1 00:00:00,312 --> 00:00:02,516 Bring Your Own Device is a policy that 2 00:00:02,516 --> 00:00:04,850 a lot of organizations have been adopting. 3 00:00:04,850 --> 00:00:06,480 This means when you come to work, 4 00:00:06,480 --> 00:00:09,676 you can bring your own device and use it on their network. 5 00:00:09,676 --> 00:00:12,667 This may be your laptop, your tablet, your cellphone, 6 00:00:12,667 --> 00:00:15,812 keyboards, mice, or any other type of device. 7 00:00:15,812 --> 00:00:18,742 Some organizations have fully adopted Bring Your Own Device, 8 00:00:18,742 --> 00:00:20,945 and others are fully against it. 9 00:00:20,945 --> 00:00:23,685 We're going to talk about both, and why you should consider it, 10 00:00:23,685 --> 00:00:27,165 or decide not to use it in your organization. 11 00:00:27,165 --> 00:00:29,265 Now, when you use Bring Your Own Device, 12 00:00:29,265 --> 00:00:31,977 it brings a lot of security issues for you to consider. 13 00:00:31,977 --> 00:00:33,427 If I have somebody's laptop that 14 00:00:33,427 --> 00:00:35,028 now gets plugged into my network, 15 00:00:35,028 --> 00:00:36,810 I'm also introducing all of the 16 00:00:36,810 --> 00:00:39,112 vulnerabilities that device had. 17 00:00:39,112 --> 00:00:40,911 So, if you took your laptop home, 18 00:00:40,911 --> 00:00:43,385 plugged it into your network, downloaded a game, 19 00:00:43,385 --> 00:00:45,360 installed the game, and got malware, 20 00:00:45,360 --> 00:00:47,159 and now you plug it into work the next day, 21 00:00:47,159 --> 00:00:49,571 you can bring that malware into work with you. 22 00:00:49,571 --> 00:00:52,240 This is a major concern with Bring Your Own Device 23 00:00:52,240 --> 00:00:55,079 because as an organization, I don't control your device, 24 00:00:55,079 --> 00:00:57,196 and so I don't know the security of it. 25 00:00:57,196 --> 00:00:58,635 And that's one of the major risks with 26 00:00:58,635 --> 00:01:00,239 Bring Your Own Device. 27 00:01:00,239 --> 00:01:02,756 Now, on the flip side, a lot of companies really like 28 00:01:02,756 --> 00:01:04,527 Bring Your Own Device because it means they 29 00:01:04,527 --> 00:01:06,762 don't have to buy laptops, and cellphones, 30 00:01:06,762 --> 00:01:09,265 and all those type of devices for their employees 31 00:01:09,265 --> 00:01:11,499 because the employee is bringing their own. 32 00:01:11,499 --> 00:01:13,196 And, while that might save them money, 33 00:01:13,196 --> 00:01:16,076 and it's good for the bottom line, there are concerns. 34 00:01:16,076 --> 00:01:19,267 When the data goes on your device, who's data is it? 35 00:01:19,267 --> 00:01:22,043 Is it the company's data, or do you have rights to it? 36 00:01:22,043 --> 00:01:24,506 Where do you draw the line between what's personal data, 37 00:01:24,506 --> 00:01:26,214 and what's business data? 38 00:01:26,214 --> 00:01:27,894 A lot of organizations that have adopted 39 00:01:27,894 --> 00:01:31,402 Bring Your Own Device will use storage segmentation. 40 00:01:31,402 --> 00:01:34,067 This will create a clear separation between personal, 41 00:01:34,067 --> 00:01:36,386 and company data on a single device. 42 00:01:36,386 --> 00:01:37,546 Now, there's lots of different 43 00:01:37,546 --> 00:01:39,559 ways to create this segmentation. 44 00:01:39,559 --> 00:01:41,311 There are highly technical solutions, 45 00:01:41,311 --> 00:01:43,465 and then there's highly procedural solutions. 46 00:01:43,465 --> 00:01:47,341 For example, you might have an application on your phone 47 00:01:47,341 --> 00:01:49,311 that says work, and when you click on that, 48 00:01:49,311 --> 00:01:51,607 it opens up a virtual environment, and all of 49 00:01:51,607 --> 00:01:53,634 your work is done from within there. 50 00:01:53,634 --> 00:01:54,846 And when you exit that, you're now 51 00:01:54,846 --> 00:01:56,674 back into your personal device. 52 00:01:56,674 --> 00:01:58,386 That would be a clear technological 53 00:01:58,386 --> 00:02:00,665 limitation between the two. 54 00:02:00,665 --> 00:02:01,622 Now, you don't always have to 55 00:02:01,622 --> 00:02:03,533 use a highly technical solution. 56 00:02:03,533 --> 00:02:05,657 In my company, we're very small, 57 00:02:05,657 --> 00:02:08,566 we use personal devices as work devices, 58 00:02:08,566 --> 00:02:12,575 and so on my phone in particular, I have two email clients. 59 00:02:12,575 --> 00:02:14,651 I have one that's on Apple Mail that 60 00:02:14,651 --> 00:02:17,726 I use for my personal email, and then I have another one, 61 00:02:17,726 --> 00:02:19,856 which is Gmail, using the Gmail app that 62 00:02:19,856 --> 00:02:21,806 I use for my company email. 63 00:02:21,806 --> 00:02:24,995 That gives me a clear separation between my personal stuff, 64 00:02:24,995 --> 00:02:28,636 and my business stuff and keeps them in separate buckets. 