Más contenido relacionado Similar a Putting IT Back in Control of BYOD (20) Más de Osterman Research, Inc. (20) Putting IT Back in Control of BYOD1. WHITE PAPER
Putting IT Back in Control of BYOD
ON An Osterman Research White Paper
Published June 2012
SPONSORED BY
sponsored by
SPON
sponsored by
Osterman Research, Inc.
P.O. Box 1058 • Black Diamond, Washington • 98010-1058 • USA
Tel: +1 253 630 5839 • Fax: +1 253 458 0934 • info@ostermanresearch.com
www.ostermanresearch.com • twitter.com/mosterman
2. Putting IT Back in Control of
BYOD
EXECUTIVE SUMMARY
Over the past several years, one of the most important trends to impact organizations
of all sizes – but particularly mid-sized and large organizations – is for employees to
use their own smartphones and tablets in the course of their work. The so-called
Bring Your Own Device (BYOD) trend was initiated several years ago, often by senior
executives who had purchased an Apple iPhone or an Android device and then
requested their IT department to support it instead of, or in addition to, the mobile
device that the company had supplied to them. Osterman Research includes as a key
element of the BYOD trend the various applications that employees use as part of
their work, such as personal file sync services.
To understand just how pervasive this trend has become, Osterman Research
conducted a survey of 760 individuals with regard to the BYOD issues they face in
their organizations. We found, as shown in the following figure, that unlike RIM
BlackBerry smartphones – the traditional mainstay among corporate smartphone
users – personally owned Apple iPhone and iPads, as well as Android smartphones
and tablets, are more common than their company-supplied counterparts. The so-called
Bring Your Own
Penetration of Mobile Devices by Ownership (As a % of Users)
Device (BYOD)
trend was
initiated several
years ago, often
by senior
executives who
had purchased
an Apple iPhone
or an Android
device and then
requested their
IT department to
support it instead
of, or in addition
to, the mobile
device that the
company had
supplied to them.
Our research also found widespread use of third party, cloud-based storage and file
synchronization offerings that are sometimes used with IT’s blessing, but more often
not: Dropbox, for example, is used in 14% of 1,000+ employee organizations with
IT’s blessing – and in 44% of them without approval.
KEY TAKEAWAYS
• The BYOD trend for both mobile devices and employee-managed applications is
pervasive and growing. Although most common in smaller organizations, even
very large enterprises are experiencing the impact of BYOD.
• BYOD offers various benefits, including more efficient work by employees,
possibly lower IT costs and improved corporate morale.
• At the same time, BYOD is fraught with risks that include reduced protection
from malware and data breaches, various legal and regulatory problems, more
©2012 Osterman Research, Inc. 1
3. Putting IT Back in Control of
BYOD
difficult management of content for activities like eDiscovery or regulatory
compliance, corporate governance obligations that are more difficult to satisfy,
and often higher costs.
• A large proportion of organizations have not fully embraced the impact of BYOD.
For example, our research found that even among organizations with 1,000 or
more employees, only 54% have a formal IT policy for supporting personally
owned mobile devices used for work purposes; the proportion of smaller
organizations that have such an IT policy is even lower.
• A failure to put IT in control of BYOD is having a negative impact: between 12%
and 33% of organizations (depending on the number of employees) report that
the use of smartphones is being hindered or slowed because IT cannot manage
them to the extent they would like; 20% to 42% of organizations report the
same for the use of tablets.
• There is also concern about corporate data that is stored by third party, cloud- Organizations
based providers: between 43% and 62% of organizations are concerned or very should
concerned about this issue.
implement
• Organizations should implement policies and technologies that will channel the policies and
BYOD trend into appropriate management of corporate data and assets instead
of banning the use of personal devices and applications outright. technologies that
will channel the
ABOUT THIS WHITE PAPER
This white paper discusses the BYOD trend and provides data from an extensive
BYOD trend into
survey conducted specifically for this document. The white paper also provides a appropriate
brief overview of its sponsors – Accellion, Colligo Networks, EdgeWave, HyperOffice,
McAfee and YouSendIt – and their relevant offerings.
management of
corporate data
and assets
THE GROWING TREND TOWARD BYOD instead of
WHAT EXACTLY IS “BYOD”? banning the use
Bring Your Own Device (BYOD) is exactly what its moniker implies: the growing trend
for employees to use personally-owned smartphones, tablets, laptops and other of personal
platforms to access corporate applications like email and databases; and to create, devices and
store and manage corporate data using these devices. For example, our research
found that business email and Web browsing are the most commonly used business applications
tasks for which mobile devices are used (employed by 99% and 93% of users, outright.
respectively), but use of personal social media, corporate social media and storage of
business-related documents are also commonly used.
