Barry Caplin, profile picture
Uploaded byBarry Caplin
PPT, PDF275 views

Embracing the IT Consumerization Imperitive

Barry Caplin, CISO of the MN Dept. of Human Services, discusses embracing consumerization and the security challenges of tablets and smartphones. He outlines the rapid adoption of these devices and consumer apps. Some key security risks include exposure of data, malware, lack of vetting and updates for third party apps, and privacy issues. Caplin provides an overview of potential technical solutions like mobile device management, virtualization, and containerization as well as the importance of policy, legal considerations, and user education when implementing a BYOD or mobile strategy.

Embed presentation

Download to read offline
Embracing the IT Consumerization Imperative Barry Caplin CISO MN Dept. of Human Services barry.caplin@state.mn.us bc@bjb.org, @bcaplin, +barry caplin
http://about.me/barrycaplin
More About Me • Native New Yorker! • 30 years in IT/ 20 years in InfoSec
Apr. 3, 2010 300K ipads 1M apps 250K ebooks … day 1!
2011 – tablet/smartphone sales exceeded PCs
The real reason we need tablets
Why are we talking about this? But really, all connected!
Business Driver?
What about…
Ineffective Controls
1 Day
5 Stages of Tablet Grief • Surprise • Fear • Concern • Understanding • Evangelism
Security Challenges Devices: •Exposure of data •Leakage of data – sold, donated, tossed, repaired drives •Malware But don’t we have all this now???
Consumer App Security • “non-standard” software a challenge • Vetting, updates/patches, malware • No real 3rd party agreements • Privacy policies, data ownership • SOPA/PIPA/CISPA
Legal (IANAL) • Privacy – exposing company data • Litigation hold – on 3rd party services • Separation – what’s on Dropbox? • Copyright, trademark, IP? • How do you?: – Get data from a 3rd party service?
BYOD Security Solutions • Sync – Network or OTA • VDI – Citrix or similar • Containerization – Sandbox, MAM • Direct Connection – Don’t!
DHS view - POE • Policy • Guest wireless • Supervisor • FAQs for approval users/sups • Citrix only • Metrics • No Gov't records • $ - not yet on POE (unencrypted) • 3G/4G or wired
Software Security Solutions • Policy – Examine existing – augment • Process – Vetting, updates, malware • 3rd party agreements – where possible • Data classification/labeling • PIE – pre-Internet encryption
CoIT Nirvana • Any, Any, Any – work, device, where • Be nimble • Data stays “home”++ • Situational awareness
Key Points • Business Need – Partner internally • BYOD, Consumer apps, or both? • Policy, Technical, Financial aspects • Watch the data • Make easy for users • Education/Awareness
Embracing the IT Consumerization Imperitive

More Related Content

PPTX
Technology ( The Advantage and Disadvantage)
byAlyanna Marie
 
PPTX
How to be a Tech-Smart Parent
byBarry Caplin
 
PPT
Wearing Your Heart On Your Sleeve - Literally!
byBarry Caplin
 
PPT
Legal Issues In Social Media Oct. 2012
bycurlistl
 
PPTX
Social Media Security 2011
byDonald E. Hester
 
PPT
Tech smart preschool parent 2 13
byBarry Caplin
 
PPTX
CISOs are from Mars, CIOs are from Venus
byBarry Caplin
 
PPTX
Online Safety for Seniors
byConnectSafely
 
Technology ( The Advantage and Disadvantage)
byAlyanna Marie
 
How to be a Tech-Smart Parent
byBarry Caplin
 
Wearing Your Heart On Your Sleeve - Literally!
byBarry Caplin
 
Legal Issues In Social Media Oct. 2012
bycurlistl
 
Social Media Security 2011
byDonald E. Hester
 
Tech smart preschool parent 2 13
byBarry Caplin
 
CISOs are from Mars, CIOs are from Venus
byBarry Caplin
 
Online Safety for Seniors
byConnectSafely
 

What's hot

PPTX
Social Media Security
byDel Belcher
 
PPTX
Digital Forensics, eDiscovery & Technology Risks for HR Executives
byThe Lorenzi Group
 
PPTX
Social Media - the legal risks (AIM)
byPod Legal
 
PPTX
UPDATED Social Media - the legal risks (AIM)
byPod Legal
 
PDF
Online Identity- Part 1
byKimberley Barker
 
PPT
Social Networking and Cyberbullying
byLouise Jones
 
PDF
Data and Ethics: Why Data Science Needs One
byTim Rich
 
PPTX
Digital Self
byAngeloMirabel
 
PPT
Digital Citizenship: Responsible Behavior in a Digital World
byDebra Hargrove
 
