MOBILE DEVICE MANAGEMENT OR PRETTY MUCH EVERYTHING YOU NEED TO KNOW ABOUT MOBILE DEVICES IN THE WORKPLACE!

Similar documents
BYOD Risks, Challenges and Solutions. The primary challenges companies face when it comes to BYOD and how these challenges can be handled

Bring Your Own Device Policy

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

As Enterprise Mobility Usage Escalates, So Does Security Risk

How to work your cloud around the UK ICO s Data Protection Act

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley

2016 Survey: A Pulse on Mobility in Healthcare

Data Protection Policy

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Best Practices in Securing a Multicloud World

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

Data Protection Policy

General Data Protection Regulation (GDPR) and the Implications for IT Service Management

Bring Your Own Devices (BYOD) Information Governance Guidance

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

Agenda. BYOD, Texting & Social Media How to Keep BYODFrom Becoming OMG! Introduction BYOD Defined Trends By the Numbers

Microsoft 365 Security & Compliance For Small- and Mid-Sized Businesses

The Maximum Security Marriage: Mobile File Management is Necessary and Complementary to Mobile Device Management

GDPR Compliance. Clauses

Cybersecurity Considerations for GDPR

Mobile Device policy Frequently Asked Questions April 2016

MaaS360 Secure Productivity Suite

BRING YOUR OWN DEVICE (BYOD)

A practical guide to IT security

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

An overview of mobile call recording for businesses

Virtual Machine Encryption Security & Compliance in the Cloud

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Bring your own device: a major security concern

SCHOOL SUPPLIERS. What schools should be asking!

Nine Steps to Smart Security for Small Businesses

GDPR: A QUICK OVERVIEW

- Samsung Tablet Photo - Tablets Mean Business. Survey of IT pros reflects growing trend toward tablets for workforce mobility and more

Enterprise Mobility Management: completing the EMM story

BISHOP GROSSETESTE UNIVERSITY. Document Administration. This policy applies to staff, students, and relevant data subjects

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

2016 Survey MANAGING APPLE DEVICES IN HIGHER EDUCATION

Thinking beyond data security: a comparison of the main mobile strategies

Quick Heal Mobile Device Management. Available on

DETAILED POLICY STATEMENT

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

The Role of the Data Protection Officer

BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace

De Montfort Students Union Student Data Privacy Statement

UNCLASSIFIED. Mimecast UK Archiving Service Description

Compliance in 5 Steps

Information Security Strategy

The security challenge in a mobile world

Information Security Controls Policy

Information Security Policy

BYOD WORK THE NUTS AND BOLTS OF MAKING. Brent Gatewood, CRM

Remote Working Policy

Steps to Eradicate Text Messaging Risk

Perfect Balance of Public and Private Cloud

How to Enable and Secure in the Next Stage of BYOD: Reap the Benefits of Bring Your Own Laptop

PS Mailing Services Ltd Data Protection Policy May 2018

Internet of Things Toolkit for Small and Medium Businesses

Data Protection Policy

Cyber Security Program

Element Finance Solutions Ltd Data Protection Policy

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

Securing Institutional Data in a Mobile World

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Data Protection and Information Security. Presented by Emma Hawksworth Slater and Gordon

Securing Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013

Stopsley Community Primary School. Data Breach Policy

What is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

IT & DATA SECURITY BREACH PREVENTION

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Five Reasons It s Time For Secure Single Sign-On

PS 176 Removable Media Policy

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

Data Sharing Agreement. Between Integral Occupational Health Ltd and the Customer

Sales Presentation Case 2018 Dell EMC

Security Solutions for Mobile Users in the Workplace

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Why Enterprises Need to Optimize Their Data Centers

Manchester Metropolitan University Information Security Strategy

Enhancing Security With SQL Server How to balance the risks and rewards of using big data

Red ALERT Apparent Breach of an Unidentified Pharmacy Related Database

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

A Homeopath Registered Homeopath

What BYOD and CYOD mean for workplace transformation

WHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help

The Dropbox Problem: It s Worse than You Think

The Quick-Start Guide to Print Security. How to maximize your print environment and minimize security threats

Virginia Commonwealth University School of Medicine Information Security Standard