Osterman Research actually takes a somewhat broader approach to BYOD to include
applications like personal file sync services and Skype as part of this trend, since the
implications from the use of these tools – which are typically downloaded by
individual users for their personal use – are identical: corporate data is accessed,
created, stored and managed using tools that are under the direct control of
employees, more or less independently of corporate IT departments and most often
without their blessing and often without their knowledge.
BYOD IS PERVASIVE
Just how pervasive is the BYOD trend? The research we conducted for this white
paper, and presented in the following figure and table, demonstrates that BYOD is
quite common across organizations of all sizes.
©2012 Osterman Research, Inc. 2
4. Putting IT Back in Control of
BYOD
Use of Personally Owned Mobile Devices for Work-Related Purposes
by Organization Size (As a % of Organizations)
Individuals are
generally freer to
make impulse
purchases in
response to the
latest and
greatest
Penetration of Cloud-Based Applications by Organization Size hardware
As a % of Organizations announcements –
Up to 99 100-999 1,000+ IT departments
Employees Employees Employees typically make
Dropbox Used w/IT’s blessing 40% 21% 14%
Used w/o IT’s blessing 32% 49% 44%
more well-
Not used 28% 30% 42% informed, more
Google Used w/IT’s blessing 24% 12% 10% well thought-out
Docs Used w/o IT’s blessing 19% 39% 42%
Not used 57% 48% 48%
decisions about
YouSendIt Used w/IT’s blessing 18% 8% 4% purchasing
Used w/o IT’s blessing 14% 17% 22% capital equip-
Not used 67% 75% 73%
ment.
The pervasiveness of BYOD is also borne out by other research. For example:
• A Research and Markets study found that 65% of enterprises worldwide will
adopt BYOD to some extent by the end of 2012i.
• An Aberdeen Group study found that 75% of companies permit BYODii.
• Equanet reports that 71% of tablets used in a business setting are employee-
ownediii.
• Some companies are migrating to a completely BYOD approach, such as Cisco,
where 100% of mobile devices are provided by employees and not the company
itselfiv.
EMPLOYEES ARE DRIVING BYOD BECAUSE…
There are several drivers for BYOD. For example, employees often want newer,
faster and overall higher performance hardware than what their employer provides
©2012 Osterman Research, Inc. 3
5. Putting IT Back in Control of
BYOD
for them across a variety of platforms: desktop PCs, smartphones, tablets, etc. This
is due in part to the fact that decisions about personal devices are not constrained by
the return-on-investment and limited budget considerations that often limit IT
decision making. Moreover, individuals are generally freer to make impulse
purchases in response to the latest and greatest hardware announcements – IT
departments typically make more well-informed, more well thought-out decisions
about purchasing capital equipment and do so during normal hardware refresh
cycles. In short, individuals who buy new hardware for themselves are not
constrained by the need to make a business case for their purchases.
With regard to the widespread use of applications like personal file sync services or
Skype, or the hundreds of thousands of other applications available via the Apple or
Android apps stores, there are somewhat different drivers involved. For example:
• A growing proportion of employees work at home as part of formal or informal
telework programs and so are not as constrained by their IT department about
downloading and installing applications that may or may not have been vetted
for use on the corporate network.
• Many IT departments impose file-size limits or prevent the sending of certain Many employees
types of content in the corporate email system to maintain acceptable network or
application performance or to protect against malware. are happy to
accommodate –
• Many users have multiple workplaces: their cubicle, their home office, Starbucks,
airplanes, etc., and so need to have access to all of their files – and the latest or are at least
versions of their files – on their laptop, their tablet and their smartphone. willing to accept
• IT departments often cannot afford to deploy all the tools that users need, the – a blurring of
vetting process for these applications is too slow to meet users’ expectations, or the distinction
the IT department simply does not allow certain tools to be used because of
concerns over corporate security, the potential for data breaches, etc.
between work
and personal life
Finally, many employees are happy to accommodate – or are at least willing to
•
accept – a blurring of the distinction between work and personal life and so need
and so need
access to critical applications and data on every platform, whether supplied by access to critical
their employer or not.
applications and
data on every
THE BENEFITS OF BYOD platform.
