Your SlideShare is downloading. ×
0
WELCOME TO SECURE360 2013 Don’t forget to pick up your Certificate ofAttendance at the end of each day. Please complete ...
WELCOME TO SECURE360 2013 Come see my talks on Wed! The Accidental Insider – Wed. 1:15P 3 Factors of Fail! – Wed. 2:35P
http://about.me/barrycaplinsecurityandcoffee.blogspot.com
Housekeeping We’re here all morning!  There will be breaks (but make your own if you need one) Questions – ask ‘em if ...
AgendaAdmire the problemSolve the problem(kind of)
Please ShareThis is not a “solved problem”(I don’t know what is!)We all learn from each others’experiences
Agenda 1Admire the problemFraming the IssueSolve the problem (kind of)
 Etrade baby video
 Baby trying to scroll magazine like ipad video
Why are we here?1. Have a program2. Considering a program3. Just discovered iPads in the office4. Wanted out of the office...
What is IT Consumerization? More than just devices. 2 Parts: Consumer devices Consumer software tools Using these in ...
Why are we talking about this?But really, allconnected!
History – 1980’s Early home PCs Could augment work withhome learning/practice First MacMac$2500Commodore 64$600
History – 1980’s “luggables”IBM “Portable” 5155$422530 lbs4.77MHz 8088
History – 1990’sHome machinesget smallerLaptopsPDAs
History – 2000’sLaptops get lighterPDAs go mainstream(then disappear!)BlackberryiPhone/Android
History – Now
Apr. 3, 2010300K ipads1M apps250K ebooks… day 1!
Apple ‘12
2011 – tablet/smartphonesales exceededPCs
The real reason we need tablets
Dont Touch!Pharmaceuticalcoating
• 17% have > 1 in their household• 37% - their partner uses it• 14% bought cause their kid has one• 19% considering purcha...
Business Driver?
What about…
IneffectiveControls
 Forrester 2011 study – 37% using consumertech without permission IDC survey 2010 30% BYOPC / 2011 40% 2010 69% compan...
Self Sufficient? PwC white paper:“companies that have allowed Macintoshcomputers… into their workplaces… findthose users ...
Empowered EmployeesForrester report, “HowConsumerization Drives Innovation,”“a business’s best friend” Empowerment Driv...
Empowered EmployeesSelf-taught experts know: how to use smartphones, tablets, Webapps like Google Docs and Dropbox what...
BenefitsForrester lists four1. Communications – internal use speedscommunication2. Social – use of tools to be in touch wi...
Our Story Begins...
PEDsComputersDevice Convergence
Example• The “PED” policy• Personal Electronic Device• Acceptable use• Connections• Data storage
1 Day
5 Stages of Tablet Grief• Surprise• Fear• Concern• Understanding• Evangelism
ConsiderationsScaled-downdevice vmulti-purposecomputerWant v NeedReducedattacksurface veggs in onebasketNeed formobility v...
What needs to change for “local”remote access?
BYO
BYOBYOC or BYOD
Agenda 2Admire the problemFraming the IssueSecurity ConcernsSolve the problem (kind of)
Security Concerns
ConsiderationsPhysical*Access control*LogicalData*CommunicationsValidation (config control)Haven’t been around that...
Data Leakage
Unauthorized Access
“Authorized” Access
Risk v Hype
LegalIANALPrivacy – mixing staff/company dataDiscovery – on POESeparation – what going out the door?
LegalCollection – when staff leaveHow do you?: Get data from a personal device? Keep personal data off company networks?
Phones and textingPhone?Exposing personal phone numberVoicemailText history and storageSiri, Google Now, etc.
Consumer SoftwareWe have enough problems withcommercial and internally developedsoftware!Privacy policiesLeakageDiscov...
Consumer SoftwareOwnershipData Disposition – if they go underCompetitive IntelligenceTrade SecretsMixing personal and...
