SlideShare a Scribd company logo

ISSA Houston – The Consumerization of IT

Download as PPTX, PDF
NetIQ
NetIQ

Life as a security professional seems to be full of good news and bad news scenarios. For example, today, your budget was just cut again… The good news is that the employees are more than willing to help out by using their own equipment. While on the surface this may sound like a good idea it can be full of issues. This presentation will go over the basics of Consumerization, why it is happening, and what can be done to mitigate the potential issues. It will also touch on some strategies that we might see in the future… Michael F. Angelo, CRISC, is currently the Chief Security Architect for NetIQ and is the Chair of the ISSA Inter-National webinar committee. He is a technical advisor to the US Department of Commerce and is the chair of the team working on security export controls. You can read his blog at http://community.netiq.com/blogs/security_webb/default.aspx

Technology
1 of 22
Consumerization ISSA, January 13th 2011 Michael F. Angelo Chief Security Architect NetIQ Corporation blog: http://community.netiq.com/blogs/
Agenda What is Consumerization? Motivation How does it impact you? What can you do about it? Future 2 © 2011 NetIQ Corporation. All rights reserved.
What is Consumerization? Leveraging technology, that was originally directed at the consumer, for business purposes. 3 © 2011 NetIQ Corporation. All rights reserved.
Two Aspects  Use of consumer based services (facilities) for work −Not going to cover  Use of consumer oriented equipment and software for work (IT) −Going to cover 4 © 2011 NetIQ Corporation. All rights reserved.
Motivation (Corporate)  Exit the: −hardware inventory and repair business −phone / pager business −Internet business  Improve productivity  Improve employee satisfaction 5 © 2011 NetIQ Corporation. All rights reserved.
Motivation (Employee)  Familiarity with O/S, Software, and Hardware −Can’t do the job with a Pentium II, 512MB, and 30GB −Can’t get information with IE6 −Need features of updated applications. 6 © 2011 NetIQ Corporation. All rights reserved.
Does it Happen??? Smart phones/ Mice Keyboards Monitors WiFi Cards Phones/PDAs Laptops The trend has been accelerating, as the base cost of the technology has decreased and employee experience has increased. In addition the ever shrinking corporate budget is acting as an accelerant to the trend. 7 © 2011 NetIQ Corporation. All rights reserved.
Does it Happen???  Corporate Stance −Secretive −Ignored −Unofficially Supported −Officially Supported −Subsidized 8 © 2011 NetIQ Corporation. All rights reserved.
Does it Happen? “Security is always a tradeoff, and security decisions are often made for non-security reasons. In this case, the right decision is to sacrifice security for convenience and flexibility. Corporations want their employees to be able to work from anywhere, and they‟re going to have loosened control over the tools they allow in order to get it.” -- Bruce Schneier 9 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact?  Information Blending  Software Licensing  Legislative Issues 10 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact?  Information Leakage −Family & friends −Device Loss −Virus −Personal email – Spear Fishing  Increased Exposure to Threats −Surfing at Home <> Surfing at Work −Torrents 11 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact?  Acceptable use policies − How to apply to personal machines?  Out processing of individuals − How do you know organizational data is removed from the employee machine? − Software − PST files − Passwords / wireless / VPN Access − Residual data − Employee / corporate backups 12 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact? „23 percent of the largest organizations surveyed have experienced a serious breach or incident because of a personal device on the corporate network.‟ − RSA Study 13 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact?  What is your current state? −Is it already there?  Decide if you will allow Consumerization −Don’t wait for it to happen and then rush to formulate policy and procedures −Decision must explicitly include all possible components −Decision must be extended as new technology becomes available 14 © 2011 NetIQ Corporation. All rights reserved.
Action today - Define Policies  Balance : − Corporate vs. Employee Accommodations − Corporate vs. Employee vs. Customer Exposures  Corporate: − Must comply with laws − Must maintain fiduciary responsibility − Must not expose corporate assets − At a minimum should address − Employee responsibility − Acceptable use − Protection of assets 15 © 2011 NetIQ Corporation. All rights reserved.
Action today – Identify Infrastructure to Extend  Current Tools will work, but do you want to use all of them? − Policy Compliance Tools − Configuration Enforcement Tools − Security Audit Tools − Security Vulnerability Updates − Performance Audit Tools 16 © 2011 NetIQ Corporation. All rights reserved.
Action today - Incident response plan Remember: Even with Policies, Procedures, and Tools accidents can happen… Need incident response plan. 17 © 2011 NetIQ Corporation. All rights reserved.
Additional Ideas  Security 101: − Keep secret stuff separate from non–secret stuff − Keep corporate stuff separate from personal stuff  Create Virtual Containers for Corporate Work. − Provides compartmentalized facility − Re-boot to access corporate environment 18 © 2011 NetIQ Corporation. All rights reserved.
Action today - Native OS or VM on USB Encrypted OS Partition Boot Partition Operating System Applications and Files Boot Loader − Boots OS directly from device − Host provides mouse, keyboard, RAM − Encryption can protect information if device is lost − Limited to OS on device 19 © 2011 NetIQ Corporation. All rights reserved.
Action tomorrow - Native OS / VM on USB + TPM Encrypted OS Partition Boot Partition Operating System Secure Boot Loader Applications and Files − Provides a mechanism to generate and measure system characteristics upon which a security decision can be made. − TPM is in almost all commercial grade computers − For more info see: the Trusted Computing Group www.trustedcomputinggroup.org 20 © 2011 NetIQ Corporation. All rights reserved.
To Continue the Conversation Please See: Twitter: @mfa007 or @NetIQ For mine, and NetIQ, Security Blogs see: http://bit.ly/11BhzC
Image Credits http://www.flickr.com/photos/sanfranannie/3695457758/lightbox http://www.flickr.com/photos/themuuj/3787043200/lightbox/ http://www.flickr.com/photos/nekonoir/2231873666/lightbox/ http://www.flickr.com/photos/scarpagialla/488834555/lightbox/ http://www.flickr.com/photos/schatz/484932511/lightbox/ 22 © 2011 NetIQ Corporation. All rights reserved.