There are three fundamental benefits that the trend toward BYOD can provide:
• Users are more efficient
One of the primary ways in which BYOD helps users is by making them more
efficient. Having access to every file and every email from any hardware
platform or Web browser enables users to get more work done. For good or
bad, numerous surveys have found that a large proportion of employees check
email and do other work after hours on weekdays, on weekends and on
vacation. BYOD is a key enabler of this phenomenon.
• Corporate costs can be reduced
At least in the short term, corporate costs can be reduced by having employees
fund some or all of their mobile device and cloud-based application
requirements. For example, while many employers will pay for employees’
mobile devices outright, some provide only partial reimbursement, if that. A
comScore MobiLens study of BlackBerry users in late 2011 found that 22% of
employers provide only partial reimbursement for users’ devicesv. Moreover, an
Aberdeen Group study found that carrier costs for employee-owned devices are
$10 per month per device lower than if the company owns the devicevi.
©2012 Osterman Research, Inc. 4
6. Putting IT Back in Control of
BYOD
• Employee retention and satisfaction can be improved
There is also some evidence to suggest that when employees are permitted to
choose their own mobile device their job satisfaction is higher. For example, an
Aberdeen Group study found that 61% of companies that permit employees to
use their own mobile device experience higher employee satisfactionvii.
THE DANGERS OF BYOD
SECURITY
One of the fundamental dangers of BYOD is that personally owned and managed
devices used to create, access and store corporate data will typically bypass inbound
content filtering systems that have been deployed by IT. One result of this is a
potentially greater likelihood for malware intrusion, particularly for Android devices.
For example, F-Secure found that for the 12-month period ending in the first quarter
of 2012, the number of new Android-focused malware families and variants had
increased from 10 to 37, and the number of malicious Android-focused application
package files had increased from 139 to 3,063viii. Moreover, personally owned
devices will normally bypass outbound content filtering systems, resulting in
potentially more violations of corporate and regulatory policies focused on encrypting One of the
sensitive content or preventing disclosure of confidential information. Add to this the
fact most personally owned devices cannot be remotely wiped if they are lost, leading fundamental
to a much greater likelihood of data breaches and loss of intellectual property. dangers of
The greater security risk posed by the use of personally owned devices was borne out BYOD is that
in the research conducted for this white paper. For example, in organizations with at personally owned
least 100 employees, we found that:
and managed
• 69% of company-owned smartphones can be remotely wiped if they are lost devices that are
compared to only 24% of personally owned smartphones. Similarly, 54% of
company-owned tablets can be remotely wiped versus only 21% of personally
used to create,
owned tablets. access and store
• 44% of company-owned smartphones and 38% of company-owned tablets can
corporate data
be scanned for malware; the figures for personally owned smartphones and will typically
tablets are 10% and 9%, respectively.
bypass inbound
Moreover, BYOD can increase the likelihood that sensitive or confidential corporate content filtering
information will be breached. For example, researchers in a UK-based study acquired
49 mobile devices that had been resold through secondary markets; forensic
systems that have
examination of the devices resulted in the discovery of information on every device been deployed by
and a total of more than 11,000 pieces of information collectively from all of the IT.
devicesix.
LEGAL AND REGULATORY PROBLEMS
Another danger of BYOD – and one that also affects employers who provide mobile
devices themselves – is that non-exempt employees may have to be paid for their
after-hours work using mobile devices. This applies to employers who require this
work, as well as to those that are simply aware of it. For example, companies
including T-Mobile and Black & Decker have been sued by employees for their unpaid
overtime as a result of doing work with their smartphones after hoursx. In the case
of Scheinder v. Landvest Corporationxi, the court ruled that “an employer is obligated
to pay an employee for all hours worked, even those in addition to his or her pre-
scribed schedule, if the employer knows or has reason to know that the employee is
working additional hours”. Terremark Worldwide was sued in a 2008 class action
because Data Return LLC, a company that it had acquired, allegedly required
employees to respond to phone calls and emails after hours from their mobile
devicesxii.
