SlideShare a Scribd company logo

Bring Your Own Device (BYOD)

Murray Security Services
Murray Security Services

Increased Productivity, Increased Risk, The Balancing Act

Technology
1 of 17
Download to read offline
Video Templates for PowerPoint • This is placeholder text • This is placeholder text • This is placeholder text • This is placeholder text Presented for 5th Cyber Security Training & Technology Forum
BYOD Agenda – BYOD – Defined – Evolution of BYOD – Advantages of BYOD – Case Studies – Risks and Threats – Case Studies – CIA – Data Breech – Configuration Management
A Brief Evolution of BYOD (BYOD Defined) • 2009 The Term BYOD Emerges by Intel Corporation • 2010 - IT Can’t Ignore Personal Devices • 2011 - BYOD is Here to Stay • 2012 - Data Security Takes Centre Stage • 2013 - The App Explosion • 2014 - BYOD Ceases to Exist “In 2014, BYOD evolved to become more about enablement and corporate access that goes beyond email. Employees expect the same access to workplace content on their mobile devices that they have on their laptops and PCs. MDM and MAM have shifted to EMM, as the industry evolves to cater to a broader set of mobile capabilities for the enterprise based on use cases across users, devices, apps and content.” “BYOD has ceased to exist, and has been replaced by a broader set of mobile capabilities that enable the workforce of the future. BYOD is morphing into BYOx – a new trend that takes the focus away from the specific device employees are using. It’s not just a question of phones and tablets anymore. Content, wearables and apps are all part of the BYOx spectrum. Moving forward, this will be the area that demands the most attention from a security perspective.” http://www.lifehacker.co.uk/2014/11/07/brief-history-byod-doesnt-actually-exist-anymore
Advantages & Perceptions A study by IBM says that 82% of employees think that smartphones play a critical role in business. The study also shows benefits of BYOD include: • Increased productivity - Increased productivity comes from a user being more comfortable with their personal device; being an expert user makes navigating the device easier, increasing productivity. • Cost savings for the Company - Cost savings can occur on the company end because they now would not be responsible for furnishing the employee with a device, but is not a guarantee. • Employee satisfaction - Employee satisfaction, or job satisfaction, occurs with BYOD by allowing the user to use the device they have selected as their own rather than one selected by the IT team. It also allows them to carry one device as opposed to one for work and one for personal. Additionally, personal devices are often more cutting edge as company technology refreshes don't happen as often. https://en.wikipedia.org/wiki/Bring_your_own_device
A Gartner strategic planning assumption indicates “by 2020, 85% of organizations will adopt BYOD in some form.” No turning back - Shows that the primary benefits of BYOD programs are improved employee mobility (57%), - Greater employee satisfaction (56%) - Improved productivity (54%). - The same survey indicates the biggest security concerns are loss of company or client data (67%), - Unauthorized access to company data and systems (57%) - Users downloaded apps or content with embedded security exploits (47%). http://www.net-security.org/article.php?id=2144
BYOD and Mobile Security Survey by the Information Security Group A recent survey about BYOD and Mobile Security by the Information Security Group on LinkedIn - Shows that the primary benefits of BYOD programs are improved employee mobility (57%), - Greater employee satisfaction (56%) - Improved productivity (54%). - The same survey indicates the biggest security concerns are loss of company or client data (67%), - Unauthorized access to company data and systems (57%) - Users downloaded apps or content with embedded security exploits (47%). http://www.net-security.org/article.php?id=2144
What Are we worried about?!
Heartbleed Attack on BYOD Service Hit Insurance Giant Aviva Heartbleed vulnerability was leveraged in an attack against a BYOD service provider • Allowing the attackers to potentially cause millions in damages for insurance giant Aviva • A number of the company’s fleet of employee-owned mobile devices were wiped clean. • “Aviva was using BYOD service MobileIron to manage more than 1,000 smart devices such as iPhones and iPads. • On the evening of the 20 May 2014, a hacker compromised the MobileIron admin server and posted a message to those handhelds and the email accounts, according to our source,” the report stated. “The hacker then performed a full wipe of every device and subsequently took out out the MobileIron server itself.” http://www.tripwire.com/state-of-security/latest-security-news/heartbleed-attack-on-byod-service-hit-insurance-giant-aviva/
6 Biggest Business Security Risks and How You Can Fight Back - CIO Magazine IT and security experts discuss the leading causes of security breaches and what your organization can do to reduce them. • Risk No. 1: Disgruntled Employees • Risk No. 2: Careless or Uninformed Employees • Risk No. 3: Mobile Devices (BYOD) “Data theft is at high vulnerability when employees are using mobile devices [particularly their own] to share data, access company information, or neglect to change mobile passwords,” explains Jason Cook,CTO & vice president of Security, BT Americas. “According to a BT study, mobile security breaches have affected more than two-thirds (68 percent) of global organizations in the last 12 months.” 2015 Mobile Security Survival Guide - http://www.cio.com/article/2867781/mobile-security/2015- mobile-security-survival-guide.html By Jennifer Lonoff Schiff, CIO | Jan 20, 2015 5:54 AM PT
BYOD – Data Breaches http://raconteur.net/infographics/data-security-breaches
What do you need to consider in your BYOD Policy? • Application Security (include 3rd party) • Sensitive Data Access • Loss of Devices • Sold or disposed without sanitizing • Malware • Vulnerability Management • Confiscation for Incident Response • Conflict with other policies
Mobile Security Reference Architecture • The figures for using mobile devices for work related tasks in 2016 are estimated at 350 million users of mobile devices, of which 200 million will be using their own personal devices for work- related tasks as well • The MSRA document provides reference architecture for mobile computing, released by the Federal CIO Council and the Department of Homeland Security (DHS) to assist Federal Departments and Agencies (D/As) in the secure implementation of mobile solutions through their enterprise architectures. One important assumption pointed out by the council is that this reference only applicable to mobile devices including mobile phone and tablet, but not laptops and other technology gadgets. (Gap!) • DISA has published guidance that requires DoD Service components and Agencies to develop CMD policies. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.5,October 2014
BYOD – Instituting Controls (MDAC) Implement Mobile Device Access Control (MDAC). • Designed to control network access and bandwidth for employee-owned mobile devices, including Smartphones and tablets. • Goes beyond password protection by preventing network access until the devices comply with a pre-established list of criteria. • Typically includes a certain anti-virus protection level and having the most recent system updates and patches. • With MDAC, organizations also can redirect users to self-registration portals, block usage of certain applications and control bandwidth usage by the type of device. http://minnesotabusiness.com/blog/byod-insiders-attack
BYOD – Instituting Controls (MDM issues) Mobile Device Management (MDM) “While MDM provides organizations with the ability to control applications and content on the device, research has revealed controversy related to employee privacy and usability issues that lead to resistance in some organizations.” “Corporate liability issues have also emerged when businesses wipe devices after employees leave the organization.” Issues Include: Who owns the telephone number Separating personal content from company data - being monitored Misuse of corporate access on personal devices http://minnesotabusiness.com/blog/byod-insiders-attack
References & Resources International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.5,October 2014 Detecting cyber attacks in a mobile and BYOD organization by Oliver Tavakoli CTO at Vectra Networks - Tuesday, 14 October 2014. A Brief History of BYOD and Why it Doesn't Actually Exist Anymore, By James Laird on 07 Nov 2014 http://searchmobilecomputing.techtarget.com/tip/Minimizing-BYOD-security-risks-through-policy-and- technology
Thank You! Open Discussion QUESTIONS?

