Presentation on theme: "BYOD and the Service Lifecycle"— Presentation transcript:
1 BYOD and the Service Lifecycle by Paul M. Dooley Optimal Connections, LLCFeb 17, 2013
2 Where we are today with the trend toward BYOD Bring – Means the employee is bring the device (you are not the supplier)Your – Its personal – the employee is looking to use their own devices in the workplaceOwn – The employee owns it, not the organizationDevice – Normally smart phones, but can also include laptops, tablets, and other mobile devices
3 It’s a Win Win! It’s an attractive program to employees Since it may relieve them from carrying around two devices – a company phone, and a personal phone.From an organizational perspective,It enables the enterprise to take advantage of the latest technology improvements, without large scale hardware/software updates.It also helps reduce costs byMoving the cost burden of these devices to the employee, while positively affecting employee satisfaction and productivity.
4 The Trend is Continuing! According to Garner, 90 percent of enterprises (with 500 or more employees) have already deployed mobile devices. And many of those enterprises are allowing personal mobile devices to connect to the enterprise network.A new global survey of IT decision makers reports that 70 percent of companies believe BYOD will or already has improved their work processes59 percent believe they would find themselves at a competitive disadvantage without BYOD.
5 Key Challenges: Information Security Information Security – Security threats are the most obvious challenge.Left unmanaged, a BYOD program can result in a serious security breech.For example, most employee owned mobile devices are not equipped with PC-level security software. Many times they are not stored in a secure location, and may be used to navigate questionable web destinations.Case of the lost phone: confidential data stored on the phone could potentially be retrieved by untrusted parties.
6 Key Challenges: Tracking and Controlling Access One of the biggest challenges: the effective tracking and control of access to corporate and private networks.Unlike ‘guest access’, which minimally requires an open, non-secure network connection,BYOD requires a secure wireless protocol for user connectivity (due to accessibility of secure company information).Studies show that a ‘User-centric’ approach (link device use to identity management) is far more successful that a ‘Device-centric’ approach
7 Key Challenges: On-going Service and Support Trouble-shooting and support represents a big challenge in an environment where users are bringing a multitude of different technologies.For example, if an employee is using an Android tablet, and all the rest of the employees and IT are using iPads, who does the user go to for support when they run into a glitch running an enterprise application?Compatibility of employee owned hardware with the organization’s software and applications should not be overlooked when designing and developing a BYOD program.
8 What’s the Approach?Fortunately we have an ITSM framework for planning, designing, and deploying a successful BYOD initiative!Service Strategy – develops the strategy for BYODService Design – designs ALL aspects of the program for successful integration into the live environmentService Transition – tests and validates prior to rolloutService Operation – provides on-going production supportCSI – monitors the BYOD program for continual improvement opportunities
9 Service Strategy: Participating Processes Strategy for IT Services – sets the overall goals and alignmentService Portfolio Management – builds and approves business caseFinancial Management – recommends a financial modelDemand Management – identifies user profiles, projected demandBusiness Relationship Management – will engage the business for input and feedback
10 Set the Vision, Goals and Objectives for BYOD Set-up a Core Team to Drive Strategy, Design, Transition and Rollout Appoint a small, dedicated cross-functional team to take charge in evaluating the current state, as well as developing a vision and goals for the program that will align with organizational goals.Include members from IT, information security. compliance and the business units who can work together to formulate a viable BYOD strategy that aligns with business goals.
11 Do a Baseline Assessment: Where are We Now? Understand where you are now with BYODThrough user-friendly workshops, gather intelligence from various business units, C-level execs, sales, HR, and other departments, and determine ….Which personal devices, applications and cloud services are in use todayHow they are used?How tech-savvy are the users?How do employees use these tools to enhance their productivity?This will gather valuable intelligence, and get buy-in from key stakeholders
12 SPM: Build the Business Case Use Service Portfolio Management to analyze the business case in terms of potential costs, benefits and ROI to the organization.Who is the target audience for BYOD – all customers and users? Only certain customer populations?What are the goals and objectives ?What are the financial, as well as non-financial impacts?What are the risks involved?What’s the overall timeline and plan?Financial Management – develops a cost model and charging strategyBRM – engages the business units for their input
13 Service Design: Designing Your BYOD Program for Success Service Design is where your team starts turning your strategy into a program. This takes careful planning in terms of laying out the detailed polices, specifying the supporting processes, and the supporting resources (financial, people, tools) to be required.Policies – establish the guidelines for the BYOD program, setting expectations by outlining rules and requirements, and identifying how these rules will be enforcedProcesses – will need to be established to meet expectations and ensure the goals an objectives for the program are met.Resources - are the enabling factors that support the processes – money, people, tools and technology.