The Business Side
The Business SideIt is critical that weThink asAre seen asA strategic partner with the businessThis doesn’t happen enough
A Doctor Lawyer Salesperson Systems AdministratorWalk into a bar…
Use CasesWhat do you need?What do you want?
Security ResponseConsider the business requestWhat works?What doesn’t?What compromise can be made?
Agenda 3Admire the problemFraming the IssueSecurity ConcernsSolve the problem (kind of)BYOD
What is IT Consumerization? More than just devices. 2 Parts: Consumer devices Consumer software tools Using these in ...
Three Main IssuesTechnologyPolicyFinancial
How can we do BYOD?
CapacityNot necessarily a security issueWith greater use:Access Points (issue with anyportables)Upstream bandwidth3G/...
BenefitsCostsProductivityInnovationSpeed to MarketOften better home device – morefrequent upgrade
BenefitsDeputized IT rather than Shadow ITUsers help each otherAlways-On =? Always-Available(hourly issues)This takes ...
2 Key Financial DecisionsProvisioningPurchasePlanUsageWho Pays
More DecisionsUsageTermsSoftwareWipe (remote detonation)Lock (aut0-detonation?)EncryptionMonitoringManagement
2012 Trend Micro studyPros and cons that emerged from the analysis: 12%+ productivity 15%- device replacement costs 8%-...
Classic Security BalanceControlUsability
Security ChallengesExposure of dataLeakage of data – sold, donated, tossed,repaired drivesMalwareBut don’t we have all ...
Can’t be both…Trend Micro survey91% of employees would not grantemployer control over personal device80% of enterprises...
Impasse?Resolution is in approachStrategicCross-organizationBusiness and IT togetherHR, Security, Privacy, Legal, Audit
Impasse?Define approachCreate clear policy/proceduresIT toolsSelf-help documentation
MDM~60 vendor tools… and more comingBasic types: Pure MDM Containerization/MAM Hybrid VDI (not really MDM but can be...
MDMSelection criteria: Device diversity Policy enforcement Security/compliance Containerization Inventorymanagement...
Method 1 - Sync• Direct, Net Connect or OTAIssues:• Need Controls – a/v, app installcontrol, filtering, encryption, remote...
Method 2 – VDI• Citrix or similarPros:• Leakage – no remnants; disable screenscrape, local save, print• Reduced support ne...
Method 3 – Containerization• Encrypted sandbox• Separate work and home• Many productsPros:• Better user experience• Centra...
Method 4 – Direct Connection• Directly connect devices tonetwork• Or PC via usb• Don’t do this! - Included forcompleteness...
Apps“non-standard” software a challengeUpdates, patchesMalware detection – can’t enumeratebadnessBusiness – how to tra...
Case StudyKraft Deployed iPhones 2008 – by 2009 to halfof mobile users Wanted to instill innovation “opens employees’ ...
Cost Example Hypothetical 1000 blackberrys Unlimited data + calling = ~$50 -$70/user/month ($60K/m) BES – ~$35K Hardw...
Cost Example Hypothetical 1000 BYODs Stipend = $25/user/month ($25K/m) MDM – ~$50K/y Hardware – $20K/3y Helpdesk – n...
Other HR benefitsEmployee satisfactionRecruiting young workers“Hip” factor
Phones and textingPhone?Exposing personal phone numberVoicemailText history and storage
DHS view - POE• Policy• Supervisorapproval• Citrix only• No Govt recordson POE(unencrypted)• 3G or wired• Guest wireless• ...
DHS view – State-owned• Policy• Supervisorapproval• MDM• 3G or wired• Apple-only• Core wireless• 802.1x• FAQs forusers/sup...
Other Issues• Notes or manually entered data• Enterprise email/OWA• Discovery• Voicemail/video
The Future• More tablets/phones/small devices• More “slim” OSs – chrome, android,ios, etc• Cost savings/stipend?• Cloud• U...
MDM Capabilities to Consider• Device encryption• Transport encryption• Complex PWs/policy• VPN support• Disable camera• Re...
