Tag Archive for BYOD

| September 18, 2014
Comments Off on 10 Policies to Minimize BYOD Risk

10 Policies to Minimize BYOD Risk

Mandatory Authorization ProcessThe challenge for employers offering BYOD, according to schnaderworks, a labor and employment blog from Schnader Harrison Segal & Lewis LLP, is finding the right cost/benefit balance for their businesses. In developing an effectivebring your own device” (BYOD) policy, employers must first identify which employees will be eligible for the program according to the blog.

Onc10 Policies to Minimize BYOD Riske the basic parameters are set, the lawyers stress a written policy is essential to set up ground rules and permit enforcement to protect the company’s data and other interests. They suggest the following steps are key to establishing an effective BYOD policy:

1. Establish a Mandatory Authorization Process:  The lawyers say this should be completed before an employee can use company data and systems on a personal mobile device.

Require Password Protection2. Require Password Protection:  Each authorized device should have the same password protection as an employer-issued device.  According to the article, such protections include limiting the number of password entry attempts, setting the device to time out after a period of inactivity, and requiring new passwords at regular intervals.

3. Clarify Data Ownership:  A BYOD policy should specifically address who owns the data stored on the authorized device. It should be clear that company data belongs to the employer and that all company data will be remotely wiped from the device if the employee violates the BYOD policy, terminates employment, or switches to a new device. The policy should also alert employees that it is their responsibility to backup any personal data stored on the authorized device states the article.

Spell Out Procedures In Case of Loss4. Control the Use of Risky Applications and Third Party Storage:  Schnader Harrison Segal & Lewis recommends employers may want to ban the use of applications that present known data security risks, such as the use of “jailbroken” or “rooted” devices and cloud storage.

5. Limit Employee Privacy Expectations The BYOD policy should clearly disclose the extent to which the employer will have access to an employee’s personal data stored on an authorized device and state whether such personal data is stored on the company’s backup systems. The article recommends minimizing the co-mingling of company and personal data. Employers may want to install software that permits the “segmenting” of authorized devices.  However, no matter what measures the company takes to preserve employee privacy, the policy must emphasize that the company does not guarantee employee privacy if an employee opts in to the BYOD program.

Control the Use of Risky Applications6. Address Any Business-Specific Privacy Issues:  Certain businesses are subject to legal requirements about the storage of private personal information (such as social security numbers, drivers’ license numbers, and credit and debit card numbers, etc.) which may need to be addressed in a BYOD policy.  The blog points out that HIPAA requires native encryption on any device that holds data subject to the act. An employer may need to put in place processes prohibiting or limiting remote access for certain categories of sensitive data.

7. Consider Wage and Hour Issues:  Permitting employees to use an authorized device for work purposes outside of the employee’s regular work hours may trigger wage and hour claims. The lawyers suggest the BYOD policy should set forth the employer’s expectations about after-hours use  (such as a requirement that non-exempt employees must refrain from checking or responding to work emails, voice mail, and texts after hours) (rb- Yeah).

BYOD policy8. Ensure Compliance with Company Confidentiality Policies.  The author says a BYOD policy should reiterate that an employee using an authorized device must comply with all company policies on confidentiality and the “acceptable use” of company information.

9. Spell Out Procedures In Case of Loss or Theft:  The employer should set up a specific protocol to be followed in the event an authorized device is lost or stolen. The blog says the process should include the prompt reporting of a lost or stolen device and the remote wiping of the device.

Insure Compliance with Company Confidentiality Policies10. Document Employee Consent:  Finally the law firm, in good lawyer form, suggests the employer should get an employee’s written consent to all terms and conditions of the BYOD policy.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| May 22, 2014
Comments Off on BYOD: My Phone Your Problem

BYOD: My Phone Your Problem

BYOD: My Phone Your ProblemFujitsu warns that BYOD programs have a lot of hidden costs that IT departments often do not consider according to a recent article on FierceMobileIT. Craig Merrick, the managing consultant for mobile business solutions at Fujitsu (6702), explains the sources of extra costs of the BYOD program.

oftware updates to smartphones could cause problemsThe enterprise can incur significant additional costs if it tries to support all versions of operating systems being used by BYOD employees. Mr. Merrick says software updates to smartphones could cause problems with existing corporate applications. This could lead to the help desk being overwhelmed with calls.

