the Slides - Optimal Connections, LLC

Report
by Paul M. Dooley
Optimal Connections, LLC
www.optimalconnections.com
Feb 17, 2013
Where we are today with the
trend toward BYOD
 Bring – Means the employee is bring the
device (you are not the supplier)
 Your – Its personal – the employee is looking to
use their own devices in the workplace
 Own – The employee owns it,
not the organization
 Device – Normally smart phones,
but can also include laptops,
tablets, and other mobile devices
It’s a Win Win!
 It’s an attractive program to employees
 Since it may relieve them from carrying around
two devices – a company phone, and a personal
phone.
 From an organizational perspective,
 It enables the enterprise to take advantage of the
latest technology improvements, without large
scale hardware/software updates.
 It also helps reduce costs by
 Moving the cost burden of these devices to the
employee, while positively affecting employee
satisfaction and productivity.
The Trend is Continuing!
 According to Garner, 90 percent of
enterprises (with 500 or more employees)
have already deployed mobile devices. And many
of those enterprises are allowing personal mobile
devices to connect to the enterprise network.
 A new global survey of IT decision makers reports
that 70 percent of companies believe BYOD will or
already has improved their work processes
 59 percent believe they would find themselves at a
competitive disadvantage without BYOD.
Key Challenges: Information
Security
• Information Security – Security threats are the
most obvious challenge.
• Left unmanaged, a BYOD program can result in a
serious security breech.
• For example, most employee owned mobile devices
are not equipped with PC-level security software.
Many times they are not stored in a secure location,
and may be used to navigate questionable web
destinations.
• Case of the lost phone: confidential
data stored on the phone could
potentially be retrieved by untrusted
parties.
Key Challenges: Tracking and
Controlling Access
• One of the biggest challenges: the effective
tracking and control of access to corporate
and private networks.
• Unlike ‘guest access’, which minimally requires
an open, non-secure network connection,
• BYOD requires a secure wireless protocol for
user connectivity (due to accessibility of secure
company information).
 Studies show that a ‘User-centric’ approach (link
device use to identity management) is far more
successful that a ‘Device-centric’ approach
Key Challenges: On-going
Service and Support
 Trouble-shooting and support represents a big
challenge in an environment where
users are bringing a multitude of
different technologies.
 For example, if an employee is using
an Android tablet, and all the rest of the employees and
IT are using iPads, who does the user go to for support
when they run into a glitch running an enterprise
application?
 Compatibility of employee owned hardware with the
organization’s software and applications should not be
overlooked when designing and developing a BYOD
program.
What’s the Approach?
 Fortunately we have an ITSM framework for
planning, designing, and deploying a successful
BYOD initiative!
 Service Strategy – develops the strategy for BYOD
 Service Design – designs ALL aspects of the
program for successful integration into the live
environment
 Service Transition – tests and
validates prior to rollout
 Service Operation – provides
on-going production support
 CSI – monitors the BYOD program
for continual improvement opportunities
Service Strategy: Participating
Processes
Strategy for IT Services – sets the
overall goals and alignment
Service Portfolio Management – builds and
approves business case
Financial Management – recommends a
financial model
Demand Management – identifies user
profiles, projected demand
Business Relationship Management – will
engage the business for input and
feedback
Set the Vision, Goals and
Objectives for BYOD
 Set-up a Core Team to Drive Strategy, Design,
Transition and Rollout
 Appoint a small, dedicated cross-functional team to
take charge in evaluating the current state, as well as
developing a vision and goals for the program that will
align with organizational goals.
 Include members from IT, information security.
compliance and the business units who can work
together to formulate a viable BYOD strategy that
aligns with business goals.
Do a Baseline Assessment: Where
are We Now?
 Understand where you are now with BYOD
 Through user-friendly workshops, gather intelligence from
various business units, C-level execs, sales, HR, and other
departments, and determine ….
 Which personal devices, applications and cloud services are
in use today
 How they are used?
 How tech-savvy are the users?
 How do employees use these tools to enhance their
productivity?
 This will gather valuable intelligence, and get buy-in from
key stakeholders
SPM: Build the Business Case
 Use Service Portfolio Management to analyze the
business case in terms of potential costs, benefits and
ROI to the organization.
 Who is the target audience for BYOD – all customers




