2016 NLC-RISC Trustees Conference...1 2016 NLC-RISC Trustees Conference Issues and Consideraons in...
33
1 2016 NLC-RISC Trustees Conference Issues and Considera:ons in BYOD (Bring Your Own Device) Employees are increasingly bringing their own personal electronic devices, including mobile phones and tablets, into the workplace. Some employers believe that BYOD saves money, and many employees prefer to use just one set of devices. It seems like a win-win, but there are real security and data breach hazards associated with permiEng employee-owned and -maintained technology in the workplace, especially if the employer does not adopt and follow a thorough BYOD policy. In the 21 st century workplace, many organizaGons allow employees to access corporate data from outside of the workplace. Email access is most common, but oHen staff are also accessing applicaGons in the “cloud” or storing sensiGve informaGon on removable media (usb drives, cd/dvd’s, etc). Pools are affected if they permit BYOD in their own workforce or cover members for data breach. Ryan Draughn, CIO/Business Director, NC League of Municipali=es Friday, May 6th 10:45am – 12:00 pm
Transcript of 2016 NLC-RISC Trustees Conference...1 2016 NLC-RISC Trustees Conference Issues and Consideraons in...
1
2016NLC-RISCTrusteesConferenceIssuesandConsidera:onsinBYOD(BringYourOwnDevice)Employeesareincreasinglybringingtheirownpersonalelectronicdevices,includingmobilephonesandtablets,intotheworkplace.SomeemployersbelievethatBYODsavesmoney,andmanyemployeesprefertousejustonesetofdevices.Itseemslikeawin-win,buttherearerealsecurityanddatabreachhazardsassociatedwithpermiEngemployee-ownedand-maintainedtechnologyintheworkplace,especiallyiftheemployerdoesnotadoptandfollowathoroughBYODpolicy.Inthe21stcenturyworkplace,manyorganizaGonsallowemployeestoaccesscorporatedatafromoutsideoftheworkplace.Emailaccessismostcommon,butoHenstaffarealsoaccessingapplicaGonsinthe“cloud”orstoringsensiGveinformaGononremovablemedia(usbdrives,cd/dvd’s,etc).PoolsareaffectediftheypermitBYODintheirownworkforceorcovermembersfordatabreach.RyanDraughn,CIO/BusinessDirector,NCLeagueofMunicipali=esFriday,May6th10:45am–12:00pm
2
EmployeeswhobringtheirowncompuGngdevices–suchassmartphones,laptops,andtablets-totheworkplaceforuseandconnecGvityonthecorporatenetwork.
BYOD–Whatisit?
BYOD=BringYourOwnDevice
3
1956:Firstharddriveforsaleholds5MBofdataatacostof$50,000.2016:SanDiskCruzersells64GB(64,000MB)USBdrivefor$15.
HistoryFunFact
WhowasmanufacturerofthatfirstHardDrive?
The“BYOD”Hype
Mobility BestBuyEffect
EaseofUse GeneraGonal
©UNCSchoolofGovernment-EvaluaGngBYOD
5
GoodReasonsforEmbracing
• StaffcancarryaSingleDevice• StaffcanusethedeviceofTHEIRchoice
• TendtobemoreproducGve/complainless.• Theytendtobecerprotectthedevice.
• ChooseprotecGvecasesandscreencovers.• Chooseowninsurance/protecGonplans.
• Freedomtodeploypersonalappsanduseforleisureaswellasbusiness.• NavigaGonalapps,Bookreaders,PDFtools.• Music/Entertainmentapps.• FreeandNon-freeapps.
6
MoreReasonsforEmbracing
• It’stheirs,evenaHertheyleaveemployment.
• Upgradecyclemorefrequent,InsteadoforganizaGonalrefreshofdevices(oHen3-4years),employeescanrefreshsooner.
• Mayhelpeaseemploymentequityissues.• GeneraGonalAppeal(notjusttalkingMillennials).
• Fitslifestyleofworkingwhenconvenient.
