Tuesday, February 10, 2015

BYOD, Those pesty Mobile devices and your Practice...


What BYOD is and isn’t
BYOD – or Bring Your Own Device – is what happens when your employees, clients or guests use their own personal smart phones and tablets to access your Cloud Practice and Accounting Software. They bring their own mobile apps… security risks… privacy demands…with the intent to connect to your cloud enterprise. And they expect you to make it work, this includes managing any increased Cloud and BYOD risks for them.

Because it’s their own the device, uniformity goes out the window. You’re not handing them preconfigured devices to connect to secure enterprise networks, with work applications preloaded,
and all administrative privileges pre-vetted by your IT staff. And you can expect that these devices take the path of least resistance to connect; whether that’s your secure network using existing credentials or the guest network. BYOD means that hundreds or thousands – or tens of
thousands – of essentially rogue devices are interacting with your and your client organisation’s confidential data…and it means that you need to come up with a plan that protects this privacy and your confidential data and is transparent.

Who’s getting the most of it?
There isn’t an industry – or a corner of the globe – that isn’t putting the mobile revolution to work for them.
Here are a few examples of what they’re doing to accommodate BYOD.

Enterprise
Everyone wants to stay connected to the office now. So enterprises are leveraging authentication methods and policies they currently use for IT-managed laptops, and extending them to personal devices.
Education
Higher education practically invented BYOD. Colleges and universities have had to support student-owned devices for many years and have done an excellent job leveraging BYOD to transform the teaching and learning environment. Now, these same institutions are extending BYOD to faculty and staff.
Retail
Retail spaces are completely transforming as a result of mobile devices. While most of these devices used by staff are issued by IT - such as iPads for mobile point-of-sale (POS) - there is a growing trend to also allow BYOD in stores for certain employees. But the big story for BYOD in retail is for shoppers. Armed with smartphones, shoppers are price checking and reading product reviews while in the store – a Google/Think Mobile survey found that 77% of all smartphone users browse while
shopping. Wi-Fi networks can gather information about shoppers; improving the customer experience with real-time product information and special promotions to establish long-term social media connections.
Accounting
The modern Accounting Practice is moving from using commodity third party accounting software ( MYOB, Xero) to their very "own" mobile APP's.
These APPs are targeted to their specific clients, and exploit the over 3 million Android APPS today.
The practice is part of the ecosystem with their clients, delivering professional services around the clock. The modern Cloud Practice now has a "differentiator" in the market, which now includes sticky clients.
The next "big thing" in this space is the upcoming suite of personalised SMSF APPS, keep a look out in 2015, within this space..

What about the numbers?
"Worldwide combined shipments of devices (PCs, tablets, ultra mobiles and mobile phones) are projected to reach 2.5 billion units in 2014, a 7.6 percent increase from 2013"
"Mobile phones are expected to dominate overall device shipments, with 1.9 billion mobile phones shipped in 2014, a five percent increase from 2013",
according to Gartner, Inc.
What exactly DO you lose if you don’t move to BYOD?
To put it bluntly... your ability to manage risk.
As users increasingly combine work and personal applications on their devices, your management challenges grow more complex – and the chance that confidential data are leaked rises exponentially.
Devices are replaced, and lost or stolen, without IT being informed. Documents are not encrypted, but then stored in personal cloud applications. Jailbroken devices are infected and then connect to the network, which can have a detrimental effect on other users’ data.
Given that application and data security is the top IT concern regarding BYOD, an emerging approach is to combine device and application management within the network access-management solution.
In other words, an integrated approach.

What is the main security issues with most Cloud Solutions today, and BYOD.
With the move from Corporate to Cloud computing, most of the security infrastructure has been thrown away..
Policies which were developed over many years of operational experience has been lost as new entrants driven solely by cost enter the Cloud market.. Many of these companies did not exist 5 years ago..
Simple test, ask yourself the last time your Cloud anything asked you to change your password!
That's right even basic password policies are missing from these services, what else?
Some simple Questions to ask your "Cloud Software Supplier":
  1. Is my data stored within Australia (APP8)?
  2. Is there a mandatory password change policy in force?
  3. Can I optionally use a Multi-Factor-Authentication to protect my access?
  4. Is my data encrypted at rest?
  5. Are any encryption keys securely stored inside a Hardware Security Module (HSM)?
  6. Is there a disaster recovery plan in place for my practice data?
  7. Can any BYOD APP store user passwords?
  8. Can I enforce a One Time Password (OTP) to protect all BYOD access?
  9. Can "I" revoke an individual device access to any of my services, from within my Practice Console 24*7?
If a Practice is using in/out sourcing, we recommend that Multi-factor-authentication is part of the mandatory remote access policy for all services. Simple password remote access control is a significant risk for any practice and client data. As all major mature Cloud service providers such as Google, Amazon, VillageMall etc today offer MFA support, this should not be an issue, and hence is not in the list above, but you need to check just in case..

If you don't receive a satisfactory answer to all of theses questions, then you need to consider the associated risks Before using the service..
BYOD offers a bright future for Cloud Accounting Practices, as part of the next wave delivering unique Professional Accounting services "directly" to their Clients 24*7*365.

But all opportunities have associated Risks, ensure your Practice understands the risks for your Practice and your clients data..

Ask the Questions, until you are satisfied you understand the Risks for your Practice..


Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.