Presentation on theme: "By Paul M. Dooley Optimal Connections, LLC www.optimalconnections.com Feb 17, 2013."— Presentation transcript:
by Paul M. Dooley Optimal Connections, LLC Feb 17, 2013
Where we are today with the trend toward BYOD Bring – Means the employee is bring the device (you are not the supplier) Your – Its personal – the employee is looking to use their own devices in the workplace Own – The employee owns it, not the organization Device – Normally smart phones, but can also include laptops, tablets, and other mobile devices
It’s a Win Win! It’s an attractive program to employees Since it may relieve them from carrying around two devices – a company phone, and a personal phone. From an organizational perspective, It enables the enterprise to take advantage of the latest technology improvements, without large scale hardware/software updates. It also helps reduce costs by Moving the cost burden of these devices to the employee, while positively affecting employee satisfaction and productivity.
The Trend is Continuing! According to Garner, 90 percent of enterprises (with 500 or more employees) have already deployed mobile devices. And many of those enterprises are allowing personal mobile devices to connect to the enterprise network. A new global survey of IT decision makers reports that 70 percent of companies believe BYOD will or already has improved their work processes 59 percent believe they would find themselves at a competitive disadvantage without BYOD.
Key Challenges: Information Security Information Security – Security threats are the most obvious challenge. Left unmanaged, a BYOD program can result in a serious security breech. For example, most employee owned mobile devices are not equipped with PC-level security software. Many times they are not stored in a secure location, and may be used to navigate questionable web destinations. Case of the lost phone: confidential data stored on the phone could potentially be retrieved by untrusted parties.
Key Challenges: Tracking and Controlling Access One of the biggest challenges: the effective tracking and control of access to corporate and private networks. Unlike ‘guest access’, which minimally requires an open, non-secure network connection, BYOD requires a secure wireless protocol for user connectivity (due to accessibility of secure company information). Studies show that a ‘User-centric’ approach (link device use to identity management) is far more successful that a ‘Device-centric’ approach
Key Challenges: On-going Service and Support T rouble-shooting and support represents a big challenge in an environment where users are bringing a multitude of different technologies. For example, if an employee is using an Android tablet, and all the rest of the employees and IT are using iPads, who does the user go to for support when they run into a glitch running an enterprise application? Compatibility of employee owned hardware with the organization’s software and applications should not be overlooked when designing and developing a BYOD program.
What’s the Approach? Fortunately we have an ITSM framework for planning, designing, and deploying a successful BYOD initiative! Service Strategy – develops the strategy for BYOD Service Design – designs ALL aspects of the program for successful integration into the live environment Service Transition – tests and validates prior to rollout Service Operation – provides on-going production support CSI – monitors the BYOD program for continual improvement opportunities
Service Strategy: Participating Processes Strategy for IT Services – sets the overall goals and alignment Service Portfolio Management – builds and approves business case Financial Management – recommends a financial model Demand Management – identifies user profiles, projected demand Business Relationship Management – will engage the business for input and feedback
Set the Vision, Goals and Objectives for BYOD Set-up a Core Team to Drive Strategy, Design, Transition and Rollout Appoint a small, dedicated cross-functional team to take charge in evaluating the current state, as well as developing a vision and goals for the program that will align with organizational goals. Include members from IT, information security. compliance and the business units who can work together to formulate a viable BYOD strategy that aligns with business goals.
Do a Baseline Assessment: Where are We Now? Understand where you are now with BYOD Through user-friendly workshops, gather intelligence from various business units, C-level execs, sales, HR, and other departments, and determine …. Which personal devices, applications and cloud services are in use today How they are used? How tech-savvy are the users? How do employees use these tools to enhance their productivity? This will gather valuable intelligence, and get buy-in from key stakeholders
SPM: Build the Business Case Use Service Portfolio Management to analyze the business case in terms of potential costs, benefits and ROI to the organization. Who is the target audience for BYOD – all customers and users? Only certain customer populations? What are the goals and objectives ? What are the financial, as well as non-financial impacts? What are the risks involved? What’s the overall timeline and plan? Financial Management – develops a cost model and charging strategy BRM – engages the business units for their input
Service Design: Designing Your BYOD Program for Success Service Design is where your team starts turning your strategy into a program. This takes careful planning in terms of laying out the detailed polices, specifying the supporting processes, and the supporting resources (financial, people, tools) to be required. Policies – establish the guidelines for the BYOD program, setting expectations by outlining rules and requirements, and identifying how these rules will be enforced Processes – will need to be established to meet expectations and ensure the goals an objectives for the program are met. Resources - are the enabling factors that support the processes – money, people, tools and technology.
