Airheads main conference slideshare v1.0

492 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
492
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Airheads main conference slideshare v1.0

  1. 1. © 2013 Beyond Mobile Ltd June 5, 2013
  2. 2. © 2013 Beyond Mobile Ltd June 5, 2013INTRODUCTION2An  IT  infrastructure  specialist  with  over  20  years  in  the  financial  services  sector.      11  years  with  Credit  Suisse  and  6  with  Chase  (JP  Morgan)    Tough  environment  in  Financial  services  and  deparGng  a  role  as  Director  in  IT  for  Credit  Suisse  to  start  Beyond  Mobile.    Beyond  Mobile  offers  Strategy,  Product  and  Sales  advice  to  technology  companies  in  the  early  stage  of  their  business  plans.  
  3. 3. © 2013 Beyond Mobile Ltd June 5, 2013 3WHAT IS AN ENTERPRISE
  4. 4. © 2013 Beyond Mobile Ltd June 5, 2013 4ALL THE SAME RIGHT !
  5. 5. © 2013 Beyond Mobile Ltd June 5, 2013DeclaraGon   NX   Sovereign  circa  2130s   April  16,  2151   October  30,  2372  52,000  metric  tonnes   998,000  metric  tonnes   3,250,000  metric  tonnes  300  metres   225  metres   685.7  metres        <  Warp  2   Warp  5.2   Warp  9.995  None   Photonic  torpedoes  Phase  cannons  Arrays  Phasers  USS  Enterprise    (XCV  330)  NX01   NCC-­‐1701-­‐E  5COMPARISON STAR TREK ENTERPRISE
  6. 6. © 2013 Beyond Mobile Ltd June 5, 2013Enterprise  1  (Financial)    Case  Study  (Financial)  Enterprise  3  (consulGng)  COMPARISON OF AN ENTERPRISE6120,000   65,000   20,000  143,000   80,000   2,000  28,000   15,000   20,000  170,000   120,000   2,500  Yes   Yes   No  “dirty  network”  “clean  network”   “clean  network”  
  7. 7. © 2013 Beyond Mobile Ltd June 5, 2013EVIL INTERNET & WIRELESS7Wi-Fi BANNEDCustom laptops with Wi-Fi cardsremovedEthernet ports and drivers lockeddownRemote access restricted to dial upAlmost impossible to be productiveunless in the office  
  8. 8. © 2013 Beyond Mobile Ltd June 5, 2013EVOLUTION NOT REVOLUTION8
  9. 9. © 2013 Beyond Mobile Ltd June 5, 2013NETWORK PERIMETER SECURITY92007
  10. 10. © 2013 Beyond Mobile Ltd June 5, 2013NETWORK PERIMETER SECURITY10
  11. 11. © 2013 Beyond Mobile Ltd June 5, 2013NETWORK STRATEGY11DEPERIMITISATION  
  12. 12. © 2013 Beyond Mobile Ltd June 5, 20132007 – 1ST GEN WI-FI12CISO concedes some Wi-Fi allowed“Managed” endpoints onlyGuest internet access allowedNo employee personal devices allowedUser experience not consideredWi-Fi Design poorGlobal inconsistency  
  13. 13. © 2013 Beyond Mobile Ltd June 5, 20132007 – 1ST GEN WI-FI13Un-provisionedDeviceProvisionedDeviceLAN DMZBYODMDPSFWFWEXT DMZ FWEXT DMZ FWWageFirewallCisco DMZanchorControllerDMZ BluecoatProxyEoIPPWR ENET 11A/N 11B/G/N105BYOD User trafficEoIPRadius AuthHTTPSPublisherAmigopod Appliance for remotecloud provisioning of BYOD andguest self registrationAPAC CPPMAAA serversEMEA CPPMAAA ServersAmigopod Appliance forremote cloud provisioningof BYOD and guest selfregistrationCisco IntranetControllerGuest trafficCisco AccessPoint
  14. 14. © 2013 Beyond Mobile Ltd June 5, 20132009 CHALLENGERS14“Why can’t I use the corporateWi-Fi to sync my work email”“Cellular coverage is so bad in mybuilding and it’s crazy employee’scant use the Corporate Wi-Fi ontheir personal devices”Crumbling of IT Walled gardens
  15. 15. © 2013 Beyond Mobile Ltd June 5, 20132011 THE GAME CHANGED15Real estate smart strategiesWi-Fi shifted to a core “enabling” technologyand business enabler.BYOD strategy was built demanding betterservicesCIO – build it quick but I wouldn’t start fromthere, if I was youPoor coverage, low contention, IT vs. Business
  16. 16. © 2013 Beyond Mobile Ltd June 5, 2013THE BEGINNING OR THE END?16RequirementsStakeholder ManagementBuy as a Service vs BuildTechnical DesignBuildLesson’s learnt
  17. 17. © 2013 Beyond Mobile Ltd June 5, 2013REQUIREMENTS17Guest Standard Employee Complex EmployeeStandard Complex
