This document discusses portable biometrics and explores challenges and solutions. It examines how biometrics could be used with one-time passwords for multi-factor authentication on mobile devices. The document considers options for template storage, either on-device or in the cloud, and outlines pros and cons of each approach. It proposes next steps such as prototyping biometrics with one-time passwords and testing storage methods to determine best practices for enterprise security and user privacy.
CIS13: The Power of the Cloud and Transformation in the EnterpriseCloudIDSummit
Weisen Li, Senior Business Development Manager, Box
A seismic shift in the nature of work not seen since the invention of the PC is taking place. Now that 60% of employees access, manage and share company content away from their desks, a tidal wave of Internet-connected devices and cloud applications are being ported into the office at an ever-increasing rate. But how can enterprises balance the demands of workers to be more mobile with operational efficiency and security? The answer is the cloud. Cloud software provides users with the flexibility and mobility they need to work faster and better, while freeing IT from the challenges of managing technology and enabling them to focus on driving the productivity, security and scalability their companies need over the long term. In a cloud world, technology decision-makers are no longer playing the role of IT enforcer. Instead, they are leveraging the cloud to develop business insights and and break new ground in managing their companies' information strategically.
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
While companies have made significant strides with mobile device security software on smart phones and tablets, the wearables category is a different story. Personal data, customer data, and sensitive corporate information is at risk with data leaks exposed at multiple end points. There are a number of factors contributing to this situation that we will look at in this presentation as well as best practices to address them. The miniaturization of sensors and cameras and unprecedented connectivity have created a scenario where data can be captured and stored very easily, and at times unwittingly, by users. Lack of policies and careless use of enterprise wearables can be more of a security risk than cyber criminals. The trend of this problem will likely get worse, market forecasts show that IoT devices and wearables will surpass volumes of mobile devices over the next few years. The great promise and benefits of these devices coupled with privacy and security concerns make this technology a double edge sword.
Augmented World Expo (AWE) is back for its seventh year in our largest conference and expo featuring technologies giving us superpowers: augmented reality (AR), virtual reality (VR) and wearable tech. Join over 4,000 attendees from all over the world including a mix of CEOs, CTOs, designers, developers, creative agencies, futurists, analysts, investors, and top press in a fantastic opportunity to learn, inspire, partner, and experience first hand the most exciting industry of our times. See more at http://AugmentedWorldExpo.com
From reactive to automated reducing costs through mature security processes i...NetIQ
Addressing Human Vulnerabilities that Bedevil IT Security:
All systems are susceptible to the social engineering techniques that lie at the root of some or all the well publicized security incidents. But why can’t the industry do more to design out the human vulnerabilities that continue to bedevil even the best security systems?
It is important to understand that good security is ultimately a people issue and that while updating rules in technology to keep pace with threats is reasonably easy, changing human behaviour – and thus reducing the risks of social engineering – is much more difficult to do and maintain consistently.
Automated intelligence and control is the logical next step for how security management solutions solve problems in more complex, fast moving environments. The urgency to make business exception management and end-user policy management more fit for purpose is driven by how regulators are becoming more proactive and demanding.
Presented at the Gartner Identity & Access Management Summit, London, Travis Greene discussed the opportunities and challenges of the Internet of Things (IoT), as well as the early indicators of what the IoT world will look like. He also addressed IoT security and privacy, and the critical role that identity will play in the future.
Webinar Ivanti Neurons For Patch IntelligenceIvanti
In de huidige wereld zien we continue veranderingen. Het aantal cyberthreats neemt toe, de eindgebruikers verwachten meer en zijn maar 1 klik verwijderd van ransomware. Nadat een vendor een patch uitbrengt, wordt in 22 dagen een exploit ontwikkeld en gebruikt in cyberattacs.
Kijk met ons mee in deze webinar hoe u zicht krijgt op de patchstatus van uw omgeving en hoe wij u kunnen helpen met het stellen van prioriteiten, zodat ook u een time-to-patch bereikt van minder dan 22 dagen.
