Send the link below via email or IM to invite your audienceCopy
Start the presentationStart presenting
- Invited audience will follow you as you navigate and present
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can view together your prezi
- Learn more about this feature in the manual
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.
BYOD Policy Workshop
Transcript of BYOD Policy Workshop
Reduce security risks
Executive demand What types of devices are you going to include? Why do you want to do BYOD? Recommendation Understand your organisation's drivers, but use them to build a solid BYOD and mobility platform What services are you going to offer? What approach to BYOD will you take? Three components for successful BYOD Form factors Smartphones
Laptops Platforms Apple iOS
Windows Phone Email
Line-of-business applications Employees who don't get work devices can BYOD
Employees can substitute personal devices for work ones
Employees must substitute personal devices for work ones
Employees can choose their work device - CYOD What approach to employee costs will you take? BYOD at employees own cost
Split billing Recommendation Be clear on the scope of your BYOD initiative.
Aim to support as wide a range of devices and platforms as possible.
Make BYOD part of an approach to mobility and device independence. What policies do you need to put in place? What education do you need to provide? What technologies will help? Policy Education Technology These policies may need to change ICT security policy
Mobile device policy
Acceptable use policy
Network policy Guidance and advice Contracts How to configure devices
Secure behaviour What services will be provided
What policies apply
What support will be provided
Individual obligations Messaging sync products
Mobile Device Management (MDM)
Data Loss Prevention (DLP) Policies should state:
Device operating systems must be kept up to date
Devices may not be jail-broken or "rooted"
Anti-virus products must be installed and kept up-to-date (if applicable)
Policies should address:
Required security controls and whether they will be enforced through technology
Supported devices, OS, platforms
Remuneration and expense management
Whether personal data may be looked at by the organisation
Whether and under what circumstances a device may be remote wiped by the organisation
Whether use of cloud backup services is permissible
Whether other people may use the device
Whether the device can use organisation networks
What information may be stored on or accessed by personally owned devices
What information may not be stored on or accessed by personally owned devices
What apps are encouraged, required or approved
What apps are banned or discouraged
Use of wireless networks, especially unsecured ones
What happens in case of loss or destruction of the device
What happens when the employee leaves (the BYOD programme or the organisation) Security controls should state:
Passwords are required
Encryption of data on devices is required
Remote wipe should be enabled
Security controls should cover:
Password length, complexity and expiration
Whether a device must be wiped after a certain number of failed password attempts - I recommend a number 10 or higher
Required security applications
Whether bluetooth should be disabled Recommendations Look at all three components: policy, education, technology.
Technology in this space is changing rapidly - look at SaaS models.
Use empowering contracts.
Tailor policies to your needs and your approach to BYOD.
Try and give the individual as much control and privacy as possible.
Make device-independence and multi-platform support part of your strategy.
Understand mobile security threats.
Perform a security risk assessment of your BYOD solution. There is no single technology for BYOD What approach to support will you take? Support only provided services
Limited amount of support
Support only some devices
Require staff to provide/procure support