BYOD: Short-term Gain Without Long-term Pain?

What We Are Dealing With …

Introductions Kim Cary, Pepperdine University Bruce Klein, Rowan University Tom Murphy, Bradford Networks

Why do you consider BYOD Risky? Configuration Managed Unmanaged Devices Consistent Diverse Applications Corp Push User Downloaded Risk Websites Contained Open Endpoint Protection Mature Emerging

Who’s Responsible for Defining Policies? Compliance Security Operations Staff Policy Awareness and Administration Compliance / Risk Officer Governance, Risk, Compliance Audit and Reporting Security Operations Center Incident Response / Forensics Identify/Access Management CISO Vulnerability Assessment CSO Security Engineering Director of Security CIO Wired/Wireless Network Administration Endpoint IT Strategy & Architecture Network Operations Center VP of Infrastructure App/Service Help Desk / IT Support Server/DB Project Management Faculty/ & Staff Bus Unit General Mgr Bus Analyst / IT Liaison Students Business Line Management Bus Process Monitoring & Operations Application Dev/QA/Test Exec VP Mgr Staff

How granular are your policies … by role, location, device? Profiles Information Locations Devices Info 1 Info 2 Info 3 Loc 1 Loc 2 Loc 3 Loc 4 Laptop Smart Phone iPad Desktop Executives g h a Perm Staff Temp Staff Student Guest

How do you mature BYOD processes? Embrace Contain Block Disregard Visibility Automation

What speed bumps did you hit? Confidentiality/Integrity/Accessibility People Process Technology Other …

What best practices would you share? Executive Support Granularity of Policies Acceptable Use Policy Communication / Guidance / Common Services Technology Rollout Process Registration/Accountability Remediation