Six Steps to a Solid Mobility Policy in 2014
Richard Absalom and David Lingenfelter
#MobilityPolicy14
Today’s agenda
1. Introduction: what mobile can do for you 2. Step 1: Security 3. Step 2: Employee privacy 4. Step 3: Eligibility 5. Step 4: Acceptable use and dealing with policy violations 6. Step 5: Technical support 7. Step 6: Reimbursement and TCO 8. Q&A
2
#MobilityPolicy14
Ovum overview
• Leading independent global IT & Telecoms Research & Analysis firm
• 150 analysts covering a broad set of technologies and markets
• Providing strategic advice to telecoms operators, IT vendors, service providers and enterprise IT leaders
• Headquartered in London • 24 Month history of investment in understanding
consumerization behaviors 3
#MobilityPolicy14
Fiberlink overview
• 10 Years in Enterprise Mobility Management (EMM)
• 5,000 Customers across all verticals
• 450 Employees worldwide
4
2013 and 2012 Magic Quadrant Leader for Mobile Device Management
• High customer success rate
• Millions of devices on MaaS360 platform
• Recently acquired by IBM
#MobilityPolicy14
Poll question
How would you classify your organization’s posture on mobility at this time? A. Struggling with mobile practices around BYOD, data
security and mobile apps B. Developed and implemented a crawl, walk, run strategy C. Mature mobile policy program in place D. Mature mobile policy & supporting security and support
technology (EMM)
5
#MobilityPolicy14
Introduction What mobile can do for you
6
#MobilityPolicy14
Mobile working has obvious benefits
7
• Increased flexibility • Increased productivity • Increased engagement
• Every policy needs to have the
goal of business process improvement at its root
#MobilityPolicy14
A mobility policy doesn’t just mean formalizing BYOD…
8
• … But it does need to address the drivers of this behavior
56.8% of full-time employees access corporate data
from a personally owned smartphone or tablet –
whether their IT department likes it or not
Source Ovum: Global BYOD Survey 2013 : N = 4371
#MobilityPolicy14
Industry needs
• Retail, medical, education and finance – FINRA – HIPAA
• Mobile and cloud are driving change • Information access
9
#MobilityPolicy14
Step 1: Security Maintaining control of corporate data
10
#MobilityPolicy14
Mobile – a CIO’s security nightmare?
• Data is always at risk at three points: the network, the application and the device
• Consumerization means that all of these threats are multiplied
11
#MobilityPolicy14
Confusion of security solutions
• What can I use to secure corporate data on mobile devices? – MDM? – MAM? – NAC? – IAM? – Virtualization? – Containerization? – All of the above?
12
#MobilityPolicy14
Protection shifts
• System protection then, data protection now
• Data access and security – Workstations – Laptops – Mobile devices
• Which solution? There is no right answer.
13
#MobilityPolicy14
Poll question
What percentage of employees in your organization use laptops, smartphones and tablets for work? A. 1-24% B. 25-49% C. 50-74% D. 75-100%
14
#MobilityPolicy14
Poll question
What technologies are you using in your mobile strategy (select all that apply)? A. Active Sync B. MDM (Mobile Device Management) C. MAM (Mobile Application Management) D. NAC (Network Access Control) E. IAM (Identity and Access Management) F. Virtualization G. Containerization H. None
15
#MobilityPolicy14
Step 2: Employee privacy Balancing security with data privacy rights
16
#MobilityPolicy14
Organizations face a legal conundrum
Data being accessed on a personal device needs to be secured. If it is lost, the organization is responsible – not the individual
However… they must also respect the privacy rights of their employees
17
#MobilityPolicy14
Approach on a geographic and vertical basis
There are numerous similarities, but data privacy legislation differs from country to country (e.g. the US has no single law)…
And between verticals (see US US Health Insurance Portability and Accountability Act )
18
#MobilityPolicy14
What businesses can and cannot do
19
Business Type
Business Location
Security Focus
Different businesses, different locations, different concerns
Examples:
Geolocation
Culture
#MobilityPolicy14
Step 3: Eligibility Giving the right access to the right people
20
#MobilityPolicy14
BYOD across all areas of business…
21
Source Ovum: Global BYOD Survey 2013 : N2012 = 4038, N2013 = 4371
#MobilityPolicy14
A mobile policy that applies to everyone
Are different policies and rules required for different employees or departments?
e.g. can the CEO get access to more than the secretary?
What do Sales, Marketing, HR etc. need?
22
#MobilityPolicy14
One size doesn’t fit all
23
#MobilityPolicy14
Step 4: Acceptable usage policy Setting standards and dealing with policy violations
24
#MobilityPolicy14
Drawing the lines around acceptable use
Striking a balance between freedom to work in preferred manner and the need to secure data
What steps will be taken if there is a policy violation – does it depend on the severity or accumulation of offences?
25
#MobilityPolicy14
Multiple policies
26
#MobilityPolicy14
Step 5: Technical support Understanding who is responsible for what
27
#MobilityPolicy14
Understanding responsibilities in a BYOD scenario
Who is responsible for technical support: the IT desk or the individual?
Will users be responsible for some applications and / or services and IT others? If so, which?
To what extent are users expected to keep their devices up to date with the latest patches, OS upgrades, etc.?
28
#MobilityPolicy14
Whose responsibility is it?
29
#MobilityPolicy14
Step 6: Reimbursement and TCO Understanding the impact on the bottom line
30
#MobilityPolicy14
A realistic view on cost to go mobile
What is the cost of the required technical support and management, including any third party software implementations?
In a BYOD deployment: who pays for the hardware, air time and data connection? Does reimbursing use of personal call / data plans make sense?
31
#MobilityPolicy14
Research & Analysis
• Bring Your Own Device (BYOD) implementation – Increase productivity - 37 minutes/week (global average)
• 81 Minutes/week US • 4 Minutes/week Germany
– Value increased by $350/mobile user – 198 Million BYOD devices worldwide
• Expected to double by 2016 – BYOD employees choose smartphones and pay $965 out-of-pocket
32
For more information
• Forum – announcements, discussions and questions
• Blog • Webinars • Resources • Social media
Follow-up: [email protected] [email protected]
Make informed business and technology decisions: Ovum.com Visit the MaaSters Center to discuss IT in the cloud: MaaS360.com/maasters