Recommended

Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle management
haneen Emeir, CISA, ISO27001
 
BYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security IssuesBYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security Issues
Harsh Kishore Mishra
 
BYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And BenefitsBYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And Benefits
Modis
 
Clean desk policy Document
Clean desk policy DocumentClean desk policy Document
Clean desk policy Document
Anirudh Sharma
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Security - Situational awareness
Security - Situational awarenessSecurity - Situational awareness
Security - Situational awareness
Raffael Marty
 
Security Guard Services Best Practices by JMSupan 2019
Security Guard Services Best Practices by JMSupan 2019Security Guard Services Best Practices by JMSupan 2019
Security Guard Services Best Practices by JMSupan 2019
JOEL JESUS SUPAN
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 

Recommended

Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle management
haneen Emeir, CISA, ISO27001
 
BYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security IssuesBYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security Issues
Harsh Kishore Mishra
 
BYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And BenefitsBYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And Benefits
Modis
 
Clean desk policy Document
Clean desk policy DocumentClean desk policy Document
Clean desk policy Document
Anirudh Sharma
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Security - Situational awareness
Security - Situational awarenessSecurity - Situational awareness
Security - Situational awareness
Raffael Marty
 
Security Guard Services Best Practices by JMSupan 2019
Security Guard Services Best Practices by JMSupan 2019Security Guard Services Best Practices by JMSupan 2019
Security Guard Services Best Practices by JMSupan 2019
JOEL JESUS SUPAN
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEO
Micheal Axelsen
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
Denis kisina
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measures
CBIZ, Inc.
 