and users? Only certain customer populations?
What are the goals and objectives ?
What are the financial, as well as non-financial impacts?
What are the risks involved?
What’s the overall timeline and plan?
 Financial Management – develops a cost model and
charging strategy
 BRM – engages the business units for their input
Service Design: Designing Your
BYOD Program for Success
 Service Design is where your team starts turning your strategy
into a program. This takes careful planning in terms of laying out the
detailed polices, specifying the supporting processes, and the
supporting resources (financial, people, tools) to be required.
 Policies – establish the guidelines for the BYOD program, setting
expectations by outlining rules and requirements, and identifying how
these rules will be enforced
 Processes – will need to be established to meet expectations and
ensure the goals an objectives for the program are met.
 Resources - are the enabling factors that support the processes –
money, people, tools and technology.
Service Design: Design all Aspects
of the BYOD Program
 Your core team will continue from Strategy to the Design Stage, where
they will take up the work of designing the BYOD program.
 This is where additional research needs to be done, and crucial decision need
to be made concerning
 what types of devices would be allowed,
 what roles and responsibilities need to be defined,
 how does an employee enter and exit the program, and so forth.
 Service Catalog Management will take on the supporting responsibility of
updating the service catalog to include the customer facing “BYOD Service”,
and how this is supported
 The service catalog becomes the single point of reference to accurately set
expectations for the customer as well as the IT serviced provider.
Participating SD Processes
Design Coordination – A core team drives design through
transition and rollout
Service Catalog Management – updates the
service catalog
Service Level Management – will establish the
service levels
Availability Management – must plan adequate
availability
Capacity Management – must ensure sufficient
capacity
Information Security Management – evaluates risks,
est. security policies
Key Elements to Consider in Your
BYOD Program Design
 The Design Team will pay particular attention to People,
Process, and Technology during the Design Stage, to ensure a
complete BYOD solution will be available:
 Types of Users and Departments Allowed in the Program?
 A strong policy will make it clear which departments and roles
may be empowered with BYOD, in accordance with you goals.
 Questions to be answered include:
 For each department, and type of user, which devices are
permitted?
 What level of access is permitted?
BYOD Service Design
 Specify the Types of Allowed Devices
 Which sorts of laptops/notebooks, tablets and mobile phones
 Make it clear which devices you will support (in addition to what
ever corporate issued devices you continue to deploy) – and
those you won’t
 Decide on the Financial Model
 Since the device will be employee owned, yet enabled for dual
use, the employee may expect some offset to their costs –
either of the device, or the service plan.
 Decide if it makes sense to reimburse a percentage of the cost
the employee, or issues a stipend to office set cost of the service
plan.
BYOD Service Design
Determine the Support Model
 When something goes wrong, employees will need to know the
boundaries around support of BYOD devices.
 Formulate a set of support policies to answer these sorts of questions:
 What type and level of Help Desk support is available for initial set-up,
and on-going support? Electronic only? Phone as well?
 Service Levels in terms of types of support to be available, target
performance levels, and response and resolution time targets
 What kind of support is available for broken devices? Does it matter if
the employee broke the device, or if the device was damaged as a result
of something the company did?
 Set guidelines around support for enterprise applications, and make it
clear which sorts of applications employees support
 When a personally installed application is conflicting with access to
an enterprise application or service that you have stated you will
support – how do you handle that conflict?
Service Design: Design a Stringent set
of Security Policies
 Understand where you are now in terms of vulnerability by doing a
baseline security assessment. This will help identify how you are
dealing with remote access from mobile devices now, what processes
and technology you have in place, and what the current risks are. It
will also ensure you have identified legal and compliance requirements.
 Password Policy - If you are going to allow users to access corporate
applications and information services, you will have to set-up strict
password guidelines, enforcement and maintenance policies.
Passwords will have to be long alphanumeric strings, and changed
routinely – not a 4 digit PIN.
 Backup and Update Policy – Define what steps employees should
take to back their own data and corporate data, and what should be
done to keep their devices current.
Service Design: Lost Device Policy
• Develop policies that state what happens when a
BYOD device is lost.
• Since the device is equipped to access secure
company resources, you must provide for …
• 1) remote tracking and access and,
• 2) a remote “data wipe” for any company
applications and associated information.
Service Design: Integrate with
Acceptable Use Policy
 When you allow employees to use their own devices on your
company network, it may not be so clear to them what is
“acceptable use”, vs. what is not
 What if they transmit objectionable material over your
network, even though they are using a device they own? Make it
clear what the guidelines are for “acceptable use”:





