When it comes to employee-owned mobile devices, many organizations want to run away from the security risks of the bring-your-own-device-to-work trend. Intel chose to run toward them.
In an exclusive case study, Intel CISO Malcolm Harkins details the security challenges and business opportunities of BYOD. And he explains how the move forced the company to re-think enterprise security to accommodate employees' smart phones, tablets and other mobile devices. Learn how to:
Involve employees in developing an effective mobile policy;
Create a layered security approach to manage the risks;
At Intel, the BYOD trend started in 2009, when employees began using their own smart phones, tablets and mobile storage devices on the job. Rather than reject the trend, as many organizations initially attempted, Intel's senior leaders were quick to embrace it as a means to cut costs and improve productivity.
Since Jan. 2010, the number of employee-owned mobile devices on the job has tripled from 10,000 to 30,000, and by 2014 Intel CISO Malcolm Harkins expects that 70 percent of Intel's 80,000 employees will be using their own devices for at least part of their job.
The payback so far:
Better Productivity - Employees who use their own devices respond faster to communication and over a greater percentage of the day;
Improved Security - Mobility improves Intel's time to respond, contain and recover from incidents;
Greater Control - Because personally-owned devices are encouraged, Intel now has markedly fewer unauthorized devices on its network.
And while there are heightened risks that come with having employees carry sensitive data on their personal devices, Harkins says organizations must tackle these risks head-on. "Doing nothing is not an option" when it comes to BYOD, he says. "Employees will work around and unknowingly expose the enterprise."
In this presentation, Harkins tells how Intel came to embrace and benefit from the BYOD trend, including insights on:
Bottom-up Approach - Intel from the outset involved employees in mobile policy creation, making the process open to input and constructive criticism. The result: an effective Employee Service Agreement for personally-owned devices.
Risk Management - There is no 'one size fits all' so Intel developed a five-tier risk management model that provides enhanced security capabilities depending on the employee's access to sensitive data such as line of business applications, filtered e-mail and the corporate intranet.
Beyond Technology - Intel quickly discovered that BYOD impacts more than the IT and security groups. HR and legal play huge roles in helping to define policy, enforce compliance and ensure adequate attention is paid to details regarding privacy, appropriate use and software licensing.
Harkins is responsible for all aspects of information risk and security at Cylance as well as public policy and customer outreach to help improve understanding of cyber risks. He spent 23 years with Intel, most recently as its first Chief Security and Privacy Officer. In this role, he was responsible for managing the risk, controls, privacy, security and other related compliance activities for all of Intel's information assets, products and services. Before becoming Intel's first CSPO, he was the chief information security officer (CISO), reporting to the chief information officer. Harkins also held roles in finance, procurement and various business operations.