from mobile device policy to bring your own device (byod)
TRANSCRIPT
![Page 1: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/1.jpg)
![Page 2: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/2.jpg)
From mobile devices to BYOD
Andrew Cormack, Chief regulatory adviser @Janet_LegReg
![Page 3: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/3.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 3
We like mobile computing
![Page 4: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/4.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 4
We like mobile computing
» Research and education aren’t just office hours
![Page 5: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/5.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 5
We like mobile computing
» Research and education aren’t just office hours
» Work wherever/whenever inspiration strikes
![Page 6: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/6.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 6
We like mobile computing
» Research and education aren’t just office hours
» Work wherever/whenever inspiration strikes
» Increased productivity
![Page 7: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/7.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 7
We like mobile computing
» Research and education aren’t just office hours
» Work wherever/whenever inspiration strikes
» Increased productivity
» Happier users
![Page 8: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/8.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 8
We like mobile computing
» Research and education aren’t just office hours
» Work wherever/whenever inspiration strikes
» Increased productivity
» Happier users
» Could your organisation cope without it?
![Page 9: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/9.jpg)
Policies
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 9
How we secure it
» De jure: the things we write down
![Page 10: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/10.jpg)
Policies
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 10
How we secure it
» De jure: the things we write down
» De facto: the things we do
› This sets policy: “email on any device”
![Page 11: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/11.jpg)
So how do we secure mobile computing?
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 11
AccessServer Device User
![Page 12: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/12.jpg)
So how do we secure mobile computing?
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 12
IMAP orweb or
VTTY ornone
AccessServer Device User
![Page 13: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/13.jpg)
So how do we secure mobile computing?
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 13
authenticationencryption
IMAP orweb or
VTTY ornone
AccessServer Device User
![Page 14: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/14.jpg)
So how do we secure mobile computing?
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 14
authenticationencryption
profilesmanagement
IMAP orweb or
VTTY ornone
AccessServer Device User
![Page 15: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/15.jpg)
So how do we secure mobile computing?
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 15
authenticationencryption
policiesguidancesupport
profilesmanagement
IMAP orweb or
VTTY ornone
AccessServer Device User
![Page 16: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/16.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 16
What do you do?
Discuss around table for 10 mins
Fill in the columns
![Page 17: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/17.jpg)
What’s the difference with BYOD?
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 17
authenticationencryption
policiesguidancesupport
profilesmanagement
IMAP orweb or
VTTY ornone
AccessServer Device User
![Page 18: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/18.jpg)
What’s the difference with BYOD?
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 18
authenticationencryption
policiesguidancesupport
profilesmanagement
IMAP orweb or
VTTY ornone
AccessServer Device User
![Page 19: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/19.jpg)
What’s the difference with BYOD?
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 19
authenticationencryption
policiesguidancesupport
profilesmanagement
IMAP orweb or
VTTY ornone
AccessServer Device User
![Page 20: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/20.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 20
What controls do you enforce on mobile devices?
![Page 21: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/21.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 21
» Passphrase, patches, anti-virus, firewall
» Encryption, remote wipe
» Safe downloading, account/directory separation
» Thinking about where you are
What we’d like…
![Page 22: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/22.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 22
» Passphrase, patches, anti-virus, firewall
» Encryption, remote wipe
» Safe downloading, account/directory separation
» Thinking about where you are
Feels like basic good practice…
What we’d like…
![Page 23: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/23.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 23
» Passphrase, patches, anti-virus, firewall
» Encryption, remote wipe
» Safe downloading, account/directory separation
» Thinking about where you are
Feels like basic good practice…
Actually, it’s the ICO’s recommendationsfor BYOD!
» Warns against MDM/tracking of non-owned devices
What we’d like…
![Page 24: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/24.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 24
How to be safe without device management?
Already rely on users for some controls
![Page 25: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/25.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 25
How to be safe without device management?
Already rely on users for some controls
» Their behaviour may already be biggest risk
![Page 26: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/26.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 26
How to be safe without device management?
Already rely on users for some controls
» Their behaviour may already be biggest risk
» Especially if they have admin rights!
![Page 27: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/27.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 27
How to be safe without device management?
Already rely on users for some controls
Possibly move some controls to server-side
» But tightening de facto policies on existing services is a hard sell
![Page 28: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/28.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 28
How to be safe without device management?
