Implications of BYOD & the Cloud for Enterprises

Clive Longbottom, Service Director, Quocirca Ltd

BYOD
• Bring your own device – It’s not just smartphones, tablets, etc… – There is also: • BYOS (software) – Generally through BYOA (App) • BYOC (Cloud) – Most everything is held elsewhere • BYOCh (Chaos) – Information everywhere in unknown states being used by unknown apps
• Just what can you do?
© Quocirca 2013

The big issues of BYOD
• • • • Where’s the data? How are costs managed? Theft, loss or other “departure” of device Lack of best practice in usage • Lack of team work capabilities • Lack of organisation access to all information • Too many “lone wolves”

© Quocirca 2013

Strategising BYOD
• What are your aims? – Secure corporate intellectual property – Enable the organisation to compete in its markets – Enable departments to complete their processes – Enable the workforce to carry out their tasks

• Pretty much everything else is “nice to have”
• Rule #1 – Information must be controlled
© Quocirca 2013

Option 1
• Lockdown – Force everyone to use authorised devices only – Provide a list of corporate apps – Drive everything through remote desktops (VDI) – Enforce rules through monitoring, blocking and HR sanctions

© Quocirca 2013

Option 1
• It’s never worked – and never will do – Devices can be expensed – If you stop users from expensing the items, they are cheap enough to self-fund – Unsubstantiated received wisdom is that the new workforce will just go elsewhere – The virtual desktop is not the ultimate answer – Ever tried saying “No” when the CEO comes in and says “Make this brand new Applia iPlaymia TransTab work, will you?”
© Quocirca 2013

Option 2
• Free for all – If you can’t stop them, let them get on with it – Remove device support – maybe give them a cash fund for using their own kit – Remove the help desk – if you chose that tool/app, then you support it – Information storage, backup and recovery is the user’s problem – Just make it an S.E.P.

© Quocirca 2013

Option 2
• Not recommended • Who will the organisation blame when the file sharing site goes out of business, and all the intellectual property suddenly disappears? • What do you do when the business says that they would have made the right decision – if only they had had access to all the information? • How do you deal with leavers? • Oh – it’s your problem, right enough

© Quocirca 2013

Option 3
• Let’s be sensible – Create a pretty embracing base platform definition • And keep it up to date – Aim to allow users to have flexibility • Put yourself in their shoes – but with the business hat on – Monitor device connectivity and activity • What are users using? How? WHY? – Embrace where users are doing things intelligently – Gently re-position where users are not being clever – Centralise where it makes sense
© Quocirca 2013

Embrace and advise
• Is that app doing something useful? – Great – can we use this across the whole organisation? • Is that app helping the organisation? – If no, do we have an equivalent that does? • Is that app dangerous to the organisation? – If so, why – and what can be done about it?

• Build up a library of useful apps that are useful to the organisation – and add and change as necessary.

© Quocirca 2013

Centralise
• It’s not all about VDI – Although that is a starting point • It is about ensuring that all corporate data is secured • Look at how applications can be streamed • How the power of the device can be utilised • How apps can be accessed and downloaded – Corporate portal needs to be as good as a consumer app store

© Quocirca 2013

Protect
• Secure how devices are used for corporate activities – Encryption • On the move and at rest – VPNs • Gives a central point of connection – Data leak prevention – Sandbox functionality • Prevention of cut and paste – Prevention of use of certain apps for certain types of data

© Quocirca 2013

Management and control
• Asset management – Identify anything that touches the network – Use multi-factor authentication to make sure it is who they say they are • “Bomb” rogue devices – But only the corporate parts – The device – if BYOD – does not belong to you

© Quocirca 2013

Conclusion
• BYOD is here – it is not going away – You have to embrace it • Many users will be doing things in a clever way – Identify, praise and use • Many will be doing something clever – but not in the best way – Identify, praise – and find a better equivalent • You can only control what you know is happening – Everything corporate has to touch a known point • Don’t be scared of BYOD and the Cloud – But don’t be laissez faire about it, either

© Quocirca 2013