It is also important to note that firms registered with FINRA and the SEC are required
to archive and monitor communications via smartphone. For example, FINRA
©2012 Osterman Research, Inc. 5
7. Putting IT Back in Control of
BYOD
Regulatory Notice 07-59xiii states “…a firm should consider, prior to implementing new
or different methods of communication, the impact on the firm’s supervisory system,
particularly any updates or changes to the firm’s supervisory policies and procedures
that might be necessary. In this way, firms can identify and timely address any
issues that may accompany the adoption of new electronic communications
technologies.”
CONTENT RETENTION AND MANAGEMENT
Smartphones and tablets contain a significant proportion of corporate data.
Osterman Research has found that more than five percent of corporate data is stored
just on users’ smartphones – we expect this figure to soar during the next 24 months
as iPads and other tablets are employed in much larger numbers. Employee-owned
and controlled devices make access to this data by corporate IT or compliance
departments much more difficult, such as during an eDiscovery exercise. This is not
only because of the difficulty that might be encountered in physically accessing these
devices, but also because of the potential privacy and other legal issues that are
raised by companies accessing their employees’ personal property.
From a purely practical standpoint, knowing what data is available on mobile devices
becomes more difficult. This is particularly problematic for legal counsel and others Placing a hold on
that must assess the information that the organization has available to it during
eDiscovery, early case assessments, legal holds and similar types of litigation-related
mobile data may
activities. Moreover, the likelihood of spoliation of content stored on personally be more difficult
owned devices is much greater simply because it is not controlled by the IT or
compliance department.
than it is for
traditional
With regard to just the legal hold issue, when data that might be required in a legal systems – and
action must be held back from the normal deletion cycle or from users’ arbitrary
deletion, it is imperative that an organization immediately be able to retain all much more
relevant data, such as emails sent from senior managers to specific individuals or difficult when it
clients. Placing a hold on mobile data may be more difficult than it is for traditional
systems – and much more difficult when it is located on devices that are under the is located on
control and ownership of individual employees. devices that are
CORPORATE GOVERNANCE under the control
There are a growing number of corporate governance obligations with which virtually and ownership of
every organization must comply, but particularly those in heavily regulated industries.
These obligations, which are focused primarily on the archiving, encryption and
individual
monitoring of certain types of communications, include the following: employees.
• The Payment Card Industry Data Security Standard is a set of
requirements for protecting the security of consumers’ and others’ payment
account information. It includes requirements for building and maintaining a
secure network, encrypting cardholder data when it is sent over public networks
and assigning unique IDs to each individual that has access to cardholder
information.
• The Gramm-Leach-Bliley Act requires financial institutions to protect sensitive
information about individuals, including their names, addresses, and phone
numbers; bank and credit card account numbers; income and credit histories;
and Social Security numbers.
• The Health Insurance Portability and Accountability Act (HIPAA)
requires healthcare and other organizations to protect sensitive health records of
patients and others. However, the “new” HIPAA that took effect during the first
quarter of 2010 greatly expands the impact of the law. For example, while
HIPAA previously applied mostly to physicians, medical practices, hospitals and
the like, now the business associates of these entities will be required to comply
with HIPAA’s rules about the security and privacy of protected health information
(PHI). That means that accountants, benefits providers, attorneys and others
©2012 Osterman Research, Inc. 6
8. Putting IT Back in Control of
BYOD
that are given access to PHI will now be fully obligated to comply with HIPAA.
• Electronic recordkeeping rules established by the SEC, FINRA, FSA and other
regulatory bodies are focused on financial services organizations’ obligations to
monitor and archive communications between registered firms and their
customers.
• The Federal Rules of Civil Procedure obligate organizations to manage their
data in such a way that it can be produced in a timely and complete manner
when necessary, such as during legal discovery proceedings.
• The Sarbanes-Oxley Act of 2002 obligates all public companies and their
auditors to retain relevant records like audit workpapers, memoranda,
correspondence and electronic records – including email -- for a period of seven
years.
• Federal Energy Regulatory Commission Order No. 717 imposes various
rules on regulated and vertically integrated utilities so that transmission providers
do not give preferential treatment to their affiliated customers. The purpose of
this order is to create an ethical wall between the marketing and transmission If a company-
functions of vertically integrated companies that distribute electricity and natural
gas between states. owned
smartphone that
These governance requirements apply to any platform in use by an organization,
including those that are owned by and under the control of employees, if they are contains
used to access or store corporate information. consumer data is
POTENTIALLY HIGHER COSTS
lost and it cannot
An Aberdeen Group analysis found that a 1,000-seat organization will spend an be remotely
additional $170 per user per year when using BYOD as compared to providing wiped, in most
smartphones themselvesxiv. This makes sense given that support for a wide range of
mobile platforms, operating systems, operating system versions and firmware cases an
versions will typically be more expensive than supporting just one or two IT-approved organization will
and company-funded platforms.