  18. 18. © 2013 Beyond Mobile Ltd June 5, 2013Guest     Standard  Employee   Complex  Employee  REQUIREMENTS18Medium   Medium   High  Low   Med   High  /  Regulated  Personal   Mixed   Corporate  Yes   Yes   Yes    &  Corporate  None   MAM   MDM  &  MAM  No   Yes   Yes  
  19. 19. © 2013 Beyond Mobile Ltd June 5, 2013STAKEHOLDER MANAGEMENT19Clean  vs.  dirty  wireless  =  same  On  campus  =  enterprise  policed  Keep  out  of  trouble  with    the  regulator  Employee  traffic  content  filtered  Info  Sec,  HR/Legal  
  20. 20. © 2013 Beyond Mobile Ltd June 5, 2013STAKEHOLDER MANAGEMENT20Apply  IT  policy  Same  quality  as  LAN  Wi-­‐Fi  as  a  commodity  Protect  data  vs.  network  BYOD  Don’t  compromise  usability  for  security  Container  (s)  vs    MAM  
  21. 21. © 2013 Beyond Mobile Ltd June 5, 2013BUY VS BUILDCorporate  IT  in  Financial  Services  idenGty  crisis    Case  Study  =  Buy  as  a  service  >  Build      Market  not  Mature    Result  was  a  Build  &  Buy  project    One  name  stood  out  in  access  control  and  provisioning  =   Aruba  
  22. 22. © 2013 Beyond Mobile Ltd June 5, 2013BUY VS BUILD!
  23. 23. © 2013 Beyond Mobile Ltd June 5, 2013TECHNICAL DESIGNData  with  some  voice,  small  amount  of  Desktop  Video  conferencing  growing    Cloud  based  guest  provisioning  soluGon    SegregaGon  IT  Polies  mean  no  direct  connecGon  to  AcGve  Directory      Guest  registraGon  –  sponsor  approved    Employee  Device  enrolment  process  to  be  lightweight    (email  address)    Employee  content  filtered  on  BYOD  devices*    Improve  scale  of  deployment      Single,  global  wireless  soluGon  to  employees.    
  24. 24. © 2013 Beyond Mobile Ltd June 5, 2013Wi-­‐Fi  1st  Gen     Wi-­‐Fi  2nd  Gen   Wi-­‐Fi  FUTURE  REQUIREMENTS24802.11a/b/g   802.11  n  to  ac   802.11ac  Data   Data  /  Voice   Data  /  Voice  /  Video  Manual   Online  registraGon  &  Sponsor  approval  Federated  B2B  Build   Build  &  Buy   Buy  None   non-­‐criGcal  service  severity  4  SLA    Clearpass  CPPM  6.x   Aruba  end  to  end  ParGally  supported                  Cisco  BBSM  4.x  CriGcal  service    LAN  replacement  
  25. 25. © 2013 Beyond Mobile Ltd June 5, 2013TECHNICAL DESIGNInternetUn-provisionedDeviceProvisionedDeviceLAN DMZBYODMDPSFWFWEXT DMZ FWEXT DMZ FWWageFirewallCisco DMZanchorControllerDMZ BluecoatProxyEoIPPWR ENET 11A/N 11B/G/N105BYOD User trafficEoIPRadius AuthHTTPSPublisherSubscriberAmigopod Appliance for remotecloud provisioning of BYOD andguest self registrationAPAC CPPMAAA serversEMEA CPPMAAA ServersAmigopod Appliance forremote cloud provisioningof BYOD and guest selfregistrationCisco IntranetControllerGuest trafficCisco AccessPointInternetEXT DMZ FWEXT DMZ FWDMZ BluecoatProxyPublisherSubscriberAmigopod Appliance for remotecloud provisioning of BYOD andguest self registrationAPAC CPPMAAA serversEMEA CPPMAAA ServersAmigopod Appliance forremote cloud provisioningof BYOD and guest selfregistrationccessUn-provisionedDeviceProvisionedDeviceBYODMDPSCisco DMZanchorControllerPWR ENET 11A/N 11B/G/N105PublisherAmigopod Appliance for remotecloud provisioning of BYOD andguest self registrationEMEA CPPMAAA ServersCisco IntranetControllerCisco AccessPointUn-provisionedDeviceProvisionedDeviceBYODMDPSCisco DMZanchorControllerPWR ENET 11A/N 11B/G/N105PublisherAmigopod Appliance for remotecloud provisioning of BYOD andguest self registrationEMEA CPPMAAA ServersCisco IntranetControllerCisco AccessPointUn-provisionedDeviceProvisionedDeviceBYODMDPSCisco DMZanchorControllerPWR ENET 11A/N 11B/G/N105PublisherAmigopod Appliance for remotecloud provisioning of BYOD andguest self registrationEMEA CPPMAAA ServersCisco IntranetControllerCisco AccessPointUn-provisionedDeviceProvisionedDeviceBYODMDPSCisco DMZanchorControllerPWR ENET 11A/N 