65 00:02:28,636 --> 00:02:30,297 Now, again, there's nothing really that 66 00:02:30,297 --> 00:02:33,307 would prevent me from loading up my business email 67 00:02:33,307 --> 00:02:35,238 inside Apple Mail if I wanted to. 68 00:02:35,238 --> 00:02:37,900 Except that we have a policy that says we won't do that. 69 00:02:37,900 --> 00:02:39,868 So, we've chosen an administrative control, 70 00:02:39,868 --> 00:02:41,939 as opposed to a technical control. 71 00:02:41,939 --> 00:02:43,963 Another concern you have with mobile devices 72 00:02:43,963 --> 00:02:45,784 under the Bring Your Own Device policy 73 00:02:45,784 --> 00:02:48,910 is how do you ensure that device is always up-to-date? 74 00:02:48,910 --> 00:02:50,923 We talked about how important it is for patches 75 00:02:50,923 --> 00:02:53,243 and updates to be installed on your mobile devices. 76 00:02:53,243 --> 00:02:55,566 Well, if I give you the device, 77 00:02:55,566 --> 00:02:57,775 I can install Mobile Device Management on it. 78 00:02:57,775 --> 00:03:00,458 That would allow me to have centralized software solution 79 00:03:00,458 --> 00:03:01,802 for remote administration and 80 00:03:01,802 --> 00:03:03,572 configuration of your mobile device. 81 00:03:03,572 --> 00:03:05,678 I can push out software policies to you, 82 00:03:05,678 --> 00:03:07,737 prevent you from installing applications, 83 00:03:07,737 --> 00:03:10,808 and install updates remotely without your use. 84 00:03:10,808 --> 00:03:12,714 But when I do Bring Your Own Device, 85 00:03:12,714 --> 00:03:14,952 are you going to let me install Mobile Device Management 86 00:03:14,952 --> 00:03:16,666 on your system? 87 00:03:16,666 --> 00:03:17,499 You might not. 88 00:03:17,499 --> 00:03:19,738 And, so this is why a lot of companies 89 00:03:19,738 --> 00:03:22,312 are now switching from a Bring Your Own Device, 90 00:03:22,312 --> 00:03:24,279 because of all those security issues, 91 00:03:24,279 --> 00:03:28,088 into a Choose Your Own Device, or CYOD model. 92 00:03:28,088 --> 00:03:31,773 CYOD gives the employee a choice of a couple of phones. 93 00:03:31,773 --> 00:03:34,418 We might have four, or five models that we support, 94 00:03:34,418 --> 00:03:36,004 and we say you can pick any one of these, 95 00:03:36,004 --> 00:03:37,536 and we'll pay for it for you. 96 00:03:37,536 --> 00:03:39,558 Now, on that device, we can install our 97 00:03:39,558 --> 00:03:41,986 Mobile Device Management, we can create the technical 98 00:03:41,986 --> 00:03:45,528 policies, we can say what is going to be used on that device, 99 00:03:45,528 --> 00:03:48,673 and by doing that, we can prevent certain applications from 100 00:03:48,673 --> 00:03:50,165 being installed on the device, 101 00:03:50,165 --> 00:03:53,114 and we can make sure we're preventing data loss by 102 00:03:53,114 --> 00:03:57,181 using DLP, or data loss prevention systems on that device. 103 00:03:57,181 --> 00:04:00,326 We can also turn features on, and off as we want. 104 00:04:00,326 --> 00:04:03,157 For example, I worked in one organization that 105 00:04:03,157 --> 00:04:04,971 didn't believe anybody using 106 00:04:04,971 --> 00:04:07,578 a mobile device should connect to Wi-Fi. 107 00:04:07,578 --> 00:04:09,992 We were willing to pay for the cellular service 108 00:04:09,992 --> 00:04:11,790 because Wi-Fi was untrusted, 109 00:04:11,790 --> 00:04:13,727 and cellular was considered trusted 110 00:04:13,727 --> 00:04:15,812 So, you couldn't connect to the free Wi-Fi at 111 00:04:15,812 --> 00:04:19,888 the coffee shop, instead we had a mobile device policy that 112 00:04:19,888 --> 00:04:22,461 pushed out through our Mobile Device Management solution 113 00:04:22,461 --> 00:04:25,467 that made sure nobody could enable their Wi-Fi. 114 00:04:25,467 --> 00:04:27,688 So, even if you took your mobile phone home, 115 00:04:27,688 --> 00:04:29,043 and you were sitting on your couch, 116 00:04:29,043 --> 00:04:31,092 you couldn't connect to your own Wi-Fi, 117 00:04:31,092 --> 00:04:32,991 you still had to use cellular. 118 00:04:32,991 --> 00:04:35,030 That is policy that we decided on. 119 00:04:35,030 --> 00:04:37,463 Now, your organization is going to have to make sure 120 00:04:37,463 --> 00:04:40,155 you decide on what your good security policy 121 00:04:40,155 --> 00:04:41,937 for mobile devices looks like. 122 00:04:41,937 --> 00:04:43,426 Every organization is going to make 123 00:04:43,426 --> 00:04:45,126 that determination differently. 124 00:04:45,126 --> 00:04:47,098 Are you going to use Choose Your Own Device, 125 00:04:47,098 --> 00:04:49,297 or are you going to allow Bring Your Own Device? 126 00:04:49,297 --> 00:04:52,013 It's up to you, but make sure it's a choice that 127 00:04:52,013 --> 00:04:54,412 your making, and not just a default that's 128 00:04:54,412 --> 00:04:57,495 happening because no choice was made.