Who can connect devices to the network
How they can be connected and authenticated
What data can and cannot be accessed
What applications are permitted (and those that are not)
Types of data that can be stored on BYOD mobile devices
Service Design: Make it Clear Who
“Owns” What
 The employee’s device contains a mix of personal data and
applications, as well as business related data and applications
 While IT is backing up business and application data on the
device, this may not the case with personal data – pictures,
music and other apps. That is left to the employee.
 In the event the user looses the device, a remote “wipe”
capability traditionally erases all content on the device – much of
which the employee has paid for, and perhaps not adequately
backed up.
 Make it clear that you assert the right to “wipe” devices brought
on to the network under your BYOD plan, and provide guidance
on how employees can secure their own content and back it up
so they can easily restore once the lost devices is replaced.
Service Design: Policies on Allowed
vs. Banned Apps
 This policy should apply to any device connected to you
network, whether the device is company or employee owned.
 The risk is that the employee may download, install and begin
using an application that presents a security risk or a legal risk
on devices that have been given access to sensitive company
information.
 What if the employee …
 Downloads a mobile app that has a serious “security
vulnerability”, and hackers are able to exploit your corporate
network as a result?
 Are you going to allow employees to download an app that will
violate music copy-right infringement laws?
Service Design: Design for Initial
Activation
 There should be some type of screening process
as a part of initial installation, that ensures that
apps that represent a significant security or legal
threat are not present.
 Ongoing monitoring and detection tools should
also be put in place on the devices to ensure that
they are not exploited by security threats
Service Design: Ensure the People
and Processes will be Ready
 Key Functions to ensure are ready to support BYOD:
 The Service Desk – to handle common questions and trouble-shoot
incidents related to BYOD users
 Technical and Applications Management Teams – providing 2nd and 3rd line
support to the Service Desk
 IT Operations – in charge of monitoring the BYOD environment to assess
any events which should trigger an ‘alert’
 Affected ITSM Processes to examine and prepare:
 Incident Management and Problem Management – to handle BYOD
related issues and resolve them
 Event Management – to monitor the network and critical components
 Access Management – granting access per the policy, as well as revoking
access
 Request Fulfillment – handling BYOD related service requests
Service Design: Design of Other
Vital Processes
 Employee Provisioning – The Onboarding process
 When a new employee begins, IT is notified via HR and the enabling
processes for the device owned by the user can begin.
 Employee Deprovisioning – The Exit process
 What happens when the employee leaves the company? It’s not simply a
matter of returning the company owned property anymore.
 You should have a clear methodology in place for how you will remove
the access tokens, as well as any proprietary applications and
company information.
 If you choose to do a mandatory “wipe” of the device as part of the
employee exit process, ensure that they employee has provided for
adequate backup of personal data and applications
Designing the Supporting ITSM
Management Systems
 Mobil Device Management (MDM) Systems –
available from several vendors
 MDM solutions enable you to take effective control
of your BYOD environment.
 Many can be installed in hours, and can automate
the discovery, inventory, and policy enforcement of
thousands of remote mobile devices:
 Some MDM solutions are available as a
“SaaS” pay as you go basis, enabling you
to get started immediately with
minimal investment cost
 Examples: Mobil Iron, Air Watch
What to Look For in a Mobile
Device Mgt System
 Facilitates Provisioning & Deprovisioning
 Wizards to help speed the set-up process
 Enable registration of individual or bulk numbers,
including self-service registration
 User authentication – against your directory services
system
 Templates for customizing to your Terms of Use
 Provide for selective enrollment restrictions – to
block users based on platform, version, etc.
What to Look For in a Mobile
Device Mgt System
 One that Enables Strong Security
 Passcode – require a device passcode with configurable
complexity, length, lock and wipe rules
 Encryption – enforce full device and storage card
encryption to industry standards
 Configurable restrictions – the ability to lock down
user’s ability to use specific device features, apps and
web browsing
 Compliance support – be able to set-up rules for noncompliance activities and compromised devices with
automated responses
What to Look For in a Mobile
Device Mgt System
 Configurable
 Setting up Profiles – device settings and user credentials
for accessing enterprise apps


