BYOD

A comparison of BYOD security policies

Created by
Tyler Blake
Devin Clapp

Agenda

  • Overview of project
  • What is BYOD?
  • Advantages/Disadvantages
  • DevCo
  • TyCo
  • Comparison
  • Ideal Solution

What is BYOD?

  • Bring Your Own Device
  • Policy of allowing employees to bring personal devices to work

Advantages


&


Disadvantages

Advantages

  • Increased productivity
  • Improved morale
  • Makes the job look more flexible and attractive
  • Cost savings for the company

Disadvantages

  • Increased chance of data breaches
  • Employee forgetting to wipe memory when reselling devices
  • Employee losing devices with confidential work data on them
  • Harder to monitor usage
  • Scalability issues for company infrastructure

Overview of Project

  • Compare and contrast BYOD policies in 2 different settings
  • Discuss the security policies related to BYOD for each
  • Assess the risks each company endures
  • Determine how they manage/handle such risks

DevCo

Overview

  • Healthcare Firm
  • Provides medical assistance and insurance to their customers

BYOD Policy

  • Strict as they are a covered entity
  • VPN portal allowed from any device
  • Guest wireless offered for personal devices

Risks

  • HIPAA, they must remain compliant with regulations
  • Data theft/leaks
  • Lost or stolen devices

Risk Management

  • Physical access controls limit access to certain areas
  • Logical access controls limit access to data and assets
  • User ID with role based permissions
  • Cheaper for healthcare industries to provide devices than suffer financial penalties from an attack

TyCo

Overview

  • IT consulting firm
  • Provides cloud based solutions for many different organizations

BYOD Policy

  • Relaxed poicy
  • All devices are allowed
  • Login to access company network and assets
  • No VPN requirement for remote access
  • No monitoring software required
  • No prohibited applications

Risks

  • HIPAA compliance when working with covered entities
  • Malicious code planted in project solutions
  • Compromise of login to client system/network
  • Compromise of login to their own system/network
  • Device gets lost/stolen

Risk Management

  • Physical access controls to certain company assets
  • Logical access controls
  • Login with authentication/authorization
  • Role-based access controls
  • Group based access controls
  • Transfer risks to their cloud service provider
  • Transfer risks to the client they are working for

Comparison

  • DevCo
  • Strict policy
  • Only authorized personal devices in limited contexts
  • Requires login to access guest network
  • Must use VPN for romote acess

  • TyCo
  • Relaxed policy
  • All personal devices are allowed
  • Requires login to access internal network
  • No VPN required for remote access

Ideal Solution

  • Only allow certain devices (ex. laptops only)
  • Login for acess to company network
  • Must use VPN for remote access
  • Use of monitoring software on devices
  • Requirement of anti-virus/malware software installed
  • Train employees on acceptable use of devices
  • Set up an employee exit strategy

Questions?

  • Thank you! :)

  • Presentation brought to you via Reveal.js!