be obligated to
However, BYOD can lead to other, potentially enormous costs. For example if a report this data
company-owned smartphone that contains consumer data is lost and it cannot be
remotely wiped, in most cases an organization will be obligated to report this data breach to all of
breach to all of the affected parties. If we assume, as discussed above, that 69% of the affected
company-owned devices can be remotely wiped compared to only 24% of personally
owned devices, then the likelihood of losing data for the latter – and the cost of the parties.
data breach – will be 2.9 times greater.
STEPS TO MANAGING BYOD
There are five steps that Osterman Research recommends for any organization as it
attempts to manage the growth of BYOD:
• Management must understand the benefits and risks
The key to dealing with the BYOD phenomenon is first to understand just how
pervasive it is in most organizations. While most senior managers will surmise
that some of their employees are using personally owned smartphones and
tablets (given that senior managers often were the instigators of the trend after
the introduction of the iPhone), they may not appreciate just how widespread
this use has become. Senior managers need to understand how personally-
owned smartphones and tablets, as well as tools like personal file sync services
or Skype, are used throughout the organization, what types of data they are
used to access and store, and the reasons for their use.
©2012 Osterman Research, Inc. 7
9. Putting IT Back in Control of
BYOD
• Evaluate the options
Decision makers in IT, HR, compliance, etc. should then consider the options for
managing BYOD. The available options will range from doing nothing to
implementing draconian controls that will all but eliminate – or at least attempt
to eliminate – the use of personally owned devices and employee-managed
applications for work-related purposes. While some decision makers may opt for
the latter as a sort of knee-jerk reaction to protect corporate data assets or
reduce the potential for malware infiltration, there are two reasons to opt for
more open, rather than more restrictive, BYOD-related attitudes:
o Draconian controls are unlikely to work
Faced with a requirement to eliminate use of personal devices or
applications, many employees will do so secretly, particularly the growing
proportion of employees who work from home at least one day per week.
For organizations that need to lean in this direction, if eliminating consumer-
grade options, an easy-to-use, secure and sanctioned alternative must be
It is critically
provided. important that
o Employee productivity will suffer
organizations
It is important to understand that the vast majority of employees do not use faced with the
their own devices or applications simply for the fun of it – they are doing so
to be more productive, to bypass IT restrictions (e.g., email file-size limits)
BYOD problem
that prevent them from being effective in their work, or because they have implement
found a way to be more efficient at no charge to their employer. To issue policies about
an edict that prevents employees from using these tools will likely be
counterproductive to the interests of both management and employees. acceptable use of
• Implement policies to protect the organization
devices and
It is critically important that organizations faced with the BYOD problem applications,
implement policies about acceptable use of devices and applications, perhaps perhaps creating
creating a list of approved devices, operating systems, applications and other
personally owned or managed solutions. These policies should be detailed and a list of approved
thorough, and should be included as part of an organization’s overall acceptable devices,
use policies that are focused on use of corporate computing resources.
operating
A key element of these policies as they apply to mobile devices should be that systems,
any mobile device must be wipe-able by the IT department in the event of its
loss, and that all devices that contain corporate content should be encrypted to applications and
prevent the loss of sensitive data or intellectual property. Corporate policies other personally
focused on employee-managed applications should include requirements for the
encryption of data if stored in a third party’s cloud data center. owned or
managed
• Educate users on best practices
It is also important to educate users on best practices with regard to accessing solutions.
and managing corporate data on personally-owned devices or when using
specific applications. An important reason for doing so is not only to make
employees aware of the dangers that can ensue if corporate data is not
adequately protected, but also to achieve employee buy-in and cooperation with
corporate policies.