Leveraging Identity to Manage Change and ComplexityNetIQ
Presented at this year European Identity and Cloud Conference 2012, Jim Taylor's Leveraging Identity to Manage Change and Complexity looks at controlling the risks and challenges of computing across multiple environments; providing users the appropriate access at the right time to the computing services they need to do their jobs; and ensuring computing is secure, compliant and portable. He discussed how identity, identity management and governance serve as the foundation for coping with an ever-changing IT environment, new business models, cloud models and more.
CIS13: The Power of the Cloud and Transformation in the EnterpriseCloudIDSummit
Weisen Li, Senior Business Development Manager, Box
A seismic shift in the nature of work not seen since the invention of the PC is taking place. Now that 60% of employees access, manage and share company content away from their desks, a tidal wave of Internet-connected devices and cloud applications are being ported into the office at an ever-increasing rate. But how can enterprises balance the demands of workers to be more mobile with operational efficiency and security? The answer is the cloud. Cloud software provides users with the flexibility and mobility they need to work faster and better, while freeing IT from the challenges of managing technology and enabling them to focus on driving the productivity, security and scalability their companies need over the long term. In a cloud world, technology decision-makers are no longer playing the role of IT enforcer. Instead, they are leveraging the cloud to develop business insights and and break new ground in managing their companies' information strategically.
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
While companies have made significant strides with mobile device security software on smart phones and tablets, the wearables category is a different story. Personal data, customer data, and sensitive corporate information is at risk with data leaks exposed at multiple end points. There are a number of factors contributing to this situation that we will look at in this presentation as well as best practices to address them. The miniaturization of sensors and cameras and unprecedented connectivity have created a scenario where data can be captured and stored very easily, and at times unwittingly, by users. Lack of policies and careless use of enterprise wearables can be more of a security risk than cyber criminals. The trend of this problem will likely get worse, market forecasts show that IoT devices and wearables will surpass volumes of mobile devices over the next few years. The great promise and benefits of these devices coupled with privacy and security concerns make this technology a double edge sword.
Augmented World Expo (AWE) is back for its seventh year in our largest conference and expo featuring technologies giving us superpowers: augmented reality (AR), virtual reality (VR) and wearable tech. Join over 4,000 attendees from all over the world including a mix of CEOs, CTOs, designers, developers, creative agencies, futurists, analysts, investors, and top press in a fantastic opportunity to learn, inspire, partner, and experience first hand the most exciting industry of our times. See more at http://AugmentedWorldExpo.com
From reactive to automated reducing costs through mature security processes i...NetIQ
Addressing Human Vulnerabilities that Bedevil IT Security:
All systems are susceptible to the social engineering techniques that lie at the root of some or all the well publicized security incidents. But why can’t the industry do more to design out the human vulnerabilities that continue to bedevil even the best security systems?
It is important to understand that good security is ultimately a people issue and that while updating rules in technology to keep pace with threats is reasonably easy, changing human behaviour – and thus reducing the risks of social engineering – is much more difficult to do and maintain consistently.
Automated intelligence and control is the logical next step for how security management solutions solve problems in more complex, fast moving environments. The urgency to make business exception management and end-user policy management more fit for purpose is driven by how regulators are becoming more proactive and demanding.
Presented at the Gartner Identity & Access Management Summit, London, Travis Greene discussed the opportunities and challenges of the Internet of Things (IoT), as well as the early indicators of what the IoT world will look like. He also addressed IoT security and privacy, and the critical role that identity will play in the future.
Webinar Ivanti Neurons For Patch IntelligenceIvanti
In de huidige wereld zien we continue veranderingen. Het aantal cyberthreats neemt toe, de eindgebruikers verwachten meer en zijn maar 1 klik verwijderd van ransomware. Nadat een vendor een patch uitbrengt, wordt in 22 dagen een exploit ontwikkeld en gebruikt in cyberattacs.
Kijk met ons mee in deze webinar hoe u zicht krijgt op de patchstatus van uw omgeving en hoe wij u kunnen helpen met het stellen van prioriteiten, zodat ook u een time-to-patch bereikt van minder dan 22 dagen.
