1

BYOD: Striking a BalanceEmployee Privacy and IT Governance

Presented by Jonathan Dale and special guest Chris Hazelton from 451

Research

2

Today’s agenda

• Setting the scene

• The need for control

• Greater impact of BYOD

• Risk/benefit assessment

• Striking a balance

2

BYOD: Striking a BalanceEmployee Privacy and IT Governance

Chris Hazelton Research Director, Mobile & Wireless

451 Research is the flagship brand of The 451 Group and is focused on the business of enterprise IT innovation. 451 Research analysts provide critical and timely insight into the competitive dynamics of innovation in emerging technology segments including Information Management, Security, Mobility and Datacenter Technologies.

The 451 Group

Tier1 Research is a single-source research and advisory firm covering the multi-tenant datacenter, hosting, IT and cloud-computing sectors, blending the best of industry and financial research.

Uptime Institute is ‘The Global Data Center Authority’ and a pioneer in the creation and facilitation of end-user knowledge communities to improve reliability and uninterruptible availability in datacenter facilities.

TheInfoPro is a leading IT advisory and research firm that provides real-world perspectives on the customer and market dynamics of the enterprise information technology landscape, harnessing the collective knowledge and insight of leading IT organizations worldwide.

ChangeWave Research is a research firm that identifies and quantifies ‘change’ in consumer spending behavior, corporate purchasing, and industry, company and technology trends.

IT spending for Q2 2012

451 Research, ChangeWave Research, Feb 2012n: 1,604

Growth of tablet use in the enterprise

451 Research, ChangeWave Research, Feb 2012n: 1,604

7

Fiberlink Poll – Question Number One

Describe your organization’s tablet adoption strategyA. Not purchasing, nor permitting

personally-owned tabletsB. Not purchasing, but allowing

personally-owned tabletsC. Purchasing tablets in bulk, no

personally-owned tabletsD. Purchasing tablets in bulk and

allowing personally-owned tablets

Tablet market by OS for Q2 2012

451 Research, ChangeWave Research, Feb 2012n: 1,604

iOS vs. Android in the Enterprise

451 Research, ChangeWave Research, Feb 2012n: 1,604

19.4%

76.9% Employee owned devices not allowed

Aggregate of policies that allow BYOD

Consumerization outpacing corporate liable

• Overwhelming majority permit employee liable devices• 67.8% aware of devices, have

policies in place• 9.1% have no policy

451 Research Enterprise Mobility Survey, April2012n: 165

11

Fiberlink Poll – Question Number Two

What approach has your organization taken towards BYOD program implementation?A. Already implemented a BYOD programB. Will implement BYOD in next 6 monthsC. Plans to evaluate and purchase a MDM

solution prior to BYOD implementationD. No BYOD program; no plans for

implementation

Why is Mobile Device Management needed for BYOD

• Implement iOS and Android as alternative to BlackBerry devices• Increase mobile security and compliance enforcement• Extend applications and content to devices• Reduce the cost of supporting mobile assets• Allow employees to use their own devices

Why MDM is good for End-Users and IT

Mobile is your primary device in work and life…protect enterprise data

…also protect your personal data

What BYOD means to End-Users

BYOD provides…• More flexible work schedule • Mobile extends work day – but work how you want• Users can choose the device they want• Multiple devices – same apps and services

What BYOD means to IT

BYOD

iOSAndroidBlackBerryWindows

Tablets & Smartphones

Apps

Data SecurityCompliance & Regulations

End User Privacy

Competitive Advantage

Customer Experience

Real world risks

Protect your customers, protect your company • Mass 201 CMR 17.03• 3(c) Developing security policies for employees relating to the storage,

access and transportation of records containing personal information outside of business premises.

• 3(e) Preventing terminated employees from accessing records containing personal information

What MDM allows IT to do

Where MDM brings value• Quickly configure your device• Set security policies and enforcement rules• E-mail enablement• Troubleshoot device issues• Find your lost device• Wipe personal data when needed• Wipe only corporate data • Push the apps you need• Be compliant with regulations• … and much more

What End-Users are concerned about

Can “Big Brother”• Locate where I am at 3am on a Saturday night?• See which personal apps I have installed?• Wipe my personal music and pictures without asking?• View my browser history?

19

Fiberlink Poll – Question Number Three

What measures have your organization taken to account for end-user privacy?A. Not fully aware of privacy implications;

looking to address moving forwardB. Have implemented specific measures

to account for privacy needsC. No plans to protect privacy of

personally identifiable information at this time

What can IT do?

What IT can do to satisfy corporate governance and end-user privacy1. Educate end-users2. Don’t go it alone3. Set the ground rules4. Hands off personal data5. PII is TMI

Educate, educate, educate…

Successful BYOD programs• Openly inform users why it is important to have MDM solution• Explain what IT can and can not do to their personal device• Has formal acceptable use policies• Educate users about the additional risks posed by mobile devices• Both corporate data and personal data risks

Don’t go it alone

Engage Human Resources and Legal• Communicate business need to current employees• Continuation of business • Security for all data – personal, customer, and IP

• Include mobile policies in new employee training• Device choice is an employee benefit• Set the expectation of device responsibility from the start

Setting the ground rules

Rolling out MDM• Start with basic but critical policies • Password protection is good for everyone

• Strong but acceptable passwords• Limit password attempts• Control device inactivity

Hands off personal data

Corporate data and personal data• Awareness of apps access corporate data• Control the movement of corporate documents

Privacy for personal mobile apps• Mobile Banking• Social Networks• Healthcare apps

PII is TMI

Certain MDM vendors make it possible to satisfy end-user concerns about privacy of their personal information• Disable administrators from viewing end-user’s personal application

inventory; restricted only to apps that appear in the corporate app catalog• Deactivation of location services; geographical coordinates, WiFi SSID

and IP address all remain private

26

MaaS360: Agility of the cloud for the pace of change in mobility

• Fast deployment– Simple provisioning processes– Intuitive user interface

• Effortless scalability– Instantly turn up devices, users,

apps– Start small and easily expand up

• Automatic upgrades– Continuous updates available

instantly– No ongoing maintenance

• Unmatched affordability– Zero infrastructure needed– All inclusive subscription price

model

27

Thank You! Questions?