Recommended

Are You Being Anti-Social
Are You Being Anti-SocialAre You Being Anti-Social
Are You Being Anti-Social
NetIQ
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
NetIQ
 
5 insider tips for using it audits to maximize security
5 insider tips for using it audits to maximize security5 insider tips for using it audits to maximize security
5 insider tips for using it audits to maximize security
NetIQ
 
BrainShare 2014
BrainShare 2014 BrainShare 2014
BrainShare 2014
NetIQ
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
NetIQ
 
Open Enterprise Server With Windows
Open Enterprise Server With Windows Open Enterprise Server With Windows
Open Enterprise Server With Windows
NetIQ
 
Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility
NetIQ
 
Mobile Apps in Your Business
Mobile Apps in Your BusinessMobile Apps in Your Business
Mobile Apps in Your Business
NetIQ
 

Recommended

Are You Being Anti-Social
Are You Being Anti-SocialAre You Being Anti-Social
Are You Being Anti-Social
NetIQ
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
NetIQ
 
5 insider tips for using it audits to maximize security
5 insider tips for using it audits to maximize security5 insider tips for using it audits to maximize security
5 insider tips for using it audits to maximize security
NetIQ
 
BrainShare 2014
BrainShare 2014 BrainShare 2014
BrainShare 2014
NetIQ
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
NetIQ
 
Open Enterprise Server With Windows
Open Enterprise Server With Windows Open Enterprise Server With Windows
Open Enterprise Server With Windows
NetIQ
 
Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility
NetIQ
 
Mobile Apps in Your Business
Mobile Apps in Your BusinessMobile Apps in Your Business
Mobile Apps in Your Business
NetIQ
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
NetIQ
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.
NetIQ
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity Manager
NetIQ
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
NetIQ
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User Access
NetIQ
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQ
NetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log Manager
NetIQ
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
NetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
NetIQ
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bank
NetIQ
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
NetIQ
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQ
NetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQ
NetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
NetIQ
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...
NetIQ
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud Identity
NetIQ
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report
NetIQ
 
