1 00:00:00,360 --> 00:00:02,370 Bring Your Own Device is a policy 2 00:00:02,370 --> 00:00:04,920 that a lot of organizations have been adopting. 3 00:00:04,920 --> 00:00:06,390 This means when you come to work, 4 00:00:06,390 --> 00:00:09,450 you can Bring Your Own Device and use it on their network. 5 00:00:09,450 --> 00:00:12,600 This may be your laptop, your tablet, your cell phone, 6 00:00:12,600 --> 00:00:15,720 keyboards, mice, or any other type of device. 7 00:00:15,720 --> 00:00:18,690 Some organizations have fully adopted Bring Your Own Device, 8 00:00:18,690 --> 00:00:20,880 and others are fully against it. 9 00:00:20,880 --> 00:00:23,580 We're going to talk about both and why you should consider it 10 00:00:23,580 --> 00:00:27,150 or decide not to use it in your organization. 11 00:00:27,150 --> 00:00:29,190 Now when you use Bring Your Own Device, 12 00:00:29,190 --> 00:00:32,009 it brings a lot of security issues for you to consider. 13 00:00:32,009 --> 00:00:33,390 If I have somebody's laptop 14 00:00:33,390 --> 00:00:35,070 that now gets plugged into my network, 15 00:00:35,070 --> 00:00:37,650 I'm also introducing all of the vulnerabilities 16 00:00:37,650 --> 00:00:39,030 that device had. 17 00:00:39,030 --> 00:00:40,800 So if you took your laptop home, 18 00:00:40,800 --> 00:00:42,120 plugged it into your network, 19 00:00:42,120 --> 00:00:45,270 downloaded a game, installed the game and got malware, 20 00:00:45,270 --> 00:00:47,160 and now you plug it into work the next day, 21 00:00:47,160 --> 00:00:49,500 you can bring that malware into work with you. 22 00:00:49,500 --> 00:00:52,230 This is a major concern with Bring Your Own Device 23 00:00:52,230 --> 00:00:55,230 because as an organization, I don't control your device, 24 00:00:55,230 --> 00:00:57,240 and so I don't know the security of it, 25 00:00:57,240 --> 00:00:58,650 and that's one of the major risks 26 00:00:58,650 --> 00:01:00,180 with Bring Your Own Device. 27 00:01:00,180 --> 00:01:01,620 Now, on the flip side, 28 00:01:01,620 --> 00:01:03,990 a lot of companies really like Bring Your Own Device 29 00:01:03,990 --> 00:01:05,940 because it means they don't have to buy laptops 30 00:01:05,940 --> 00:01:08,031 and cell phones and all those type of devices 31 00:01:08,031 --> 00:01:09,390 for their employees 32 00:01:09,390 --> 00:01:11,460 because the employee is bringing their own. 33 00:01:11,460 --> 00:01:13,080 And while that might save them money 34 00:01:13,080 --> 00:01:14,580 and it's good for the bottom line, 35 00:01:14,580 --> 00:01:16,140 there are concerns. 36 00:01:16,140 --> 00:01:19,230 When the data goes on your device, whose data is it? 37 00:01:19,230 --> 00:01:21,870 Is it the company's data, or do you have rights to it? 38 00:01:21,870 --> 00:01:24,480 Where do you draw the line between what's personal data 39 00:01:24,480 --> 00:01:26,160 and what's business data? 40 00:01:26,160 --> 00:01:27,390 A lot of organizations 41 00:01:27,390 --> 00:01:29,070 that have adopted Bring Your Own Device 42 00:01:29,070 --> 00:01:31,350 will use storage segmentation. 43 00:01:31,350 --> 00:01:34,110 This will create a clear separation between personal 44 00:01:34,110 --> 00:01:36,330 and company data on a single device. 45 00:01:36,330 --> 00:01:37,830 Now, there's lots of different ways 46 00:01:37,830 --> 00:01:39,540 to create this segmentation. 47 00:01:39,540 --> 00:01:41,310 There are highly technical solutions, 48 00:01:41,310 --> 00:01:43,590 and then there's highly procedural solutions. 49 00:01:43,590 --> 00:01:46,230 For example, you might have an application 50 00:01:46,230 --> 00:01:48,210 on your phone that says work. 51 00:01:48,210 --> 00:01:49,470 And when you click on that, 52 00:01:49,470 --> 00:01:51,240 it opens up a virtual environment, 53 00:01:51,240 --> 00:01:53,460 and all of your work is done from within there. 54 00:01:53,460 --> 00:01:54,570 And when you exit that, 55 00:01:54,570 --> 00:01:56,580 you're now back into your personal device. 56 00:01:56,580 --> 00:01:59,340 That would be a clear, technological limitation 57 00:01:59,340 --> 00:02:00,570 between the two. 58 00:02:00,570 --> 00:02:01,830 Now, you don't always have to use 59 00:02:01,830 --> 00:02:03,570 a highly technical solution. 60 00:02:03,570 --> 00:02:05,670 In my company, we're very small. 61 00:02:05,670 --> 00:02:08,019 We use personal devices as work devices, 62 00:02:08,019 --> 00:02:12,510 and so on my phone in particular, I have two email clients. 63 00:02:12,510 --> 00:02:14,490 I have one that's on Apple Mail 64 00:02:14,490 --> 00:02:16,530 that I use for my personal email, 65 00:02:16,530 --> 00:02:18,630 and then I have another one, which is Gmail 66 00:02:18,630 --> 00:02:21,720 using the Gmail app that I use for my company email. 67 00:02:21,720 --> 00:02:24,717 That gives me a clear separation between my personal stuff 68 00:02:24,717 --> 00:02:28,590 and my business stuff and keeps them in separate buckets. 