Bring Your Own Device Peter Silva Technical Marketing Manager
Bring-Your-Own-Device (BYOD) Personal devices for business apps Why implement BYOD? Increase employee satisfaction, productivity Reduce mobile expenses Brand IT as innovators Key issue areas Sustainability, liability Device choice, economics User experience, privacy Trust model 2 F5 Networks, Inc.
Rigid Policies Are Not Sustainable The policy must serve IT Secures corporate data Minimizes cost of implementation Minimizes cost of enforcement The policy must serve USERS Preserves native user experience Stays up to date with user preferences Keeps pace with innovation 3 F5 Networks, Inc.
Liability Consider employee actions and corresponding liability What happens when the employee owns the device? Does liability increase or decrease? What happens when monthly charges are reimbursed? Financial responsibility may dictate legal obligation What happens if personal data is damaged? Seek legal advice 4 F5 Networks, Inc.
Liability Checklist Define baseline security requirements Assess liability of personal web and app usage Evaluate legal ramifications of reimbursement Quantify the costs of monitoring and enforcement Assess the risk and liability of damaging personal data 5 F5 Networks, Inc.
Device Choice Personal preference is the primary driver What devices do users prefer? What devices do users already own? Understand the device security posture How were the following work devices chosen? 6 F5 Networks, Inc.
Enterprise Mobility Gold Standard RIM set the standard Management control integrated with the device Client certificate authentication support Active Directory/LDAP not exposed externally Provisioning simple and secure Managed Internet access Managed intranet access End point control 7 F5 Networks, Inc.
Security Features LOW HIGH Enterprise Mobility Gold Standard ios has become the new standard and provides: Hardened OS Sandboxed applications SSL VPN framework MDM framework Intuitive user interface Lots of applications LOW User Demand HIGH Which would YOU choose? 8 F5 Networks, Inc.
Device Checklist Survey users about their preferences and current devices Define a baseline of acceptable security and supportability features Do your homework: Read up on hardware, OS, and regional variances Develop a certification program for future devices Work with Human Resources on clear communication to users about which devices are allowed or not and why 9 F5 Networks, Inc.
Economics of BYOD Excessive charges: Give users visibility into their usage BYOD drives personal responsibility Service plans Continue paying for full service? Offer users a monthly stipend? Productivity: How to measure? Help desk expenses: The first resort or the last resort? Mobile app purchase and deployment Compliance and audit costs Tax implications 10 F5 Networks, Inc.
Economics Checklist Investigate the effects of a BYOD reimbursement plan on your ability to negotiate with wireless carriers Consider putting logging and reporting in place to monitor after-hours use Incorporate a help desk as a last resort guideline into your employee BYOD social contract Estimate costs for any increased need for compliance monitoring Ask Finance about tax implications (cost or benefit) of a BYOD policy 11 F5 Networks, Inc.
User Experience and Privacy Make user experience your top priority Understand how your policy impacts user experience Battery life Third-party email apps vs. native email Complex authentication schemes Lockdown of useful features Establish a social contract that communicates: What IT will monitor When a device might be wiped Compliance issues 12 F5 Networks, Inc.
User Experience Checklist Identify what activities and data must be monitored Determine the circumstances when a device wipe must occur Minimize this list and justify each item Determine how an employee can self-remediate Determine which core services will be delivered to users Maximize this list and justify each item With Human Resources, draft a BYOD social contract 13 F5 Networks, Inc.
BYOD Trust Model The trust level of a mobile device is dynamic Identify and assess the risk of personal devices Assess the value of apps and data Define remediation options Notifications Access control Quarantine Selective wipe Set a tiered policy 14 F5 Networks, Inc.
Use Case Access with baseline security, no MDM Certificate Check UUID Check Kerberos SSO Resources Request ticket Exchange Active Directory 15 F5 Networks, Inc.
Use Case Normal access with MDM, VPN on-demand two-factor authentication Certificate Check UUID Check Kerberos SSO Request ticket Two factors: Pin Certificate MDM Active Directory 16 F5 Networks, Inc.
Use Case Managed and BYOD access combines UUID check with ACLs ACLs Unmanaged devices get limited access Certificate Check UUID Check Managed devices get full access MDM Active Directory 17 F5 Networks, Inc.
Use Case First access with MDM, new enrollment with self-service Certificate Check Username/ Password Verify credentials SSO AAA Device data When cert check fails, APM will proxy access to MDM s registration page OTP sent via SMS or email; adds two-factor security Provisioning via MDM phone home Optional OTP Provisioning Apps Certificates Profiles MDM Certificate registration 18 F5 Networks, Inc.
2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, and IT agility. Your way., are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5.
New Mobile Messaging Standard Microsoft EAS has become the industry standard Microsoft Exchange Lotus Notes Traveller Novel Data Synchronizer Exchange ActiveSync 20 Commercial in Confidence. Copyright SilverbackMDM 2011 F5 Networks, Inc.
Three Tiers of Security High Point (requires MDM) Midpoint (requires MDM) Client certificate authentication Do not expose LDAP externally Data leakage management Managed Internet access Managed intranet access Data encryption at rest App distribution End point control Data decommissioning Hardware authentication Baseline (security via ActiveSync) Remote wipe Device PIN enforcement No activity auto-lock Block device types 21 F5 Networks, Inc.
Gartner MQ for MDM April 2011 Gartner summary Crowded field Managed by the messaging group in IT IT staff under-trained Market is rapidly evolving SaaS is an option Reporting is a critical feature $150M market 15%-20% CAGR This is the first MDM MQ 22 F5 Networks, Inc.
2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, and IT agility. Your way., are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5.