2016 NLC-RISC Trustees Conference...1 2016 NLC-RISC Trustees Conference Issues and Consideraons in...
Transcript of 2016 NLC-RISC Trustees Conference...1 2016 NLC-RISC Trustees Conference Issues and Consideraons in...
1
2016NLC-RISCTrusteesConferenceIssuesandConsidera:onsinBYOD(BringYourOwnDevice)Employeesareincreasinglybringingtheirownpersonalelectronicdevices,includingmobilephonesandtablets,intotheworkplace.SomeemployersbelievethatBYODsavesmoney,andmanyemployeesprefertousejustonesetofdevices.Itseemslikeawin-win,buttherearerealsecurityanddatabreachhazardsassociatedwithpermiEngemployee-ownedand-maintainedtechnologyintheworkplace,especiallyiftheemployerdoesnotadoptandfollowathoroughBYODpolicy.Inthe21stcenturyworkplace,manyorganizaGonsallowemployeestoaccesscorporatedatafromoutsideoftheworkplace.Emailaccessismostcommon,butoHenstaffarealsoaccessingapplicaGonsinthe“cloud”orstoringsensiGveinformaGononremovablemedia(usbdrives,cd/dvd’s,etc).PoolsareaffectediftheypermitBYODintheirownworkforceorcovermembersfordatabreach.RyanDraughn,CIO/BusinessDirector,NCLeagueofMunicipali=esFriday,May6th10:45am–12:00pm
2
EmployeeswhobringtheirowncompuGngdevices–suchassmartphones,laptops,andtablets-totheworkplaceforuseandconnecGvityonthecorporatenetwork.
BYOD–Whatisit?
BYOD=BringYourOwnDevice
3
1956:Firstharddriveforsaleholds5MBofdataatacostof$50,000.2016:SanDiskCruzersells64GB(64,000MB)USBdrivefor$15.
HistoryFunFact
WhowasmanufacturerofthatfirstHardDrive?
The“BYOD”Hype
Mobility BestBuyEffect
EaseofUse GeneraGonal
©UNCSchoolofGovernment-EvaluaGngBYOD
5
GoodReasonsforEmbracing
• StaffcancarryaSingleDevice• StaffcanusethedeviceofTHEIRchoice
• TendtobemoreproducGve/complainless.• Theytendtobecerprotectthedevice.
• ChooseprotecGvecasesandscreencovers.• Chooseowninsurance/protecGonplans.
• Freedomtodeploypersonalappsanduseforleisureaswellasbusiness.• NavigaGonalapps,Bookreaders,PDFtools.• Music/Entertainmentapps.• FreeandNon-freeapps.
6
MoreReasonsforEmbracing
• It’stheirs,evenaHertheyleaveemployment.
• Upgradecyclemorefrequent,InsteadoforganizaGonalrefreshofdevices(oHen3-4years),employeescanrefreshsooner.
• Mayhelpeaseemploymentequityissues.• GeneraGonalAppeal(notjusttalkingMillennials).
• Fitslifestyleofworkingwhenconvenient.
7
GoodReasonsforNOTEmbracing
• Security–ORLACKTHEREOF!• Howdoyouenforcetheneededpolicies.• TheH/Loss–Itwillhappen.
• LackofcompleteorganizaGoncontrolofdevice.• Youmaybeabletoapplygeneralizedpolicies,butfull
controlwithoutownershipmaybehardtoachieve.• SecurityTools–Andissuesdeploying/enforcing.
• WorkplaceRulesmaychange• WhataretheyusingitforduringthemeeGng?• Blurringoflinesofpersonaluse/businessuse.• Humansmakemistakes;howwilltheorganizaGon
addressthis?(Ex.answeringthephoneinappropriately)
8
MoreReasonsforNOTEmbracing
• LaborLaws:Cannon-exemptstaffuse?• PrivacyConcerns• It’stheirdevice,areyoureadyhowtheymayuseit?
• Areyouopentopolicingtheirbehavior?• Scopecouldgowild(laptops,tablets,smartphones,watches,usbdrives,bookreaders,digitalcameras,GoPros,wifi’s/mifi’s,etc.
9
BYODConsideraGons
Thingsarechangingaroundus
• “Consumer”orpersonalsoHwaremakingitswayintobusiness(Skype,Dropbox,iCloud,etc.)
• CloudstorageandSoHwareasaService(SaaS)becomingmorecommonplace.
11
CanyourITDepartmentHandleit?
Structural Human Resource
Culture Political©UNCSchoolofGovernment-EvaluaGngBYOD
Structural
• ITassumesanewrole.• TradiGonalbreakfixisnowreplacedwithbecomingatrustedbusinessadvisor.
• Userempowermentversuscommandandcontrol.
HumanResource• Righttypeofskillsetswithinthedepartment.
• Atechnologistversustechnician.– Findingtherightbalanceiscrucial.
• SoHskills/CommunicaGonsskillsareamust.
Cultural/Symbolic• ITasabusinesspartner– Notacostcenter
• Employeeempowerment• WetradiGonallymanagedthenetwork– WhatdoweulGmatelyneedtocareabout
PoliGcal
• ThishastheabilitytochangethePercepGonofIT.
• InnovaGvevs.ReacGonary.• Embracingchange.
16
Believeitornot,TechnologyChanges
Howsoonbeforewedon’tevenhave“PERSONAL”devices?