69 00:02:28,590 --> 00:02:30,900 Now again, there's nothing really that would prevent me 70 00:02:30,900 --> 00:02:34,230 from loading up my business email inside Apple Mail 71 00:02:34,230 --> 00:02:35,190 if I wanted to, 72 00:02:35,190 --> 00:02:37,830 except that we have a policy that says we won't do that. 73 00:02:37,830 --> 00:02:39,960 So we've chosen an administrative control 74 00:02:39,960 --> 00:02:42,000 as opposed to a technical control. 75 00:02:42,000 --> 00:02:44,070 Another concern you have with mobile devices 76 00:02:44,070 --> 00:02:45,900 under the Bring Your Own Device policy 77 00:02:45,900 --> 00:02:48,840 is how do you ensure that device is always up to date? 78 00:02:48,840 --> 00:02:50,430 We talked about how important it is 79 00:02:50,430 --> 00:02:52,080 for patches and updates to be installed 80 00:02:52,080 --> 00:02:53,230 on your mobile devices. 81 00:02:54,376 --> 00:02:55,620 Well, if I give you the device, 82 00:02:55,620 --> 00:02:57,900 I can install mobile device management on it. 83 00:02:57,900 --> 00:02:58,733 That would allow me to have 84 00:02:58,733 --> 00:03:02,495 this centralized software solution for remote administration 85 00:03:02,495 --> 00:03:03,570 and configuration of your mobile device. 86 00:03:03,570 --> 00:03:05,790 I can push out software policies to you, 87 00:03:05,790 --> 00:03:07,680 prevent you from installing applications 88 00:03:07,680 --> 00:03:10,680 and install updates remotely without your use. 89 00:03:10,680 --> 00:03:12,660 But when I do Bring Your Own Device, 90 00:03:12,660 --> 00:03:15,180 are you going to let me install mobile device management 91 00:03:15,180 --> 00:03:16,620 on your system? 92 00:03:16,620 --> 00:03:17,640 You might not. 93 00:03:17,640 --> 00:03:20,820 And so this is why a lot of companies are now switching 94 00:03:20,820 --> 00:03:22,200 from a Bring Your Own Device 95 00:03:22,200 --> 00:03:24,330 because of all those security issues 96 00:03:24,330 --> 00:03:28,200 into a Choose Your Own Device or CYOD model. 97 00:03:28,200 --> 00:03:31,740 CYOD gives the employee a choice of a couple of phones. 98 00:03:31,740 --> 00:03:34,380 We might have four or five models that we support, 99 00:03:34,380 --> 00:03:35,940 and we say, you can pick any one of these, 100 00:03:35,940 --> 00:03:37,248 and we'll pay for it for you. 101 00:03:37,248 --> 00:03:38,670 Now on that device, 102 00:03:38,670 --> 00:03:40,920 we can install our mobile device management. 103 00:03:40,920 --> 00:03:42,930 We can create the technical policies. 104 00:03:42,930 --> 00:03:45,750 We can say what is going to be used on that device. 105 00:03:45,750 --> 00:03:48,660 And by doing that, we can prevent certain applications 106 00:03:48,660 --> 00:03:50,250 from being installed on the device, 107 00:03:50,250 --> 00:03:53,040 and we can make sure we are preventing data loss 108 00:03:53,040 --> 00:03:57,120 by using DLP or data loss prevention systems on that device. 109 00:03:57,120 --> 00:04:00,420 We can also turn features on and off as we want. 110 00:04:00,420 --> 00:04:03,060 For example, I worked in one organization 111 00:04:03,060 --> 00:04:05,970 that didn't believe anybody using a mobile device 112 00:04:05,970 --> 00:04:07,560 should connect to Wi-Fi. 113 00:04:07,560 --> 00:04:09,930 We were willing to pay for the cellular service 114 00:04:09,930 --> 00:04:11,820 because Wi-Fi was untrusted, 115 00:04:11,820 --> 00:04:13,740 and cellular was considered trusted, 116 00:04:13,740 --> 00:04:15,090 so you couldn't connect 117 00:04:15,090 --> 00:04:16,800 to the free Wi-Fi at the coffee shop. 118 00:04:16,800 --> 00:04:20,550 Instead, we had a mobile device policy that pushed out 119 00:04:20,550 --> 00:04:22,650 through our mobile device management solution 120 00:04:22,650 --> 00:04:25,380 that made sure nobody could enable their Wi-Fi. 121 00:04:25,380 --> 00:04:27,600 So even if you took your mobile phone home, 122 00:04:27,600 --> 00:04:29,100 and you were sitting on your couch, 123 00:04:29,100 --> 00:04:31,140 you couldn't connect to your own Wi-Fi. 124 00:04:31,140 --> 00:04:32,675 You still had to use Cellular. 125 00:04:32,675 --> 00:04:35,100 That is a policy that we decided on. 126 00:04:35,100 --> 00:04:37,740 Now your organization is going to have to make sure 127 00:04:37,740 --> 00:04:40,230 you decide on what your good security policy 128 00:04:40,230 --> 00:04:42,030 for mobile devices looks like. 129 00:04:42,030 --> 00:04:42,990 Every organization 130 00:04:42,990 --> 00:04:45,090 is going to make that determination differently. 131 00:04:45,090 --> 00:04:47,100 Are you going to use Choose your Own device 132 00:04:47,100 --> 00:04:49,290 or are you going to allow Bring Your Own Device? 133 00:04:49,290 --> 00:04:51,990 It's up to you, but make sure it's a choice 134 00:04:51,990 --> 00:04:54,990 that you're making, and not just a default that's happening 135 00:04:54,990 --> 00:04:56,493 because no choice was made.