Enterprise Mobility Management

BIG IDEAS FOR SmAll BuSInESS:

General Data. Protection Regulations MAY Martin Chapman Head of Ops & Sales Microminder. Presentation Micro Minder Ltd 2017

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

BYOD... or CYOD? 2 BILLION 5 BILLION. The Choice is Yours MOBILE DEVICES WORLDWIDE BY 2015 MOBILE DEVICES WORLDWIDE BY 2020

INFORMATION SECURITY AND RISK POLICY

Creative Funding Solutions Limited Data Protection Policy

Transcription:

MOBILE DEVICE MANAGEMENT OR PRETTY MUCH EVERYTHING YOU NEED TO KNOW ABOUT MOBILE DEVICES IN THE WORKPLACE!

47% of all employees now use their smartphone, tablet PC or other portable device for work purposes SOURCE: YOUGOV SURVEY BYOD (bring your own device) is simply where employees use their own smartphone, tablet PC or other portable device for work CYOD (choose your own device) is where employees are provided with specified company devices The purpose of this guide is to provide a practical understanding of: 1. The challenges of managing mobile devices in the workplace: governance and compliance, device and application management 2. The benefits mobile brings in terms of ease and flexibility and how we can help keep your data safe and secure 3. The support that ll be available should your phone become lost or you just need a bit of extra advice 24% of consumers use a smartphone or tablet as their primary, work-related computing device SOURCE: SAMSUNG 2

The six pillars of Mobile Device Management (MDM) 1. MAN CREATED THE MOBILE DEVICE AND SAW THAT IT WAS GOOD - FOR OUR BUSINESS 2. WONDERS OF THE MDM WORLD 3. THE SEVEN DEADLY SINS: HOW NOT TO DO IT 4. THE 10 COMMANDMENTS: THE LAW AND MORE 5. SEVEN STEPS TO HEAVEN: OUR VERY OWN MOBILE DEVICE PRINCIPLES 6. HEAVEN ON EARTH: ENROLMENT GUIDES FOR MOBILE DEVICES islate 3

1. MAN CREATED THE MOBILE DEVICE AND SAW THAT IT WAS GOOD - FOR OUR BUSINESS Why?: 1. Increased performance 2. Enhanced protection 3. Greater flexibility 4. Cost savings 5. Simplified IT infrastructure 6. Convenience 7. Ease Angry Pterosaurs islate 4

2. WONDERS OF THE MDM WORLD I. Increased performance: ultimately giving you the freedom to work on any device. We re more productive while traveling or working away from the office if we are comfortable with the device we re using. II. Enhanced Protection: Data on our our mobile devices will be better protected with enhanced encryption and more secure pass codes. III. Greater flexibility: In the long term our MDM policy will ease the process of selecting and managing a mobile provider and plan. IV. Cost savings: By reducing our corporate mobile plan, we will also save money due to lower costs associated with individually managed call, data and SMS plans. V. Simplified IT infrastructure:the management and cost overhead will be significantly reduced along with the need for IT to purchase mobile devices when, let s face it, lots of us already have our own. VI. Convenience: Having just one device for everything has to be better that carrying around a sackful of technology! VII. Ease: We will have more tools that fit our culture of self-help. 4personal gains of mobile for employees are: more flexible working hours, the ability to foster creativity, speeds up innovation, and facilitates greater teamwork/collaboration. SOURCE: DELL 5

59% of companies believe they would be at a competitive disadvantage without BYOD. SOURCE:DELL We are working towards a world where BYOD will be commonplace, so we need to be prepared as there are serious consequences to poor mobile device management. For example, if customer data has not been encrypted on an employee s personal mobile device and that leads to a breach in customer data, the business itself is responsible and liable to a fine of up to 500,000 by the Information Commissioner s Office (ICO). If we want to reap the benefits of mobile working, it s important we re aware of the seven deadly sins of mobile device management. So let us begin 6