14 Service Design: Design all Aspects of the BYOD Program Your core team will continue from Strategy to the Design Stage, where they will take up the work of designing the BYOD program.This is where additional research needs to be done, and crucial decision need to be made concerningwhat types of devices would be allowed,what roles and responsibilities need to be defined,how does an employee enter and exit the program, and so forth.Service Catalog Management will take on the supporting responsibility of updating the service catalog to include the customer facing “BYOD Service”, and how this is supportedThe service catalog becomes the single point of reference to accurately set expectations for the customer as well as the IT serviced provider.
15 Participating SD Processes Design Coordination – A core team drives design through transition and rolloutService Catalog Management – updates the service catalogService Level Management – will establish the service levelsAvailability Management – must plan adequate availabilityCapacity Management – must ensure sufficient capacityInformation Security Management – evaluates risks, est. security policies
16 Key Elements to Consider in Your BYOD Program Design The Design Team will pay particular attention to People, Process, and Technology during the Design Stage, to ensure a complete BYOD solution will be available:Types of Users and Departments Allowed in the Program?A strong policy will make it clear which departments and roles may be empowered with BYOD, in accordance with you goals.Questions to be answered include: For each department, and type of user, which devices are permitted?What level of access is permitted?
17 BYOD Service Design Specify the Types of Allowed Devices Which sorts of laptops/notebooks, tablets and mobile phonesMake it clear which devices you will support (in addition to what ever corporate issued devices you continue to deploy) – and those you won’tDecide on the Financial ModelSince the device will be employee owned, yet enabled for dual use, the employee may expect some offset to their costs – either of the device, or the service plan.Decide if it makes sense to reimburse a percentage of the cost the employee, or issues a stipend to office set cost of the service plan.
18 BYOD Service Design Determine the Support Model When something goes wrong, employees will need to know the boundaries around support of BYOD devices.Formulate a set of support policies to answer these sorts of questions:What type and level of Help Desk support is available for initial set-up, and on-going support? Electronic only? Phone as well?Service Levels in terms of types of support to be available, target performance levels, and response and resolution time targetsWhat kind of support is available for broken devices? Does it matter if the employee broke the device, or if the device was damaged as a result of something the company did?Set guidelines around support for enterprise applications, and make it clear which sorts of applications employees supportWhen a personally installed application is conflicting with access to an enterprise application or service that you have stated you will support – how do you handle that conflict?
19 Service Design: Design a Stringent set of Security Policies Understand where you are now in terms of vulnerability by doing a baseline security assessment. This will help identify how you are dealing with remote access from mobile devices now, what processes and technology you have in place, and what the current risks are. It will also ensure you have identified legal and compliance requirements.Password Policy - If you are going to allow users to access corporate applications and information services, you will have to set-up strict password guidelines, enforcement and maintenance policies. Passwords will have to be long alphanumeric strings, and changed routinely – not a 4 digit PIN.Backup and Update Policy – Define what steps employees should take to back their own data and corporate data, and what should be done to keep their devices current.
20 Service Design: Lost Device Policy Develop policies that state what happens when a BYOD device is lost.Since the device is equipped to access secure company resources, you must provide for …1) remote tracking and access and,2) a remote “data wipe” for any company applications and associated information.
21 Service Design: Integrate with Acceptable Use Policy When you allow employees to use their own devices on your company network, it may not be so clear to them what is “acceptable use”, vs. what is notWhat if they transmit objectionable material over your network, even though they are using a device they own? Make it clear what the guidelines are for “acceptable use”:Who can connect devices to the networkHow they can be connected and authenticatedWhat data can and cannot be accessedWhat applications are permitted (and those that are not)Types of data that can be stored on BYOD mobile devices
22 Service Design: Make it Clear Who “Owns” What The employee’s device contains a mix of personal data and applications, as well as business related data and applicationsWhile IT is backing up business and application data on the device, this may not the case with personal data – pictures, music and other apps. That is left to the employee.In the event the user looses the device, a remote “wipe” capability traditionally erases all content on the device – much of which the employee has paid for, and perhaps not adequately backed up.Make it clear that you assert the right to “wipe” devices brought on to the network under your BYOD plan, and provide guidance on how employees can secure their own content and back it up so they can easily restore once the lost devices is replaced.