Agenda 4Admire the problemFraming the IssueSecurity ConcernsSolve the problem (kind of)BYODSoftware
What is IT Consumerization? More than just devices. 2 Parts: Consumer devices Consumer software tools Using these in ...
Use of Consumer ToolsSkype – key for communications insome countriesFacebook/Twitter for interacting withcustomersTwelp...
Twelpforce video
Examples Google docs or Dropbox for public info(make sure the data is public) Youtube, Vimeo for training videos (avoids...
Customer ExpectationsAccess to you is:Mobile capableAvailable online and on socialThrough no wrong door
Twitter and FacebookThe places to beWhat are peoplesaying about yourcompany?
Great Ideas Ford – gave Fiestas to 100 social mediainfluencers, sent on “missions”, documentedon channels. Rcvd 50K inqui...
SocialIs there a strategy?Or doing it to be hip? (and without aclue?)
SocialConnecting with customersInternal collaborationInternal connections –communities of interestInnovationDoesn’t h...
Phishing
Phishing on Social NetworksScams seem real when they come froma “friend”Malicious links/appsSpread quickly when posted ...
Installs appGrabs infoPosts on your wallClick-fraud
Expectations
What Should We Do?
ProactivePolicyManagement SupportSupport/Helpdesk Implications
PolicyExamine existing – augmentNew, but only if needed(shouldn’t use of social be part ofyour AUP? Who needs a socialme...
Software/Apps“non-standard” software is a challengeUpdates, patchesMalware detection – can’t enumeratebadnessBusiness ...
Non-Standard Software - YMMVInventoryWatchchangesX-ref v.CVE/malwareWatchrightsAuto-patchHandleexceptions
CloudAsk:Whose data is it?Where is it going?3rd party agreements?Know your data (classification)PIE – pre-Internet e...
BYOPlan
SummaryWhat are people doing?Establish business needBYOD, Consumer apps, or both?Cross-domain planning (security,IT, l...
SummaryPolicy, Technical, FinancialaspectsWatch the dataMake easy for usersEducation/AwarenessReap the benefits!
Discussion…Slides at http://slideshare.net/bcaplinbarry.caplin@state.mn.usbc@bjb.org, @bcaplin, +barry caplinhttp://securi...
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
Upcoming SlideShare
Loading in...5
×

IT Consumerization – iPad’ing the Enterprise or BYO Malware?

519

Published on

Companies are increasingly encouraging employees to purchase their own devices such as smartphones, tablets and laptops to use at work according to a recent survey by CIO magazine. The acronyms BYOC and BYOD (like Bring Your Own Beer - Bring Your Own Computer/Device) have become mainstream technology terms. But what does BYOD mean for the enterprise? Can we mix personally owned devices and enterprise workstations/cellphones in our environment? How do we control configuration and data on personal devices? What about malware and other security concerns? What about improper disclosure of private data and intellectual property? And how will staff get work done when they are busy playing Angry Birds?
Is BYOD the flavor of the week or is the future of end-user hardware? Regardless of how security leaders may feel about the concept, we need to be prepared. We must understand what is driving BYOD, how it may, or may not, fit our environments, and have policy and tools ready.
In this interactive session we will discuss: What is IT Consumerization/BYOD? What are the benefits and concerns? Is there a cost savings? What are the Security concerns - BYOMalware? How do we protect data? And how can I start BYOD in my organization?
And yes, you can Bring Your Own Devices to this session!
Secure360 05-13-2013.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
519
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Check out my about.me, with links to twitter feed and Security and Coffee blog.
  • I used one of these for remote access at my first job!
  • First IBM thinkpad; Apple PowerBook; Apple Newton; Palm Pilot
  • Spring Break 2011 in Chicago. There was a line each morning across from our hotel.We saw similar lines 2012 in NYC.
  • Mall of America – Apple and Msoft stores are situated opposite each other. The Apple store is always packed, Msoft always empty.
  • This is important because of potential for 2-factor auth adoption
  • Tablets pulling ahead of phones, but PC’s still rule… for now
  • The devices are hot and driving the space, but it’s really about the ability to have mobility – to bring the product or service to the consumer/customer.Not just “flavor of the week”.
  • Just say no is not a viable IT or Security strategy or response.We must partner with the business/user to provide what is needed.Just say no is an…
  • If your organization is saying “just say no” to consumer devices and apps, then they are already in your environmentTake opportunity to partner, lead and add value.
  • There is even a BYOD strategy out of the White House for federal agencies
  • Another example of risk v hype in the system/server world. This is from the 2012 Verizon DBIR and shows that most attacks are simple and can be avoided using basic methods
  • Lumension 2013 BYOD and Mobile Security report
  • Split into 4 groups, 1 group for each of Dr., lawyer, salesperson, sys admin. Be that business consumer and consider the use cases. Describe your business need/want. Create requirements + wish list. Describe your desired user experience. Choose a spokesperson. Share.
  • Now we will trade among groups. Given the use cases… now you are the CISO… respond to meet the business case AND protect the organization!
  • Datalossdb.org and Accidental Insider. 10% of 2nd-hand drives bought had company/private data. StarTrib malware.
  • Transcript of "IT Consumerization – iPad’ing the Enterprise or BYO Malware?"

    1. 1. WELCOME TO SECURE360 2013 Don’t forget to pick up your Certificate ofAttendance at the end of each day. Please complete the Session Survey frontand back, and leave it on your seat. Are you tweeting? #Sec360
    2. 2. WELCOME TO SECURE360 2013 Come see my talks on Wed! The Accidental Insider – Wed. 1:15P 3 Factors of Fail! – Wed. 2:35P
    3. 3. http://about.me/barrycaplinsecurityandcoffee.blogspot.com
    4. 4. Housekeeping We’re here all morning!  There will be breaks (but make your own if you need one) Questions – ask ‘em if you got ‘em IT Consumer devices – on of course! (butvibrate or silent would be polite)
    5. 5. AgendaAdmire the problemSolve the problem(kind of)
    6. 6. Please ShareThis is not a “solved problem”(I don’t know what is!)We all learn from each others’experiences
    7. 7. Agenda 1Admire the problemFraming the IssueSolve the problem (kind of)
    8. 8.  Etrade baby video
    9. 9.  Baby trying to scroll magazine like ipad video
    10. 10. Why are we here?1. Have a program2. Considering a program3. Just discovered iPads in the office4. Wanted out of the office for themorning
    11. 11. What is IT Consumerization? More than just devices. 2 Parts: Consumer devices Consumer software tools Using these in the workplace in addition to,or instead of, company provided
    12. 12. Why are we talking about this?But really, allconnected!
    13. 13. History – 1980’s Early home PCs Could augment work withhome learning/practice First MacMac$2500Commodore 64$600
    14. 14. History – 1980’s “luggables”IBM “Portable” 5155$422530 lbs4.77MHz 8088
    15. 15. History – 1990’sHome machinesget smallerLaptopsPDAs
    16. 16. History – 2000’sLaptops get lighterPDAs go mainstream(then disappear!)BlackberryiPhone/Android
    17. 17. History – Now
    18. 18. Apr. 3, 2010300K ipads1M apps250K ebooks… day 1!
    19. 19. Apple ‘12
    20. 20. 2011 – tablet/smartphonesales exceededPCs
    21. 21. The real reason we need tablets
    22. 22. Dont Touch!Pharmaceuticalcoating
    23. 23. • 17% have > 1 in their household• 37% - their partner uses it• 14% bought cause their kid has one• 19% considering purchasing anotherhttp://today.yougov.co.uk/sites/today.yougov.co.uk/files/Tablet_ownership_in_households.pdfOf iPad owners...
    24. 24. Business Driver?
    25. 25. What about…
    26. 26. IneffectiveControls
    27. 27.  Forrester 2011 study – 37% using consumertech without permission IDC survey 2010 30% BYOPC / 2011 40% 2010 69% company device / 2011 59% Use of social doubled Most important tool – 49% laptop, 9%tablet, 6% smartphone
    28. 28. Self Sufficient? PwC white paper:“companies that have allowed Macintoshcomputers… into their workplaces… findthose users support themselves and eachother. The same is true of iOS and Androidmobile users, users of software as a service[SaaS] and other cloud services, and socialnetworking users.”
    29. 29. Empowered EmployeesForrester report, “HowConsumerization Drives Innovation,”“a business’s best friend” Empowerment Drives Innovation Empowered employees improve processesand productivity
    30. 30. Empowered EmployeesSelf-taught experts know: how to use smartphones, tablets, Webapps like Google Docs and Dropbox what they’re good for how they can help the business willing to do just that
    31. 31. BenefitsForrester lists four1. Communications – internal use speedscommunication2. Social – use of tools to be in touch withcustomers and shape message/attitude3. HR – allow personal devices and you attractyoung workers4. Productivity – much consumer tech is self-supported
    32. 32. Our Story Begins...
    33. 33. PEDsComputersDevice Convergence
    34. 34. Example• The “PED” policy• Personal Electronic Device• Acceptable use• Connections• Data storage
    35. 35. 1 Day
    36. 36. 5 Stages of Tablet Grief• Surprise• Fear• Concern• Understanding• Evangelism
    37. 37. ConsiderationsScaled-downdevice vmulti-purposecomputerWant v NeedReducedattacksurface veggs in onebasketNeed formobility vmobileissuesDoes remoteaccess apply?
    38. 38. What needs to change for “local”remote access?
    39. 39. BYO
    40. 40. BYOBYOC or BYOD
    41. 41. Agenda 2Admire the problemFraming the IssueSecurity ConcernsSolve the problem (kind of)
    42. 42. Security Concerns
    43. 43. ConsiderationsPhysical*Access control*LogicalData*CommunicationsValidation (config control)Haven’t been around that longUsers are the administrators
    44. 44. Data Leakage
    45. 45. Unauthorized Access
    46. 46. “Authorized” Access
    47. 47. Risk v Hype
    48. 48. LegalIANALPrivacy – mixing staff/company dataDiscovery – on POESeparation – what going out the door?
    49. 49. LegalCollection – when staff leaveHow do you?: Get data from a personal device? Keep personal data off company networks?
    50. 50. Phones and textingPhone?Exposing personal phone numberVoicemailText history and storageSiri, Google Now, etc.
    51. 51. Consumer SoftwareWe have enough problems withcommercial and internally developedsoftware!Privacy policiesLeakageDiscovery
    52. 52. Consumer SoftwareOwnershipData Disposition – if they go underCompetitive IntelligenceTrade SecretsMixing personal and professional(twitter)
    53. 53. The Business Side
    54. 54. The Business SideIt is critical that weThink asAre seen asA strategic partner with the businessThis doesn’t happen enough
    55. 55. A Doctor Lawyer Salesperson Systems AdministratorWalk into a bar…
    56. 56. Use CasesWhat do you need?What do you want?
    57. 57. Security ResponseConsider the business requestWhat works?What doesn’t?What compromise can be made?
    58. 58. Agenda 3Admire the problemFraming the IssueSecurity ConcernsSolve the problem (kind of)BYOD
    59. 59. What is IT Consumerization? More than just devices. 2 Parts: Consumer devices Consumer software tools Using these in the workplace in addition to,or instead of, company provided
    60. 60. Three Main IssuesTechnologyPolicyFinancial
    61. 61. How can we do BYOD?
    62. 62. CapacityNot necessarily a security issueWith greater use:Access Points (issue with anyportables)Upstream bandwidth3G/4G repeaters
    63. 63. BenefitsCostsProductivityInnovationSpeed to MarketOften better home device – morefrequent upgrade
    64. 64. BenefitsDeputized IT rather than Shadow ITUsers help each otherAlways-On =? Always-Available(hourly issues)This takes time
    65. 65. 2 Key Financial DecisionsProvisioningPurchasePlanUsageWho Pays
    66. 66. More DecisionsUsageTermsSoftwareWipe (remote detonation)Lock (aut0-detonation?)EncryptionMonitoringManagement
    67. 67. 2012 Trend Micro studyPros and cons that emerged from the analysis: 12%+ productivity 15%- device replacement costs 8%- reimbursement for employee data expense 5%- training/education costs 3%+ bottom line revenues 8%+ help desk calls 7%+ MDM costs 3%+ corporate liable data costs 3%+ server costs 2%+ regulatory compliance expenses
    68. 68. Classic Security BalanceControlUsability
    69. 69. Security ChallengesExposure of dataLeakage of data – sold, donated, tossed,repaired drivesMalwareBut don’t we have all this now???
    70. 70. Can’t be both…Trend Micro survey91% of employees would not grantemployer control over personal device80% of enterprises stated they wouldhave to install managementmechanisms on mobile devices.
    71. 71. Impasse?Resolution is in approachStrategicCross-organizationBusiness and IT togetherHR, Security, Privacy, Legal, Audit
    72. 72. Impasse?Define approachCreate clear policy/proceduresIT toolsSelf-help documentation
    73. 73. MDM~60 vendor tools… and more comingBasic types: Pure MDM Containerization/MAM Hybrid VDI (not really MDM but can be used)
    74. 74. MDMSelection criteria: Device diversity Policy enforcement Security/compliance Containerization Inventorymanagement Softwaredistribution Administration Reporting; more?
    75. 75. Method 1 - Sync• Direct, Net Connect or OTAIssues:• Need Controls – a/v, app installcontrol, filtering, encryption, remotedetonation• Authentication – 2-factor?• Leakage!• Support
    76. 76. Method 2 – VDI• Citrix or similarPros:• Leakage – no remnants; disable screenscrape, local save, print• Reduced support needed• Web filtering coveredIssues:• Unauthorized access still an issue; Userexperience; Support
    77. 77. Method 3 – Containerization• Encrypted sandbox• Separate work and home• Many productsPros:• Better user experience• Central management/policy• Many products – local/cloud• Leakage – config separation, encryptionIssues: access ; support; cloud issues
    78. 78. Method 4 – Direct Connection• Directly connect devices tonetwork• Or PC via usb• Don’t do this! - Included forcompletenessPros:• EasyIssues: no controls; no management;no enforcement; leakage; remants; etc.
    79. 79. Apps“non-standard” software a challengeUpdates, patchesMalware detection – can’t enumeratebadnessBusiness – how to transfer knowledge ifeveryone uses different tools?
    80. 80. Case StudyKraft Deployed iPhones 2008 – by 2009 to halfof mobile users Wanted to instill innovation “opens employees’ minds to what ispossible” Internal success led to successfulconsumer apps – recipes, cooking videos,shopping lists, store locator
    81. 81. Cost Example Hypothetical 1000 blackberrys Unlimited data + calling = ~$50 -$70/user/month ($60K/m) BES – ~$35K Hardware – $20K/3y Helpdesk – 1 FTE $50K/y Server Ops – 1 FTE $100K/y Total = >$900K/y
    82. 82. Cost Example Hypothetical 1000 BYODs Stipend = $25/user/month ($25K/m) MDM – ~$50K/y Hardware – $20K/3y Helpdesk – none! Server Ops – 1 FTE $100K/y Total = ~$450K/y
    83. 83. Other HR benefitsEmployee satisfactionRecruiting young workers“Hip” factor
    84. 84. Phones and textingPhone?Exposing personal phone numberVoicemailText history and storage
    85. 85. DHS view - POE• Policy• Supervisorapproval• Citrix only• No Govt recordson POE(unencrypted)• 3G or wired• Guest wireless• FAQs forusers/sups• Metrics
    86. 86. DHS view – State-owned• Policy• Supervisorapproval• MDM• 3G or wired• Apple-only• Core wireless• 802.1x• FAQs forusers/sups• Metrics
    87. 87. Other Issues• Notes or manually entered data• Enterprise email/OWA• Discovery• Voicemail/video
    88. 88. The Future• More tablets/phones/small devices• More “slim” OSs – chrome, android,ios, etc• Cost savings/stipend?• Cloud• User Experience –Divide, Good,Fixmo, VMware Horizon, Citrix XEN• BES Fusion, Microsoft ???
    89. 89. MDM Capabilities to Consider• Device encryption• Transport encryption• Complex PWs/policy• VPN support• Disable camera• Restrict/block apps• Anti-malware InfoWorld Feb 2013 MDM Deep Dive• Restrict/blocknetworks• Remote lockout• Remote/selectedwipe• Policy enforcement• OTA management• 2-factor/OTP
    90. 90. Agenda 4Admire the problemFraming the IssueSecurity ConcernsSolve the problem (kind of)BYODSoftware
    91. 91. What is IT Consumerization? More than just devices. 2 Parts: Consumer devices Consumer software tools Using these in the workplace in addition to,or instead of, company provided
    92. 92. Use of Consumer ToolsSkype – key for communications insome countriesFacebook/Twitter for interacting withcustomersTwelpforce
    93. 93. Twelpforce video
    94. 94. Examples Google docs or Dropbox for public info(make sure the data is public) Youtube, Vimeo for training videos (avoidsocial engineering blueprints) Facebook fan page Twitter, LinkedIn, G+ for press releases,outreach, customer support (just rememberwho you are!)
    95. 95. Customer ExpectationsAccess to you is:Mobile capableAvailable online and on socialThrough no wrong door
    96. 96. Twitter and FacebookThe places to beWhat are peoplesaying about yourcompany?
    97. 97. Great Ideas Ford – gave Fiestas to 100 social mediainfluencers, sent on “missions”, documentedon channels. Rcvd 50K inquires and sold 10Kcars in 6 days. Pepsi – used social network outreach forideas for new Dew flavors Levi Strauss – early use of location-specificdeals.
    98. 98. SocialIs there a strategy?Or doing it to be hip? (and without aclue?)
    99. 99. SocialConnecting with customersInternal collaborationInternal connections –communities of interestInnovationDoesn’t happen in a vacuum
    100. 100. Phishing
    101. 101. Phishing on Social NetworksScams seem real when they come froma “friend”Malicious links/appsSpread quickly when posted or “liked”“Just say no” to apps
    102. 102. Installs appGrabs infoPosts on your wallClick-fraud
    103. 103. Expectations
    104. 104. What Should We Do?
    105. 105. ProactivePolicyManagement SupportSupport/Helpdesk Implications
    106. 106. PolicyExamine existing – augmentNew, but only if needed(shouldn’t use of social be part ofyour AUP? Who needs a socialmedia policy?)
    107. 107. Software/Apps“non-standard” software is a challengeUpdates, patchesMalware detection – can’t enumeratebadnessBusiness – how to transfer knowledge ifeveryone uses different tools?
    108. 108. Non-Standard Software - YMMVInventoryWatchchangesX-ref v.CVE/malwareWatchrightsAuto-patchHandleexceptions
    109. 109. CloudAsk:Whose data is it?Where is it going?3rd party agreements?Know your data (classification)PIE – pre-Internet encryption
    110. 110. BYOPlan
    111. 111. SummaryWhat are people doing?Establish business needBYOD, Consumer apps, or both?Cross-domain planning (security,IT, legal, audit, privacy, HR,business)Document requirements
    112. 112. SummaryPolicy, Technical, FinancialaspectsWatch the dataMake easy for usersEducation/AwarenessReap the benefits!
    113. 113. Discussion…Slides at http://slideshare.net/bcaplinbarry.caplin@state.mn.usbc@bjb.org, @bcaplin, +barry caplinhttp://securityandcoffee.blogspot.com/
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×