• Deploy the appropriate technologies
Finally, it is imperative that organizations deploy technologies, such as mobile
device management solutions, that will enable their policies to be satisfied and
for overall corporate risk to be managed at an appropriate level. For example,
an organization in which a consumer-focused file-sharing application is used
should deploy an alternative that is just as easy to use, but one that provides IT
control over how content is shared (expiration dates for content, tracking
managing and reporting of files downloads and sharing, control over file types
that can be sent, automatic encryption of content sent beyond the corporate
firewall, etc.). Similarly, an organization that allows employees to use personal
tablets should deploy a solution that enables full disk encryption, under IT’s
©2012 Osterman Research, Inc. 8
10. Putting IT Back in Control of
BYOD
control, that will protect sensitive data if the device is lost. Other technologies
that should be on the short list of those deployed include anti-virus, malware
detection and remediation, role-based access, content inspection and archiving –
these apply to both personally owned devices, as well as to employee-managed
applications.
SPONSORS OF THIS WHITE PAPER
Accellion, Inc. provides enterprise-class mobile file sharing solutions that enable
secure anytime, anywhere access to information while ensuring enterprise security !
and compliance. The world’s leading corporations and government agencies use
Accellion to protect intellectual property, ensure compliance, improve business www.accellion.com
productivity and reduce IT costs. twitter.com/accellion
info@accellion.com
Founded in 1999, Accellion file sharing solutions can be deployed on public, private
and hybrid cloud environments and provide the ease-of-use business users need
while giving the enterprise organization the flexibility, scalability and protection it +1 855 485 4300
needs. +1 650 485 4300
!
Accellion is a profitable, well-funded, private company with more than 10 million
users and 1,500 enterprise organizations that have deployed Accellion with a more
than 96 percent annual renewal rate. Current customers include Procter & Gamble;
Activision; Indiana University Health; Kaiser Permanente; Foley & Mansfield; Lovells;
Bridgestone; Ogilvy & Mather; Harvard University; Guinness World Records; US
Securities and Exchange Commission; and NASA.
For more information please visit www.accellion.com or call (650) 485-4300.
Connect with Accellion:
Web: http://www.accellion.com
Twitter: http://www.twitter.com/accellion
Facebook: http://www.facebook.com/accellion
LinkedIn: http://www.linkedin.com/companies/accellion
Colligo Networks is the leader in SharePoint apps for email and document
management in the enterprise. Our unified, centrally managed solutions make it easy
to access and manage SharePoint content from everyday apps and devices like
Microsoft Outlook, Windows File Explorer, Apple iPads and smartphones. !
www.colligo.com
More than 4,800 organizations rely on Colligo’s SharePoint apps to improve twitter.com/colligo
collaboration, increase productivity, and mitigate corporate risk by increasing sales@colligo.com
SharePoint adoption. Global and Fortune 500 customers include Microsoft, Kraft
Foods, Novartis, Charter Communications, General Motors, Siemens, and many more +1 866 685 7962
industry leaders around the world. +1 604 685 7962
!
iPrism Web Security
iPrism is a self-contained, appliance-based solution, that combines a number of
enforcement methods to protect corporate networks from threats whether users are
connected locally or remotely via their own or company-owned devices. !
• Cloud-Based Remote Filtering www.edgewave.com
Assures that policies are enforced consistently for all users, local and remote, twitter.com/edgewave
without having use VPN, DMZ proxy deployments or browser-specific PAC files. sales@edgewave.com
• Solution for Mobile Device Management
+1 800 782 3762
Corporate network administrators can easily manage employee use of devices
+1 858 676 2277
such as iPhones and iPads with an easy-to-configure iPrism solution using a VPN
connection. !
©2012 Osterman Research, Inc. 9
11. Putting IT Back in Control of
BYOD
• Exclusive Outbound Botnet Defense
iPrism protects your network by blocking bots from connecting with their
command and control contacts outside your network. When a bot communication
is detected, you receive an alert allowing you to remediate the problem
immediately.
• Circumvention Defense Network
Prevents circumvention attempts with real-time technology that leverages
hundreds of virtual machines hosted in a scalable cloud data center to detect
external circumvention tools that proxy or re-route users' web requests. iPrism
stays current by continuously detecting new sites so the corporate network is
protected from emerging threats.
• iPrism Social Media Security
This cloud-based service allows you to seamlessly monitor, filter and report on
end-user interactions with social media such as Facebook, Twitter, YouTube and
others. It includes standard policy templates or you can customize, with the
ability to add unlimited policies, or text-based rules per your requirements. When
a policy violation is detected, the user receives a message within the application
itself and is prevented from posting.
ePrism Email Security Suite
ePrism Email Security Suite is a cloud-based, comprehensive solution that offers Zero
Minute Defense antispam and antimalware protection, Email Continuity, Data
Protection Services with Encryption and DLP, and secure Email Archive.