Information Technology Disaster Planning
Information Technology Disaster PlanningInformation Technology Disaster Planning
Information Technology Disaster Planning
guest340570
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
hubbargf
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Plan
David Donovan
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
SnapComms
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
Bill Gardner
 
Chapter 6: Human Resources Security
Chapter 6: Human Resources SecurityChapter 6: Human Resources Security
Chapter 6: Human Resources Security
Nada G.Youssef
 
Group 2 - Cloud Storage
Group 2 - Cloud StorageGroup 2 - Cloud Storage
Group 2 - Cloud Storage
12201375
 
Cloud Computing Project
Cloud Computing Project Cloud Computing Project
Cloud Computing Project
Ayush Mukherjee
 
Pros and Cons of Mobile Device Management
Pros and Cons of Mobile Device ManagementPros and Cons of Mobile Device Management
Pros and Cons of Mobile Device Management
Xperteks
 
Endpoint Security Solutions
Endpoint Security SolutionsEndpoint Security Solutions
Endpoint Security Solutions
The TNS Group
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
DallasHaselhorst
 
Being more secure using Microsoft 365 Business
Being more secure using Microsoft 365 BusinessBeing more secure using Microsoft 365 Business
Being more secure using Microsoft 365 Business
Robert Crane
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 
Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy on
ijmnct
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01
ijmnct
 

More Related Content

What's hot

Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 
Information Technology Disaster Planning
Information Technology Disaster PlanningInformation Technology Disaster Planning
Information Technology Disaster Planning
guest340570
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Plan
David Donovan
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
DallasHaselhorst
 

What's hot (20)

Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEO
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measures
 
Information Technology Disaster Planning
Information Technology Disaster PlanningInformation Technology Disaster Planning
Information Technology Disaster Planning
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Plan
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
Chapter 6: Human Resources Security
Chapter 6: Human Resources SecurityChapter 6: Human Resources Security
Chapter 6: Human Resources Security
 
Group 2 - Cloud Storage
Group 2 - Cloud StorageGroup 2 - Cloud Storage
Group 2 - Cloud Storage
 
Cloud Computing Project
Cloud Computing Project Cloud Computing Project
Cloud Computing Project
 
Pros and Cons of Mobile Device Management
Pros and Cons of Mobile Device ManagementPros and Cons of Mobile Device Management
Pros and Cons of Mobile Device Management
 
Endpoint Security Solutions
Endpoint Security SolutionsEndpoint Security Solutions
Endpoint Security Solutions
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
 
Being more secure using Microsoft 365 Business
Being more secure using Microsoft 365 BusinessBeing more secure using Microsoft 365 Business
Being more secure using Microsoft 365 Business
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 

Similar to Bring Your Own Device (BYOD)

Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy on
ijmnct
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01
ijmnct
 
BYOD- A Productivity Catalyst
BYOD- A Productivity CatalystBYOD- A Productivity Catalyst
BYOD- A Productivity Catalyst
Packet One
 
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trendBring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
Martin Perry
 

Similar to Bring Your Own Device (BYOD) (20)

Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy on
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
 
Leveraging byod
Leveraging byodLeveraging byod
Leveraging byod
 
BYOD
BYODBYOD
BYOD
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in Pakistan
 
BYOD- A Productivity Catalyst
BYOD- A Productivity CatalystBYOD- A Productivity Catalyst
BYOD- A Productivity Catalyst
 
The Essential BYOD Handbook
The Essential BYOD HandbookThe Essential BYOD Handbook
The Essential BYOD Handbook
 
Navigating the Flood of BYOD
Navigating the Flood of BYODNavigating the Flood of BYOD
Navigating the Flood of BYOD
 
BYOD - Highlights of "Consumerization"
BYOD - Highlights of "Consumerization"BYOD - Highlights of "Consumerization"
BYOD - Highlights of "Consumerization"
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 
ACT 2014 Business or Pleasure the Challenges of Bring Your Own Device Policie...
ACT 2014 Business or Pleasure the Challenges of Bring Your Own Device Policie...ACT 2014 Business or Pleasure the Challenges of Bring Your Own Device Policie...
ACT 2014 Business or Pleasure the Challenges of Bring Your Own Device Policie...
 