23 Service Design: Policies on Allowed vs. Banned Apps This policy should apply to any device connected to you network, whether the device is company or employee owned.The risk is that the employee may download, install and begin using an application that presents a security risk or a legal risk on devices that have been given access to sensitive company information.What if the employee …Downloads a mobile app that has a serious “security vulnerability”, and hackers are able to exploit your corporate network as a result?Are you going to allow employees to download an app that will violate music copy-right infringement laws?
24 Service Design: Design for Initial Activation There should be some type of screening process as a part of initial installation, that ensures that apps that represent a significant security or legal threat are not present.Ongoing monitoring and detection tools should also be put in place on the devices to ensure that they are not exploited by security threats
25 Service Design: Ensure the People and Processes will be Ready Key Functions to ensure are ready to support BYOD:The Service Desk – to handle common questions and trouble-shoot incidents related to BYOD usersTechnical and Applications Management Teams – providing 2nd and 3rd line support to the Service DeskIT Operations – in charge of monitoring the BYOD environment to assess any events which should trigger an ‘alert’Affected ITSM Processes to examine and prepare:Incident Management and Problem Management – to handle BYOD related issues and resolve themEvent Management – to monitor the network and critical componentsAccess Management – granting access per the policy, as well as revoking accessRequest Fulfillment – handling BYOD related service requests
26 Service Design: Design of Other Vital Processes Employee Provisioning – The Onboarding processWhen a new employee begins, IT is notified via HR and the enabling processes for the device owned by the user can begin.Employee Deprovisioning – The Exit processWhat happens when the employee leaves the company? It’s not simply a matter of returning the company owned property anymore.You should have a clear methodology in place for how you will remove the access tokens, as well as any proprietary applications and company information.If you choose to do a mandatory “wipe” of the device as part of the employee exit process, ensure that they employee has provided for adequate backup of personal data and applications
27 Designing the Supporting ITSM Management Systems Mobil Device Management (MDM) Systems – available from several vendorsMDM solutions enable you to take effective control of your BYOD environment.Many can be installed in hours, and can automate the discovery, inventory, and policy enforcement of thousands of remote mobile devices:Some MDM solutions are available as a “SaaS” pay as you go basis, enabling you to get started immediately with minimal investment costExamples: Mobil Iron, Air Watch
29 What to Look For in a Mobile Device Mgt System One that Enables Strong SecurityPasscode – require a device passcode with configurable complexity, length, lock and wipe rulesEncryption – enforce full device and storage card encryption to industry standardsConfigurable restrictions – the ability to lock down user’s ability to use specific device features, apps and web browsingCompliance support – be able to set-up rules for non-compliance activities and compromised devices with automated responses
30 What to Look For in a Mobile Device Mgt System ConfigurableSetting up Profiles – device settings and user credentials for accessing enterprise appsGeographical limitations – be able to remove profiles based on locationTime-based – install or remove based on time-frameEnable access to Accounts – to corporate , Calendar, Contacts, Wi-Fi and VPNApplications – be able to distribute and manage internal/external apps via an authorized Apps CatalogEnable secure content – be able to distribute corporate docs into some type of secure ‘container’
31 What to Look For in a Mobile Device Mgt System Monitoring CapabilityDashboard – be able to track and view real-time device informationBy location – Be able to view all enabled devices on a GPS map by location or within a specific locationEnable Alerts – be able to specify rules for ‘events’, to trigger alerts to IT administratorsReporting – be able to configure real-time and periodic reporting for automated distribution
32 What to Look For in a Mobile Device Mgt System Ability to Effectively ManageUpdates – be able to update configuration settings and re-provision devices automatically with these settingsEnable Commands – be able to send commands on demand to devices to request info, lock or wipe a deviceBulk Management – be able to perform actions to groups of devicesRetirement – un-enroll devices from your environment, removing the corporate data and apps and wiping the device
33 What to Look For in a Mobile Device Mgt System Facilitates SupportMessaging – send messages to end-users with trouble-shooting instructionsRemote diagnostics – be able to remote in and identify issuesRemove view – be able to view remote user’s screen and do screen capturesRemote control – take control of a device for trouble-shootingSelf-service – enable users to clear their passcode, locate their device, and more
34 Other Supporting ITSM Management Systems Endpoint Security Suites – these provide a host of centralized security solutions that extend to mobile devices, such as anti-virus, anti-spyware, intrusion detection and prevention systems, data loss prevention, vulnerability scanning and blocking.Examples: McAfee, Trend Micro, SymantecNetwork Access Control (NAC) these solutions inspect devices that connect to the network to ensure they are up-to-date with the latest required security patches and applications.