Service Design: Design all Aspects of the BYOD Program Your core team will continue from Strategy to the Design Stage, where they will take up the work of designing the BYOD program. This is where additional research needs to be done, and crucial decision need to be made concerning what types of devices would be allowed, what roles and responsibilities need to be defined, how does an employee enter and exit the program, and so forth. Service Catalog Management will take on the supporting responsibility of updating the service catalog to include the customer facing “BYOD Service”, and how this is supported The service catalog becomes the single point of reference to accurately set expectations for the customer as well as the IT serviced provider.
Participating SD Processes Design Coordination – A core team drives design through transition and rollout Service Catalog Management – updates the service catalog Service Level Management – will establish the service levels Availability Management – must plan adequate availability Capacity Management – must ensure sufficient capacity Information Security Management – evaluates risks, est. security policies
Key Elements to Consider in Your BYOD Program Design The Design Team will pay particular attention to People, Process, and Technology during the Design Stage, to ensure a complete BYOD solution will be available: Types of Users and Departments Allowed in the Program? A strong policy will make it clear which departments and roles may be empowered with BYOD, in accordance with you goals. Questions to be answered include: For each department, and type of user, which devices are permitted? What level of access is permitted?
BYOD Service Design Specify the Types of Allowed Devices Which sorts of laptops/notebooks, tablets and mobile phones Make it clear which devices you will support (in addition to what ever corporate issued devices you continue to deploy) – and those you won’t Decide on the Financial Model Since the device will be employee owned, yet enabled for dual use, the employee may expect some offset to their costs – either of the device, or the service plan. Decide if it makes sense to reimburse a percentage of the cost the employee, or issues a stipend to office set cost of the service plan.
BYOD Service Design Determine the Support Model When something goes wrong, employees will need to know the boundaries around support of BYOD devices. Formulate a set of support policies to answer these sorts of questions: What type and level of Help Desk support is available for initial set-up, and on-going support? Electronic only? Phone as well? Service Levels in terms of types of support to be available, target performance levels, and response and resolution time targets What kind of support is available for broken devices? Does it matter if the employee broke the device, or if the device was damaged as a result of something the company did? Set guidelines around support for enterprise applications, and make it clear which sorts of applications employees support When a personally installed application is conflicting with access to an enterprise application or service that you have stated you will support – how do you handle that conflict?
Service Design: Design a Stringent set of Security Policies Understand where you are now in terms of vulnerability by doing a baseline security assessment. This will help identify how you are dealing with remote access from mobile devices now, what processes and technology you have in place, and what the current risks are. It will also ensure you have identified legal and compliance requirements. Password Policy - If you are going to allow users to access corporate applications and information services, you will have to set-up strict password guidelines, enforcement and maintenance policies. Passwords will have to be long alphanumeric strings, and changed routinely – not a 4 digit PIN. Backup and Update Policy – Define what steps employees should take to back their own data and corporate data, and what should be done to keep their devices current.
Service Design: Lost Device Policy Develop policies that state what happens when a BYOD device is lost. Since the device is equipped to access secure company resources, you must provide for … 1) remote tracking and access and, 2) a remote “data wipe” for any company applications and associated information.
Service Design: Integrate with Acceptable Use Policy When you allow employees to use their own devices on your company network, it may not be so clear to them what is “acceptable use”, vs. what is not What if they transmit objectionable material over your network, even though they are using a device they own? Make it clear what the guidelines are for “acceptable use”: Who can connect devices to the network How they can be connected and authenticated What data can and cannot be accessed What applications are permitted (and those that are not) Types of data that can be stored on BYOD mobile devices
Service Design: Make it Clear Who “Owns” What The employee’s device contains a mix of personal data and applications, as well as business related data and applications While IT is backing up business and application data on the device, this may not the case with personal data – pictures, music and other apps. That is left to the employee. In the event the user looses the device, a remote “wipe” capability traditionally erases all content on the device – much of which the employee has paid for, and perhaps not adequately backed up. Make it clear that you assert the right to “wipe” devices brought on to the network under your BYOD plan, and provide guidance on how employees can secure their own content and back it up so they can easily restore once the lost devices is replaced.
