MOBILE DEVICE MANAGEMENT OR PRETTY MUCH EVERYTHING YOU NEED TO KNOW ABOUT MOBILE DEVICES IN THE WORKPLACE!

Transcription

1 MOBILE DEVICE MANAGEMENT OR PRETTY MUCH EVERYTHING YOU NEED TO KNOW ABOUT MOBILE DEVICES IN THE WORKPLACE!

2 47% of all employees now use their smartphone, tablet PC or other portable device for work purposes SOURCE: YOUGOV SURVEY BYOD (bring your own device) is simply where employees use their own smartphone, tablet PC or other portable device for work CYOD (choose your own device) is where employees are provided with specified company devices The purpose of this guide is to provide a practical understanding of: 1. The challenges of managing mobile devices in the workplace: governance and compliance, device and application management 2. The benefits mobile brings in terms of ease and flexibility and how we can help keep your data safe and secure 3. The support that ll be available should your phone become lost or you just need a bit of extra advice 24% of consumers use a smartphone or tablet as their primary, work-related computing device SOURCE: SAMSUNG 2

3 The six pillars of Mobile Device Management (MDM) 1. MAN CREATED THE MOBILE DEVICE AND SAW THAT IT WAS GOOD - FOR OUR BUSINESS 2. WONDERS OF THE MDM WORLD 3. THE SEVEN DEADLY SINS: HOW NOT TO DO IT 4. THE 10 COMMANDMENTS: THE LAW AND MORE 5. SEVEN STEPS TO HEAVEN: OUR VERY OWN MOBILE DEVICE PRINCIPLES 6. HEAVEN ON EARTH: ENROLMENT GUIDES FOR MOBILE DEVICES islate 3

4 1. MAN CREATED THE MOBILE DEVICE AND SAW THAT IT WAS GOOD - FOR OUR BUSINESS Why?: 1. Increased performance 2. Enhanced protection 3. Greater flexibility 4. Cost savings 5. Simplified IT infrastructure 6. Convenience 7. Ease Angry Pterosaurs islate 4

5 2. WONDERS OF THE MDM WORLD I. Increased performance: ultimately giving you the freedom to work on any device. We re more productive while traveling or working away from the office if we are comfortable with the device we re using. II. Enhanced Protection: Data on our our mobile devices will be better protected with enhanced encryption and more secure pass codes. III. Greater flexibility: In the long term our MDM policy will ease the process of selecting and managing a mobile provider and plan. IV. Cost savings: By reducing our corporate mobile plan, we will also save money due to lower costs associated with individually managed call, data and SMS plans. V. Simplified IT infrastructure:the management and cost overhead will be significantly reduced along with the need for IT to purchase mobile devices when, let s face it, lots of us already have our own. VI. Convenience: Having just one device for everything has to be better that carrying around a sackful of technology! VII. Ease: We will have more tools that fit our culture of self-help. 4personal gains of mobile for employees are: more flexible working hours, the ability to foster creativity, speeds up innovation, and facilitates greater teamwork/collaboration. SOURCE: DELL 5

6 59% of companies believe they would be at a competitive disadvantage without BYOD. SOURCE:DELL We are working towards a world where BYOD will be commonplace, so we need to be prepared as there are serious consequences to poor mobile device management. For example, if customer data has not been encrypted on an employee s personal mobile device and that leads to a breach in customer data, the business itself is responsible and liable to a fine of up to 500,000 by the Information Commissioner s Office (ICO). If we want to reap the benefits of mobile working, it s important we re aware of the seven deadly sins of mobile device management. So let us begin 6

