particularly personal client information. Without a secure platform in place, users are likely violating regulations and subjecting their companies to major fines. Sufficient IT Resources

Businesses will also need to augment their IT staffs with the necessary resources to provide technical support across the wide range of devices that employees are likely to want. This includes iPhone and iPad devices from Apple; Android smartphones and tablets from a host of manufacturers; Blackberry devices; and Microsoft Windows Phone devices.

Technology Challenges

Span Multiple Devices and

Operating Systems

When deploying a BYOD platform, IT teams face technical challenges to ensure corporate data and applications remain secure; all compliance requirements are adhered to; and that applications perform sufficiently so that

employees will want to interact often and not require frequent technical support. These endeavors are much easier said than done, because to truly embrace the spirit of BYOD, businesses need to allow employees to use the device of their choice. Only then can they generate the full extent of BYOD benefits—users spending more time interacting with corporate applications. The main technical challenge lies in deploying an environment that allows positive user experiences and enables sufficient application performance while also controlling corporate risk across all the available devices and

operating systems. IT must deploy technologies that protect data if devices are lost or stolen, or if an employee leaves the company. At the same time, IT must also respect the personal data and applications stored on employee devices. Without the proper balance, the company will be at risk, or employees will feel they are restricted and won’t use the devices to access corporate applications as often as the company would like. BYOD platform requirements also go well beyond the basic capabilities of wireless networks, which were first built primarily for corporate IT, guests visiting the company, or for the few people who needed to move around an office building. With an increasing number of BYOD users now

connecting to the wireless network, it’s creating a big strain. Wireless networks thus need to be

re-designed to handle the performance concerns as BYOD users increase. Support for All Four Major Device Platforms

When building a BYOD platform, IT will most likely have to support all four of the major mobile

platforms. This includes iOS (Apple) and Android devices, which have gained tremendous ground in the corporate space due to explosive

consumer-driven adoption. And although BlackBerry has lost market share in recent years, it remains the leading enterprise-mobility platform. Windows Phone devices will also most likely have a strong presence in the mobile-device market.

Blackberry devices, which are designed for corporate use, streamline the technical process for ensuring security, compliance and application performance. Unfortunately for IT from the BYOD security perspective, most people now opt for Apple and Android devices, so companies will need to prepare for these consumer-grade devices, which don’t offer as much security.

For example, iOS and Android devices do not come with the same level

of security as Blackberry corporate devices and traditional computing devices such as laptops and

desktops. Both iOS and Android offer encryption and password protection, but these features are easy for users to turn off.

Instead of the business having complete control, users can thus

(4)

White Paper

Five-Step Process for Deploying a BYOD Platform

add any downloads they want with various levels of configuration. Apple and Google (the developer of Android) will eventually offer devices with higher levels of security, but the market is already flooded with devices that do not stand up to most corporate security and compliance standards.

While Google has released OS versions for smartphones and tablets that support full-disk encryption, the majority of devices deployed in the field have not yet adopted these new OS versions. It will be at least a year before this encryption enforcement is prevalent.

Android devices present the biggest challenge for IT because Google created these devices with an open operating system. Thus, multiple variations exist across the many device manufacturers, their varying models, and the OS upgrades that occur on a regular schedule. These technical challenges can be overcome, but only if firms deploy an effective mobile device management platform accompanied by a clearly-defined usage policy.

Five-Step Process for

Deploying a BYOD

Platform

Before deploying a BYOD platform, companies should first assess their current environment followed by establishing objectives—both from a corporate perspective as well as an employee perspective. This should be followed by the establishment of policies to support the desired environment and then the deployment of the necessary technologies and processes to support that environment.

Following is an outline of a five-step approach that many companies have adopted to successfully deploy BYOD platforms:

1. Determine Corporate Objectives: This includes deciding which

privileges and capabilities to offer to users and the expectations from users in return. Some companies may want to limit the types of devices to be accommodated or the applications that personal devices can access. Others may open the entire system to all devices in order to increase employee productivity to the fullest extent possible. Companies should also consider if they want to offer BYOD capabilities to vendors, business partners, and customers. 2. Create Overall Strategy: This step includes the technologies to deploy and how to secure buy-in from all key stakeholders including senior management, IT and most importantly, the employees. Create a clear vision of the benefits the company expects to derive and the necessity to maintain security, compliance and application performance standards.