• Email Filtering
Inbound/outbound filtering stops spam, viruses and malware with email policy
enforcement, TLS encryption and Zero Minute Defense to identify and block
threats before other solutions know they are present.
• Email Continuity
Automatically spools all your email in case of unplanned or planned shutdown,
assuring that your users have access to their email.
• Data Protection Services
DLP and Encryption are integrated so that a DLP violation can automatically
trigger encryption.
• Email Encryption
ePrism’s next-generation encryption technology is easy to deploy and simple to
use. As a completely hosted service, there is no hardware or software to
implement and encryption can be enabled on a per user basis or as part of an
automated routing policy.
• Data Loss Protection
ePrism DLP protects the outbound communication of all types of private or
objectionable data, including patient healthcare information, financial
information, Social Security and credit card numbers and objectionable content.
• Secure Archive
Retains your email in an unalterable state to help meet requirements for
regulatory compliance, litigation issues, storage management needs, or to fulfill
business best practices guidelines.
©2012 Osterman Research, Inc. 10
12. Putting IT Back in Control of
BYOD
Founded in 1998, HyperOffice is a recognized leader in the white-hot online
communication and collaboration solutions industry for small to mid sized businesses.
Our mission is to empower growing organizations with technology traditionally
available only to large enterprises, and help them achieve business growth,
competitive advantage and success. Having spent more than ten years offering online
collaboration solutions, HyperOffice was one of the first companies to offer software-
as-a-service - the buzzword in information technology today, and widely hailed as the www.hyperoffice.com
future of corporate software. Since its inception, more than 300,000 users worldwide twitter.com/
have harnessed the power of HyperOffice. hyperoffice
corpsales@
HyperOffice aims at bringing messaging and collaboration technologies traditionally hyperoffice.com
available to large enterprises, to growing organizations through the SaaS, on-demand
model. HyperOffice 'out of the box' solutions allow customers to do what they do +1 800 434 5136
best, and reap the benefits of robust functionality without any technical know how +1 240 428 1700
and high upfront costs. Moreover, they can get started almost immediately with just
!
an internet connection, without having to go through long implementation cycles,
invest in expensive IT infrastructure, or hire expert staff for ongoing maintenance.
Our integrated suite of online tools covers the entire range of productivity needs that
exist in every organization - business email, contact management, calendaring,
document management, intranet and extranet workspaces, forums, online databases,
web forms and much more.
In addition to the HyperOffice Collaboration Suite, our core offering, our range of
solutions include:
• HyperMobile for push email and mobile messaging
• HyperBase for online database management and web forms
The attempt is to constantly expand our offerings, and to be the one stop shop
bringing the best and latest in enterprise class information technology to our small
and mid sized business customers. All solutions can be fully integrated, bringing our
customers the synergies of the only "total collaboration" solution in the market for
growing businesses.
HyperOffice solutions have been developed bottom up based on years of experience
working closely with our customers. We continue to add to the HyperOffice
Collaboration Suite, and add new products to our list of offerings, based on invaluable
feedback from our customers, and as business needs, markets and technologies
evolve. Our SaaS approach ensures that all upgrades to HyperOffice are instantly
available to our customers without charge, allowing them to effortlessly keep at the
cutting edge. Moreover, we realize that our customers require more than merely
technological tools. Our solutions are fully outsourced and we offer a range of free
and enhanced services, so that customers can truly make the most of their SaaS
investment with minimum hassle - free webinars, live phone support, implementation
support, business consultation and on-demand customization. And we continue to
have our sights fixed firmly on the core needs of our customers - speed, ease of use,
and a balance of integrated functionality and customizability.
HyperOffice is a signatory to the Company-Customer Pact, which lays down model
standards of behavior for companies. The Pact underlines our values of honesty,
sincerity, transparency, community and continuous improvement. This is what we
have strived for in 10 years in business, in a market where our success is completely
linked to ongoing patronage from each of our customers.