7 3. THE SEVEN DEADLY SINS: HOW NOT TO DO IT I. Doing nothing: Taking no action is dangerous as it makes each individual responsible for how they share and collaborate (which doesn t seem very #together). It also creates shadow IT that bypasses our controls and can lead to a bring-your own applications (BYOA) scenario, which raises compliance and security concerns. II. Hasty purchasing decisions: As the business s trusted advisor one of our guiding principles in IT is to avoid buying technology that doesn t fit with our long-term strategy. To do so risks wasting money on kit that doesn t suit our needs. The very process of developing a policy has forced us to address the mobile and data requirements of each part of the business. This has helped us to work out what technologies are best. III. Heavy admin: Although mobile device management may increase our productivity, complicated admin to manage this could lead to a stint in purgatory. So our approach is about freeing up IT managers time for more strategic, business focused stuff. Above all we re trying to avoid swapping the management of a standardised fleet of devices for the management and security of multiple platforms over which we have little visibility or control. IV. Narrow scope of device support: We want to enable colleagues to use the devices that THEY choose, whether corporate or personal. Choices are expanding every day, as manufacturers bring new upgrades and devices to market so we re making the effort now to handle this, thinking not only of what might be around today; but what we ll be supporting in the future. 67% of respondents said that the ability to manage and secure devices running on different operating systems is critical or very important. Source: IDG survey SOURCE: IDG SURVEY 7

8 46% of end users surveyed said network performance negatively affects mobile devices the most. SOURCE:GARTNER V. Complicated support We re keeping it simple for colleagues by creating access to a range of apps that will improve our service and ensure enrolment is quick and easy (see device guides). VI. Not separating - and respecting - personal data Lots of people read s on their smartphones and tablets, blurring the boundary between personal and work. This has security concerns. Users don t necessarily update and protect their own devices as they should, which potentially exposes their operating system and applications, making us, our network and our data vulnerable. Having a policy that clearly defines what is and is not allowed is crucial. We re addressing this issue by having partitions - or profiles if colleagues use their own device; one profile for personal and one for work. This gives colleagues the freedom to use their devices for stuff that s not work-related while providing the level of security required by IT. This way, the work environment is fully encrypted, managed and secure! 78% of employees believe that having a single mobile device helps balance employees work and personal lives. SOURCE:SAMSUNG YOU NEED TO MANAGE GROWING WORKFORCE EXPECTATIONS AROUND MOBILITY. YOUR EMPLOYEES USE MANY DEVICES AND THEY EXPECT TO USE ANY DEVICE OR APPLICATION ANYTIME, ANYWHERE. SOURCE:GARTNER 8

9 77% of employees haven t received any education about the risks associated with mobile devices in the workplace SOURCE:2013 DATA PROTECTION TRENDS RESEARCH, CONDUCTED BY PONEMON INSTITUTE VII. Poor enforcement of corporate and personal device policies It s simply not great if our IT gurus aren t able to approve or deny access to our networks, whether they re personally owned or company provided. Separating personal from work space partitioning reduces the number of policies we need to manage mobile risks effectively and makes it easier to manage policies across a range of devices. FEWER THAN HALF OF ORGANISATIONS HAVE POLICIES IN PLACE THAT MANAGE THE RISKS PRESENTED BY PERSONALLY OWNED DEVICES EXTREMELY OR VERY WELL. SOURCE:COMPUTER WORLD QUICK POLL RESEARCH: BYOD NOT ALL IT S CRACKED UP TO BE? 9

10 We re finally reaching the point where IT officially recognises what has always been going on: people use their business device for non work purpose. They often use a personal device in business. Once you realise that, you ll understand you need to protect data in another way besides locking down the full device. It is essential that IT specify which platforms will be supported and how; what service levels a user should expect; what the user s own responsibilities and risks are; who qualifies; and that IT provides guidelines for employees purchasing a personal device for use at work, such as minimum requirements for operating systems. David Willis, vice president, Gartner 10

11 BYOD could cause you to violate rules, regulations, trust, intellectual property and other critical business obligations. SOURCE:GARTNER Mobile device management can create a conflict between agility and compliance. Technological advances usually run faster than the law. In particular, when personal data sits next to corporate data on a mobile device, it s a recipe for disaster. If we fail to secure personal devices with encryption and passwords and corporate data is subsequently breached, ultimately it s the company that s responsible There are two key pieces of legislation that we need to comply with: Under the Data Protection Act (DPA) 1998, companies must make employees aware of what personal data the business is collecting, how it s being used, where it s stored and who can access it. The Information Commissioner s Office (ICO) enforces the law and can levy fines of up to 500,000 for serious data breaches. As the bare minimum data security standard, the ICO advocates encryption. We should all be aware of their Bring your own device guide. 11