PPTX
3Rs of Internet Safety: Rights, Responsibilities and Risk Management
byConnectSafely
 
PDF
Privacy Exposed: Ramifications of Social Media and Mobile Technology
byTom Eston
 
PDF
Oscpa sept 2013
byjerryjustice
 
PDF
Technology gadgets a boon or a bane
byBalasubramanian Kalyanaraman
 
PPT
8th grade presentation for slideshare
byMarian Merritt
 
PPTX
Risk Assessment of Social Media Use v3.01
byovercertified
 
PPTX
Cyber Security Awareness October 2014
byDonald E. Hester
 
PPTX
HighEdWeb 2013 - 9 Takeaways
byEmory University
 
KEY
Cybersafety overview
byJohn Woodring
 
PPTX
Parent workshop - Social Networks
byClint Hamada
 
PPTX
KidSafe - Parental Training Presentation
byOCTF Industry Engagement
 
Social Media Security
byDel Belcher
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
byThe Lorenzi Group
 
Social Media - the legal risks (AIM)
byPod Legal
 
UPDATED Social Media - the legal risks (AIM)
byPod Legal
 
Online Identity- Part 1
byKimberley Barker
 
Social Networking and Cyberbullying
byLouise Jones
 
Data and Ethics: Why Data Science Needs One
byTim Rich
 
Digital Self
byAngeloMirabel
 
Digital Citizenship: Responsible Behavior in a Digital World
byDebra Hargrove
 
3Rs of Internet Safety: Rights, Responsibilities and Risk Management
byConnectSafely
 
Privacy Exposed: Ramifications of Social Media and Mobile Technology
byTom Eston
 
Oscpa sept 2013
byjerryjustice
 
Technology gadgets a boon or a bane
byBalasubramanian Kalyanaraman
 
8th grade presentation for slideshare
byMarian Merritt
 
Risk Assessment of Social Media Use v3.01
byovercertified
 
Cyber Security Awareness October 2014
byDonald E. Hester
 
HighEdWeb 2013 - 9 Takeaways
byEmory University
 
Cybersafety overview
byJohn Woodring
 
Parent workshop - Social Networks
byClint Hamada
 
KidSafe - Parental Training Presentation
byOCTF Industry Engagement
 

Viewers also liked

PPT
Internal Risk Management
byBarry Caplin
 
PPT
Security Lifecycle Management Process
byBill Ross
 
PPT
Risk Management 101
byBarry Caplin
 
PPTX
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
byBarry Caplin
 
PPT
Security Lifecycle Management
byBarry Caplin
 
PPT
Accidental Insider
byBarry Caplin
 
PPT
The CISO Guide – How Do You Spell CISO?
byBarry Caplin
 
PPT
How to safely configure your home wireless network
byBarry Caplin
 
PPT
Elements of an Information Security Awareness Program
byBarry Caplin
 
Internal Risk Management
byBarry Caplin
 
Security Lifecycle Management Process
byBill Ross
 
Risk Management 101
byBarry Caplin
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
byBarry Caplin
 
Security Lifecycle Management
byBarry Caplin
 
Accidental Insider
byBarry Caplin
 
The CISO Guide – How Do You Spell CISO?
byBarry Caplin
 
How to safely configure your home wireless network
byBarry Caplin
 
Elements of an Information Security Awareness Program
byBarry Caplin
 

Similar to Embracing the IT Consumerization Imperitive

PPT
Csop 2011 Al Raymond
byspencerharry
 
PDF
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
byKirill Kertsenbaum
 
PDF
110307 cloud security requirements gourley
byGovCloud Network
 
PPTX
WatchGuard: Bring Your Own Device or Bring Your Own Danger
byRoeing Corporation
 
PDF
Is Your Network Ready for BYOD?
bySophos
 
PDF
The Future of Software Security Assurance
byRafal Los
 
PPTX
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
byArrow ECS UK
 
PDF
IT Security Trends 2013
byIMC Institute
 
PPT
Embracing the IT Consumerization Imperative NG Security
byBarry Caplin
 
PDF
BYOD: Device Control in the Wild, Wild, West
byJay McLaughlin
 
PPTX
iPads on your network? Take Control with Unified Policy and Management
byCisco Mobility
 
PDF
Protecting Data on Laptops
byProduct Marketing Services
 
PDF
Andrew Jaquith SOURCE Boston 2011
bySource Conference
 
PPTX
Information Security, Cybercrime and technology futures allowing you to get a...
byInsight UK
 
