Today's Whiteboard Wednesday features Giri Sreenivas, our VP and GM of Mobilisafe, here at Rapid7. Giri explains exactly what BYOD security is, how it came to be, and what BYOD security means in the context of ever-changing business needs. He'll also dive into what he sees as the future of BYOD security.
Hi everybody. Welcome to Whiteboard Wednesday here at Rapid7. My name is Gary Shrinivas. I'm the VP and GM for Mobile. So today, we're going to talk about what is BYOD and why does it matter.Show more Show less
So, BYOD is an acronym that stands for bring your own device. And it's a pretty big trend that's going on right now. It's where individuals are going out and buying their own SmartPhones and tablets, and they're using them for their personal things, but they're also bringing them to work and they're accessing company data with that. And so what we're going to do today is talk through a little bit about the history of SmartPhones. Talk about how the trend started and how pervasive it is today and why users really like BYOD. And what it really means for security professionals today.
So, if we take a look at the timeline, going back a ways, some of the first SmartPhones out there were Blackberrys that were made by RIM, and RIM was the first security organization and companies would buy these devices in mass and provide them to their employees. But with the introduction of the iPhone and Android, we saw a pretty big shift. And I'm happy to say when I was at T-Mobile I got to play a pretty big role in what Android did for the market. I got to work on, pretty much, every Android device that T-Mobile put out into the market leading up until about 2011. So, what started with these SmartPhone platforms initially were some great applications, great user experience, and most importantly the app markets. But, what most people don't realize is, shortly after the introduction of each of these devices, they became active sync enabled.
So, let me step back for a moment and talk a little bit about active sync. Active sync is basically just a syncing protocol that allows your device to get access and actually sync data down from the Microsoft exchange server. So this is how you get your email, your calendar, and your contacts from work. And so these were added a little bit later on to each of the platforms and that's what really caused the SmartPhone revolution to take off in the workplace and really fuel the BYOD trend. And so if you go back and you take a look at, from a personal perspective, how did this evolve? When the iPhone started to become a really, highly desired device, you have your CEO or your CTO go out and buy an iPhone and bring it into work and say, "I know this device can do active sync, I'd really like to get my work data on here." And so they go to IT and IT would take a look at this and say, "How are we going to make this happen? We got to do it. The CEO's asking for it." And they took a look at their exchange server. They'd open up Active Sync access and low and behold, the CEO ditches their Blackberry and they're no longer carrying two phones. They're just carrying their iPhone and they're doing everything on that one device.
Little did they know that they're really setting the trend for the rest of the company. So, you have rank and file employees going out and buying Android devices and iPhones, and they love them for their personal use. They love the app stores and they realize, "Hey, I don't want to carry two phones, either. I want to use them for work." And, without IT necessarily being ahead of this trend, you've got lots and lots of employees now using their personal SmartPhones and tablets for work and that's part of bring your own device trend. In fact, we see about 80% of employees actually using these devices. So, it's a very pervasive trend today. So, it really is the bring your own device trend. You go to the store. You buy whatever you like. You get to use it for your work life and your personal life. So, this is why users love BYOD. They're making the technology choices that work best for them. It's letting them get their work done as quickly as possible and as efficiently as possible.
But it presents some security challenges for the IT teams. Certainly, these are devices have not been vetted. Apple and Microsoft and Google have done a great job with developing these platforms for consumers, but in many ways security has been a little bit of an afterthought, relative to what RIM was doing with Blackberry devices. And so, from a security perspective, you've got to be thinking about, well these are personal devices that I don't know. They're getting access to my corporate data. How do I know that that corporate data is safe? And so, these are some of the things that IT really needs to focus on. Security persons really need to think about when it comes to personal devices that are getting access to corporate data.
So, this is a brief overview of you know, what the bring you own device trend is and why it should matter to you. And thank you again for joining us for Whiteboard Wednesday today.