Smart phones and tablets are invading the business environment at top speed, with “bring your own device” (BYOD) providing a number of benefits for organisations across all sectors. With the right implementation, and ongoing secure support, performance through technology can be achieved in areas such as employee satisfaction, cost reduction, team work and collaboration and productivity. Charlie Hales and Nigel Robson cover the important considerations a business should make before implementing an MDM/BYOD strategy, and will consider the ongoing implications of allowing corporate data to be accessed on personal devices ensuring the maximum benefit to businesses, customers and the end users.

1. Mobile Device Management
and BYOD
Charlie Hales and Nigel Robson
28th February 2014

2. Agenda
• What is Mobile Device Management
• Strategy
• What is a Mobile Device?
• Mobile Device Management vs Mobile Application
Management
• What is BYOD
• What can MDM/BYOD do for business?
• Where is your Data?
• Acceptable usage policy
• Defining the right solution
• Some solutions available

3. What is Mobile Device
Management?
• Secures, monitors, manages and supports
mobile devices of multiple operating systems,
service providers and enterprises
• Covers corporate and end user devices
• Includes anything that is mobile (could
include laptops, and non-windows devices).
Enabler for users to access internal systems
securely from any device and anywhere
• Enables BYOD

4. Part of Overall Strategy
• Build upon and integrate with existing policies
– Desktop
– Flexible and remote working
– Application
• Do you just use Windows devices?
• Need to manage any type of device?
• Any data management/classification in place
currently?

5. Part of Overall Strategy – Many
Devices, one solution?
Client Management MDM
Source Gartner
Virtualisation

6. What are mobile devices?

7. What are mobile devices?
This?

8. What are mobile devices?
This?

9. What are mobile devices?
This?

10. What are mobile devices?
Or this?

11. What are mobile devices?
It can be any of these!

12. What are mobile devices?
But also these!

13. Mobile Device Management vs
Mobile Application Management
MAM
• App delivery
• App security
• App updating
• User authentication
• User authorization
• Version checking
• Push services
• Reporting and tracking
MDM
• All previous plus…
• Remote Configuration
• Security –including identifying
compromised devices
• Backup/Restore
• Network Usage and Support
• Mobile asset tracking and
management
• Remote Lock and Wipe
• Device Provisioning
• Software Installation
• Troubleshooting and Diagnostic
Tools
• Policy Application
• Logging and Reporting
• Remote Control and Administration

14. What is BYOD?

15. • Save money
– Reduce costs
– Enable Flexible working
– Increase Productivity
– Increase Job satisfaction
• Reduces risk and increase Security
– Where is your data?
– Consider this also for existing laptops
What can MDM/BYOD do
for business?

16. Survey
• Who doesn’t have a smartphone?
• Who has a BlackBerry?
• Who uses their own smartphone for work
purposes?
• Is it managed by work?
• Are you sure?

17. BYOD Business Survey
Fully embrace
and support
12%
Embrace, but
user self support
39%
Limited BYOD
Strategy
21%
Trialing BYOD
18%
Do not support
BYOD 10%
Source: zkresearch.com

18. Where is your Data?

19. ICO Website

20. ICO Website

21. ICO Website

22. Data Classifications
Information
Category
Description Example Information Assets
Public Information which is or can be made public. Advertisements
Public web content
Proprietary Information which is restricted to internal access and protected from
external access. Unauthorised access could cause a drop in customer
confidence, could influence operational effectiveness, cause financial loss
or provide gain for competitors.
Internal presentations
Performance data
Source code
Proprietary knowledge
Confidential Information received from Customers, or sensitive information about
Customers and Staff.
Customer Data
Customer intellectual property
Customer documents
Customer backups
Internal reports
Restricted Highly sensitive information
Limited access to specific individuals
Passwords
HR & Payroll
Backups
Card Data
DPA Information

23. Data Classifications
Category Public Proprietary Confidential Restricted
Description: Prevent easy access without prolonged or
determined access to the device
Prevent access even with prolonged and
determined access to device
As per confidential and access is
restricted to specific individuals
Physical Media or Device
Printed Media ok In possession of staff or customer In possession of staff or customer, within
property
Held in the safe or secure ICT Server
room
Mobile Phone ok PIN Coded PIN Coded & Remote Wipe not normally acceptable
Laptop / Tablet ok User authentication Authentication & Encryption not normally acceptable
Portable Storage ok Encryption Encryption Held in a safe
PC ok User authentication Physically Secured within property or
Encrypted
Physically secured within property
Cloud Storage ok Encrypted Encrypted not normally acceptable

24. Encryption
• Device Encryption
– Technology and Device dependant
– The latest Windows devices will work with internal
PKI or external Certs
– IOS devices will work with Apple provided Certs
which can be imported into most MDM solutions
– Android has limitations
• Application encryption
– Managed through application development and
provisioning

25. Design your BYOD Acceptable Use
Policy
• Privacy
• Who pays for what
• Third Parties
• Work vs Play
– Out of hours
– During hours
• Company responsibilities for personal data
• Licencing
• HR
• Device Disposal
• Litigation

26. Defining the right solution
• What do you want to manage on the
device?
– Types of devices
– PIN
– Remote Wipe/Selective Wipe
– Apps
– Device/App Encryption

27. Defining the right solution
• What do you want to manage on the device?
– Integration with enterprise
applications
– Multi user profiles
– Separation of personal and work
data
– Internet access
– Advanced features
• Data usage
• GPS tracking

28. Example of device functionality
Content removed when
retiring a device
Windows 8.1 Windows Phone 8 iOS Android
Company apps and
associated data installed by
using Configuration
Manager and Windows
Intune
Uninstalled and sideloading
keys are removed.
In addition any apps using
Windows Selective Wipe
will have the encryption key
revoked and data will no
longer be accessible.
Uninstalled and data
removed.
Uninstalled and data
removed.
Apps and data remain
installed.
VPN and Wi-Fi profiles Removed. Not applicable. Removed.
VPN: Not applicable.
Wi-Fi: Not removed.
Certificates Removed and revoked. Not applicable. Removed and revoked. Revoked.
Settings Requirements removed. Requirements removed. Requirements removed. Requirements removed.
Management Client
Not applicable.
Management agent is built-
in.
Not applicable.
Management agent is built-
in.
Management profile is
removed.
Device Administrator
privilege is revoked.
Example for SCCM and Intune

29. Lots of solutions available
• Dependant on requirements
• Leverage what you already have if possible
• Exchange Active Sync
• SCCM with Intune
• Other MDM providers
– Apple device manager (IOS 7.1 still will have
limitations though)
– SaaS or on-premise
– Some examples. Good Technology, Citrix,
MobileIron, AirWatch (VMWare recent purchase)

30. Summary
• Develop the right strategy
• Define the requirements
• What can MDM/BYOD do for your
business?
• Data Classification Policy
• Acceptable usage policy
• Defining the right solution
• Choose the solution

31. Future Seminars
• Use what you already have to enable MDM
and BYOD on 25th April
• MDM and BYOD technology providers and
solutions on 23rd May
• ‘Joining the dots’ of your applications and
systems – The benefits of system integration
on 14th March

32. Questions?

33. Keep in Touch….
charlie.hales@waterstons.com
nigel.robson@waterstons.com
http://www.waterstons.com
@WaterstonsLtd