You Got Chocolate On My iPad! Barry Caplin Chief Information Security Officer MN Department of Human...

You Got Chocolate On My iPad!

Barry Caplin

Chief Information Security Officer

MN Department of Human Services

MN Gov’t. IT Symposium

Session 100: Thurs. Dec. 8, 2011

barry.caplin@state.mn.us

bc@bjb.org, @bcaplin, +barry caplin

(Toys in the Office)

http://about.me/barrycaplin

Apr. 3, 2010

300K ipads1M apps250K ebooks… day 1!

http://www.bbspot.com/News/2010/03/should-i-buy-

an-ipad.html

Don't Touch!

Pharmaceuticalcoating

• 17% have > 1 in their household• 37% - their partner uses it• 14% bought cause their kid has one• 19% considering purchasing another

http://today.yougov.co.uk/sites/today.yougov.co.uk/files/Tablet_ownership_in_households.pdf

Of iPad owners...

Our Story Begins...

PEDs

Computers

Device Convergence

Example

• The “PED” policy• Personal Electronic Device

• Acceptable use• Connections• Data storage

1 Day

5 Stages of Tablet Grief

• Surprise• Fear• Concern• Understanding• Evangelism

Considerations

What needs to change for “local” remote access?

BYO

BYO

BYOC or BYOD

Security Concerns

Data Leakage

Unauthorized Access

“Authorized” Access

Risk v Hype

How can we do BYOC?

Method 1 - Sync

• Direct or Net ConnectIssues:• Need Controls – a/v, app install control,

filtering, encryption, remote detonation• Authentication – 2-factor?• Leakage!• Support

Method 2 – ssl vpn• Citrix or similarPros:• Leakage – no remnants; disable screen

scrape, local save, print• Reduced support needed• Web filtering coveredIssues:• Unauthorized access still an issue; User

experience; Support

Method 3 – data/app segregation• Encrypted sandbox• Separate work and home• Many productsPros:• Better user experience• Central management/policy• Many products – local/cloud• Leakage – config separation, encryptionIssues: access ; support; cloud issues

DHS view

• Policy• Supervisor

approval• Citrix only• No Gov't records

on POE (unencrypted)

• 3G or wired

• Guest wireless• 802.1x• FAQs for

users/sups• Metrics

Other Issues

• Notes or manually entered data• Enterprise email/OWA• Discovery• Voicemail/video

The Future

• More tablets/phones/small devices• More “slim” OS's – chrome, android,

ios, etc• Cost savings/stipend?• Cloud• User Experience – Citrix GoldenGate,

Divide, Good• BES Fusion

Capabilities to Consider

• Device encryption• Transport encryption• Complex PWs/policy• VPN support• Disable camera• Restrict/block apps• Anti-malware InfoWorld March 2011 MDM Deep

Dive

• Restrict/block networks

• Remote lockout• Remote/selected wipe• Policy enforcement• OTA management• 2-factor/OTP

Discussion…

Slides at http://slideshare.net/bcaplin

barry.caplin@state.mn.us

bc@bjb.org, @bcaplin, +barry caplin