7
GoodReasonsforNOTEmbracing
• Security–ORLACKTHEREOF!• Howdoyouenforcetheneededpolicies.• TheH/Loss–Itwillhappen.
• LackofcompleteorganizaGoncontrolofdevice.• Youmaybeabletoapplygeneralizedpolicies,butfull
controlwithoutownershipmaybehardtoachieve.• SecurityTools–Andissuesdeploying/enforcing.
• WorkplaceRulesmaychange• WhataretheyusingitforduringthemeeGng?• Blurringoflinesofpersonaluse/businessuse.• Humansmakemistakes;howwilltheorganizaGon
addressthis?(Ex.answeringthephoneinappropriately)
8
MoreReasonsforNOTEmbracing
• LaborLaws:Cannon-exemptstaffuse?• PrivacyConcerns• It’stheirdevice,areyoureadyhowtheymayuseit?
• Areyouopentopolicingtheirbehavior?• Scopecouldgowild(laptops,tablets,smartphones,watches,usbdrives,bookreaders,digitalcameras,GoPros,wifi’s/mifi’s,etc.
9
BYODConsideraGons
Thingsarechangingaroundus
• “Consumer”orpersonalsoHwaremakingitswayintobusiness(Skype,Dropbox,iCloud,etc.)
• CloudstorageandSoHwareasaService(SaaS)becomingmorecommonplace.
11
CanyourITDepartmentHandleit?
Structural Human Resource
Culture Political©UNCSchoolofGovernment-EvaluaGngBYOD
Structural
• ITassumesanewrole.• TradiGonalbreakfixisnowreplacedwithbecomingatrustedbusinessadvisor.
• Userempowermentversuscommandandcontrol.
HumanResource• Righttypeofskillsetswithinthedepartment.
• Atechnologistversustechnician.– Findingtherightbalanceiscrucial.
• SoHskills/CommunicaGonsskillsareamust.
Cultural/Symbolic• ITasabusinesspartner– Notacostcenter
• Employeeempowerment• WetradiGonallymanagedthenetwork– WhatdoweulGmatelyneedtocareabout
PoliGcal
• ThishastheabilitytochangethePercepGonofIT.
• InnovaGvevs.ReacGonary.• Embracingchange.
16
Believeitornot,TechnologyChanges
Howsoonbeforewedon’tevenhave“PERSONAL”devices?
17
18
It’stheENVIRONMENT,NottheDevice• In10years,wemaynotbecarryingaroundbricksorthinslatesaroundinourpockets.• Accessingyour“PROFILE”orEnvironmentonshareddevices.• Datainthecloud(BusinessandPersonal).• SaaS(SoHwareasaService)isalreadycommonplace.• BusinessEnvironmentvsPersonalEnvironment
19
Thetelevisiontook13yearstoreachamarketaudienceof50million.
TheiPodtook3yearstoreachamarketaudienceof50million
HistoryFunFact#2
WhoismanufactureroftheiPOD?
20
InteresGngStaGsGcs
21
22
Gartnerpredictsby2017,50%ofemployerswillrequireemployeestosupplytheirowndeviceforwork
purposes.
(source:“BringYourOwnDevice:TheFactsandtheFuture”Gartner2013).
23
• ProducGvity,flexibilityandremoteworkinghaveemergedasthetopthreedriversofBYOD.
hcp://www.macquarietelecom.com/resources/blog/25/06/2015/byod-top-6-trends/
REFINEMENTOFBENEFITS
24
• Employeesarefedupwithappsthatchainthemtothedesktop.
• Instead,theywanttousetheirshinynewiPadsandAndroidtabletsthattheyunwrappedovertheholidaysforwork.