Geographical limitations – be able to remove profiles based on
location
Time-based – install or remove based on time-frame
 Enable access to Accounts – to corporate Email,
Calendar, Contacts, Wi-Fi and VPN
 Applications – be able to distribute and manage
internal/external apps via an authorized Apps Catalog
 Enable secure content – be able to distribute corporate
docs into some type of secure ‘container’
What to Look For in a Mobile
Device Mgt System
 Monitoring Capability
 Dashboard – be able to track and view real-time device
information
 By location – Be able to view all enabled devices on a
GPS map by location or within a specific location
 Enable Alerts – be able to specify rules for ‘events’, to
trigger alerts to IT administrators
 Reporting – be able to configure real-time and periodic
reporting for automated distribution
What to Look For in a Mobile
Device Mgt System
 Ability to Effectively Manage
 Updates – be able to update configuration settings and
re-provision devices automatically with these settings
 Enable Commands – be able to send commands on
demand to devices to request info, lock or wipe a device
 Bulk Management – be able to perform actions to
groups of devices
 Retirement – un-enroll devices from your
environment, removing the corporate data and apps and
wiping the device
What to Look For in a Mobile
Device Mgt System
 Facilitates Support
 Messaging – send messages to end-users with troubleshooting instructions
 Remote diagnostics – be able to remote in and identify
issues
 Remove view – be able to view remote user’s screen
and do screen captures
 Remote control – take control of a device for troubleshooting
 Self-service – enable users to clear their passcode,
locate their device, and more
Other Supporting ITSM
Management Systems
 Endpoint Security Suites – these provide a host of
centralized security solutions that extend to mobile
devices, such as anti-virus, anti-spyware, intrusion
detection and prevention systems, data loss
prevention, vulnerability scanning and blocking.