Leveraging Identity to Manage Change and ComplexityNetIQ
Presented at this year European Identity and Cloud Conference 2012, Jim Taylor's Leveraging Identity to Manage Change and Complexity looks at controlling the risks and challenges of computing across multiple environments; providing users the appropriate access at the right time to the computing services they need to do their jobs; and ensuring computing is secure, compliant and portable. He discussed how identity, identity management and governance serve as the foundation for coping with an ever-changing IT environment, new business models, cloud models and more.
IoT is a new concepts with the promises of bringing revolutionary changes in the way internet will integrate chain of devices with software. This article gives a brief approach for testing IoT solutions.
Visit this link for more details.
http://nirmalyalabs.com/blogdetails.php
Scrubbing Your Active Directory Squeaky CleanNetIQ
Bytes Technology identified Active Directory issues within their customer base, so they brought in NetIQ as a strategic partner. This deck outlines how scrubbing your environment clean with the right tools and processes will help you keep your Active Directory environment consistent, manageable, auditable and efficient.
1000+ Apps are released on Google Play and Appstore every day!
The most popular ones are downloaded
75 000 times a day.
There are many success factors that must be met for your app to be successful and one of these are trust
Today’s most innovative companies are swapping stringent hierarchical systems and silos in favor of knowledge work and integrated teams. The operating model of the future will develop into a dynamic and redundant team that can respond quickly to user needs and adhere to exhaustive testing practices.
Here’s the question: Is your organization ready to make this change?
During this webinar, Crystal Miceli, Ivanti's VP Product Marketing, hosted our special guest analyst, Charlie Betz, from Forrester Research, an expert in mediating hard-to-resolve discussions around incident management, release automation and chaos engineering. He examined the challenges of older IT modeling. He’ll also shared how infrastructure and operations (I&O) professionals can build agile systems that invest in continuous learning and are compatible with modern IT service management.
This webinar will help you:
.Articulate the issues around traditional IT organization models
.Define how new processes can work in tandem with modern tech operations
.Investigate mission-driven, product-centric operating models you can adopt
.Establish a strategy for transforming your organization’s processes to meet new standards
Ivanti's own healthcare vertical expert will interview an IT leader from William Osler Health System about the unique service management challenges facing healthcare providers today and share the latest on Ivanti Neurons for Healthcare.
With employees demanding BYOD, enterprises are faced with crucial decisions regarding security for applications, devices, and network access. This session focuses on the critical path for controlling devices, data, applications, and network access in 2013 and the options available to organizations grappling with mobility security.
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
The instantaneous shift from a centralized to distributed workforce is creating an imperative for implementing new operational and security frameworks. Zero trust is emerging as the mandated InfoSec policy to address these new security priorities.
Watch the webinar to:
• Understand the zero trust framework and the technical approaches you can take based on your IT architecture
• Determine your path forward for securing and modernizing network access without replacing your existing investments
• Learn how passwordless MFA and anti-phishing capabilities can better secure users and data
• Discover how endpoint management is evolving to address vulnerabilities using AI/ML
View this webinar, hosted by Cybersecurity Insiders now.
Mobile device management and BYOD – simple changes, big benefitsWaterstons Ltd
In the second in the series of seminars Charlie Hales and Nigel Robson will demonstrate how your business could use technologies it may have already invested in, such as System Center Configuration manager (SCCM) and Exchange to enable its Mobile Device Management (MDM) & BYOD strategies.
You may find that simple infrastructure changes result in big benefits such as improved user experience and support functionality; and hardware cost reductions.
Charlie and Nigel will then focus on the functionality Intune can offer when combined with your existing SCCM infrastructure, including management of all devices (PCs and mobile) through one interface.
Accelerating Our Path to Multi Platform BenefitsIntel IT Center
This is a time of tremendous change for IT organizations everywhere.
Intel IT realized we need to enable enterprise applications to support the devices of today (touch) and also develop the applications so they are ready for the next big thing (voice and gesture). We’ve kicked-off a new initiative that focuses on accelerating delivery of applications to our business partners and employees on their mobile platform(s) of choice.
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
Organizations today are facing unprecedented and sophisticated attacks to their internal Information Technology infrastructure. These evolving attacks include spear phishing, ransomware, credential hijacking, and more and can result in significant data loss and/or theft of confidential and valuable intellectual property. In response to these threats, Microsoft has released an array of tools such as Azure Sentinel, Cloud App Security, Microsoft Defender for Identity, and more which can help to secure and protect against these threats. These tools work with both on-premises and cloud-based infrastructure to provide for comprehensive protection of hybrid environments.
