Preparing for Mobile Device Management & Bring your Own Device
Download as PPTX, PDF12 likes3,876 views
The document outlines mobile device management (MDM) and bring your own device (BYOD) strategies, emphasizing the importance of security and support for various mobile devices in a business context. It discusses key differences between MDM and mobile application management, as well as the benefits of BYOD, such as cost savings and increased productivity. Additionally, the document covers data classification, acceptable use policies, and available solutions for implementing MDM and BYOD successfully.
Preparing for Mobile Device Management & Bring your Own Device
- 1. Mobile Device Management and BYOD Charlie Hales and Nigel Robson 28th February 2014
- 2. Agenda • What is Mobile Device Management • Strategy • What is a Mobile Device? • Mobile Device Management vs Mobile Application Management • What is BYOD • What can MDM/BYOD do for business? • Where is your Data? • Acceptable usage policy • Defining the right solution • Some solutions available
- 3. What is Mobile Device Management? • Secures, monitors, manages and supports mobile devices of multiple operating systems, service providers and enterprises • Covers corporate and end user devices • Includes anything that is mobile (could include laptops, and non-windows devices). Enabler for users to access internal systems securely from any device and anywhere • Enables BYOD
- 4. Part of Overall Strategy • Build upon and integrate with existing policies – Desktop – Flexible and remote working – Application • Do you just use Windows devices? • Need to manage any type of device? • Any data management/classification in place currently?
- 5. Part of Overall Strategy – Many Devices, one solution? Client Management MDM Source Gartner Virtualisation
- 6. What are mobile devices?
- 7. What are mobile devices? This?
- 8. What are mobile devices? This?
- 9. What are mobile devices? This?
- 10. What are mobile devices? Or this?
- 11. What are mobile devices? It can be any of these!
- 12. What are mobile devices? But also these!
- 13. Mobile Device Management vs Mobile Application Management MAM • App delivery • App security • App updating • User authentication • User authorization • Version checking • Push services • Reporting and tracking MDM • All previous plus… • Remote Configuration • Security –including identifying compromised devices • Backup/Restore • Network Usage and Support • Mobile asset tracking and management • Remote Lock and Wipe • Device Provisioning • Software Installation • Troubleshooting and Diagnostic Tools • Policy Application • Logging and Reporting • Remote Control and Administration
- 14. What is BYOD?
- 15. • Save money – Reduce costs – Enable Flexible working – Increase Productivity – Increase Job satisfaction • Reduces risk and increase Security – Where is your data? – Consider this also for existing laptops What can MDM/BYOD do for business?
- 16. Survey • Who doesn’t have a smartphone? • Who has a BlackBerry? • Who uses their own smartphone for work purposes? • Is it managed by work? • Are you sure?
- 17. BYOD Business Survey Fully embrace and support 12% Embrace, but user self support 39% Limited BYOD Strategy 21% Trialing BYOD 18% Do not support BYOD 10% Source: zkresearch.com
- 18. Where is your Data?