Identity-Powered Security
Identity-Powered SecurityIdentity-Powered Security
Identity-Powered Security
NetIQ
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 

More Related Content

More from NetIQ

NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
NetIQ
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.
NetIQ
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity Manager
NetIQ
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
NetIQ
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User Access
NetIQ
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQ
NetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log Manager
NetIQ
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
NetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
NetIQ
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bank
NetIQ
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
NetIQ
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQ
NetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQ
NetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
NetIQ
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...
NetIQ
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud Identity
NetIQ
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report
NetIQ
 
Identity-Powered Security
Identity-Powered SecurityIdentity-Powered Security
Identity-Powered Security
NetIQ
 

More from NetIQ (20)

NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity Manager
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User Access
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log Manager
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bank
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal University
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud Identity
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report
 
Identity-Powered Security
Identity-Powered SecurityIdentity-Powered Security
Identity-Powered Security
 

Recently uploaded

June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
flufftailshop
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Pravash Chandra Das
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 

Recently uploaded (20)

June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 

ISSA Houston – The Consumerization of IT

  • 1. Consumerization ISSA, January 13th 2011 Michael F. Angelo Chief Security Architect NetIQ Corporation blog: http://community.netiq.com/blogs/
  • 2. Agenda What is Consumerization? Motivation How does it impact you? What can you do about it? Future 2 © 2011 NetIQ Corporation. All rights reserved.
  • 3. What is Consumerization? Leveraging technology, that was originally directed at the consumer, for business purposes. 3 © 2011 NetIQ Corporation. All rights reserved.
  • 4. Two Aspects  Use of consumer based services (facilities) for work −Not going to cover  Use of consumer oriented equipment and software for work (IT) −Going to cover 4 © 2011 NetIQ Corporation. All rights reserved.
  • 5. Motivation (Corporate)  Exit the: −hardware inventory and repair business −phone / pager business −Internet business  Improve productivity  Improve employee satisfaction 5 © 2011 NetIQ Corporation. All rights reserved.
  • 6. Motivation (Employee)  Familiarity with O/S, Software, and Hardware −Can’t do the job with a Pentium II, 512MB, and 30GB −Can’t get information with IE6 −Need features of updated applications. 6 © 2011 NetIQ Corporation. All rights reserved.
  • 7. Does it Happen??? Smart phones/ Mice Keyboards Monitors WiFi Cards Phones/PDAs Laptops The trend has been accelerating, as the base cost of the technology has decreased and employee experience has increased. In addition the ever shrinking corporate budget is acting as an accelerant to the trend. 7 © 2011 NetIQ Corporation. All rights reserved.
  • 8. Does it Happen???  Corporate Stance −Secretive −Ignored −Unofficially Supported −Officially Supported −Subsidized 8 © 2011 NetIQ Corporation. All rights reserved.
  • 9. Does it Happen? “Security is always a tradeoff, and security decisions are often made for non-security reasons. In this case, the right decision is to sacrifice security for convenience and flexibility. Corporations want their employees to be able to work from anywhere, and they‟re going to have loosened control over the tools they allow in order to get it.” -- Bruce Schneier 9 © 2011 NetIQ Corporation. All rights reserved.
  • 10. What is the Impact?  Information Blending  Software Licensing  Legislative Issues 10 © 2011 NetIQ Corporation. All rights reserved.
