Understanding the benefits and the risks.

Presented by Corey Nachreiner, CISSP

BYOD - Bring Your Own Device or Bring Your Own Danger?

The way we wereHardware, software, and not much more.

2

Change began in 2007

Business risk increased significantly

Social Media encouraged sharing of confidential information

The way we areMobile technology and social media have changed everything.

3

4

The love affair employees have with mobile devices assures that they are here to stay.

Blurring of the linesWork anytime, anywhere.

40% of devices are consumer owned

80% of professionals will use 2 or more devices

Corporate systems and data are more accessible than ever

Do the benefits of BYOD outweigh the risks?More security challenges and less control.

5

2008

2009

2010

2013

2007200

6

2011

2012

2005200

4

The benefits of adopting a BYOD strategyDo the pluses outweigh the minuses?

Mobile devices are less expensive than old-school IT assets

Less provisioning and managing means less cost

Increased productivity

6

BYOD Challenges!

You can’t protect what you don’t knowUnderstanding and managing risks associated with BYOD.

!8

9

!

Risking data lossThe consequences can be extreme.

One office data breach can incur

– legal fees– disclosure expenses– consulting fees– remediation expenses

One retail data breach can incur

– credit monitoring expenses– legal settlements– information control audits

Risky viruses & malwareMobile devices offer little protection.

10

!

Uninvited guests

Enter workplace via consumer devices

Access to other devices and data

Potential for company-wide infections

The risk from hackers and intrusions.

11

!

12

!

The arrival of browser zombiesTrouble at every turn.

Man-in-the-Browser (MitB) attacks will escalate

Traditional malware runs every time a computing device is turned on

Browser malware only takes control of the web browser

13

!

Policy enforcementIT is challenged by a BYOD workplace.

Creating device-specific policies is difficult

We’ve given up some direct control

Solutions for these mobile platforms are immature

Challenges to productivityAdopting & enforcing a BYOD strategy.Younger employees collaborate in new ways

Employees want freedom to use mobile devices at work

Secure access solutions are necessary for empowering employees to work anywhere

14

!

BYOD Missteps

15

Failure to know what employees are doing on the network prevents successful planning

1. Not knowing what devices and applications are being used.

BYOD missteps

16

Employees accessing social networks and social applications are not always wasting time

2. Not knowing how your social media strategy works with your BYOD policies.

BYOD missteps

17

passwor

User-generated passwords are often weak and can compromise IT systems

3. Weak password management.

BYOD missteps

18

BYOD Strategies

Determine which devices are allowed to access the network

Determine which devices you will support

Focusing on policy is the first step.

Policy = Simplicity

20

Separate work from fun Make sure employees understand the rules and the risks.

Work life and personal life should be kept separate

To get network access, employees must agree to acceptable use policies

IT should monitor activity

21

Protect corporate dataFor high-level protection, limit access to devices that support VPN connectivity and require a secure connection

Limit access using VPN.

23

Application control strategies make BYOD policies more secure

Decide which applications are acceptable, and which are not

Segment networks for additional protection

Applications should not be ignored.

Controls that go beyond mobile devices

24

Consider additional risksAre you subject to controls such as HIPAA or PCI DSS?

If a device is lost, can you wipe the data?

Do employees know what rights they give up when using a mobile device?

Best practices and policy enforcement are essential

25

BYOD & WatchGuard

Manage BYODwith WatchGuard

WatchGuard makes managing BYOD easy by designing all products with easy-to-use policy tools. Administrators can enforce policies for small businesses or large enterprises

Easy-to-use security services for IT administrators.

27

Control the network and the applications

Easily and quickly set up network segments

Maintain compliance and high-security

Monitor over 1,800 types of applications

WatchGuard products give you control over how devices are used.

28

Protect all connected devices from mobile malware.

WatchGuard utilizes a “best-in-class” approach, ensuring network connected devices are shielded with an antivirus umbrella.

The network perimeter is the first line of defense.

29

d

Safe surfing solution

Resides at the gateway

Device agnostic

Easy for IT to set up

WatchGuard’s WebBlocker protects users in hostile environments.

30

Protect corporate dataFor high-level protection, limit access to devices that support VPN connectivity and require a secure connection

Limit access using VPN.

31

What’s connected? What’s being used?

Logging and reporting are one of the most valuable resources that IT can leverage for a BYOD strategy. This insight helps protect resources and address areas of concern

WatchGuard illuminates trouble spots and potential

32

Summary

!

!

34

A major trend that is changing IT.

BYOD is here to stay

Will grow in size and scope

Presents new challenges and opportunities

A BYOD strategy is critical for data security

Thank You

35