- 19. ICO Website
- 20. ICO Website
- 21. ICO Website
- 22. Data Classifications Information Category Description Example Information Assets Public Information which is or can be made public. Advertisements Public web content Proprietary Information which is restricted to internal access and protected from external access. Unauthorised access could cause a drop in customer confidence, could influence operational effectiveness, cause financial loss or provide gain for competitors. Internal presentations Performance data Source code Proprietary knowledge Confidential Information received from Customers, or sensitive information about Customers and Staff. Customer Data Customer intellectual property Customer documents Customer backups Internal reports Restricted Highly sensitive information Limited access to specific individuals Passwords HR & Payroll Backups Card Data DPA Information
- 23. Data Classifications Category Public Proprietary Confidential Restricted Description: Prevent easy access without prolonged or determined access to the device Prevent access even with prolonged and determined access to device As per confidential and access is restricted to specific individuals Physical Media or Device Printed Media ok In possession of staff or customer In possession of staff or customer, within property Held in the safe or secure ICT Server room Mobile Phone ok PIN Coded PIN Coded & Remote Wipe not normally acceptable Laptop / Tablet ok User authentication Authentication & Encryption not normally acceptable Portable Storage ok Encryption Encryption Held in a safe PC ok User authentication Physically Secured within property or Encrypted Physically secured within property Cloud Storage ok Encrypted Encrypted not normally acceptable
- 24. Encryption • Device Encryption – Technology and Device dependant – The latest Windows devices will work with internal PKI or external Certs – IOS devices will work with Apple provided Certs which can be imported into most MDM solutions – Android has limitations • Application encryption – Managed through application development and provisioning
- 25. Design your BYOD Acceptable Use Policy • Privacy • Who pays for what • Third Parties • Work vs Play – Out of hours – During hours • Company responsibilities for personal data • Licencing • HR • Device Disposal • Litigation
- 26. Defining the right solution • What do you want to manage on the device? – Types of devices – PIN – Remote Wipe/Selective Wipe – Apps – Device/App Encryption
- 27. Defining the right solution • What do you want to manage on the device? – Integration with enterprise applications – Multi user profiles – Separation of personal and work data – Internet access – Advanced features • Data usage • GPS tracking
- 28. Example of device functionality Content removed when retiring a device Windows 8.1 Windows Phone 8 iOS Android Company apps and associated data installed by using Configuration Manager and Windows Intune Uninstalled and sideloading keys are removed. In addition any apps using Windows Selective Wipe will have the encryption key revoked and data will no longer be accessible. Uninstalled and data removed. Uninstalled and data removed. Apps and data remain installed. VPN and Wi-Fi profiles Removed. Not applicable. Removed. VPN: Not applicable. Wi-Fi: Not removed. Certificates Removed and revoked. Not applicable. Removed and revoked. Revoked. Settings Requirements removed. Requirements removed. Requirements removed. Requirements removed. Management Client Not applicable. Management agent is built- in. Not applicable. Management agent is built- in. Management profile is removed. Device Administrator privilege is revoked. Example for SCCM and Intune
- 29. Lots of solutions available • Dependant on requirements • Leverage what you already have if possible • Exchange Active Sync • SCCM with Intune • Other MDM providers – Apple device manager (IOS 7.1 still will have limitations though) – SaaS or on-premise – Some examples. Good Technology, Citrix, MobileIron, AirWatch (VMWare recent purchase)
- 30. Summary • Develop the right strategy • Define the requirements • What can MDM/BYOD do for your business? • Data Classification Policy • Acceptable usage policy • Defining the right solution • Choose the solution
- 31. Future Seminars • Use what you already have to enable MDM and BYOD on 25th April • MDM and BYOD technology providers and solutions on 23rd May • ‘Joining the dots’ of your applications and systems – The benefits of system integration on 14th March
- 32. Questions?
Editor's Notes
- #4: Blured line – mobilily is already part of the major workforces, it is no longer a question of whether to do/alow it or not, it is more which devices/OS’s are supported
- #10: NR
- #17: Not either or.. Highlight Myths MDM Corp – MAM BYOD – it’s not necessarily the case Apps need to be developed
- #18: Bring your own device (BYOD) (also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC)) refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications.[1] The term is also used to describe the same practice applied to students using personally owned devices in education settings http://en.wikipedia.org/wiki/BYOD
- #20: CH
- #21: BYOD is happening! Mobility is already part of the major workforces, it is no longer a question of whether to do/allow it or not, it is more which devices/OS’s are supported 10% who do not support are probably still being bypassed!