3. THE SEVEN DEADLY SINS: HOW NOT TO DO IT I. Doing nothing: Taking no action is dangerous as it makes each individual responsible for how they share and collaborate (which doesn t seem very #together). It also creates shadow IT that bypasses our controls and can lead to a bring-your own applications (BYOA) scenario, which raises compliance and security concerns. II. Hasty purchasing decisions: As the business s trusted advisor one of our guiding principles in IT is to avoid buying technology that doesn t fit with our long-term strategy. To do so risks wasting money on kit that doesn t suit our needs. The very process of developing a policy has forced us to address the mobile and data requirements of each part of the business. This has helped us to work out what technologies are best. III. Heavy admin: Although mobile device management may increase our productivity, complicated admin to manage this could lead to a stint in purgatory. So our approach is about freeing up IT managers time for more strategic, business focused stuff. Above all we re trying to avoid swapping the management of a standardised fleet of devices for the management and security of multiple platforms over which we have little visibility or control. IV. Narrow scope of device support: We want to enable colleagues to use the devices that THEY choose, whether corporate or personal. Choices are expanding every day, as manufacturers bring new upgrades and devices to market so we re making the effort now to handle this, thinking not only of what might be around today; but what we ll be supporting in the future. 67% of respondents said that the ability to manage and secure devices running on different operating systems is critical or very important. Source: IDG survey SOURCE: IDG SURVEY 7

46% of end users surveyed said network performance negatively affects mobile devices the most. SOURCE:GARTNER V. Complicated support We re keeping it simple for colleagues by creating access to a range of apps that will improve our service and ensure enrolment is quick and easy (see device guides). VI. Not separating - and respecting - personal data Lots of people read emails on their smartphones and tablets, blurring the boundary between personal and work. This has security concerns. Users don t necessarily update and protect their own devices as they should, which potentially exposes their operating system and applications, making us, our network and our data vulnerable. Having a policy that clearly defines what is and is not allowed is crucial. We re addressing this issue by having partitions - or profiles if colleagues use their own device; one profile for personal and one for work. This gives colleagues the freedom to use their devices for stuff that s not work-related while providing the level of security required by IT. This way, the work environment is fully encrypted, managed and secure! 78% of employees believe that having a single mobile device helps balance employees work and personal lives. SOURCE:SAMSUNG YOU NEED TO MANAGE GROWING WORKFORCE EXPECTATIONS AROUND MOBILITY. YOUR EMPLOYEES USE MANY DEVICES AND THEY EXPECT TO USE ANY DEVICE OR APPLICATION ANYTIME, ANYWHERE. SOURCE:GARTNER 8

77% of employees haven t received any education about the risks associated with mobile devices in the workplace SOURCE:2013 DATA PROTECTION TRENDS RESEARCH, CONDUCTED BY PONEMON INSTITUTE VII. Poor enforcement of corporate and personal device policies It s simply not great if our IT gurus aren t able to approve or deny access to our networks, whether they re personally owned or company provided. Separating personal from work space partitioning reduces the number of policies we need to manage mobile risks effectively and makes it easier to manage policies across a range of devices. FEWER THAN HALF OF ORGANISATIONS HAVE POLICIES IN PLACE THAT MANAGE THE RISKS PRESENTED BY PERSONALLY OWNED DEVICES EXTREMELY OR VERY WELL. SOURCE:COMPUTER WORLD QUICK POLL RESEARCH: BYOD NOT ALL IT S CRACKED UP TO BE? 9

We re finally reaching the point where IT officially recognises what has always been going on: people use their business device for non work purpose. They often use a personal device in business. Once you realise that, you ll understand you need to protect data in another way besides locking down the full device. It is essential that IT specify which platforms will be supported and how; what service levels a user should expect; what the user s own responsibilities and risks are; who qualifies; and that IT provides guidelines for employees purchasing a personal device for use at work, such as minimum requirements for operating systems. David Willis, vice president, Gartner 10

BYOD could cause you to violate rules, regulations, trust, intellectual property and other critical business obligations. SOURCE:GARTNER Mobile device management can create a conflict between agility and compliance. Technological advances usually run faster than the law. In particular, when personal data sits next to corporate data on a mobile device, it s a recipe for disaster. If we fail to secure personal devices with encryption and passwords and corporate data is subsequently breached, ultimately it s the company that s responsible There are two key pieces of legislation that we need to comply with: Under the Data Protection Act (DPA) 1998, companies must make employees aware of what personal data the business is collecting, how it s being used, where it s stored and who can access it. The Information Commissioner s Office (ICO) enforces the law and can levy fines of up to 500,000 for serious data breaches. As the bare minimum data security standard, the ICO advocates encryption. We should all be aware of their Bring your own device guide. 11