Securely adopting mobile technology innovations for your enterprise using ibm...
Securely adopting mobile technology innovations for your enterprise using ibm...Securely adopting mobile technology innovations for your enterprise using ibm...
Securely adopting mobile technology innovations for your enterprise using ibm...
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are Asking
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
 
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERIntegrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPER
 
Embracing BYOD
Embracing BYODEmbracing BYOD
Embracing BYOD
 
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trendBring Your Own Device is a disruptive phenomenon that is a significant IT trend
Bring Your Own Device is a disruptive phenomenon that is a significant IT trend
 

More from Murray Security Services

More from Murray Security Services (15)

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
 
Accidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 VersionAccidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 Version
 
Manufacturing Hacks
Manufacturing HacksManufacturing Hacks
Manufacturing Hacks
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & Meltdown
 
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
 
Cybersecurity for Small Business
Cybersecurity for Small BusinessCybersecurity for Small Business
Cybersecurity for Small Business
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 
How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good Policies
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Bring Your Own Device (BYOD)

  • 1. Video Templates for PowerPoint • This is placeholder text • This is placeholder text • This is placeholder text • This is placeholder text Presented for 5th Cyber Security Training & Technology Forum
  • 2. BYOD Agenda – BYOD – Defined – Evolution of BYOD – Advantages of BYOD – Case Studies – Risks and Threats – Case Studies – CIA – Data Breech – Configuration Management
  • 3.
  • 4. A Brief Evolution of BYOD (BYOD Defined) • 2009 The Term BYOD Emerges by Intel Corporation • 2010 - IT Can’t Ignore Personal Devices • 2011 - BYOD is Here to Stay • 2012 - Data Security Takes Centre Stage • 2013 - The App Explosion • 2014 - BYOD Ceases to Exist “In 2014, BYOD evolved to become more about enablement and corporate access that goes beyond email. Employees expect the same access to workplace content on their mobile devices that they have on their laptops and PCs. MDM and MAM have shifted to EMM, as the industry evolves to cater to a broader set of mobile capabilities for the enterprise based on use cases across users, devices, apps and content.” “BYOD has ceased to exist, and has been replaced by a broader set of mobile capabilities that enable the workforce of the future. BYOD is morphing into BYOx – a new trend that takes the focus away from the specific device employees are using. It’s not just a question of phones and tablets anymore. Content, wearables and apps are all part of the BYOx spectrum. Moving forward, this will be the area that demands the most attention from a security perspective.” http://www.lifehacker.co.uk/2014/11/07/brief-history-byod-doesnt-actually-exist-anymore
  • 5. Advantages & Perceptions A study by IBM says that 82% of employees think that smartphones play a critical role in business. The study also shows benefits of BYOD include: • Increased productivity - Increased productivity comes from a user being more comfortable with their personal device; being an expert user makes navigating the device easier, increasing productivity. • Cost savings for the Company - Cost savings can occur on the company end because they now would not be responsible for furnishing the employee with a device, but is not a guarantee. • Employee satisfaction - Employee satisfaction, or job satisfaction, occurs with BYOD by allowing the user to use the device they have selected as their own rather than one selected by the IT team. It also allows them to carry one device as opposed to one for work and one for personal. Additionally, personal devices are often more cutting edge as company technology refreshes don't happen as often. https://en.wikipedia.org/wiki/Bring_your_own_device
  • 6. A Gartner strategic planning assumption indicates “by 2020, 85% of organizations will adopt BYOD in some form.” No turning back - Shows that the primary benefits of BYOD programs are improved employee mobility (57%), - Greater employee satisfaction (56%) - Improved productivity (54%). - The same survey indicates the biggest security concerns are loss of company or client data (67%), - Unauthorized access to company data and systems (57%) - Users downloaded apps or content with embedded security exploits (47%). http://www.net-security.org/article.php?id=2144
  • 7. BYOD and Mobile Security Survey by the Information Security Group A recent survey about BYOD and Mobile Security by the Information Security Group on LinkedIn - Shows that the primary benefits of BYOD programs are improved employee mobility (57%), - Greater employee satisfaction (56%) - Improved productivity (54%). - The same survey indicates the biggest security concerns are loss of company or client data (67%), - Unauthorized access to company data and systems (57%) - Users downloaded apps or content with embedded security exploits (47%). http://www.net-security.org/article.php?id=2144