BYOD support costs

He cites a recent survey of 25,000 BYOD end users by Fujitsu found that 80% of users believe that their corporate IT department is responsible for fixing issues with their personal devices.They want to bring their own device but they don’t want to take responsibility for fixing it,” Fujitsu’s Merrick said. Gartner (IT) forecasts that supporting BYOD will cost enterprises $300 per employee annually by 2016, up from a current $100 per employee annually.

storing corporate information on personal devicesAnother area of unforeseen cost, according to the article is a security breach caused by BYOD. A survey (PDF) of 790 IT professionals by Dimensional Research on behalf of security firm Check Point found that 79% of respondents reported they had a mobile security incident within the past year. Many of these incidents stemmed from employees storing corporate information on personal devices.

Mobile security incidents

The report revealed that more than half of large businesses reported mobile security incidents that have cost them more than $500,000. For 45% of SMB, mobile security incidents exceeded $100,000 in the past year, the survey found. Tomer Teller, security evangelist and researcher at Check Point commented;

Without question, the explosion of BYOD, mobile apps, and cloud services has created a herculean task to protect corporate information for businesses both large and small.

protect corporate information for businessesThe article concludes that additional costs for firms contemplating BYOD, can include network infrastructure upgrade, wireless service costs, device management product investment, and application and software investments, explained Forrester (FORR) analyst Michele Pelino.

rb-

Many businesses believe that implementing a BYOD policy will save them both the capital outlay of acquiring devices and the ongoing cost of maintaining them. But the reality does not always match the theory.  Planning and implementing a successful BYOD program requires executives to understand the costs, as well as the benefits.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| May 15, 2014
Comments Off on Is The Perimeter Dead?

Is The Perimeter Dead?

Is The Perimeter Dead?Even while mobile, cloud, and software services are blurring the lines of corporate IT boundaries through deperimeterization, DarkReading recently asked out loud, if the perimeter is dead.

it's very hard to define the perimeter of any organizationThere are those who believe enterprises are wasting their security budget on perimeter protection. In fact, FierceTelecom reports that 57% of enterprises responding to a survey said they plan to spend $500,000 or more in 2014 to upgrade their firewalls to high-speed network interfaces. Security is the chief reason cited.

The perimeter is dead

It is no surprise that the answers varied according to the author. Hardliners have been hammering on the death of the perimeter for a long time now. “Perimeter security is no longer relevant to enterprises. With the mobilization of the workforce, it’s very hard to define the perimeter of any organization because mobile-enabled employees are connecting to the network from all over the world on devices of their choosing,” Thevi Sundaralingam, vice president of product management at Accellion told DarkReading. “Next-gen security needs to focus keeping content safe, not on defining a network perimeter.”

People are giving up on the perimeter

Then there are the cynical abandoners. “In my opinion, perimeter security is not dead — it just has been handled incorrectly for so long people are giving up,” Alex Chaveriat, a consultant at SystemExpert told the blog.

Network perimeterBut others believe perimeter protection still has plenty of relevance for enterprise IT, even if it means rethinking the role of the perimeter and how these defenses are deployed. Corey Nachreiner, director of security strategy for WatchGuard (a firm that sells firewalls) believes the perimeter is different but still relevant.

The perimeter will never die, it will just get more focused … Sure, our workforce is getter (sic) more mobile, which means we need to incorporate new security solutions. But let’s not fool ourselves. The perimeter will never go away.

The perimeter is different

WatchGuard’s Nachreiner believes that the new perimeter needs to focus on server infrastructure and data centers, and not endpoint users. He believes firms will have to work in a hybrid environment that bolsters the perimeter not replacing it. “Just because people are using mobile devices and cloud services doesn’t mean they won’t still have local servers and assets behind a relatively static perimeter.

Another argument for perimeter defenses, according to the author is network egress monitoring. Michael Patterson, CEO of Plixer International told the author that egress visibility is crucial to pinpoint large-scale breaches.

Ultimately, the bad guys need to pass through the perimeter in order to complete the exfiltration of the data they are trying to steal … Monitoring behaviors is playing a significant role in this area as is the reputation of the site being connected to. 

