BYOD – employees run riot? Hanna Torneus Regional Technology Manager Skadden Arps Slate Meagher & Flom Dmitri Hubbard Director, Legal Technologies & Consulting – Asia Pacific Control Risks Hanna Torneus - Skadden Arps BYOD Why BYOD Cost Savings Convenience Satisfaction Productivity Is it worth the trouble? Hanna Torneus - Skadden Arps To B or not to BYOD I can choose! What should I get? Key Challenges • Compliance and Governance • Security • Mobile Device Management Hanna Torneus - Skadden Arps BYOD – Compliance Compliance Can cause violation of rules Local variations of privacy law Ownership – Hardware vs Intellectual Property Hanna Torneus - Skadden Arps BYOD - Security Security Data Breach Stolen Device Network protection and security updates Hanna Torneus - Skadden Arps BYOD – Mobile Device Management MDM Challenge to manage different devices Sandbox – Work / Personal Wireless data charges and roaming Hanna Torneus - Skadden Arps BYOD Stats • • • • • • • • 67% of people use personal devices at work, regardless of the office’s official BYOD policy (Source: Microsoft via CBS News) 42% of companies surveyed already use BYO (Source: Moka5 Survey, July 2013). 46% of end users surveyed said network performance negatively affects mobile devices the most (Source: Cisco) 77% of employees haven’t received any education about the risks related to BYOD (Source: 2013 Data Protection Trends Research, conducted by Ponemon Institute via AllThingsD) 78% of employees believe that having a single mobile device helps balance employees’ work and personal lives (Source: Samsung) 62% of companies surveyed plan to support BYOD by the year’s end (Source: TechRepublic via ZDNet) Only 11% of end users access business applications from the corporate office 100% of the time (Source: Cisco) 24% of consumers surveyed currently use a smartphone or tablet as their primary, workrelated computing device (Source: Samsung) BYOD 2014 survey (Citrix) 2014 predicts BYOD activity to encompass 54% tablets 50% smartphones 25% desktops / laptops (up from 18%) 42% 21% 100+ app orgs expected to manage 1000+ orgs expected to manage IT decision makers concern about storing corporate information on their device 58% 29% 13% very concerned somewhat concerned not concerned 2014 predicts 90% mobile email 52% line of business tools 48% enterprise file sync and share 39% collaboration tools 36% secure browsing 35% Sharepoint access 21% Web conferencing BYOD 2013 survey (Magic) Use of smartphone tablet 86% email 80% web browsing 80% contacts 75% calendar 73% instant messaging 71% office applications 63% task and process management 62% social media 59% line of business apps 51% Salesforce / CRM Android 65% (up 20%) Apple 77% (up 10%) Windows mobile 33% (up 30%) Blackberry 84% (up 3%) BYOD – Developed (developing world) Lets me do my job better 79% (53.3%) Like the flexibility 78.6% (55.1%) Want single device 59.1% (37.7%) Favored device for work (US only) Smartphone 42% Desktop 31% Laptop 38% Tablet 20% BYOD 2012 survey (Vertic) Use of enterprise tablet 73% web browsing 69% email 67% working remotely Use of personal tablet 78% web browsing 74% email 84% gaming Why yes? Mobility Ease of use Enterprise level apps Sales teams love it! Why no? Security Total cost of supporting (vs device itself) Backup / data access Device management BYOD 2012 survey (Motorolla) 2 out 3 people realize that the responsibility falls on them, rather than the IT department, to keep mobile data private and secure. 73% of respondents said they are concerned about smartphone security; in fact, a quarter of them would rather share a toothbrush than their phone. The survey also found that people: * Store sensitive data on phones: 34% store sensitive data such as their bank account information or work email passwords on their phones * “Work around” company mobile policy: 55% admit they’ve sent work email or documents to their personal email accounts on their phones * Chose convenience: 48% have used their devices to log into an unsecure wireless network * Just aren’t that worried: 77% can name at least one thing they’re more familiar with than their company’s IT security policies (67% credit card terms, 57% health insurance policy, and even 33% are more familiar with their home appliance manuals) Co-mingling of company and personal data • Social media is foremost a personal communication tool – but deletion of relevant social media evidence is criminally actionable • BYOD is even more directly tied to corporate activities • “If it’s unclear what data is personal and what data belongs to the enterprise, e-discovery is a major challenge.” 451 Research • Risks aren’t limited to mobile devices either. • With so many people now working remotely, personal desktop computers are also becoming sites for comingling of personal and enterprise data – many companies have no “IG” solution • Should be a major concern… but more often seen as saving cost Personal tools on a work device… GMAIL “Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient's ECS provider in the course of delivery. Indeed, 'a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.' Smith v. Maryland, 442 U.S. 735, 743-44 (1979).“ FACEBOOK “Basically, when you create an account, Facebook inserts a 'tracking cookie' into your Web browser that allows Facebook to track each website you are visiting. This means when you are logged into Facebook and then browse the web (completely separately from your Facebook activities) Facebook knows what sites you are visiting.” What your company tells another company What your employees tell the world Likes For high intelligence: Curly Fries, Science, Mozart, Thunderstorms or The Daily Show For low intelligence: Harley Davidson, Lady Antebellum, Chiq and I Love Being a Mom For Satisfaction with Life: Swimming, Jesus, Pride and Prejudice and Indiana Jones For Dissatisfaction with Life: Ipod, Kickass, Lamb of God, Quote Portal and Gorillaz For being emotionally unstable (neurotic): So So Happy, Dot Dot Curve, Girl Interrupted, The Adams Family and Kurt Donald Cobain For being emotionally stable (calm and relaxed): Business Administration, Skydiving, Soccer, Mountain Biking and Parkour For being old: Cup Of Joe For A Joe, Coffee Party Movement, The Closer, Freedomworks, Small Business Saturday and Fly The American Flag For being young: Body By Milk, I Hate My Id Photo, Dude Wait What, J Bigga and Because I Am A Girl Logical vs physical