Already rely on users for some controls
Possibly move some controls to server-side
» But tightening de facto policies on existing services is a hard sell
Or, encourage users to implement them
![Page 29: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/29.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 29
How to be safe without device management?
Already rely on users for some controls
Possibly move some controls toserver-side
» But tightening de facto policies on existing services is a hard sell
Or, encourage users to implement them
» What do you lose with corporate mobile?
![Page 30: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/30.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 30
How to be safe without device management?
Already rely on users for some controls
Possibly move some controls to server-side
» But tightening de facto policies on existing services is a hard sell
Or, encourage users to implement them
» What do you lose with corporate mobile?
» What do you lose with BYOD?
![Page 31: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/31.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 31
Self-interest
![Page 32: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/32.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 32
Self-interest
81% employees don’t care about mobile security
![Page 33: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/33.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 33
Self-interest
81% employees don’t care about mobile security
Surely more care about their own devices?
![Page 34: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/34.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 34
Self-interest
81% employees don’t care about mobile security
Surely more care about their own devices?
Their BYOD security interests are same as ours
![Page 35: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/35.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 35
Self-interest
81% employees don’t care about mobile security
Surely more care about their own devices?
Their BYOD security interests are same as ours
» If they know why/how to do the right thing
![Page 36: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/36.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 36
Self-interest
81% employees don’t care about mobile security
Surely more care about their own devices?
Their BYOD security interests are same as ours
» If they know why/how to do the right thing
» Might BYOD even be more secure?
![Page 37: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/37.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 37
How might we help?
Discuss around tables for 10 mins:
» How to motivate
» How to support
And report back good ideas…
![Page 38: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/38.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 38
Good questions...
“What should I do if I lose it?”
“What should I do when I pass it on?”
![Page 39: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/39.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 39
Good questions...
“What should I do if I lose it?”
“What should I do when I pass it on?”
“How should I back up my device?”
![Page 40: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/40.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 40
Good questions...
“What should I do if I lose it?”
“What should I do when I pass it on?”
“How should I back up my device?”
“How do I share files with others?”
“How do I get new apps?”
…
![Page 41: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/41.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 41
BYOD plan
![Page 42: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/42.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 42
BYOD plan
1. Review existing measures for mobile devices
› Already accepted risk: don’t demand more of BYOD
› If risk now unacceptable, change mobile
![Page 43: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/43.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 43
BYOD plan
1. Review existing measures for mobile devices
› Already accepted risk: don’t demand more of BYOD
› If risk now unacceptable, change mobile
2. Prepare to support device owners
![Page 44: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/44.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 44
BYOD plan
1. Review existing measures for mobile devices
› Already accepted risk: don’t demand more of BYOD
› If risk now unacceptable, change mobile
2. Prepare to support device owners
3. Motivate device owners
› Should improve mobile security too
![Page 45: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/45.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 45
BYOD future
Design systems to be BYO-by-Default?
![Page 46: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/46.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 46
BYOD future
Design systems to be BYO-by-Default?
» Presume it is the norm
» Identify / configure systems and data that aren’t suitable for it
![Page 47: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/47.jpg)
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 47
BYOD future
Design systems to be BYO-by-Default?
» Presume it is the norm
» Identify / configure systems and data that aren’t suitable for it
BYOD will happen anyway
Much better to design for it than ignore it
![Page 48: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/48.jpg)
Questions?
Or, come and discuss this afternoon…
![Page 49: From mobile device policy to bring your own device (BYOD)](https://reader034.vdocuments.us/reader034/viewer/2022042615/55ac1d181a28ab64258b4694/html5/thumbnails/49.jpg)
BT paper» btplc.com/News/Articles/ShowArticle.cfm?ArticleID=F5E90F45-
966A-4872-8CF6-C2C32F608541ICO on BYOD» ico.org.uk/for_organisations/data_protection/topic_guides/online/byodCESG» gov.uk/government/collections/bring-your-own-device-guidanceMe» community.ja.net/blogs/regulatory-developments/article/mobile-
device-policy-byod» community.ja.net/blogs/regulatory-developments/tags/BYOD
References
09/03/2015 Jisc Digital Festival, 9-10 March 2015, ICC Birmingham 49