Examples: McAfee, Trend Micro, Symantec
 Network Access Control (NAC) these solutions
inspect devices that connect to the network to
ensure they are up-to-date with the latest required
security patches and applications.
Service Transition: Going Live with
Your BYOD Program
 Once your BYOD Service Design Package
(SDP) is complete, you core team will shift
into the Service Transition stage to begin
acquiring and deploying the necessary
service assets.
 This step include acquiring and developing:
 Resources – People, tools, technology, finances
 Capabilities - The ability of these resources to
execute and deliver the service as designed
Transitioning Your BYOD Program
into Live Operation
Transition Planning and Support – the team coordinating all
the activities to establish the BYOD program into
production
SACM – will track BYOD users and associated devices as they
come on and off the program
Change Management – controls changes to the program
components, and enables standard changes
Release & Deployment – engages to plan the release of
BYOD, and deploy the supporting capabilities
Knowledge Management – plays a big role in capturing
documented policies, procedures, FAQs, and sharing this
across the organization
Service Validating and Testing – required to ensure the
program works as designed prior to deployment
Considerations for Service
Transition of Your BYOD Program
 Communicating with the people affected - a communication and
awareness plan will need to be drawn up, so that expectations are set
properly with users, customers and the service desk as the BYOD
program rolls out.
 Putting the right people with the right roles & responsibilities is
also key to success
 You may to continue with your core implementation team for a period
until the program is fully embedded
 A “Chief Mobility Officer” is advocated by some organizations to oversee
and guide the rollout
 Specialized support roles may be required in Service Operations
 A comprehensive training program will need to be developed and
deployed to informed the organization about the impact of mobility,
and supporting BYOD devices
Service Transition Considerations
 Deploying your supporting processes
 Tailored and tested ITSM processes will be verified
 Other processes such as provisioning and
deprovisioning will be tested and validated (processes
facilitated by MDM tools)
 Deploying your ITSM Management systems and
solutions for providing the supporting environment
 MDM support systems
 Enterprise Endpoint Security Suites
 Network Access Control solutions
Service Operations: The Acid Test
for BYOD – is it Supportable?
Service Desk – Single Point of Contact &
communication for all users
Incident Management – will handle the resolution of
BYOD incidents
Request Fulfillment – handles provisioning,
deprovisioning, as well as other informational request
for service
Problem Management – will resolve any underlying
problems
Event Management – monitoring BYOD
status
Access Management – carried out to grant/ withdraw
access (provisioning and deprovisioning)
Service Operation Considerations
 Once through Pilot and Early Life Support, BYOD will transition into
live Operation. This is when the service becomes “live” in the Service
Catalog, the SLAs are live, and your BYOD program is in operation
with the users.
 Key Considerations:
 Ensure your Service Desk staff has gone through a knowledge transfer
workshop, to ensure they are up to speed on policies, support tools, and
procedures.
 Educate all stakeholders about the program, along with supporting
policies and procedures

BYOD end-users


The Service Desk staff
Desktop Support

Other IT Technical and Application support groups
Service Operation: Key Considerations
 BYOD education should be part of the employee
on-boarding process, and should continue with
periodic refreshers.
 Training can be held …
 In person, during an initial orientation
 Online, through periodic webcasts
 Self-paced training can also be made available
 Using Event Management, leverage your MDM
systems and other tools to continually monitor the
status of your BYOD environment
CSI: Continual Improvement of
You BYOD Program
 A Periodic BYOD Program Assessment should be a Key Element in CSI
 Initiate an on-going process of monitoring the value delivered, and the
returns received, of a BYOD program, in order to keep the program aligned
with IT and business goals, and to seize improvement opportunities
 The technology surrounding the BYOD movement continues to change
rapidly, with types of devices, new capabilities, and new applications
 With advancements comes new opportunities, but also new risks
 At BYOD launch, consider a quarterly assessment to determine how close
you are to continuing risks, and realizing the benefits you aimed for. Examine:
 Threats and vulnerabilities
 Policies and procedures
 Supporting tools and systems
 Thereafter practice at least an annual assessment of the program
Summary
 By Taking a Service Lifecycle approach, you will have a much





better chance of success!
Develop a Service Strategy for BYOD, and align that with
business goals. Setting the overall vision, mission, goals, and
guidelines is crucial
Proceed to Service Design, where you will consider ALL the
aspects – people, processes and technology – to create a total
solution
Test, validate and Pilot your Program in Service Transition, so
you can be confident it will work
Having done all that, when you go live in Service Operation,
the devices and the program will be manageable and successful
Use a CSI approach to continually monitor the program and
make periodic improvements!
Thank You!
 Now time for Q&A, Discussion …

similar documents