This session breaks down each of these Microsoft tools and provides for an understanding of their value for specific security scenarios. A simple, no-marketing approach is taken to evaluating each individual tool, and a simple breakdown of what is provided with each Microsoft licensing model is outlined. Attendees will gain a better appreciation to which tools to utilize and how to better protect their Information Technology investments from the type of career-ending attacks which are unfortunately common today.
• Understand how modern threats such as spear phishing, ransomware, credential hijacking, and more are commonly faced in today’s IT environments and what tools and techniques can be used to mitigate the risk faced by these modern threats
• Examine Microsoft security tools such as Azure Sentinel, Microsoft Defender for Identity, Azure Security Center, Cloud App Security, Azure AD Privileged Identity Management, Azure AD Identity Protection, Azure Information Protection, and more
• Understand which tools are available for each licensing model in the Microsoft world and when it may make sense to ‘upgrade’ existing licenses to support specific toolsets as opposed to investment in third-party tools
Ivanti provides the hyper-automation platform to self-heal, self-secure and self-service from cloud to edge. Across the IT infrastructure, Ivanti provide the capability to self-heal through the discovery of all endpoints, applications and services, which when coupled with the optimisation of performance and configuration across the environment we’re able to automate to ensure productivity, system health and security are all preserved.
Elastica conducted an exhaustive analysis of over 100 million customer files in order to better understand how employees use (and occasionally abuse) file sharing apps. This data has been anonymized and aggregated and, for the first time ever, sheds some much-needed light on typical file sharing behaviors, the nature of the data being shared, including unmanaged “shadow data”, and the possible consequences of file sharing data breaches for organizations like yours.
This slideshare, “Shadow Data Exposed”, delves deeply into this research data to help you unlock the business potential of cloud sharing apps and uncover and manage the “Shadow Data” stored in them, while ensuring these apps are used safely and in compliance with your corporate policy. You will learn:
• Why traditional security technologies like DLP, firewalls, endpoint solutions and antivirus are ineffective in the brave new world of file sharing apps.
• How to spot 7 risks of managing file sharing apps, as revealed by Elastica’s big security data research.
• How to build an effective cloud app security architecture that provides visibility, control and remediation.
Box has revolutionized how employees can access, share and manage company data and collaborate more effectively. But while the distributive nature of cloud based file sharing makes it invaluable to business productivity, it also adds increased risk of malicious or accidental leakage of business-critical data.
Today’s cloud sharing services like Box require a complete rethinking of traditional security practices to ensure proper access control, security, and compliance as corporate assets migrate outside the enterprise boundary into 3rd party cloud apps. Implementing these security practices starts with gaining visibility into how cloud apps are being used by employees, identifying sensitive content and how it is being shared, uncovering risky or anomalous behavior, and proactively enforcing policies to protect against internal or external threats.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Exploring byod approaches for mobile learningDebbie Richards
Bring-your-own-device (BYOD) has emerged as a cost-effective solution, allowing organizations to adopt an mLearning approach without having to provide the devices. What are the concerns of BYOD, and how can you address them? What are the opportunities for BYOD? What are the key elements to consider when deploying mobile learning for a BYOD environment? BYOD offers employees and corporations countless business benefits, from increased efficiency to controlled costs on provisioning a mobile workforce.
This session will review the concerns and opportunities for BYOD in mobile learning. You will learn about BYOD policies, view examples, and learn about the importance of working with your IT department to ensure a successful BYOD mLearning program. You will also explore key elements to consider when deploying mobile learning for a BYOD environment. And finally, you will learn about BYOD mobile learning policies and how to implement them.
How to develop an effective strategy, framework and support model to enable BYOD or mobility in your organisation. Martin Lindeman, a Logicalis solutions consultant and ex-Cisco consulting systems engineer, goes through a 5-step process that provides a practical methodology for implementing BYOD.
IoT is a new concepts with the promises of bringing revolutionary changes in the way internet will integrate chain of devices with software. This article gives a brief approach for testing IoT solutions.