17
18
It’stheENVIRONMENT,NottheDevice• In10years,wemaynotbecarryingaroundbricksorthinslatesaroundinourpockets.• Accessingyour“PROFILE”orEnvironmentonshareddevices.• Datainthecloud(BusinessandPersonal).• SaaS(SoHwareasaService)isalreadycommonplace.• BusinessEnvironmentvsPersonalEnvironment
19
Thetelevisiontook13yearstoreachamarketaudienceof50million.
TheiPodtook3yearstoreachamarketaudienceof50million
HistoryFunFact#2
WhoismanufactureroftheiPOD?
20
InteresGngStaGsGcs
21
22
Gartnerpredictsby2017,50%ofemployerswillrequireemployeestosupplytheirowndeviceforwork
purposes.
(source:“BringYourOwnDevice:TheFactsandtheFuture”Gartner2013).
23
• ProducGvity,flexibilityandremoteworkinghaveemergedasthetopthreedriversofBYOD.
hcp://www.macquarietelecom.com/resources/blog/25/06/2015/byod-top-6-trends/
REFINEMENTOFBENEFITS
24
• Employeesarefedupwithappsthatchainthemtothedesktop.
• Instead,theywanttousetheirshinynewiPadsandAndroidtabletsthattheyunwrappedovertheholidaysforwork.
• SaaSenablingthistohappen.
hcp://www.macquarietelecom.com/resources/blog/25/06/2015/byod-top-6-trends/
ENDOFLEGACYAPPLICATIONS
25hcps://www.sungardps.com/state-mobility-government/
BYODinthePublicSector
Increasingly,governmentworkersare:• UsingtabletstoconductbuildinginspecGons• IssueparkingGcketsandcollectfeesfromresidents.• TherelatedBYOD(BringYourOwnDevice)movementhasusheredinaneweraof
“govies”whocanrespondtotheirconsGtuentsinreal-Gme.TheirresponsecapacityisnolongerGedtoaspecificdeskinagovernmentoffice–inquiriesmaybeansweredfromanylocaGonandincreasinglymaycomeduringeveninghoursorweekends.
• LookoutInc.surveyedfederalagenciesandfoundthat50%ofgovernmentworkersnowusetheirpersonaldeviceforworkemailand49%usethosedevicestodownloadworkrelateddocuments.
26
BYOD:ImpacttoPoolsPosi=vePossibili=es:• CompeGGveAdvantages
• Morepersonalizedandindividualservice• Increasedcustomerservice• Flexibilityinworkhourspossibly• Increasedemployeemorale
Nega=vePossibili=es:• Hardertomanage• Employmentliabilityclaimsfrommembers• CyberRisk/DataBreachnoGficaGonriskincreases
hcp://www.propelics.com/how-mobile-impacts-the-insurance-industry-in-2016/hcp://www.propertycasualty360.com/2014/04/02/managing-risk-for-bring-your-own-device-companies)
27
BYODProgramGoals
• IncreaseemployeeproducGvitythroughmobility• DriveemployeesaGsfacGonandretenGon• DrivecompeGGvedifferenGaGon• ReducesecuritythreatsbyinsGtuGngformalpolicyandprocedures
• ReducedevicemanagementandprocurementGmeandcost• ReduceGmeandcostsassociatedwithsupportcalls• Simplifyemployeeandcontractoronboarding
28
ToolstoManageBYOD
• MobileDeviceManagement• Airwatch,Maas360,MicrosoHMDM,etc.
• BestPracGces–Forcescreenlockpasswords,biometrics,agentsoHware
• SpecialtyVendorSoluGons–SpecificApplicaGonAccessTools.
• WirelessAccess&Governance• Trainingforusers
29
BYODSecurityConcerns
• DATABREACHES–DoyouknowyourresponsibiliGes?• YouareLEGALLYresponsibleforprotecGngprivatedataforyourorganizaGon.• MostallstatelawsrequirenoGficaGonlecerstobesenttociGzensifabreach
occurs.• LegalFees• NoGficaGonCosts• ForensicdataCosts• DamagetoreputaGon
30
BYODSamplePolicyHighlights• PrimarygoalistheprotecttheintegrityofconfidenGalmemberandbusinessdatathatresidesinyourcompanyinfrastructure.
• StresstheimportanceofdataprivacyandemployeeresponsibiliGes.
• ListWHOitcovers.(FTEs,PTEs,temps,interns,boardmembers,etc.)
• StatethatNONsancGoneduse(illegalacGvity,etc.)strictlyprohibited.• Likelycoveredinyourpersonnelpolicyorshouldbe.
• Whereappropriate,i.e.securedandprivatedataareas,willrequiremulG-factorauthenGcaGon.(HIPAA/PCI/PII)
31
BYODSamplePolicyHighlights–Cont.• ListoutspecificrequirementsforyourorganizaGon.• MustUseSTRONGpassword(somemgttoolscanenforcethis)
• MustreporttoIT/HRifdeviceisstolenorlostimmediately.AndinformthatITandOrganizaGonhasrighttorefuseconnecGonsand/orwipethedeviceifnecessary.
• BespecificaboutwhatIT’sroleisinsupporGngpersonaldevices.• Supportofphysicaldevice?• AssistancewithsynchronizaGons?
• MAKEEMPLOYEESSIGNTHEPOLICY!
32
WhatistheonlystateinAmericathatcanbespelledbytypingononlyonerowofatradiGonalEnglishQWERTYkeyboard?
HistoryFunFact#3
ALASKA
QuesGonsandDiscussion