PDF
Re-Thinking BYOD Policy.pptx
bytmbainjr131
 
PPTX
Embracing secure, scalable BYOD with Sencha and Centrify
bySumana Mehta
 
PDF
7.5 steps to overlaying BYoD & IoT on Existing Investments
byCaston Thomas
 
PPTX
2012 DBIR
bymartyburks
 
PPT
PCTY 2012, IBM Security and Strategy v. Fabio Panada
byIBM Danmark
 
PDF
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
byIBM Sverige
 
Csop 2011 Al Raymond
byspencerharry
 
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
byKirill Kertsenbaum
 
110307 cloud security requirements gourley
byGovCloud Network
 
WatchGuard: Bring Your Own Device or Bring Your Own Danger
byRoeing Corporation
 
Is Your Network Ready for BYOD?
bySophos
 
The Future of Software Security Assurance
byRafal Los
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
byArrow ECS UK
 
IT Security Trends 2013
byIMC Institute
 
Embracing the IT Consumerization Imperative NG Security
byBarry Caplin
 
BYOD: Device Control in the Wild, Wild, West
byJay McLaughlin
 
iPads on your network? Take Control with Unified Policy and Management
byCisco Mobility
 
Protecting Data on Laptops
byProduct Marketing Services
 
Andrew Jaquith SOURCE Boston 2011
bySource Conference
 
Information Security, Cybercrime and technology futures allowing you to get a...
byInsight UK
 
Re-Thinking BYOD Policy.pptx
bytmbainjr131
 
Embracing secure, scalable BYOD with Sencha and Centrify
bySumana Mehta
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
byCaston Thomas
 
2012 DBIR
bymartyburks
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
byIBM Danmark
 
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
byIBM Sverige
 

More from Barry Caplin

PPT
Laws of the Game For Valley United Soccer Club travel soccer refs
byBarry Caplin
 
PPT
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
byBarry Caplin
 
PPTX
It’s not if but when 20160503
byBarry Caplin
 
PPT
Stick to the Basics - a look at the Brazilian and Dutch soccer training methods
byBarry Caplin
 
PPT
Embracing the IT Consumerization Imperitive
byBarry Caplin
 
PPT
Toys in the office 11
byBarry Caplin
 
PPT
Online Self Defense
byBarry Caplin
 
PPT
3 factors of fail sec360 5-15-13
byBarry Caplin
 
PPTX
Healing healthcare security
byBarry Caplin
 
PPTX
Dreaded Embedded sec360 5-17-16
byBarry Caplin
 
PPT
Internet Safety for Families and Children
byBarry Caplin
 
PPT
Teens 2.0 - Teens and Social Networks
byBarry Caplin
 
PPTX
It’s not If but When 20160503
byBarry Caplin
 
PPTX
Online Self Defense - Passwords
byBarry Caplin
 
PPTX
Stuff my ciso says
byBarry Caplin
 
PPT
Identity Fraud and How to Protect Yourself
byBarry Caplin
 
PPT
Bullying and Cyberbullying
byBarry Caplin
 
Laws of the Game For Valley United Soccer Club travel soccer refs
byBarry Caplin
 
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
byBarry Caplin
 
It’s not if but when 20160503
byBarry Caplin
 
Stick to the Basics - a look at the Brazilian and Dutch soccer training methods
byBarry Caplin
 
Embracing the IT Consumerization Imperitive
byBarry Caplin
 
Toys in the office 11
byBarry Caplin
 
Online Self Defense
byBarry Caplin
 
3 factors of fail sec360 5-15-13
byBarry Caplin
 
Healing healthcare security
byBarry Caplin
 
Dreaded Embedded sec360 5-17-16
byBarry Caplin
 
Internet Safety for Families and Children
byBarry Caplin
 
Teens 2.0 - Teens and Social Networks
byBarry Caplin
 
It’s not If but When 20160503
byBarry Caplin
 
Online Self Defense - Passwords
byBarry Caplin
 
Stuff my ciso says
byBarry Caplin
 
Identity Fraud and How to Protect Yourself
byBarry Caplin
 
Bullying and Cyberbullying
byBarry Caplin
 

Recently uploaded

PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PDF
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PPTX
Dell poweredge-customer-presentation.pptx
byhungungphu123
 
PDF
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
PPTX
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PPTX
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
PPTX
Code Like Bro -A guide for better Coding
byMadan Panthi
 
PDF
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
PDF
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
PPTX
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
PPTX
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PPTX
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
Dell poweredge-customer-presentation.pptx
byhungungphu123
 
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
Code Like Bro -A guide for better Coding
byMadan Panthi
 