Visit this link for more details.
http://nirmalyalabs.com/blogdetails.php
Scrubbing Your Active Directory Squeaky CleanNetIQ
Bytes Technology identified Active Directory issues within their customer base, so they brought in NetIQ as a strategic partner. This deck outlines how scrubbing your environment clean with the right tools and processes will help you keep your Active Directory environment consistent, manageable, auditable and efficient.
1000+ Apps are released on Google Play and Appstore every day!
The most popular ones are downloaded
75 000 times a day.
There are many success factors that must be met for your app to be successful and one of these are trust
Today’s most innovative companies are swapping stringent hierarchical systems and silos in favor of knowledge work and integrated teams. The operating model of the future will develop into a dynamic and redundant team that can respond quickly to user needs and adhere to exhaustive testing practices.
Here’s the question: Is your organization ready to make this change?
During this webinar, Crystal Miceli, Ivanti's VP Product Marketing, hosted our special guest analyst, Charlie Betz, from Forrester Research, an expert in mediating hard-to-resolve discussions around incident management, release automation and chaos engineering. He examined the challenges of older IT modeling. He’ll also shared how infrastructure and operations (I&O) professionals can build agile systems that invest in continuous learning and are compatible with modern IT service management.
This webinar will help you:
.Articulate the issues around traditional IT organization models
.Define how new processes can work in tandem with modern tech operations
.Investigate mission-driven, product-centric operating models you can adopt
.Establish a strategy for transforming your organization’s processes to meet new standards
Ivanti's own healthcare vertical expert will interview an IT leader from William Osler Health System about the unique service management challenges facing healthcare providers today and share the latest on Ivanti Neurons for Healthcare.
With employees demanding BYOD, enterprises are faced with crucial decisions regarding security for applications, devices, and network access. This session focuses on the critical path for controlling devices, data, applications, and network access in 2013 and the options available to organizations grappling with mobility security.
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
The instantaneous shift from a centralized to distributed workforce is creating an imperative for implementing new operational and security frameworks. Zero trust is emerging as the mandated InfoSec policy to address these new security priorities.
Watch the webinar to:
• Understand the zero trust framework and the technical approaches you can take based on your IT architecture
• Determine your path forward for securing and modernizing network access without replacing your existing investments
• Learn how passwordless MFA and anti-phishing capabilities can better secure users and data
• Discover how endpoint management is evolving to address vulnerabilities using AI/ML
View this webinar, hosted by Cybersecurity Insiders now.
Mobile device management and BYOD – simple changes, big benefitsWaterstons Ltd
In the second in the series of seminars Charlie Hales and Nigel Robson will demonstrate how your business could use technologies it may have already invested in, such as System Center Configuration manager (SCCM) and Exchange to enable its Mobile Device Management (MDM) & BYOD strategies.
You may find that simple infrastructure changes result in big benefits such as improved user experience and support functionality; and hardware cost reductions.
Charlie and Nigel will then focus on the functionality Intune can offer when combined with your existing SCCM infrastructure, including management of all devices (PCs and mobile) through one interface.
Accelerating Our Path to Multi Platform BenefitsIntel IT Center
This is a time of tremendous change for IT organizations everywhere.
Intel IT realized we need to enable enterprise applications to support the devices of today (touch) and also develop the applications so they are ready for the next big thing (voice and gesture). We’ve kicked-off a new initiative that focuses on accelerating delivery of applications to our business partners and employees on their mobile platform(s) of choice.
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
Organizations today are facing unprecedented and sophisticated attacks to their internal Information Technology infrastructure. These evolving attacks include spear phishing, ransomware, credential hijacking, and more and can result in significant data loss and/or theft of confidential and valuable intellectual property. In response to these threats, Microsoft has released an array of tools such as Azure Sentinel, Cloud App Security, Microsoft Defender for Identity, and more which can help to secure and protect against these threats. These tools work with both on-premises and cloud-based infrastructure to provide for comprehensive protection of hybrid environments.
