Beyond the PC: Combating Unmanaged Threats Security
BEYOND THE PC – COMBATINGUNMANAGED THREATSJune 12th, 2013
View the webinar replay here:https://www.brainshark.com/xerox/vu?pi=zIDz6kmucz62tqz0
Watch this video here:http://a400.g.akamai.net/7/400/14595/v0001/xeroxwebcast.download.akamai.com/14595/TEMP/201306/Computer_Hacking-Cracking_down_on_cyber_crime-clip1.mp4
TODAY’S PROGRAM• CISO Insights– Mark Leary, Chief Information Security Officer, Xerox• Solutions: Managed Print Servicesand ConnectKey™– Karl Dueland, VP Solutions Delivery Unit, Xerox• Protecting Your Network– John Hartman, Client Executive, Cisco• Embedded Security, Smarter Security– Brian Kenyon, Chief Technology Officer, McAfee
INSIGHTSMark LearyChief Information Security OfficerXerox
THE “INTERNET OF THINGS”It has arrived….and so havehuge security issues….– Network and protocolsecurity– Data privacy and security– Identity– Trustpopulationwith Internetaccess in 201575%devicesconnected tothe Internet in20156Bdevicesconnected tothe Internetin 202030B
A “THING” CALLED A MFP…3.4MILLIONbusinesses thatexperienced aprinter-relateddata breachcompanieswithout asecure printstrategy65%companieshave a secureprintinitiative22%63%
COMMON MFP SECURITY THREATS• Poor mobile device management• Weak MFP wireless access control• Poor VPN remote access controls• Poor Web-based remote access controls• Weak identity and access management• MFP hardware component weaknesses• MFP embedded software weaknesses• Poor partner/contractor/consultant access• Poor physical access to MFPs• Poor MFP system and application access• Poor MFP software management controlsREMOTE ACCESSPROXIMITYINSIDER THREATSUPPLY CHAIN
QUESTIONS TO ASK1) Do we have an understanding of our business processes thatinvolve document management and printing?2) What threats are targeting our IT environment and particularlyMFPs?3) Are our policies addressing MFP information security still relevantto protect the business?4) Are our MFPs correctly configured to prevent cyber attacks?5) Do we have visibility into our IT environment to identify devicesand determine normal behavior from abnormal?6) Are we incorporating our customers, partners, and vendors intoour IT security operating model?
A CYCLE OF CONTINUOUS VALUEDocumentOutsourcingIT OutsourcingBusiness ProcessOutsourcingSustainabilityCost SavingsProductivitySecurityInnovationInsightMobilityManagedPrint Services andTechnologySecure andIntegrateAutomateand SimplifyAssess andOptimize
SOLUTIONS: MANAGED PRINTSERVICES AND CONNECTKEY™Karl Dueland, Vice President, Solutions Delivery Unit, Xerox
STARTING POINT: SECURE TECHNOLOGY• An ecosystem built into new Xerox MFPs• Offering flexibility, coherency and commonality• A complete refresh of key office products• Integrated with Managed Print Services8700,8900 7220,7225 7800 5800 9300+ConnectKeyTM
TOP OF MINDSECURITY CONCERNS• How do I classify so many devicescoming onto my network?• How do I allow suppliers andcontractors to collaborate securely?• Do we have control over devicesconnecting to our applications & datain the DC?• Virtual Machine Sprawl! How should Imanage security for all of those VMs weare being asked to provision everyday?• My critical services are still runningon physical servers. Do I maintainseparate policies?
All-in-One Enterprise Policy ControlCISCO IDENTITYSERVICES ENGINE (ISE)Who What Where When HowVirtual machine client, IP device, guest, employee, and remote userCisco® ISEWIRED WIRELESS VPNBusiness-RelevantPoliciesSecurity Policy AttributesIDENTITYCONTEXT