riding technology waves whitepaper

Riding technology waves

BT Assure

Making the bring your own device (BYOD) trend work for you



Your data is everywhere. It’s on devices you own and devices you don’t; it’s accessed from within your buildings and without; it’s on your network and it’s in the cloud. Now there are no boundaries, how do you keep your data secure? Do you fight the infiltration of personal equipment into the workplace or leave your people to their own devices and work with the trend of bringing your own? What’s clear is that organisations need to reassess their approach to security and how they manage devices.

Beyond a trend and here to stay

Compare every aspect of work today to the picture ten years ago; everything’s shifted.

Work is no longer something done solely in the office between nine and five thirty. Work technology is no longer exclusively used for work, saved and shut down at home time. Home and work spheres have merged and re-formed. We’re more connected, more of the time, and our choice of technology reflects who we are.

Drivers behind BYOD:

• Familiarity/satisfaction of using your choice of device (and possibly operating system).

• The pleasure and status that comes from using the latest piece of tech.

• Wanting your technology to have the portability that suits your lifestyle.

• The convenience of having all elements of life in one place, on one device — work and personal — making it easy to flit between the two; and

• The power to choose the device that will best support your productivity and responsiveness.


The gap between BYOD belief and reality

• Half of IT managers report that BYOD is on the rise, and believe it can increase productivity, yet 64 per cent believe it is too risky to allow personal devices to be integrated1. IT managers feel besieged; 80 per cent say BYOD increases IT workload3.

• In 2010, roughly 30 per cent of information workers surveyed used their own PC or smartphone for work. By 2011, that number had increased to about 40 per cent1.

• Forty per cent of IT decision makers say they let employees access corporate information from employee-owned devices, yet 70 per cent of employees say they access corporate data that way3.

Security sprawl — the big threat

Global market intelligence provider IDC states that the biggest current security threat is security sprawl, the proliferation of ways an organisation’s data can be accessed — and put at risk.

Dealing with this sprawl is making IT managers cautious and distrustful of BYOD. Fears include: unknown devices connecting to the network; the increased possibility of security breaches, loss of data and compliance infringements; and a loss of infrastructure control. But the trend continues regardless, leaving IT management in the unenviable position of setting security policies after, rather than before, the event.

“Consumerisation, or bring your own device, is one of the first things we talk about when I meet with CIOs. It’s top of mind.”

Ted Schadler, Vice President, Principal Analyst serving Content and Collaboration professionals, Forrester

Making BYOD work for you

It’s simple: say ‘yes’.

BYOD is a disruptive trend you need to meet head-on, anticipating the changes it will bring and exploiting those changes for competitive advantage. You win against BYOD by embracing it; drawing it in to your overall mobility and security policies and making it work for you.

But how you say ‘yes’ is crucial; and the policy, platforms and practices you put in place are the critical success factors. It’s about a proactive approach to working with business partners (consumers and partners, as well as employees) to understand needs and help develop solutions that increase business value and productivity, while protecting corporate assets and managing costs at the same time.

The key to this is continuity in security policies between laptops and tablets/smartphones, personal devices and corporate devices — with a focus on securing corporate information rather than securing the device.

“It’s irrelevant if it’s your own device. If users are accessing corporate data, the rules revert to the corporate polices.”

Ray Stanton, Vice President, Professional Services, BT Global Services

BYOD highlights security weak spots:

• Only 50 per cent of organisations enforce a password policy for mobile devices and even fewer deploy device loss protection technologies — and yet the cost of lost data continues to grow year-on-year2.

• One fifth of people admit to letting their family use their work device to access the internet4.


People are the key to security

Jeff Schmidt, Executive Global Head of Business Continuity, Security & Governance, BT Global Services

“Educating the end-users regarding security is essential. In many cases, it’s a user who’s not educated on process and policy who ends up exposing the company, in the spirit of trying to do the right thing. It doesn’t take a lot to explain why policies are in place and why they are important to protecting corporate data. When someone understands the rationale behind policies, they’re more likely to steer clear of actions that could potentially harm the company and its assets.”

With BYOD the more you seek to constrain users, the more they will actively work against you, finding alternative ways to achieve their aims. So treat it less as an IT policing issue and more as a business risk-management question.

Eight essentials for an effective BYOD policy

1. You can’t control the end point, so you’ve got to control the gateways between the end point and the network. The best way to do this is by using SSL VPNs to encrypt sensitive data coupled with strong authentication to validate users.

2. Explain your policy and the reasoning behind it to gain acceptance and compliance.

3. Enforce a strong authentication policy, including passwords.

4. Use a mobile device management (MDM) system, allowing administrators to set policy and then apply that policy across multiple device platforms.

5. Get users to put in writing agreement to a remote wipe of their device in the event of loss, decommissioning or theft, as well as agreement to password requirements to access corporate email and general file shares.

6. Look after your data: classify it so access is appropriate to the user; encrypt the commercially sensitive; and monitor network traffic on a 24/7 basis to detect threats and understand events.

7. Put in place a robust process for revoking access to your gateways when a user leaves your organisation.

8. Incorporate a spirit of constant review into your BYOD policies to make sure you’re staying ahead of the consumerisation wave and continually making it work to your advantage.


BYOD in action — Cisco

Cisco introduced a BYOD policy in 2009. Now, more than 17,000 Cisco employees use their own smartphones for work and 400 new iPads are added each month by employees who prefer to use their own device. They register equipment and download a VPN client for connecting with corporate data, sign a disclaimer that allows remote wipe, and support their own IT via an online forum.

Company research found that offering a choice of device was an important consideration to potential employees:

“We found globally that 40 per cent of college students and 45 per cent of employees would accept a lower-paying job with a choice of device, than a higher-paying job with less flexibility.”

BYOD in action — Citrix

Citrix has about 10 per cent of its workforce participating in BYOD.

The company provides an allowance to buy a device and employees are required to install antivirus software provided by Citrix. Citrix provides application support, but not device support, so employees have to buy a service contract with a recognised outside provider. And employees must connect through Citrix’s SSL VPN, Secure Access Gateway.

Citrix save between 15 and 20 per cent on TCO.

The BT Global Services portfolio brings you powerful security and risk management products to build a sustainable business with added security and resilience in every process. BT Assure combines the necessary elements of IT security management with the seamless transition between cloud, hosted, and on-premise — offering well-built solutions to complex problems that are adaptable to the most elaborate network environments in the world. We can help you with all aspects of security, including the issues raised by BYOD.

Please get in touch if you’d like to find out more.

1Absolute Software.2Forrester, Tablets Pave Way for Mobile Development: Security Pros Must Get Ahead Of App Dev Wave, 2011.3IDC 2011 Consumerisation of IT study: Closing the Consumerisation Gap. 4BT White Paper: Six things you need to know in 2010.

Offices worldwide

The telecommunications services described in this publication are subject to availability and may be modified from time to time. Services and equipment are provided subject to British Telecommunications plc’s respective standard conditions of contract. Nothing in this publication forms any part of any contract.

© British Telecommunications plc 2012 Registered office: 81 Newgate Street, London EC1A 7AJ Registered in England No: 1800000

riding technology waves whitepaper

Technology

byod work

device work

work device

device byod trend work

devicebyod trend work

security sprawl

aspect of work

work spheres