3. Assess Current Risk, Capabilities and Architectures:

This step should be conducted across all pertinent systems including wireless access, remote access and e-mail. This includes measuring the extent to which employee personal devices are already accessing corporate data and applications via these systems as well as the measures currently in place to ensure security, compliance and application performance.

4. Create a Policy with Standards and Procedures:

For this step, it helps to refer to best practices already developed by organizations such as SANS (See Appendix A).

The policy needs to clearly communicate to employees which devices they can utilize and which privileges they are receiving.

The policy also needs to clearly state the consequences of violating the

1

Determine Corporate

Priorities

2

Create Overall Strategy

3

Assess Current Risk,

Capabilities and Architectures

4

Create a Policy with

Standards and Procedures

5

Identify Gaps in Security

(5)

White Paper

usage guidelines and what will happen to personal applications and data if a device is lost or stolen, or if an employee leaves the company.

5. Identify Gaps in Security and Compliance:

Prioritize which technology and process gaps in these areas to close first. Then apply the necessary changes, such as the deployment of a mobile-device management platform, to close those gaps. One of the gaps to consider is the necessary technical support resources to help users with device issues.

As is the case with most technology deployments, the process outlined above is one that companies will need to repeat every 6-12 months to verify if the security, compliance, application performance and technical support gaps have remained closed as well as to discover if any new gaps have occurred. Businesses will also find it necessary to react to the new mobile device technologies that will undoubtedly continue to emerge as Apple, Android, Blackberry and Microsoft release new operating systems and as mobile-device manufacturers produce new models.

Taking the First Step: An Initial BYOD Readiness Assessment

Initial BYOD assessments can present a huge undertaking. A helpful way to start that many companies have taken advantage of is the complimentary Presidio BYOD Mobile Security Readiness Assessment. This online tool takes you through a quick series of questions and delivers an immediate high-level view of your current BYOD readiness and more importantly—your immediate risks.

This initial assessment also gives you a basic framework and helps prioritize which areas to address first to determine just how quickly you might need to react—particularly if security and compliance are at high risk levels. To start assessing your company’s readiness for BYOD, simply take a few minutes to complete the Presidio BYOD Mobile Security Readiness Assessment questionnaire.

For more information on preparing your company for BYOD, contact Presidio at (800) 452-6926 or visit our website at www.presidio.com.

Contact Us: www.presidio.com

Presidio is the leading provider of Professional and Managed Services for advanced IT solutions. We help our clients leverage technology to better connect with their employees, business partners and customers. We provide an extension to your IT team to drive innovation and reduce the time between technology investments and business impact.

More than 2,000 Presidio IT professionals, 1,000 of which are highly certified consulting engineers, are based in 50+ offices across the US. We serve our clients through a unique, local delivery model while capitalizing on our scale as a multi-billion dollar industry leader. We are passionate about driving results for our clients and delivering the highest quality of service in the industry. Experience the Presidio difference.

Presidio South

7601 Ora Glen Drive Suite 100 Greenbelt, MD 20770 800-452-6926 Presidio West 1955 Lakeway Drive Suite 220 Lewisville, TX 75057 469-549-3800 Presidio North 10 Sixth Road Woburn, MA 01801 781-638-2200 About Presidio Cited Resources

1. Aberdeen Group Survey, February 2011.

2. Gartner’s Top Predictions for IT Organizations and Users, 2012 and Beyond: Control Slips Away, November 23, 2011. 3. SANS Mobility/BYOD Security Survey, March 2012

References

Related documents

ProVerif [7] constitutes a well-established automated protocol verifier based on Horn clauses resolution that allows for the verification of observational equivalence and of

The synergies of Lean Management (Wincel and Krull, 2013), Appreciative Inquiry (Cooperrider and Srivastva 1987), and Participatory Action Research (Greenwood et al, 1993)

Furthermore, we use three different measures of financial sector development to assess the potential differential impact of each measure on private savings behaviour in the

The next stage of this action research project then was to develop practical strategies teachers, including myself, could adopt in their classrooms to support students to develop

The Campus Carlsbad (TCC) is comprised of three professional office and corporate headquarter buildings in a park like setting strategically located within the Carlsbad Research

This attitude paired with specialist expertise in both design and business management, as well as an understanding of design thinking methods can be seen as the foundation of

Curioso ressaltar que, embora o jornalismo de moda tenha sua origem nos impressos, especialmente nas revistas, e que a relação leitor e revista é entendida como um vínculo próximo

Политика, направленная на снижение уровня молодежной безработицы, должна предполагать опережающее развитие профессионального