Service Design: Policies on Allowed vs. Banned Apps This policy should apply to any device connected to you network, whether the device is company or employee owned. The risk is that the employee may download, install and begin using an application that presents a security risk or a legal risk on devices that have been given access to sensitive company information. What if the employee … Downloads a mobile app that has a serious “security vulnerability”, and hackers are able to exploit your corporate network as a result? Are you going to allow employees to download an app that will violate music copy-right infringement laws?
Service Design: Design for Initial Activation There should be some type of screening process as a part of initial installation, that ensures that apps that represent a significant security or legal threat are not present. Ongoing monitoring and detection tools should also be put in place on the devices to ensure that they are not exploited by security threats
Service Design: Ensure the People and Processes will be Ready Key Functions to ensure are ready to support BYOD: The Service Desk – to handle common questions and trouble-shoot incidents related to BYOD users Technical and Applications Management Teams – providing 2 nd and 3 rd line support to the Service Desk IT Operations – in charge of monitoring the BYOD environment to assess any events which should trigger an ‘alert’ Affected ITSM Processes to examine and prepare: Incident Management and Problem Management – to handle BYOD related issues and resolve them Event Management – to monitor the network and critical components Access Management – granting access per the policy, as well as revoking access Request Fulfillment – handling BYOD related service requests
Service Design: Design of Other Vital Processes Employee Provisioning – The Onboarding process When a new employee begins, IT is notified via HR and the enabling processes for the device owned by the user can begin. Employee Deprovisioning – The Exit process What happens when the employee leaves the company? It’s not simply a matter of returning the company owned property anymore. You should have a clear methodology in place for how you will remove the access tokens, as well as any proprietary applications and company information. If you choose to do a mandatory “wipe” of the device as part of the employee exit process, ensure that they employee has provided for adequate backup of personal data and applications
Designing the Supporting ITSM Management Systems Mobil Device Management (MDM) Systems – available from several vendors MDM solutions enable you to take effective control of your BYOD environment. Many can be installed in hours, and can automate the discovery, inventory, and policy enforcement of thousands of remote mobile devices: Some MDM solutions are available as a “SaaS” pay as you go basis, enabling you to get started immediately with minimal investment cost Examples: Mobil Iron, Air Watch
What to Look For in a Mobile Device Mgt System One that Enables Strong Security Passcode – require a device passcode with configurable complexity, length, lock and wipe rules Encryption – enforce full device and storage card encryption to industry standards Configurable restrictions – the ability to lock down user’s ability to use specific device features, apps and web browsing Compliance support – be able to set-up rules for non- compliance activities and compromised devices with automated responses
What to Look For in a Mobile Device Mgt System Configurable Setting up Profiles – device settings and user credentials for accessing enterprise apps Geographical limitations – be able to remove profiles based on location Time-based – install or remove based on time-frame Enable access to Accounts – to corporate , Calendar, Contacts, Wi-Fi and VPN Applications – be able to distribute and manage internal/external apps via an authorized Apps Catalog Enable secure content – be able to distribute corporate docs into some type of secure ‘container’
What to Look For in a Mobile Device Mgt System Monitoring Capability Dashboard – be able to track and view real-time device information By location – Be able to view all enabled devices on a GPS map by location or within a specific location Enable Alerts – be able to specify rules for ‘events’, to trigger alerts to IT administrators Reporting – be able to configure real-time and periodic reporting for automated distribution
What to Look For in a Mobile Device Mgt System Ability to Effectively Manage Updates – be able to update configuration settings and re-provision devices automatically with these settings Enable Commands – be able to send commands on demand to devices to request info, lock or wipe a device Bulk Management – be able to perform actions to groups of devices Retirement – un-enroll devices from your environment, removing the corporate data and apps and wiping the device
What to Look For in a Mobile Device Mgt System Facilitates Support Messaging – send messages to end-users with trouble- shooting instructions Remote diagnostics – be able to remote in and identify issues Remove view – be able to view remote user’s screen and do screen captures Remote control – take control of a device for trouble- shooting Self-service – enable users to clear their passcode, locate their device, and more
Other Supporting ITSM Management Systems Endpoint Security Suites – these provide a host of centralized security solutions that extend to mobile devices, such as anti-virus, anti-spyware, intrusion detection and prevention systems, data loss prevention, vulnerability scanning and blocking. Examples: McAfee, Trend Micro, Symantec Network Access Control (NAC) these solutions inspect devices that connect to the network to ensure they are up-to-date with the latest required security patches and applications.