©2012 Osterman Research, Inc. 11
13. Putting IT Back in Control of
BYOD
McAfee is the world’s largest dedicated security technology company. Delivering
proactive and proven solutions and services that help secure systems and networks
around the world, McAfee protects consumers and businesses of all sizes from the
latest malware and emerging online threats. Our solutions are designed to work
together, integrating antimalware, antispyware, and antivirus software with security !
management features that deliver unsurpassed real-time visibility and analytics,
reduce risk, ensure compliance, improve Internet security, and help businesses www.mcafee.com
achieve operational efficiencies. twitter.com/mcafee
sales@mcafee.com
Backed by an award-winning research team, McAfee security technologies use a
unique, predictive capability that is powered by McAfee Global Threat Intelligence — +1 888 847 8766
enabling home users and businesses to stay one step ahead of online threats. +1 408 988 3832
McAfee’s security products and solutions span the following areas:
!
• Data Protection
• Database Security
• Email & Web Security
• Endpoint Protection
• Mobile Security
• Network Security
• Risk & Compliance
• Security-as-a-Service (Security SaaS)
• Security Management
• Security Information and Event Management (SIEM)
McAfee solutions deliver the highest levels of threat visibility and antimalware
protection, including comprehensive system and endpoint protection, network
security, cloud security, database security, and data protection. McAfee’s complete
security solutions extend beyond virus software. Backed by McAfee Global Threat
Intelligence, our solutions help companies enhance visibility into their security
postures, allowing business to embrace Web 2.0 technology, virtualization, cloud
computing, and personal and mobile devices, while protecting critical assets and
sensitive data.
YouSendIt, Inc. is the first business content collaboration service to offer an
integrated approach for sending, sharing and signing documents online. With 28
million registered users in 193 countries, YouSendIt helps enterprises and business
professionals streamline collaboration by enabling them to instantly sync and access
content in the cloud and easily send files, share folders and sign documents from !
anywhere—the desktop, Web or mobile devices. YouSendIt offers a suite of
productivity tools that integrate seamlessly into common desktop and mobile
www.yousendit.com
environments. With YouSendIt, companies can alleviate the burden placed on e-mail
twitter.com/yousendit
systems by offloading attachments, improving performance and productivity and
reducing costs and IT security risks. Headquartered in Campbell, Calif., YouSendIt is sales@yousendit.com
a privately held company backed by venture capital firms Adams Street Partners,
Alloy Ventures, Emergence Capital, Sevin Rosen and Sigma Partners. Visit +1 866 558 7363
www.yousendit.com or the YouSendIt Blog for more information. +1 408 879 9118
!
©2012 Osterman Research, Inc. 12
14. Putting IT Back in Control of
BYOD
© 2012 Osterman Research, Inc. All rights reserved.
No part of this document may be reproduced in any form by any means, nor may it be
distributed without the permission of Osterman Research, Inc., nor may it be resold or
distributed by any entity other than Osterman Research, Inc., without prior written authorization
of Osterman Research, Inc.
Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes
legal advice, nor shall this document or any software product or other offering referenced herein
serve as a substitute for the reader’s compliance with any laws (including but not limited to any
act, statue, regulation, rule, directive, administrative order, executive order, etc. (collectively,
“Laws”)) referenced in this document. If necessary, the reader should consult with competent
legal counsel regarding any Laws referenced herein. Osterman Research, Inc. makes no
representation or warranty regarding the completeness or accuracy of the information contained
in this document.
THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR
IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE
ILLEGAL.
i
http://www.researchandmarkets.com/research/pwsr9h/bring_your_own_dev
ii
http://www.xigo.com/byod/
iii
http://www.equanet.co.uk/cms/apple/ipad-in-business/bring-your-own-device.html
iv
http://www.zdnet.com/blog/sybase/cisco-the-biggest-mobile-byod-deployment-
around-slides/2671
v
http://www.bgr.com/2012/01/27/blackberry-users-are-older-and-wealthier-than-
average-smartphone-users-study-suggests/
vi
http://www.xigo.com/byod/
vii
http://www.xigo.com/byod/
viii
Source: Mobile Threat Report Q1/2012, F-Secure
ix
Electronic Retention: What Does Your Mobile Phone Reveal About You?
http://EzineArticles.com/7068075
x
http://cspalaw.com/pdf/Smartphones.pdf
xi
Schneider v. Landvest Corp., 2006 WL 322590 (D. Col. Feb. 9, 2006)
xii
http://www.munckwilson.com/media-center/in-the-news/audrey-mross-quoted-in-
dallas-business-journal-article-employee-smartphone-
xiii
http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/
p037553.pdf
xiv
http://www.vcinsight.com/116/ExecutiveIntervierws/807/
ToBYODornottoBYOD–thatisthequestion!
©2012 Osterman Research, Inc. 13