12 There is also the European Union Data Protection Directive of 1995 Draft for Data Protection Regulation. It says that employees must give their explicit consent for an organisation to access and process their personal data. It also says that organisations processing personal data must take the appropriate technical and organisational measures to ensure data is secured. These measures include encryption on devices and a PIN policy. In particular, the ICO stipulates that BYOD means that the organisation or data controller may not own the device or have direct control over it. However, because the devices are being used to access and store corporate information as well as that of the individual mobile user, appropriate security must be in place to prevent personal data about corporate customers held on an employee s device from being compromised whether accidental or deliberate. In relation to the DPA, the ICO gives specific guidance on using personal mobile devices for work purposes. The data controller must remain in control of the personal data for which he is responsible, regardless of the ownership of the device used to carry out the processing. SOURCE:ICO 12

13 4. THE 10 COMMANDMENTS: THE LAW AND MORE I. THINE CORPORATION SHALT NOT OWN THE DEVICE IF IT IS TO BE TRULY BYOD II. THOU SHALT NOT BLUR PERSONAL AND BUSINESS USAGE, AND MUST RESPECT THINE COLLEAGUE S RIGHT TO PRIVACY III. THOU SHALT TAKE FULL RESPONSIBILITY FOR CUSTOMER DATA, INCLUDING ASSESSING WHAT DATA IS HELD ON A COLLEAGUE S DEVICE, WHERE DATA MAY BE STORED, HOW IT IS TRANSFERRED AND THE POTENTIAL FOR DATA LEAKS IV. THOU SHALT ENCRYPT AND PIN V. THOU SHALT ASSES ALL DEVICE SECURITY CAPABILITIES VI. THOU SHALT HAVE A PROCESS FOR DEALING WITH THE LOSS, THEFT, FAILURE AND SUPPORT OF A DEVICE VII. THOU SHALT IMPLEMENT ISO VIII. THOU SHALT BE AWARE OF AND ADHERE TO SECTOR-SPECIFIC REGULATORY AND COMPLIANCE RULES IX. COLLEAGUES SHALL AGREE TO FOLLOW SD S POLICY, WHICH CLEARLY SETS OUT OUR RESPONSIBILITIES X. THOU SHALT HAVE AN EXIT PROCESS WHEN A DEVICE OWNER LEAVES 13

14 Failure is not an option! Getting this right isn t easy, but the alternatives are worse loss of reputation, earnings, customers and hefty fines. This is where the MDM policy comes in, and where colleagues are also held accountable for their part. 14

15 Companies with well-established BYOD policies are the least likely to experience any kind of setbacks, with over a quarter ofthis group experiencing none at all. SOURCE: DELL According to the Information Commissioner s Office (ICO ), it is crucial that users connecting their own devices to an organisation s IT systems clearly understand their responsibilities. And, once in place, the policy must not be forgotten about. The ICO advocates regular audits and compliance monitoring to ensure that the policy is being adhered to. 67% of people use personal devices at work, regardless of the office s official BYOD policy. SOURCE: MICROSOFT 15

16 5. SEVEN STEPS TO HEAVEN: OUR VERY OWN MOBILE DEVICE PRINCIPLES The guiding principles of our mobile device policy 1. Provide guidance and accountability 2. Consult relevant people this has included HR, as well as colleagues of course 3. Specify the types of personal data and applications that can be used and the types that can t 4. Consider where data is stored and use passwords, PINS and encryption 5. Maintain a clear separation of personal and company data 6. Consider how data is transferred and ensure monitoring is not draconian but meets compliance standards while protecting personal privacy 7. Have a loss or theft policy that enables us to remotely wipe company data if we need to 16

17 6. HEAVEN ON EARTH: ENROLMENT GUIDES FOR MOBILE DEVICES If you need specific help to enrol your device please contact us Android Android (Samsung) Windows Phone ios Contact us 17