Service Transition: Going Live with Your BYOD Program Once your BYOD Service Design Package (SDP) is complete, you core team will shift into the Service Transition stage to begin acquiring and deploying the necessary service assets. This step include acquiring and developing: Resources – People, tools, technology, finances Capabilities - The ability of these resources to execute and deliver the service as designed
Transitioning Your BYOD Program into Live Operation Transition Planning and Support – the team coordinating all the activities to establish the BYOD program into production SACM – will track BYOD users and associated devices as they come on and off the program Change Management – controls changes to the program components, and enables standard changes Release & Deployment – engages to plan the release of BYOD, and deploy the supporting capabilities Service Validating and Testing – required to ensure the program works as designed prior to deployment Knowledge Management – plays a big role in capturing documented policies, procedures, FAQs, and sharing this across the organization
Considerations for Service Transition of Your BYOD Program Communicating with the people affected - a communication and awareness plan will need to be drawn up, so that expectations are set properly with users, customers and the service desk as the BYOD program rolls out. Putting the right people with the right roles & responsibilities is also key to success You may to continue with your core implementation team for a period until the program is fully embedded A “Chief Mobility Officer” is advocated by some organizations to oversee and guide the rollout Specialized support roles may be required in Service Operations A comprehensive training program will need to be developed and deployed to informed the organization about the impact of mobility, and supporting BYOD devices
Service Transition Considerations Deploying your supporting processes Tailored and tested ITSM processes will be verified Other processes such as provisioning and deprovisioning will be tested and validated (processes facilitated by MDM tools) Deploying your ITSM Management systems and solutions for providing the supporting environment MDM support systems Enterprise Endpoint Security Suites Network Access Control solutions
Service Operations: The Acid Test for BYOD – is it Supportable? Service Desk – Single Point of Contact & communication for all users Incident Management – will handle the resolution of BYOD incidents Request Fulfillment – handles provisioning, deprovisioning, as well as other informational request for service Problem Management – will resolve any underlying problems Access Management – carried out to grant/ withdraw access (provisioning and deprovisioning) Event Management – monitoring BYOD status
Service Operation Considerations Once through Pilot and Early Life Support, BYOD will transition into live Operation. This is when the service becomes “live” in the Service Catalog, the SLAs are live, and your BYOD program is in operation with the users. Key Considerations: Ensure your Service Desk staff has gone through a knowledge transfer workshop, to ensure they are up to speed on policies, support tools, and procedures. Educate all stakeholders about the program, along with supporting policies and procedures BYOD end-users The Service Desk staff Desktop Support Other IT Technical and Application support groups
Service Operation: Key Considerations BYOD education should be part of the employee on-boarding process, and should continue with periodic refreshers. Training can be held … In person, during an initial orientation Online, through periodic webcasts Self-paced training can also be made available Using Event Management, leverage your MDM systems and other tools to continually monitor the status of your BYOD environment
CSI: Continual Improvement of You BYOD Program A Periodic BYOD Program Assessment should be a Key Element in CSI Initiate an on-going process of monitoring the value delivered, and the returns received, of a BYOD program, in order to keep the program aligned with IT and business goals, and to seize improvement opportunities The technology surrounding the BYOD movement continues to change rapidly, with types of devices, new capabilities, and new applications With advancements comes new opportunities, but also new risks At BYOD launch, consider a quarterly assessment to determine how close you are to continuing risks, and realizing the benefits you aimed for. Examine: Threats and vulnerabilities Policies and procedures Supporting tools and systems Thereafter practice at least an annual assessment of the program
Summary By Taking a Service Lifecycle approach, you will have a much better chance of success! Develop a Service Strategy for BYOD, and align that with business goals. Setting the overall vision, mission, goals, and guidelines is crucial Proceed to Service Design, where you will consider ALL the aspects – people, processes and technology – to create a total solution Test, validate and Pilot your Program in Service Transition, so you can be confident it will work Having done all that, when you go live in Service Operation, the devices and the program will be manageable and successful Use a CSI approach to continually monitor the program and make periodic improvements!