This session breaks down each of these Microsoft tools and provides for an understanding of their value for specific security scenarios. A simple, no-marketing approach is taken to evaluating each individual tool, and a simple breakdown of what is provided with each Microsoft licensing model is outlined. Attendees will gain a better appreciation to which tools to utilize and how to better protect their Information Technology investments from the type of career-ending attacks which are unfortunately common today.
• Understand how modern threats such as spear phishing, ransomware, credential hijacking, and more are commonly faced in today’s IT environments and what tools and techniques can be used to mitigate the risk faced by these modern threats
• Examine Microsoft security tools such as Azure Sentinel, Microsoft Defender for Identity, Azure Security Center, Cloud App Security, Azure AD Privileged Identity Management, Azure AD Identity Protection, Azure Information Protection, and more
• Understand which tools are available for each licensing model in the Microsoft world and when it may make sense to ‘upgrade’ existing licenses to support specific toolsets as opposed to investment in third-party tools
Ivanti provides the hyper-automation platform to self-heal, self-secure and self-service from cloud to edge. Across the IT infrastructure, Ivanti provide the capability to self-heal through the discovery of all endpoints, applications and services, which when coupled with the optimisation of performance and configuration across the environment we’re able to automate to ensure productivity, system health and security are all preserved.
Elastica conducted an exhaustive analysis of over 100 million customer files in order to better understand how employees use (and occasionally abuse) file sharing apps. This data has been anonymized and aggregated and, for the first time ever, sheds some much-needed light on typical file sharing behaviors, the nature of the data being shared, including unmanaged “shadow data”, and the possible consequences of file sharing data breaches for organizations like yours.
This slideshare, “Shadow Data Exposed”, delves deeply into this research data to help you unlock the business potential of cloud sharing apps and uncover and manage the “Shadow Data” stored in them, while ensuring these apps are used safely and in compliance with your corporate policy. You will learn:
• Why traditional security technologies like DLP, firewalls, endpoint solutions and antivirus are ineffective in the brave new world of file sharing apps.
• How to spot 7 risks of managing file sharing apps, as revealed by Elastica’s big security data research.
• How to build an effective cloud app security architecture that provides visibility, control and remediation.
Box has revolutionized how employees can access, share and manage company data and collaborate more effectively. But while the distributive nature of cloud based file sharing makes it invaluable to business productivity, it also adds increased risk of malicious or accidental leakage of business-critical data.
Today’s cloud sharing services like Box require a complete rethinking of traditional security practices to ensure proper access control, security, and compliance as corporate assets migrate outside the enterprise boundary into 3rd party cloud apps. Implementing these security practices starts with gaining visibility into how cloud apps are being used by employees, identifying sensitive content and how it is being shared, uncovering risky or anomalous behavior, and proactively enforcing policies to protect against internal or external threats.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Exploring byod approaches for mobile learningDebbie Richards
Bring-your-own-device (BYOD) has emerged as a cost-effective solution, allowing organizations to adopt an mLearning approach without having to provide the devices. What are the concerns of BYOD, and how can you address them? What are the opportunities for BYOD? What are the key elements to consider when deploying mobile learning for a BYOD environment? BYOD offers employees and corporations countless business benefits, from increased efficiency to controlled costs on provisioning a mobile workforce.
This session will review the concerns and opportunities for BYOD in mobile learning. You will learn about BYOD policies, view examples, and learn about the importance of working with your IT department to ensure a successful BYOD mLearning program. You will also explore key elements to consider when deploying mobile learning for a BYOD environment. And finally, you will learn about BYOD mobile learning policies and how to implement them.
How to develop an effective strategy, framework and support model to enable BYOD or mobility in your organisation. Martin Lindeman, a Logicalis solutions consultant and ex-Cisco consulting systems engineer, goes through a 5-step process that provides a practical methodology for implementing BYOD.
Mobile Solutions and Privacy – Not One at the Expense of the Otherbradley_g
A presentation by Commissioner Cavoukian to Telus Security Solutions on privacy risks inherent in mobile communications and how the positive-sum solution of Privacy by Design can mitigate those risks.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
On World Backup Day 2014, the Data Loss Gremlins unleashed a dastardly attack on businesses worldwide! Intronis has published this Tech Guide, the 6 Ways to Fight the Data Loss Gremlins, to help IT solutions providers protect their clients from any data loss disaster.
