Upload
tranthuy
View
213
Download
0
Embed Size (px)
Citation preview
Trend > More Devices Add Up to More Security Risks
The increasing use of smartphones, tablets and other wireless mobile devices in the
enterprise, together with the growing popularity of “bring your own device” (BYOD)
computing, exposes your organization to a new set of security risks.
What’s more, the rise of cloud computing, and the exponential growth of “big data”
gathered from embedded “smart” embedded devices poses a whole new category
of security threats.
Unmanaged mobile devices are
vulnerable. The growing BYOD trend
requires up-to-date management policies,
coupled with robust document
management procedures and
infrastructure monitoring to
guard against unauthorized
connections.
78%78 percent of enterprises in
North America and Europe surveyed
by Forrester Research identified
mobile security as a ‘critical’ or
‘high priority.’
(Source: Forrester Research, “Latest IT Trends for Secure Mobile Colaboration” 2013, commissioned by Cisco Systems)
Trend > Threats Grow as Personal Tech Moves into the Workplace
The lines are blurring between personal technology and company-owned technology in the workplace.And this trend works two ways:
• Employees are uploading personal applications onto company-owned devices.
• And they are loading high-value business content onto personal devices, and to
potentially unsecure cloud-based storage.
Recent statistics show attacks against devices and networks are increasing in both scale
and variety.
Mobile malware is a growing threat. Android users accounted for 71 percent
of mobile malware encounters in 2013, followed by Apple iPhone users at 14 percent.
Many users download
mobile content WITHOUT considering security.
(Source: Cisco 2014 Annual Security Report)
Cumulative threat alert totals
increased 14 percent
year-over-year from 2012 to 2013.
14%
Trend > Smart Embedded Devices are Also Vulnerable
Security may be an afterthought in network-connected “smart devices.” Internet
connected and wireless embedded devices, including office equipment, point-of-sale
terminals, information kiosks, surveillance systems and interactive signage, may lack
adequate security safeguards.
As the population of smart devices continues to
expand, organizations need to invoke best practices for
monitoring, management, anti-malware defense and
protection of critical data assets.
Data analytics involve privacy implications. Policies to
protect private data are essential to avoid loss of trust and
potential liability issues.
(Source: Cisco 2014 Annual Security Report)
Trend > In the era of “big data,” mining and analysis of data from embedded devices can create a competitive advantage for many businesses.
“Malicious traffic is visible on 100 percent of corporate networks.”
Focus > End-to-End Security is More Complex Now
End-to-end security includes the security solutions used to protect the devices at
either end of a network connection.2
Until relatively recently, these endpoints consisted almost solely of servers at the
back end, and PCs at the front end. This client-server architecture simplified
endpoint security because an IT staff could control the servers and PCs connected
to the network.
In the “post-PC” era, smartphones, tablets, and embedded computing and
communications systems, have seriously complicated end-to-end security challenges.
Implementing effective end-to-end security protection involves many elements: • Verifying the identity of every connected device and user
• Establishing secure connection sessions
• Encrypting and decrypting sensitive data
• Keeping devices and applications (such as Web browsers) free of software bugs
and malware
• Ensuring users know and observe best practices
• Protecting the network itself solutions including traffic monitoring and intrusion detection
2 Behringer, Michael, Cisco Systems. “End-to-End Security” Published in The Internet Protocol Journal, Vol. 12. No. 3. Retrieved from http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-3/123_security.html
Get started with a comprehensive end-to-end security policy that
covers all endpoint devices, as well as the network.
• Conduct a thorough security vulnerability assessment of your
environment, including all connected client devices, cloud services
and social media.
• Discover points of security vulnerability; then define and enforce
effective preventative policies for secure operation of devices,
applications and service.
• Harden all endpoint and mobile devices, and require layers of
authentication for users and devices.
Get Prepared Step 1
• Protect and defend devices against viruses and malware.
• Perform comprehensive patch management.
• Encrypt classified data.
• Block intruders and prevent unauthorized physical access, in addition to
blocking unauthorized devices and software in accordance with policies.
• Implement two-factor authentication procedures.
• Consider tokenization systems to protect transactions.
• Install network intrusion detection systems (IDS) and security protocols,
such as IPSec.
• Comply with industry standards such as the Payment Card Industry Data
Security Standard (PCI DSS).
Defend Your AssetsStep 2
• Monitor network traffic and log files to identify security-related events.
• Track outbreaks from beginning to end.
• Isolate affected endpoint devices and network elements, such as routers
and gateways.
• Perform remediation.
This phase often involves the use of security information management
systems (SIMS) and forensics applications.
Contain and Remediate Step 3
Action > Connect with Insight for the Answers You Need
Insight’s endpoint and network expertise includes planning and
consulting across all phases of cyber security protection:
• Compliance management
• Network security
• Recovering from security breaches
• Evaluating security vendors
• Policy-based threat and risk management
• Authentication and access control
• Data loss prevention
• Data encryption
• Endpoint management
• Mobile device management
• Data center and network security optimization
Schedule a personal consultation today.
1.800.INSIGHT
Insight > Resources You Can Rely On
Insight is a global provider of information technology hardware,
software and service solutions to business and public sector
organizations.
• $5.1 billion in revenue in 2013
• 5,200 teammates worldwide
• Operations in 22 countries, serving clients in 180 countries
• 2,300+ product and industry certifications
• Partnerships with 5,000 manufacturers and publishers
• More than 70,000 commercial and public sector clients worldwide
• Global software reseller with extensive License Management Services
• Software lifecycle support for 80 percent of Global Fortune 500
• Number 470 on the 2013 Fortune 500