  • 11. What is the Impact?  Information Leakage −Family & friends −Device Loss −Virus −Personal email – Spear Fishing  Increased Exposure to Threats −Surfing at Home <> Surfing at Work −Torrents 11 © 2011 NetIQ Corporation. All rights reserved.
  • 12. What is the Impact?  Acceptable use policies − How to apply to personal machines?  Out processing of individuals − How do you know organizational data is removed from the employee machine? − Software − PST files − Passwords / wireless / VPN Access − Residual data − Employee / corporate backups 12 © 2011 NetIQ Corporation. All rights reserved.
  • 13. What is the Impact? „23 percent of the largest organizations surveyed have experienced a serious breach or incident because of a personal device on the corporate network.‟ − RSA Study 13 © 2011 NetIQ Corporation. All rights reserved.
  • 14. What is the Impact?  What is your current state? −Is it already there?  Decide if you will allow Consumerization −Don’t wait for it to happen and then rush to formulate policy and procedures −Decision must explicitly include all possible components −Decision must be extended as new technology becomes available 14 © 2011 NetIQ Corporation. All rights reserved.
  • 15. Action today - Define Policies  Balance : − Corporate vs. Employee Accommodations − Corporate vs. Employee vs. Customer Exposures  Corporate: − Must comply with laws − Must maintain fiduciary responsibility − Must not expose corporate assets − At a minimum should address − Employee responsibility − Acceptable use − Protection of assets 15 © 2011 NetIQ Corporation. All rights reserved.
  • 16. Action today – Identify Infrastructure to Extend  Current Tools will work, but do you want to use all of them? − Policy Compliance Tools − Configuration Enforcement Tools − Security Audit Tools − Security Vulnerability Updates − Performance Audit Tools 16 © 2011 NetIQ Corporation. All rights reserved.
  • 17. Action today - Incident response plan Remember: Even with Policies, Procedures, and Tools accidents can happen… Need incident response plan. 17 © 2011 NetIQ Corporation. All rights reserved.
  • 18. Additional Ideas  Security 101: − Keep secret stuff separate from non–secret stuff − Keep corporate stuff separate from personal stuff  Create Virtual Containers for Corporate Work. − Provides compartmentalized facility − Re-boot to access corporate environment 18 © 2011 NetIQ Corporation. All rights reserved.
  • 19. Action today - Native OS or VM on USB Encrypted OS Partition Boot Partition Operating System Applications and Files Boot Loader − Boots OS directly from device − Host provides mouse, keyboard, RAM − Encryption can protect information if device is lost − Limited to OS on device 19 © 2011 NetIQ Corporation. All rights reserved.
  • 20. Action tomorrow - Native OS / VM on USB + TPM Encrypted OS Partition Boot Partition Operating System Secure Boot Loader Applications and Files − Provides a mechanism to generate and measure system characteristics upon which a security decision can be made. − TPM is in almost all commercial grade computers − For more info see: the Trusted Computing Group www.trustedcomputinggroup.org 20 © 2011 NetIQ Corporation. All rights reserved.
  • 21. To Continue the Conversation Please See: Twitter: @mfa007 or @NetIQ For mine, and NetIQ, Security Blogs see: http://bit.ly/11BhzC
  • 22. Image Credits http://www.flickr.com/photos/sanfranannie/3695457758/lightbox http://www.flickr.com/photos/themuuj/3787043200/lightbox/ http://www.flickr.com/photos/nekonoir/2231873666/lightbox/ http://www.flickr.com/photos/scarpagialla/488834555/lightbox/ http://www.flickr.com/photos/schatz/484932511/lightbox/ 22 © 2011 NetIQ Corporation. All rights reserved.

Editor's Notes

  1. LoginsPersonal login information on corporate machine Social Networks / Professional AssociationsCorporate login information on personal machineVPN ConfigurationUser IDs and passwords stored in browsersSoftwarePersonal softwareRestricted use licensesCorporate software on home equipmentLegislated PrivacyEU data protection actUSA HIPAA, SOX, GLBACountry, state/province, local (e.g. CA SB 1386)More laws pendingCross contaminationCorporate backup includes personal informationPersonal backup includes corporate information
  2. http://www.securityweek.com/consumerization-user-driven-it-security-threat#
  3. Various laws protect customer dataEmployee must protect assets whether physical or informational. Protect devices, encrypt HD, remove HD if needed.