Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Embracing the IT Consumerization Imperitive

297 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Embracing the IT Consumerization Imperitive

  1. 1. Embracing the IT Consumerization Imperative Barry Caplin CISO MN Dept. of Human Servicesbarry.caplin@state.mn.usbc@bjb.org, @bcaplin, +barry caplin
  2. 2. http://about.me/barrycaplin
  3. 3. More About Me• Native New Yorker!• 30 years in IT/ 20 years in InfoSec
  4. 4. Apr. 3, 2010300K ipads1M apps250K ebooks… day 1!
  5. 5. 2011 – tablet/smartphone sales exceeded PCs
  6. 6. The real reason we need tablets
  7. 7. Why are we talking about this?But really, allconnected!
  8. 8. Business Driver?
  9. 9. What about…
  10. 10. Ineffective Controls
  11. 11. 1 Day
  12. 12. 5 Stages of Tablet Grief• Surprise• Fear• Concern• Understanding• Evangelism
  13. 13. Security ChallengesDevices:•Exposure of data•Leakage of data – sold, donated, tossed,repaired drives•Malware But don’t we have all this now???
  14. 14. Consumer App Security• “non-standard” software a challenge• Vetting, updates/patches, malware• No real 3rd party agreements• Privacy policies, data ownership• SOPA/PIPA/CISPA
  15. 15. Legal (IANAL)• Privacy – exposing company data• Litigation hold – on 3rd party services• Separation – what’s on Dropbox?• Copyright, trademark, IP?• How do you?: – Get data from a 3rd party service?
  16. 16. BYOD Security Solutions• Sync – Network or OTA• VDI – Citrix or similar• Containerization – Sandbox, MAM• Direct Connection – Don’t!
  17. 17. DHS view - POE• Policy • Guest wireless• Supervisor • FAQs for approval users/sups• Citrix only • Metrics• No Govt records • $ - not yet on POE (unencrypted)• 3G/4G or wired
  18. 18. Software Security Solutions• Policy – Examine existing – augment• Process – Vetting, updates, malware• 3rd party agreements – where possible• Data classification/labeling• PIE – pre-Internet encryption
  19. 19. CoIT Nirvana• Any, Any, Any – work, device, where• Be nimble• Data stays “home”++• Situational awareness
  20. 20. Key Points• Business Need – Partner internally• BYOD, Consumer apps, or both?• Policy, Technical, Financial aspects• Watch the data• Make easy for users• Education/Awareness

×