BYOD in practice KPMG case study 13 March 2013. © 2013KPMG Romania, a Romanian limited liability company and a member firm of the KPMG network of independent.

Slides:

Advertisements

Similar presentations

Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?

Advertisements

Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

MANAGING AND SECURING BYOD Legal ITs Next Great Challenge.

Security for Mobile Devices

November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.

AirWatch United Kingdom Pricing Mobile Device Management Including Mobile Application Management and Mobile Management Effective April 1, 2012.

Mobile Device Protocol Sunil Vallamkonda 11/19/2012.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Device Evolution Greg Pelton Chief Technology Officer

1 1 March 20, 2014 A SIMPLE APPROACH TO BYOD. WHAT THEY DONT WANT IS: Company monitoring of their personal activities or restriction of the apps they.

IBM Endpoint Manager for Mobile Devices Mobile Device Management

Identify risks with mobile devices: Portable data storage Wireless connections 3 rd party applications Data integrity Data availability 2.

Copyright Movidan, Inc. All rights reserved. 1 Dont think, however, that we have lost our taste for risk. We remain prepared to lose $6 billion.

Mobile Protection Overview

Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.

Bomgar Product Strategy SECURE REMOTE SUPPORT FOR THE MOBILE ENTERPRISE © 2011 Bomgar Corporation | CONFIDENTIAL BOMGAR Solution Overview Stuart McGregor.

Driving change in information risk within the financial services industry Subtitle Date.

IT INFRASTRUCTURE AND EMERGING TECHNOLOGIES

Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.

6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,

© Copyright Ovum. All rights reserved. Ovum is a subsidiary of Informa plc. 1 Addressing the BYOD Management Gap: the evolution of enterprise mobility.

Desktop Central Managing Desktops, Servers & Devices Romanus Prabhu R Technical Account Manager LinkedIn : romanus.prabhu.

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT Christopher P. Buse Assistant Commissioner and CISO State of Minnesota Mobile Device Management Assessing.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Iron Mountain’s Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

1 ZIXCORP The Criticality of Security Dena Bauckman Director Product Management April 2015.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Mobile Policy. Overview Security Risks with Mobile Devices Guidelines for Managing the Security of Mobile Devices in the Enterprise Threats of Mobile.

Welcome to iDOC Corp. DocHost Solution Online Document Management DocHost 14 Day Free Trial

Company Presentation September 15, CONFIDENTIAL.

BRING YOUR OWN DEVICE. BYOD AND THE IMPACT ON IT SECURITY BYOD and pressure employees put on IT organization to supply or allow consumer mobility devices.

DISCOVER IT PEACE OF MIND Staying HIPAA-Compliant Revised: April 13, 2015.

Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.

Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite

Review of the Transparent Approach to Costing A report by KPMG for HEFCE.

CUTTING COMPLEXITY – SIMPLIFYING SECURITY INSERT PRESENTERS NAME HERE XXXX INSERT DATE OF EVENT HERE XXXX.

Mobility In the Enterprise Friend or Foe? Bob West, CEO, Echelon One 2012 Workshop on Cyber Security and Global Affairs 20 Junio, 2012 Barcelona, España.

Annette Rosta Associate Director Recruiting Diversity & Compliance KPMG Career Center Navigating Career Web Sites February 2012 Annette Rosta Associate.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Who is the typical fraudster? Michael Peer Partner 16 June 2011.

KRISHNA The State of Mobile Security in India The 23 rd IFIP World Computer Congress 2015 October 5 A Market Analysis and Recommendations for Enterprises.

INNOVATE THROUGH MOTIVATION Mobile Computing & Your Business KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.

BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.

Enterprise Mobility Suite: Simplify security, stay productive Protect data and empower workers Unsecured company data can cost millions in lost research,

Office 365 is cloud- based productivity, hosted by Microsoft. Business-class Gain large, 50GB mailboxes that can send messages up to 25MB in size,

La Salle University – Fall 2013 INL 880 – Capstone Presentation Presented by: Loc Nguyen & Shweta Somalwar December 18, 2013.

Vodafone Business Cloud

Managed IT Services JND Consulting Group LLC

THE CONSUMERIZATION OF IT By Patricia Coonelly, Anthony Dipoalo, Tom Stagliano.

Total Enterprise Mobility Comprehensive Management and Security

Print Management Solution in Legal

The time to address enterprise mobility is now

Office 365 is cloud-based productivity, hosted by Microsoft.

Data and database administration

Mobile Device Management

Print Management Solution in Legal

IWRITER 365 Offers Seamless, Easy-to-Use Solution for Using, Designing, Managing, and Sharing All Your Company Templates in Microsoft Office 365 OFFICE.

Mobile Device Management

It’s About Time – ScheduleMe Outlook Add-In for Office 365 Enables Users to Schedule Meetings Easily with People Outside of Your Organization Partner Logo.

BluVault Provides Secure and Cost-Effective Cloud Endpoint Backup and Recovery Using Power of Microsoft OneDrive Business and Microsoft Azure OFFICE 365.

Office 365 and Microsoft Project Integrations for HULAK Project Management Software Enable Teams to Remain Productive and Within Budget OFFICE 365 APP.

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Low Power Wide Area Network.

IT Management, Simplified

IT Management, Simplified

Presentation transcript:

BYOD in practice KPMG case study 13 March 2013

© 2013KPMG Romania, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. 1 Agenda Aurelia Costache CIO KPMG Romania Tel: Page BYOD – why?2 Business Case for Mobile devices5 Implications7 Challenges11 Summary and lessons learnt13

BYOD – Why? Trend or necessity?

