Defense-In-Depth (Case Study)



Our current effort at implementing defense in depth needs to be overhauled and one of the areas of major concern is a mobile device. We recently paid out a total of $60 million in settlements as a result of stolen sensitive private information from our customer data centers located in two of our major markets, Mexico and the Philippines.

As a result of the negative press, our customer satisfaction has dropped to an all time low of 20%. According to our estimates, we can easily achieve a 90% reduction in incidences by initiating a small number of low cost countermeasures.


It is reported that 95% of our customer service centers have developed a culture of not adhering to corporate BYOD policies and as a result over 300,000 customer data records containing, home addresses, phone numbers, and credit card information, were illegally collected by means of mobile phone cameras. To address this problem, we propose the following:

  1. Overhaul our social engineering awareness programs to meet today’s new and emerging threats head on.
  2. Contract with third-party security vendors to perform regularly unscheduled and un-announced security penetration research tests.
  3. Update and overhaul our existing BYOD policies and enforcement.

Through continuing policy updates and enforcement, we estimate a drop in exfiltration of data collection of un-authorized data to drop below 5% by end of fiscal.


Implementing an overhaul of this size and scope will require all of our customer services centers, located worldwide, to undergo retraining, which in the short term will impact customer resolution timeframes by an average of 20% each. However, we plan to reduce that probability 50% through the formation of highly customized training programs specific to each country we do business in. To minimize customer impact, we plan to broadly stagger rollouts to over 112 countries over the next 24 months.


To complete this project within the 24 month allotted timeframe, we require immediate approval of a $2 million reallocation of corporate retraining funds for the IT budget next quarter. Although, the option to remove all mobile devices from our customer service centers may seem a viable option, below are three arguments to the contrary:

  • Workers are more productive using their own hardware; U.S. workers save an average of 81 minutes per week by using their own devices.
  • 49 percent of users say they are more productive using their own devices.
  • For mobile users, basic BYOD delivers an average annual value of $350 for companies. With a comprehensive, reactive BYOD program, which gain jumps to $1,300 per mobile user per year.

Works Cited

Daimon Geopfert, R. H. (2015, 4). Executive summary: Cybersecurity and data breach preparedness . Retrieved 9 2016, from

Ingram Macro Advisor. (2016). 23 BYOD Statistics You Should Be Familiar With. Retrieved 9 2016, from ingrammicroadvisor:

Skidmore, S. (2015, 2). YOU NEED A BYOD POLICY! A FRAMEWORK TO GET STARTED. Retrieved 9 2016, from

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s