Moving from a Data Center to a Hybrid IT Environment SecurelyJeff Green
IPEXPO presentation on 10 things to consider when moving from datacenter only environments to cloud based infrastrucutre. Highlights some of the security considerations and things to think about.
3. 1. The best solution is largely dependent on the
nuanced situation and company policies
surrounding information security.
2. Biometrics with OTP technology will improve
security for Enterprise data.
3. The choice of template data storage platform
depends on the requirements of the system and
organization.
HYPOTHESIS
4. PROJECT OBJECTIVES
a)How do members of the enterprise currently interact with
biometrics enabled mobile devices or smart cards?
b)How do multi-factor authentication techniques, such as
the incorporation of OTP, for biometric authentication on
mobile devices affect overall usage?
c) How should templates be stored on mobile devices?
d)How should companies allow portable biometrics while not
compromising security and privacy of the biometric.
Key Takeaway: security, privacy, and convenience
are the primary concerns in portable biometrics
6. CHALLENGES FOR IMPLEMENTATION
1. BYOD initiatives in the modern enterprise
a. Experience across devices is not uniform
b. Monitoring apps and devices
c. Insecure cloud services or apps
d. Remotely wiping devices (2)
2. User Interactions
a. Malicious Applications
b. Poorly selected or absent pins/passwords
c. Poorly managed security updates
d. Lost devices
(3)
7. LITERATURE REVIEW FINDINGS:
•Assume that the networks between the mobile
device and the organization cannot be trusted
•Informed consent and privacy legislation
•Ensure all biometric data will be securely
stored and safeguarded.
KeyTakeaway:The only effective way to implement portable biometrics
in the workplace is to create stringent and informed corporate policies
8. SOLUTION ON BYOD
•Largely dependent on the situations and
preferences of the enterprise:
•Allow all BYOD (Embrace)
•Allow limited device types, OS versions,
users (Contain)
•Don’t allow any BYOD (Block)
Key Takeaway: There is no silver bullet
4
9. BYOD Regulatory Apps
Types:
1.Data in Remote workspace
2.Data on device
Challenges:
1.Legacy software
2.Multiple Mobile Platforms
5
Key Takeaway: Organizations should maintain a
distinction between corporate data and personal data
10. One Time Password (OTP)
Currently:
Something "you have"
provides you with
something “you know"
With biometrics:
Something "you have"
prompts you to provide
proof of "what you are" to
gain something “you know”
(5)
Key Takeaway: Marrying OTP and Biometrics will
be effective in the described use cases
7
6
11. Storage Options
Device Storage
Local storage in the memory of
a singular device that allows
that device to access and use
data without making it
accessible to other devices
through sharing mechanisms.
Cloud Storage
Cloud storage is storage on an
internet server that can be
accessed by a multitude of devices
from any location.
Definition: "a model for enabling
convenient, on demand network
access to a shared pool of
configurable computing resources
… that can be rapidly provisioned
and released with minimal
management effort or service
provider interaction" (NIST 8)
9
12. CLOUD V DEVICE STORAGE
Cloud Advantages Cloud Disadvantages Device Advantages Device Disadvantages
Extremely Portable Requires trust in the
server
Encryption allows better
privacy for the user
Requires trust in the user
Offers the option for
multi-device use
May reduce privacy for
the user
User has full control over
access and deletion of
device
Device could be stolen or
lost, and template lost
with it
The template may be less
secure
Uses storage capacity
already available from
the phone
Employee interaction
with the template is less
visible to the enterprise
May have additional fees
associated with data
storage
Localized use
Key Takeaway: Neither is a perfect solution
13. NEXT STEPS
1.Develop prototypes to test OTP systems and how
biometrics affects their hackability and usability.
2.Work with Cloud team to test whether device storage
or cloud storage is better for use in the enterprise.
• Hypothesis: The best storage method depends on the
circumstances
• Follow up testing if the hypothesis is correct: Which
circumstances require which form of storage and why?
3.Create a survey to distribute to members of the
enterprise gaging current security awareness and
reactions to privacy concerns.
KeyTakeaway: Assessment of technology and Best
Practices document