Your SlideShare is downloading. ×
0
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Embracing the IT Consumerization Imperitive

128

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
128
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • IT Consumerization is a major buzz-phrase
  • 1. Check out my about.me, with links to twitter feed and Security and Coffee blog. 2. More about me… including the most important thing…
  • Mobile/portable devices are not new. Then an event occurred that changed the game… IBM “Portable” 5155, $4225, 30 lbs, 4.77MHz 8088; Apple Newton; AppleBook; original ThinkPad; 1 st gen android; Palm III; early Blackberry
  • 1 st iPad, 4/3/2010. 300K iPads sold, 1M apps, 250K ebooks downloaded on the first day. Features, form factor, intuitive use made it the people’s choice.
  • 1. mid-2011 tipping point 2. By early 2012, 50% of US mobile users use a smartphone
  • 2012 survey of IT leaders – Mobile is #1 tech impact But Cloud is 2, CoIT 3 and Social 4 – all connected
  • The devices are hot and driving the space, but it’s really about the ability to have mobility – to bring the product or service to the consumer/customer. Not just “flavor of the week”.
  • Just say no is not a viable IT or Security strategy or response. We must partner with the business/user to provide what is needed. Just say no is an…
  • If your organization is saying “just say no” to consumer devices and apps, then they are already in your environment Take opportunity to partner, lead and add value.
  • 2.5 years ago Story of call from lawyer about iPads in a meeting This lead to…
  • Quickly moved to last stage – evangelism Now security is dragging other groups kicking and screaming into the present. Security is leading and adding value.
  • Exposure is device in hand – eavesdropping, MitM Leakage is device is gone. We have all this already. Datalossdb.org and Accidental Insider. 10% of 2 nd -hand drives bought had company/private data. StarTrib malware.
  • 1. Similarly, we have had software issues – local admin, devs, etc. can’t enumerate badness. If the service is free, we are the product not the customer.
  • Be sure to include legal Information Discovery, Litigation Hold are big issues.
  • Now for solutions – 4 general categories for devices Containerization includes Enterprise App Store
  • Extensible policy; Citrix (no remnants); looking at containerization; guest wireless/wired; not yet considering $ (reimbursement/stipend) Gartner says at least 3-5 years for financial payoff.
  • Policy already mentioned Working on process to more seamlessly allow consumer apps Know your data classifications PIE great for online storage, file sharing.
  • Partner; Lead; Add value Good user experience is key
  • Users are changing; expectations are changing; keep “eyes on the prize”; partner, solve problems, and add value
  • Transcript

    • 1. Embracing the IT Consumerization Imperative Barry Caplin CISO MN Dept. of Human Servicesbarry.caplin@state.mn.usbc@bjb.org, @bcaplin, +barry caplin
    • 2. http://about.me/barrycaplin
    • 3. More About Me• Native New Yorker!• 30 years in IT/ 20 years in InfoSec
    • 4. Apr. 3, 2010300K ipads1M apps250K ebooks… day 1!
    • 5. 2011 – tablet/smartphone sales exceeded PCs
    • 6. The real reason we need tablets
    • 7. Why are we talking about this?But really, allconnected!
    • 8. Business Driver?
    • 9. What about…
    • 10. Ineffective Controls
    • 11. 1 Day
    • 12. 5 Stages of Tablet Grief• Surprise• Fear• Concern• Understanding• Evangelism
    • 13. Security ChallengesDevices:•Exposure of data•Leakage of data – sold, donated, tossed,repaired drives•Malware But don’t we have all this now???
    • 14. Consumer App Security• “non-standard” software a challenge• Vetting, updates/patches, malware• No real 3rd party agreements• Privacy policies, data ownership• SOPA/PIPA/CISPA
    • 15. Legal (IANAL)• Privacy – exposing company data• Litigation hold – on 3rd party services• Separation – what’s on Dropbox?• Copyright, trademark, IP?• How do you?: – Get data from a 3rd party service?
    • 16. BYOD Security Solutions• Sync – Network or OTA• VDI – Citrix or similar• Containerization – Sandbox, MAM• Direct Connection – Don’t!
    • 17. DHS view - POE• Policy • Guest wireless• Supervisor • FAQs for approval users/sups• Citrix only • Metrics• No Govt records • $ - not yet on POE (unencrypted)• 3G/4G or wired
    • 18. Software Security Solutions• Policy – Examine existing – augment• Process – Vetting, updates, malware• 3rd party agreements – where possible• Data classification/labeling• PIE – pre-Internet encryption
    • 19. CoIT Nirvana• Any, Any, Any – work, device, where• Be nimble• Data stays “home”++• Situational awareness
    • 20. Key Points• Business Need – Partner internally• BYOD, Consumer apps, or both?• Policy, Technical, Financial aspects• Watch the data• Make easy for users• Education/Awareness

    ×