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 

Embracing the IT Consumerization Imperitive

  • 2.
    Embracing the IT Consumerization Imperative Barry Caplin CISO MN Dept. of Human Services barry.caplin@state.mn.us bc@bjb.org, @bcaplin, +barry caplin
  • 3.
  • 4.
    More About Me •Native New Yorker! • 30 years in IT/ 20 years in InfoSec
  • 6.
    Apr. 3, 2010 300Kipads 1M apps 250K ebooks … day 1!
  • 7.
    2011 – tablet/smartphonesales exceeded PCs
  • 8.
    The real reasonwe need tablets
  • 9.
    Why are wetalking about this? But really, all connected!
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
    5 Stages ofTablet Grief • Surprise • Fear • Concern • Understanding • Evangelism
  • 15.
    Security Challenges Devices: •Exposure ofdata •Leakage of data – sold, donated, tossed, repaired drives •Malware But don’t we have all this now???
  • 16.
    Consumer App Security • “non-standard” software a challenge • Vetting, updates/patches, malware • No real 3rd party agreements • Privacy policies, data ownership • SOPA/PIPA/CISPA
  • 17.
    Legal (IANAL) • Privacy – exposing company data • Litigation hold – on 3rd party services • Separation – what’s on Dropbox? • Copyright, trademark, IP? • How do you?: – Get data from a 3rd party service?
  • 18.
    BYOD Security Solutions •Sync – Network or OTA • VDI – Citrix or similar • Containerization – Sandbox, MAM • Direct Connection – Don’t!
  • 19.
    DHS view -POE • Policy • Guest wireless • Supervisor • FAQs for approval users/sups • Citrix only • Metrics • No Gov't records • $ - not yet on POE (unencrypted) • 3G/4G or wired
  • 20.
    Software Security Solutions •Policy – Examine existing – augment • Process – Vetting, updates, malware • 3rd party agreements – where possible • Data classification/labeling • PIE – pre-Internet encryption
  • 21.
    CoIT Nirvana • Any, Any, Any – work, device, where • Be nimble • Data stays “home”++ • Situational awareness
  • 22.
    Key Points • Business Need – Partner internally • BYOD, Consumer apps, or both? • Policy, Technical, Financial aspects • Watch the data • Make easy for users • Education/Awareness

Editor's Notes

  • #3 IT Consumerization is a major buzz-phrase
  • #4 1. Check out my about.me, with links to twitter feed and Security and Coffee blog. 2. More about me… including the most important thing…
  • #6 Mobile/portable devices are not new. Then an event occurred that changed the game… IBM “Portable” 5155, $4225, 30 lbs, 4.77MHz 8088; Apple Newton; AppleBook; original ThinkPad; 1 st gen android; Palm III; early Blackberry
  • #7 1 st iPad, 4/3/2010. 300K iPads sold, 1M apps, 250K ebooks downloaded on the first day. Features, form factor, intuitive use made it the people’s choice.
  • #8 1. mid-2011 tipping point 2. By early 2012, 50% of US mobile users use a smartphone
  • #10 2012 survey of IT leaders – Mobile is #1 tech impact But Cloud is 2, CoIT 3 and Social 4 – all connected
  • #11 The devices are hot and driving the space, but it’s really about the ability to have mobility – to bring the product or service to the consumer/customer. Not just “flavor of the week”.
  • #12 Just say no is not a viable IT or Security strategy or response. We must partner with the business/user to provide what is needed. Just say no is an…
  • #13 If your organization is saying “just say no” to consumer devices and apps, then they are already in your environment Take opportunity to partner, lead and add value.
  • #14 2.5 years ago Story of call from lawyer about iPads in a meeting This lead to…
  • #15 Quickly moved to last stage – evangelism Now security is dragging other groups kicking and screaming into the present. Security is leading and adding value.
  • #16 Exposure is device in hand – eavesdropping, MitM Leakage is device is gone. We have all this already. Datalossdb.org and Accidental Insider. 10% of 2 nd -hand drives bought had company/private data. StarTrib malware.
  • #17 1. Similarly, we have had software issues – local admin, devs, etc. can’t enumerate badness. If the service is free, we are the product not the customer.
  • #18 Be sure to include legal Information Discovery, Litigation Hold are big issues.
  • #19 Now for solutions – 4 general categories for devices Containerization includes Enterprise App Store
  • #20 Extensible policy; Citrix (no remnants); looking at containerization; guest wireless/wired; not yet considering $ (reimbursement/stipend) Gartner says at least 3-5 years for financial payoff.
  • #21 Policy already mentioned Working on process to more seamlessly allow consumer apps Know your data classifications PIE great for online storage, file sharing.
  • #23 Partner; Lead; Add value Good user experience is key
  • #24 Users are changing; expectations are changing; keep “eyes on the prize”; partner, solve problems, and add value