There is also the European Union Data Protection Directive of 1995 Draft for Data Protection Regulation. It says that employees must give their explicit consent for an organisation to access and process their personal data. It also says that organisations processing personal data must take the appropriate technical and organisational measures to ensure data is secured. These measures include encryption on devices and a PIN policy. In particular, the ICO stipulates that BYOD means that the organisation or data controller may not own the device or have direct control over it. However, because the devices are being used to access and store corporate information as well as that of the individual mobile user, appropriate security must be in place to prevent personal data about corporate customers held on an employee s device from being compromised whether accidental or deliberate. In relation to the DPA, the ICO gives specific guidance on using personal mobile devices for work purposes. The data controller must remain in control of the personal data for which he is responsible, regardless of the ownership of the device used to carry out the processing. SOURCE:ICO 12

4. THE 10 COMMANDMENTS: THE LAW AND MORE I. THINE CORPORATION SHALT NOT OWN THE DEVICE IF IT IS TO BE TRULY BYOD II. THOU SHALT NOT BLUR PERSONAL AND BUSINESS USAGE, AND MUST RESPECT THINE COLLEAGUE S RIGHT TO PRIVACY III. THOU SHALT TAKE FULL RESPONSIBILITY FOR CUSTOMER DATA, INCLUDING ASSESSING WHAT DATA IS HELD ON A COLLEAGUE S DEVICE, WHERE DATA MAY BE STORED, HOW IT IS TRANSFERRED AND THE POTENTIAL FOR DATA LEAKS IV. THOU SHALT ENCRYPT AND PIN V. THOU SHALT ASSES ALL DEVICE SECURITY CAPABILITIES VI. THOU SHALT HAVE A PROCESS FOR DEALING WITH THE LOSS, THEFT, FAILURE AND SUPPORT OF A DEVICE VII. THOU SHALT IMPLEMENT ISO 27001 VIII. THOU SHALT BE AWARE OF AND ADHERE TO SECTOR-SPECIFIC REGULATORY AND COMPLIANCE RULES IX. COLLEAGUES SHALL AGREE TO FOLLOW SD S POLICY, WHICH CLEARLY SETS OUT OUR RESPONSIBILITIES X. THOU SHALT HAVE AN EXIT PROCESS WHEN A DEVICE OWNER LEAVES 13

Failure is not an option! Getting this right isn t easy, but the alternatives are worse loss of reputation, earnings, customers and hefty fines. This is where the MDM policy comes in, and where colleagues are also held accountable for their part. 14

Companies with well-established BYOD policies are the least likely to experience any kind of setbacks, with over a quarter ofthis group experiencing none at all. SOURCE: DELL According to the Information Commissioner s Office (ICO ), it is crucial that users connecting their own devices to an organisation s IT systems clearly understand their responsibilities. And, once in place, the policy must not be forgotten about. The ICO advocates regular audits and compliance monitoring to ensure that the policy is being adhered to. 67% of people use personal devices at work, regardless of the office s official BYOD policy. SOURCE: MICROSOFT 15

5. SEVEN STEPS TO HEAVEN: OUR VERY OWN MOBILE DEVICE PRINCIPLES The guiding principles of our mobile device policy 1. Provide guidance and accountability 2. Consult relevant people this has included HR, as well as colleagues of course 3. Specify the types of personal data and applications that can be used and the types that can t 4. Consider where data is stored and use passwords, PINS and encryption 5. Maintain a clear separation of personal and company data 6. Consider how data is transferred and ensure monitoring is not draconian but meets compliance standards while protecting personal privacy 7. Have a loss or theft policy that enables us to remotely wipe company data if we need to 16

6. HEAVEN ON EARTH: ENROLMENT GUIDES FOR MOBILE DEVICES If you need specific help to enrol your device please contact us Android Android (Samsung) Windows Phone ios Contact us 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback