• Save
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Private Sector
Upcoming SlideShare
Loading in...5
×
 

RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Private Sector

on

  • 2,225 views

RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Private Sector, by John Bordwine

RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Private Sector, by John Bordwine

Statistics

Views

Total Views
2,225
Views on SlideShare
2,104
Embed Views
121

Actions

Likes
5
Downloads
0
Comments
0

6 Embeds 121

https://twitter.com 104
http://eventifier.co 13
http://media.rsaconference.com 1
http://www.eventifier.co 1
http://www.eventifier.com 1
http://eventifier.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Private Sector RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Private Sector Presentation Transcript

  • MOBILE SECURITY SMACKDOWN:HOW GOVERNMENT “PWNED” THE PRIVATE SECTOR John Bordwine Symantec, Inc. Session ID: MBS-T18B Session Classification: Intermediate
  • “PWNED”► To be owned or dominated by an opponent or situation Presenter Logo
  • Quick Facts on Why► Over 1,300 “agencies” within the US government► Somewhere between 10 and 14 million employees► Hundreds of agency CIO’S► Varying levels of information classification► Increased mobile workforce► Not only workforce support but also citizen support for information access from mobile devices Presenter Logo
  • Government Dilemma, Which is Best? Policy ► Government issued and locked down devices ► Government issued and allow a level of personal access ► Employee owned and government managed Devices ► Smart-phones ► Tablets ► Hybrids Presenter Logo
  • Mobility Considerations SECURITY Presenter Logo
  • Hmmmm…. Presenter Logo
  • Defining the Key ComponentsManagement Devices/OS Applications Classification Data SecurityDevice iOS E-mail Unclassified VPNInformation Android Agency specific Highly Identity classified ManagementApplication Windows Personal Personal data Encryption at restAuthentication RIM Information General access Encryption in share motionUnified Hybrids Cloud access PII DLP Presenter Logo
  • Private/Public Sector Comparison Private Sector Public SectorEncrypted data storage Limited FIPS 140-2Multi-factor authentication Limited Utilize existing PKI/credential methodsApplication control Sand-box method Application wrappingGeo-fencing Limited Full awarenessCompliance measurements Limited to IT policy Defined compliance metricsChain of assurance No Access and data protectionRoot of trust OS testing OS control ► Advantage…Public Sector Presenter Logo
  • Best of Both Worlds?► Agency/Organization ► Well managed user access and critical device components ► Strong security ► Information protection ► Application management► End User ► Ease of use ► Fully functional ► Productivity benefits Private Sector can utilize the extensive work already performed by the Public Sector! Presenter Logo
  • In Conclusion...► Just how did Government “pwn” the private sector? ► By implementing a progressively multi-faceted “all of the above” strategy, while the private sector struggled with narrower, less effective policies. ► In other words: “Necessity is the mother of invention.” -- Plato Presenter Logo
  • Thank You!John_Bordwine@Symantec.com
  • Additional Information
  • Core Mobile Security ComponentsGovernment Focus► Application Management ► Government applications secured, trusted and protected► Device Management ► Impact of lost device► User Management ► Prevent abuse and ensure proper ownership► Information Management ► Protection of government information. Data loss prevention to protect sensitive information Presenter Logo
  • Core Security Components► Cloud Access ► Appropriate controls to cloud information► Access Control ► Defining the authenticity of the user and the device► Unified Management ► Devices, users and information protected independent of access point► Secure Operating System ► How to ensure the OS is not compromised► Trusted Service Manager ► Trusted authority to issue secure applications Presenter Logo