Your SlideShare is downloading. ×
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Private Sector
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Private Sector

1,730
views

Published on

RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Private Sector, by John Bordwine …

RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Private Sector, by John Bordwine

Published in: Technology

0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,730
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
5
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. MOBILE SECURITY SMACKDOWN:HOW GOVERNMENT “PWNED” THE PRIVATE SECTOR John Bordwine Symantec, Inc. Session ID: MBS-T18B Session Classification: Intermediate
  • 2. “PWNED”► To be owned or dominated by an opponent or situation Presenter Logo
  • 3. Quick Facts on Why► Over 1,300 “agencies” within the US government► Somewhere between 10 and 14 million employees► Hundreds of agency CIO’S► Varying levels of information classification► Increased mobile workforce► Not only workforce support but also citizen support for information access from mobile devices Presenter Logo
  • 4. Government Dilemma, Which is Best? Policy ► Government issued and locked down devices ► Government issued and allow a level of personal access ► Employee owned and government managed Devices ► Smart-phones ► Tablets ► Hybrids Presenter Logo
  • 5. Mobility Considerations SECURITY Presenter Logo
  • 6. Hmmmm…. Presenter Logo
  • 7. Defining the Key ComponentsManagement Devices/OS Applications Classification Data SecurityDevice iOS E-mail Unclassified VPNInformation Android Agency specific Highly Identity classified ManagementApplication Windows Personal Personal data Encryption at restAuthentication RIM Information General access Encryption in share motionUnified Hybrids Cloud access PII DLP Presenter Logo
  • 8. Private/Public Sector Comparison Private Sector Public SectorEncrypted data storage Limited FIPS 140-2Multi-factor authentication Limited Utilize existing PKI/credential methodsApplication control Sand-box method Application wrappingGeo-fencing Limited Full awarenessCompliance measurements Limited to IT policy Defined compliance metricsChain of assurance No Access and data protectionRoot of trust OS testing OS control ► Advantage…Public Sector Presenter Logo
  • 9. Best of Both Worlds?► Agency/Organization ► Well managed user access and critical device components ► Strong security ► Information protection ► Application management► End User ► Ease of use ► Fully functional ► Productivity benefits Private Sector can utilize the extensive work already performed by the Public Sector! Presenter Logo
  • 10. In Conclusion...► Just how did Government “pwn” the private sector? ► By implementing a progressively multi-faceted “all of the above” strategy, while the private sector struggled with narrower, less effective policies. ► In other words: “Necessity is the mother of invention.” -- Plato Presenter Logo
  • 11. Thank You!John_Bordwine@Symantec.com
  • 12. Additional Information
  • 13. Core Mobile Security ComponentsGovernment Focus► Application Management ► Government applications secured, trusted and protected► Device Management ► Impact of lost device► User Management ► Prevent abuse and ensure proper ownership► Information Management ► Protection of government information. Data loss prevention to protect sensitive information Presenter Logo
  • 14. Core Security Components► Cloud Access ► Appropriate controls to cloud information► Access Control ► Defining the authenticity of the user and the device► Unified Management ► Devices, users and information protected independent of access point► Secure Operating System ► How to ensure the OS is not compromised► Trusted Service Manager ► Trusted authority to issue secure applications Presenter Logo