The perimeter is growing

exfiltration of dataCEO Patterson also explains that perimeter defense doesn’t necessarily have to be placed at the edge. He told DarkReading it may have more relevance inside the network to watch and block threats within the organization. It’s for this reason that Mike Lloyd, CTO of RedSeal Networks, says that rather than dying, the perimeter has actually grown in recent years. In the article he says;

Companies have more and more perimeters that are getting smaller and smaller … Regulation drives it: PCI demands internal “zones” of segregation. BYOD drives it: Once you let zany uncontrolled endpoint devices onto your network, you have to build zones to keep them away from internal assets. Security drives it: We’ve talked about defense in-depth for years, but people are finally doing it.

As a result, RedSeal’s Lloyd says, security practitioners, have more opportunities for controls. This, though, can be a blessing and a curse. The downside is complexity, more controls in more places … The aspirin for that headache is automation. Make sure that all the enclaves you designed are actually set up and maintained properly as change happens.

rb-
The last time I re-designed a network, we put a Checkpoint (CHKP) firewall in front the of server segment. We dropped it in, in transparent mode to collect the who, what, when, and why of people accessing data you should have heard the howls of protest.

Despite naysayers, many security experts believe perimeter defenses have relevance when deployed as a part of defense-in-depth.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| May 13, 2014
Comments Off on Wearable Tech Takes Off

Wearable Tech Takes Off

Wearable Tech Takes OffWith the recent release of the Google (GOOGGlass, interest in wearable technology has been on the rise. The impending Apple (AAPLiWatch counter offering will inevitably drive the hype-cycle for wearable technology into hyper-drive. FierceMobileIT cites forecasts from several vendors that predict the wearable tech market will explode.

Wearable enthusiasm

Google GlassesVisiongain believes that over the next five years, the wearable technology market will reach $4.6 billion, with “explosive growth and high adoption rates.”  The wearable technology market includes smartwatches, tech clothing, augmented reality glasses, mobile health devices, and fitness/well-being monitors. Visiongain says:

Due to these devices becoming increasingly cheap to manufacture OEMs are now devising ways to apply this technology to target the consumer market. With virtually limitless applications to a number of verticals, the wearable technology market represents a huge value proposition to all ecosystem members, from manufacturers to app developers and service providers.

Vital jacketIHS Research and Juniper Research share Visiongain’s optimism about wearable technology. IHS predicts that between 2012 and 2017 10 million smart glasses will ship, with a majority of units shipped in 2016. IHS optimistically predicts that shipments of smart glasses will increase by 250% per year.

Juniper Research predicts that wearable devices would be increasingly used in the enterprise. Enterprise wearables include terminal devices, scanners, display devices, and tracking devices. They can also be used for logistics, factory management, and production houses. Juniper projects that overall sales of mobile, wearable devices, and smart glasses will reach 70 million units by 2017.

Wearables will cut into tablets

IDC says wearable computing will cut into tablet sales. They believe wearable devices like Google Glass and smartwatches could hamper tablet sales. Shoppers may choose to spend their money on wearable technology instead of tablets.

Business Insider - Wearable shipment estimates

rb-

Smartwatches augmented reality glasses and even smart contact lenses will save time and increase productivity. These technologies will hit the bottom line of enterprises that choose to embrace this new technology.

Once widespread consumer adoption takes place, the enterprise is never far behind – whether it’s ready or not. Remember how quickly Blackberry’s were tossed aside in favor of more consumer-friendly smartphones? BYOD is evidence that staff members will take technology into their own hands if their employer isn’t providing what they want. 

Companies need to start thinking about policies on existing wearable technology. For instance, many companies who have regulations on using cellphones while driving can expand these to include wearable technology, which will come in handy since wearables could prove distracting.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| March 11, 2014
Comments Off on Hidden costs of BYOD

Hidden costs of BYOD

Hidden costs of BYODFierceMobileIT points out research from Visage Mobile has identified even more hidden costs in an informative infographic based on data collected between January and April 2013 from 180 companies.

These hidden costs include high roaming charges, as well as downloads of premium text services and sexting apps by employees. Employees download $13,640 worth of unapproved apps, ringtones, and premium services every month. As a result, 15 percent of a company’s phone bill has nothing to do with business, according to the research.

rb-

Ummm – Acceptable use policy? A deduct from their phone stipend?

Hidden costs of BYOD

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
« Older Entries   Recent Entries »