• SaaSenablingthistohappen.
hcp://www.macquarietelecom.com/resources/blog/25/06/2015/byod-top-6-trends/
ENDOFLEGACYAPPLICATIONS
25hcps://www.sungardps.com/state-mobility-government/
BYODinthePublicSector
Increasingly,governmentworkersare:• UsingtabletstoconductbuildinginspecGons• IssueparkingGcketsandcollectfeesfromresidents.• TherelatedBYOD(BringYourOwnDevice)movementhasusheredinaneweraof
“govies”whocanrespondtotheirconsGtuentsinreal-Gme.TheirresponsecapacityisnolongerGedtoaspecificdeskinagovernmentoffice–inquiriesmaybeansweredfromanylocaGonandincreasinglymaycomeduringeveninghoursorweekends.
• LookoutInc.surveyedfederalagenciesandfoundthat50%ofgovernmentworkersnowusetheirpersonaldeviceforworkemailand49%usethosedevicestodownloadworkrelateddocuments.
26
BYOD:ImpacttoPoolsPosi=vePossibili=es:• CompeGGveAdvantages
• Morepersonalizedandindividualservice• Increasedcustomerservice• Flexibilityinworkhourspossibly• Increasedemployeemorale
Nega=vePossibili=es:• Hardertomanage• Employmentliabilityclaimsfrommembers• CyberRisk/DataBreachnoGficaGonriskincreases
hcp://www.propelics.com/how-mobile-impacts-the-insurance-industry-in-2016/hcp://www.propertycasualty360.com/2014/04/02/managing-risk-for-bring-your-own-device-companies)
27
BYODProgramGoals
• IncreaseemployeeproducGvitythroughmobility• DriveemployeesaGsfacGonandretenGon• DrivecompeGGvedifferenGaGon• ReducesecuritythreatsbyinsGtuGngformalpolicyandprocedures
• ReducedevicemanagementandprocurementGmeandcost• ReduceGmeandcostsassociatedwithsupportcalls• Simplifyemployeeandcontractoronboarding
28
ToolstoManageBYOD
• MobileDeviceManagement• Airwatch,Maas360,MicrosoHMDM,etc.
• BestPracGces–Forcescreenlockpasswords,biometrics,agentsoHware
• SpecialtyVendorSoluGons–SpecificApplicaGonAccessTools.
• WirelessAccess&Governance• Trainingforusers
29
BYODSecurityConcerns
• DATABREACHES–DoyouknowyourresponsibiliGes?• YouareLEGALLYresponsibleforprotecGngprivatedataforyourorganizaGon.• MostallstatelawsrequirenoGficaGonlecerstobesenttociGzensifabreach
occurs.• LegalFees• NoGficaGonCosts• ForensicdataCosts• DamagetoreputaGon
30
BYODSamplePolicyHighlights• PrimarygoalistheprotecttheintegrityofconfidenGalmemberandbusinessdatathatresidesinyourcompanyinfrastructure.
• StresstheimportanceofdataprivacyandemployeeresponsibiliGes.
• ListWHOitcovers.(FTEs,PTEs,temps,interns,boardmembers,etc.)
• StatethatNONsancGoneduse(illegalacGvity,etc.)strictlyprohibited.• Likelycoveredinyourpersonnelpolicyorshouldbe.
• Whereappropriate,i.e.securedandprivatedataareas,willrequiremulG-factorauthenGcaGon.(HIPAA/PCI/PII)
31
BYODSamplePolicyHighlights–Cont.• ListoutspecificrequirementsforyourorganizaGon.• MustUseSTRONGpassword(somemgttoolscanenforcethis)
• MustreporttoIT/HRifdeviceisstolenorlostimmediately.AndinformthatITandOrganizaGonhasrighttorefuseconnecGonsand/orwipethedeviceifnecessary.
• BespecificaboutwhatIT’sroleisinsupporGngpersonaldevices.• Supportofphysicaldevice?• AssistancewithsynchronizaGons?
• MAKEEMPLOYEESSIGNTHEPOLICY!
32
WhatistheonlystateinAmericathatcanbespelledbytypingononlyonerowofatradiGonalEnglishQWERTYkeyboard?
HistoryFunFact#3
ALASKA
QuesGonsandDiscussion