© 2013KPMG Romania, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. 3 Global telecom sector: An overview Source: Ericsson; Informa Research 6.2 billion total mobile subscriptions as of March million net additions in the first quarter ending March 2012 Voice Data 966 1,014 1,054 1,087 1,114 Growing subscriber base: Mobile subscriptions at 6.2 billion in Q1 2012, ( ~87 percent penetration). Adjusted active subscriptions 4.2 billion Sharp decline in revenue growth – down from double-digit increases between 2005 and 2008 to just 5 percent in 2011 Mobile service revenue to grow at CAGR 3.2 percent during Data to drive revenue growth – CAGR 12.3 percent during , only partly offsetting the decline of voice revenues

© 2013KPMG Romania, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. 4 BYOD – Whats the buzz? History Blackberry served the corporate world As of 2007 major growth market share of smartphones (iPhone, Android) Recent years Explosion of smartphone penetration Emergence of tablets Corporate and private phones get mixed: Bring your own device Main Drivers Intuitive/Usable interface Internet/cloud integration Affordable pricing November 2012 U.S. Mobile Subscriber Market Share Source: comScore MobiLens

BYOD in KPMG Business Case

© 2013KPMG Romania, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. 6 Main elements Analysis of national and roaming traffic data Estimation of new traffic requirements for BYOD (national and roaming) The used fleet was almost 2 years old and replacement had to be planned CAPEX is lower (less devices acquired by KPMG) OPEX is higher (more admin staff to support the new users, MDM licenses, additional traffic) KPMG people (they can select the smart-phone they want) Staff need for mobility (business efficiency by accessing KPMG resources on mobile devices) The Business Case

BYOD in KPMG Implications

© 2013KPMG Romania, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. 8 Implications – Broader then expected Implications KPMG Global Standards TechnologySecurityLegal Data Privacy

© 2013KPMG Romania, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. 9 KPMG Global Standards, Technology and Security Main concerns Ensure the necessary security features to protect corporate data and prevent data loss as well comply with KPMG Global Standards – Security Requirements for Mobile Devices. What happens KPMG Approach KPMG limited the BYOD program to main OS on the market: Android and iOS and implemented dedicated MDM solutions: How will these security features be deployed? What happens when a device is lost or stolen? when the wrong PIN / password is entered too many times? What happens happens when a device is infected with malware? What What happens with the data saved to local backup or iCloud? GOOD for Android FAMOC for iOS

© 2013KPMG Romania, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. 10 Legal and Data Privacy Main concerns MDM features may include activity monitoring, tracking, and remote lock & wipe. Employees must give explicit and fully-informed consent for any organization to access and process their personal data. Employee consent is also required should a business wish to install a MDM application on their device. KPMG Approach KPMG implemented a BYOD policy: addresses the above concerns formally communicated and acknowledged by all participants. Policies configurations enforced using the MDM were carefully reviewed to ensure compliance with legal and Data Privacy requirements.

BYOD in KPMG Challenges

© 2013KPMG Romania, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. 12 BYOD – Challenges Security testing phase..included MDM solutions Internet facing components as well the client application installed on mobile devices: 1.Application security testing (web specific attacks, application logic attacks) Testing the network communication between clients and server Data encryption / protection MITM, spoofing, etc 2.Testing the client application (agent) Jailbreak Policy bypassing Local data storage / recovery Static application analysis, etc Vulnerabilities identified..for all components of the solution: for web applications front-end interface for client installed on smartphones. operational/ functional vulnerabilities (eg the application did not detect that a phone is subject to jailbreak) Operational challenges Complete testing & configuring of the MDM solutions Plan the enrollment: centralize all demands trough service desk application, increase of the data traffic Enroll all devices at the same time: activate the data services, install the MDM application on the device, configure the user account on the server and synchronize the KPMG data account.

BYOD in KPMG Summary & lessons learnt

© 2013KPMG Romania, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. 14 Summary of BYOD in KPMG Romania Summary of 2012 BYOD program allowing employees to use their own smart phones to access relevant corporate data: In the past... Around 150 BB used by Managers and above Mainly used for corporate access Cloud based services (private cloud) Expensive solution, especially in roaming Drivers for change Proliferation of smart devices KPMG people Need for mobility Cost management Today 260 smart devices (phones and tablets) activated Traffic volume increased by 30%, costs reduced by 10% After 6 months review the business case was confirmed Legal and Data Privacy aspects considered and formalized in a BYOD policy MDM solution implemented but processes are complex and need time to stabilize Initiative well received by KPMG staff (user satisfaction increased) Behavior changed (efficiency & innovation)

© 2013KPMG Romania, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. 15 Lessons learnt Enrolling mobile devices results in new risks Broader then expected, e.g. legal, technology, integration, backups Security controls work differently on mobile devices Technical Solutions Different security architectures to reduce risks of mobile devices No technical solution fixes it all, mitigate risks by people, processes and technology How to continue Perform risk assessment before implementation Consult with relevant experts Implement security controls for people, process and technology Test effectiveness of security controls Stay up-to-date with recent developments Structured approach, phase by phase Unexpectedly well received by users!

© 2013 KPMG Romania, a Romanian member firm and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International Cooperative (KPMG International).