11B/G/N105PublisherAmigopod Appliance for remotecloud provisioning of BYOD andguest self registrationEMEA CPPMAAA ServersCisco IntranetControllerCisco AccessPointUn-provisionedDeviceProvisionedDeviceBYODMDPSCisco DMZanchorControllerPWR ENET 11A/N 11B/G/N105PublisherAmigopod Appliance for remotecloud provisioning of BYOD andguest self registrationEMEA CPPMAAA ServersCisco IntranetControllerCisco AccessPointUn-provisionedDeviceProvisionedDeviceBYODMDPSCisco DMZanchorControllerPWR ENET 11A/N 11B/G/N105PublisherAmigopod Appliance for remotecloud provisioning of BYOD andguest self registrationEMEA CPPMAAA ServersCisco IntranetControllerCisco AccessPointUn-provisionedDeviceProvisionedDeviceBYODMDPSCisco DMZanchorControllerPWR ENET 11A/N 11B/G/N105PublisherAmigopod Appliance for remotecloud provisioning of BYOD andguest self registrationEMEA CPPMAAA ServersCisco IntranetControllerCisco AccessPointUn-provisionedDeviceProvisionedDeviceBYODMDPSCisco DMZanchorControllerPWR ENET 11A/N 11B/G/N105PublisherAmigopod Appliance for remotecloud provisioning of BYOD andguest self registrationEMEA CPPMAAA ServersCisco IntranetControllerCisco AccessPoint
  26. 26. © 2013 Beyond Mobile Ltd June 5, 2013LESSONS LEARNTDon’t  under  esGmate  the  amount  of  tesGng  required    BYOD  footprint  for  tesGng  can  be  never  ending    Amount  &  complexity  of  devices  leads  to  issues  with  tools  for  troubleshooGng    Process  engineering  important    Support  specialists  too  thin  on  ground  –  Mobility  support  is  a  specialist  skillset    Web  content  filtering  !=  control  
  27. 27. © 2013 Beyond Mobile Ltd June 5, 2013LESSONS LEARNTCertain  CONTENT  FILTER  RULES  did  not  make  sense  for  employee  BYOD  we  had  to  lobby  for  changes;    Chat/Instant  Messaging  –  Whole  category  originally  blocked.  •  Allow  clients  that  connect  to  corporate  IM  plarorms  as  would  be  monitored.  •  Block  all  other  IM  plarorms.  But  Allow  messaging  for  services  Ged  to  SMS  (e.g.  iMessage)      VOIP  clients  &  Online  Storage  -­‐  –  Whole  category  originally  blocked.  •  Allow  all  –  these  were  from  personal  devices  and  corporate  data  was  “contained”    •  Provides  a  beser  experience  around  apps  that  sync  to  dropbox  etc    Remote  Access  Tools  -­‐    –  Whole  category  originally  blocked.  •  Allow  –  Only  personal  devices  can  connect  to  Wi-­‐Fi  then  there  is  no  company  data  at  risk  of  loss.      Sotware  Downloads    •  Allow  –  Provides  a  beser  user  experience  as  this  would  allow  App  store  downloads  to  personal  device  to  work  on  campus  
  28. 28. © 2013 Beyond Mobile Ltd June 5, 2013LESSONS LEARNTCreditSuisseEmployeeArubaClearpassCloudServiceAccessPointIntranetControllerDMZControllerBYODSSIDGuest&ProvisioningSSIDInternetBluecoatDMZProxy125789610CSBYODDeviceCSDesktop43Processes  are  important    Help  stakeholders  understand  them  by  walking  them  through  various  scenarios    -­‐  Guest  registraGon  -­‐  Employee  registraGon  -­‐  Employee  day  to  day  use  -­‐  Support  
  29. 29. © 2013 Beyond Mobile Ltd June 5, 2013YOUR PATH TO BYOD IN FINANCIALS29ObjecGves  Design  ExecuGon  •   Have  clear  business  objecGves.    •   Senior  stakeholders  briefings.  •   Mature  requirements  &  early  engagement  necessary  with  IT  suppliers  •   What  are  your  security  policy  objecGves  • Think  about  process  &support  design  as  well  as  the  technology  • Translate  the  risk  posture  to  security  controls    • Don’t  compromise  usability  for  security  (impact  of  security  discussions)  • Select  technology  plarorms  and  suppliers  • Build  in  compliance  from  the  beginning  • Test,  Test  and  test  some  more  And finally …. Celebrate a success !
  30. 30. © 2013 Beyond Mobile Ltd June 5, 2013

×