  • 8. What Are we worried about?!
  • 9. Heartbleed Attack on BYOD Service Hit Insurance Giant Aviva Heartbleed vulnerability was leveraged in an attack against a BYOD service provider • Allowing the attackers to potentially cause millions in damages for insurance giant Aviva • A number of the company’s fleet of employee-owned mobile devices were wiped clean. • “Aviva was using BYOD service MobileIron to manage more than 1,000 smart devices such as iPhones and iPads. • On the evening of the 20 May 2014, a hacker compromised the MobileIron admin server and posted a message to those handhelds and the email accounts, according to our source,” the report stated. “The hacker then performed a full wipe of every device and subsequently took out out the MobileIron server itself.” http://www.tripwire.com/state-of-security/latest-security-news/heartbleed-attack-on-byod-service-hit-insurance-giant-aviva/
  • 10. 6 Biggest Business Security Risks and How You Can Fight Back - CIO Magazine IT and security experts discuss the leading causes of security breaches and what your organization can do to reduce them. • Risk No. 1: Disgruntled Employees • Risk No. 2: Careless or Uninformed Employees • Risk No. 3: Mobile Devices (BYOD) “Data theft is at high vulnerability when employees are using mobile devices [particularly their own] to share data, access company information, or neglect to change mobile passwords,” explains Jason Cook,CTO & vice president of Security, BT Americas. “According to a BT study, mobile security breaches have affected more than two-thirds (68 percent) of global organizations in the last 12 months.” 2015 Mobile Security Survival Guide - http://www.cio.com/article/2867781/mobile-security/2015- mobile-security-survival-guide.html By Jennifer Lonoff Schiff, CIO | Jan 20, 2015 5:54 AM PT
  • 11. BYOD – Data Breaches http://raconteur.net/infographics/data-security-breaches
  • 12. What do you need to consider in your BYOD Policy? • Application Security (include 3rd party) • Sensitive Data Access • Loss of Devices • Sold or disposed without sanitizing • Malware • Vulnerability Management • Confiscation for Incident Response • Conflict with other policies
  • 13. Mobile Security Reference Architecture • The figures for using mobile devices for work related tasks in 2016 are estimated at 350 million users of mobile devices, of which 200 million will be using their own personal devices for work- related tasks as well • The MSRA document provides reference architecture for mobile computing, released by the Federal CIO Council and the Department of Homeland Security (DHS) to assist Federal Departments and Agencies (D/As) in the secure implementation of mobile solutions through their enterprise architectures. One important assumption pointed out by the council is that this reference only applicable to mobile devices including mobile phone and tablet, but not laptops and other technology gadgets. (Gap!) • DISA has published guidance that requires DoD Service components and Agencies to develop CMD policies. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.5,October 2014
  • 14. BYOD – Instituting Controls (MDAC) Implement Mobile Device Access Control (MDAC). • Designed to control network access and bandwidth for employee-owned mobile devices, including Smartphones and tablets. • Goes beyond password protection by preventing network access until the devices comply with a pre-established list of criteria. • Typically includes a certain anti-virus protection level and having the most recent system updates and patches. • With MDAC, organizations also can redirect users to self-registration portals, block usage of certain applications and control bandwidth usage by the type of device. http://minnesotabusiness.com/blog/byod-insiders-attack
  • 15. BYOD – Instituting Controls (MDM issues) Mobile Device Management (MDM) “While MDM provides organizations with the ability to control applications and content on the device, research has revealed controversy related to employee privacy and usability issues that lead to resistance in some organizations.” “Corporate liability issues have also emerged when businesses wipe devices after employees leave the organization.” Issues Include: Who owns the telephone number Separating personal content from company data - being monitored Misuse of corporate access on personal devices http://minnesotabusiness.com/blog/byod-insiders-attack
  • 16. References & Resources International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.5,October 2014 Detecting cyber attacks in a mobile and BYOD organization by Oliver Tavakoli CTO at Vectra Networks - Tuesday, 14 October 2014. A Brief History of BYOD and Why it Doesn't Actually Exist Anymore, By James Laird on 07 Nov 2014 http://searchmobilecomputing.techtarget.com/tip/Minimizing-BYOD-security-risks-through-policy-and- technology