BYO `WORST` Practices - ISSA: Pittsburgh Chapter

ISSA January 2013
BYO “Worst” Practices:
How to #fail at BYO
Andrea Swaney
Regional Sales Director
Why BYO?
 End-Users
– Choice computing (Mac)
– Don’t want to carry multiple devices
– More flexibility
 Company
– Employee happiness, recruitment, retention
– Reduce costs: HW, IT administration, help desk
– Improve productivity
Promises & Pitfalls of BYOD
BYOD Promises
BYOD Pitfalls
 Increased productivity
 Variety of hardware & software may
complicate support & licensing
 Employee comfort, due to familiarity
with the devices they already own
 Reduced acquisition/maintenance
 Potential security issues from mixing
personal/business data, viruses, &
 Greater employee flexibility
 Legal matters, including ownership &
 Avoid the security & support
problems presented by "ad hoc“
 HR issues, such as acceptable use,
privacy, & employee termination
 Financial implications, such as
hardware acquisition, loss/theft, &
BYO Worst Practice #1: Ignore it.
 It’s just a fad.
 It’s not happening in real companies.
 IT dictates the policies, users obey them.
MokaFive, June 2012 N=335
MokaFive, June 2012 N=335
Mobile Devices by Ownership
(As a % of Users)
2012 Osterman Research, N=760
BYO Worst Practice #2: Use MDM
 Ensure you have total control over their whole
device and their personal data.
 Issue remote wipe:
– Whenever someone misplaces their phone
– Whenever someone doesn’t show up for work
– To users who don’t obey “acceptable usage” policy
– As a solution to disk full errors
Design Flaws
12-33% of polled organizations report lack
of proper management & policy leads to
under-utilization of personal phones
20-42% for tablets
2012 Osterman Research, N=760
MokaFive, June 2012 N=335
BYO Worst Practice #3:
Mingle personal and corporate data
 Make sure users can mix their personal and
corporate data.
– Encourage productivity!
– Makes subpoenas extra fun!
– Extra hilarity when someone leaves the company!
 Back up all personal data on corporate servers.
– Make the policy vague about who actually owns the data.
– Make sure IT has access to the backed-up data. (a.k.a. job
BYO Worst Practice #4:
Make an obnoxious password policy
 Make BYO more secure by enforcing a rigorous
password policy
– Must type password to unlock device
– Minimum 16 characters (2x secure as 8!)
– Must alternate upper-case and lower-case letters
– At least one foreign character
– Set device timeout to 15 seconds
– Wipe device after 1 failed attempt
BYO Worst Practice #5:
Don’t support the devices users want
 Supported Phones:
– Palm Pre
– Microsoft Kin
– Blackberry (any of them)
 Supported Tablets:
– Blackberry Playbook
– HP Touchpad
– Apple Newton
BYO Worst Practice #6:
Don’t require users to have a service plan
BYO Worst Practice #7:
Use VPN on personal devices
 Including your home machine that you share with your teenage
BYO Worst Practice #8:
Encourage personal cloud storage
 Suggest these great alternatives to sync corporate data
between devices:
– Dropbox
– Gmail
– Megaupload
– Bittorrent
– Usenet
Use of DropBox
>1000 Employees
Used with IT's
Not Used
Used w/o IT's
2012 Osterman Research, N=760
BYO Worst Practice #9:
Windows 7 desktop on phones/tablets
 Force users to remote to a Windows 7 desktop from their
phones and tablets.
– Ignore complaints about how difficult it is to navigate Windows with a fingertip
instead of a mouse.
– Provide sandpaper so they can file down their fingertips (and scratch out their
– Everyone has connectivity all the time, right?
BYO Worst Practice #10:
No encryption or security software
 Don’t provide any anti-virus, encryption, or DLP
– Devices are never lost or stolen.
– Security software is way more expensive than a loss event.
– Users are definitely smart enough to keep their data private.
BYO “Worst” Practices
BYO “Worst” Practices
Ignore it. It’s just a fad.
Use MDM for personal devices.
Mingle corporate and personal data.
Make an obnoxious password policy.
Don’t support the devices users want.
Don’t require users to have a service plan.
Use VPN on personal devices.
Encourage personal cloud storage.
Windows 7 desktop on phones/tablets.
10. No encryption or security software.
MokaFive BYO Resources
 BYO Best Practices
 BYO White Paper
 BYO Corporate Study