35 Service Transition: Going Live with Your BYOD Program Once your BYOD Service Design Package (SDP) is complete, you core team will shift into the Service Transition stage to begin acquiring and deploying the necessary service assets.This step include acquiring and developing:Resources – People, tools, technology, financesCapabilities - The ability of these resources to execute and deliver the service as designed
36 Transitioning Your BYOD Program into Live Operation Transition Planning and Support – the team coordinating all the activities to establish the BYOD program into productionSACM – will track BYOD users and associated devices as they come on and off the programChange Management – controls changes to the program components, and enables standard changesRelease & Deployment – engages to plan the release of BYOD, and deploy the supporting capabilitiesService Validating and Testing – required to ensure the program works as designed prior to deploymentKnowledge Management – plays a big role in capturing documented policies, procedures, FAQs, and sharing this across the organization
37 Considerations for Service Transition of Your BYOD Program Communicating with the people affected - a communication and awareness plan will need to be drawn up, so that expectations are set properly with users, customers and the service desk as the BYOD program rolls out.Putting the right people with the right roles & responsibilities is also key to successYou may to continue with your core implementation team for a period until the program is fully embeddedA “Chief Mobility Officer” is advocated by some organizations to oversee and guide the rolloutSpecialized support roles may be required in Service OperationsA comprehensive training program will need to be developed and deployed to informed the organization about the impact of mobility, and supporting BYOD devices
38 Service Transition Considerations Deploying your supporting processesTailored and tested ITSM processes will be verifiedOther processes such as provisioning and deprovisioning will be tested and validated (processes facilitated by MDM tools)Deploying your ITSM Management systems and solutions for providing the supporting environmentMDM support systemsEnterprise Endpoint Security SuitesNetwork Access Control solutions
39 Service Operations: The Acid Test for BYOD – is it Supportable? Service Desk – Single Point of Contact & communication for all usersIncident Management – will handle the resolution of BYOD incidentsRequest Fulfillment – handles provisioning, deprovisioning, as well as other informational request for serviceProblem Management – will resolve any underlying problemsAccess Management – carried out to grant/ withdraw access (provisioning and deprovisioning)Event Management – monitoring BYOD status
40 Service Operation Considerations Once through Pilot and Early Life Support, BYOD will transition into live Operation. This is when the service becomes “live” in the Service Catalog, the SLAs are live, and your BYOD program is in operation with the users. Key Considerations:Ensure your Service Desk staff has gone through a knowledge transfer workshop, to ensure they are up to speed on policies, support tools, and procedures.Educate all stakeholders about the program, along with supporting policies and proceduresBYOD end-usersThe Service Desk staffDesktop SupportOther IT Technical and Application support groups
41 Service Operation: Key Considerations BYOD education should be part of the employee on-boarding process, and should continue with periodic refreshers.Training can be held …In person, during an initial orientationOnline, through periodic webcastsSelf-paced training can also be made availableUsing Event Management, leverage your MDM systems and other tools to continually monitor the status of your BYOD environment
42 CSI: Continual Improvement of You BYOD Program A Periodic BYOD Program Assessment should be a Key Element in CSIInitiate an on-going process of monitoring the value delivered, and the returns received, of a BYOD program, in order to keep the program aligned with IT and business goals, and to seize improvement opportunitiesThe technology surrounding the BYOD movement continues to change rapidly, with types of devices, new capabilities, and new applicationsWith advancements comes new opportunities, but also new risksAt BYOD launch, consider a quarterly assessment to determine how close you are to continuing risks, and realizing the benefits you aimed for. Examine:Threats and vulnerabilitiesPolicies and proceduresSupporting tools and systemsThereafter practice at least an annual assessment of the program
43 SummaryBy Taking a Service Lifecycle approach, you will have a much better chance of success!Develop a Service Strategy for BYOD, and align that with business goals. Setting the overall vision, mission, goals, and guidelines is crucialProceed to Service Design, where you will consider ALL the aspects – people, processes and technology – to create a total solutionTest, validate and Pilot your Program in Service Transition, so you can be confident it will workHaving done all that, when you go live in Service Operation, the devices and the program will be manageable and successfulUse a CSI approach to continually monitor the program and make periodic improvements!