- #22: Emails Laptops Devices USB Direct Access/VPN Work folders (New to Windows 8) From the “cloud”. E.g. Office 365/Google Apps Rights Management Data classification User policies help, but without technology to enforce user error or misuse can still happen
- #23: DPA penalties and the ICO (Information Commissioners Office) – up to £500,000 and can lead to prison sentances http://ico.org.uk/enforcement/fines
- #28: NR
- #29: http://www.microsoft.com/en-gb/business/community/hints-and-tips/design-your-byod-acceptable-use-policy Lawyers are still arguing over the intricacies of BYOD Acceptable Use Policies (AUP). In truth, it is probably impossible to define a watertight legal framework at this moment. However, even the smallest company can benefit from identifying the challenges and mitigate them by having clarity on paper where possible. Our experts, Cesare Garlati (CG) and Jessica Keyes, Ph.D. (JK) offer this powerful Top Ten as a starting point: Privacy (CG). Mobile Device Management tools are the software which secure company information when it’s on a mobile device, whether connected to the company network or not. That’s fine when it’s a company computer, but what if you’re monitoring traffic on an employee’s PC? Without clear rights and responsibilities, this represents an invasion of privacy, or possibly even hacking. Who pays for what? (JK). When an employee uses their own device for both work and play, overages of both phone and data usage can easily occur. Who pays for what must be clearly spelled out. Your policy should precisely define which categories the business will cover, and which not. This will also indemnify you against any potential fringe benefit tax issues. Third Parties (CG). Personal devices are often shared around the family – think of the laptop or tablet which Dad shares with the kids, for example. Even a watertight acceptable use policy can’t be signed on behalf of other family members. Your employees cannot be held responsible for their kids’ use of a family device: if that affects your attitude to data, then it also ought to affect your attitude to BYOD. Work v. Play: what we do after hours (JK). The fundamental challenge of BYOD is differentiating between work activities and what employees do when off the clock. As ever, on a company-purchased device, AUPs can clearly define what users may do. On an employee-owned device, things are much less clearly defined. There are plenty of situations where an employee may be using their device, in their own time, and therefore the relevance of their actions may only be apparent because the company has been able to discover it at a later date; a discovery which would not have been possible if the home/work gulf had not been breached. What, for example, if an employee makes a defamatory or discriminatory remark on a social network, or even in a private email? Work v. Play: what we do in work (JK). The same issues apply on the job. Even on their own device, it’s unacceptable for an employee to engage in harassment, or to compromise workplace safety (for example by texting whilst driving). Company responsibility for personal data (CG). Garlati notes that his own son woke up one morning and, in an understandably desperate bid to play Angry Birds, tried multiple passwords on a tablet and thus triggered the Remote Wipe security function. That’s a great security tool, rightly mandated by the company to protect its data. But when the wipe occurred, what about all the personal photos etc. on the machine? It is arguable that the business could be responsible for them – even if the wipe was caused by a genuine thief! Licensing (CG). Home computers usually include home-use licensing of software. If that software is then used for commercial purposes, not only is the employee breaching the terms of their license, but the company can be accountable as an accessory to the license infringement. Microsoft offers licenses of Office software under Office 365 Small Business Premium to resolve precisely this problem. Your HR Conduct (JK). The electronic record of an employee’s device usage may be used against you- especially after acrimonious terminations. It could, for example, show that an employee is working all hours of the day and night (even without your knowledge) – which might bring up issues of liability for unrecorded overtime, or minimum wage problems. Device Disposal (CG). It’s an employee’s right to dispose of their old property however they want. There are apocryphal stories of phones left on planes and in taxis ending up on eBay. Businesses must, of course, require Remote Wipe functions to be activated, and an AUP should also include the condition that company data is rigorously removed before planned disposal. Litigation (CG). Finally, if your company should find itself mired in litigation, the court can seize devices for ‘e-discovery’; i.e. the hunt for electronic evidence; even if it’s a personally owned device. Your employee probably won’t get it back soon, if at all; and their personal content will likely be exposed.
- #33: http://www.macrumors.com/2014/02/17/ios-7-1-mdm/
- #34: CH