Re-thinking Enterprise Security - Aventri

Re-thinking Enterprise Security:

Challenges & Opportunities

of Employee-Owned Devices

Mary Rossell

Manager

Enterprise Information

Security Operations

2

Copyright © 2012, Intel Corporation. All rights reserved.

Legal Notices

This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark

and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the

results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of

that product when combined with other products.

For more complete information about performance and benchmark results, visit www.intel.com/benchmarks

BunnyPeople, Celeron, Celeron Inside, Centrino, Centrino Atom, Centrino Atom Inside, Centrino Inside, Centrino logo, Core Inside, FlashFile, i960, InstantIP, Intel,

Intel logo, Intel386, Intel486, IntelDX2, IntelDX4, IntelSX2, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside logo, Intel NetBurst, Intel NetMerge, Intel

NetStructure, Intel SingleDriver, Intel SpeedStep, Intel StrataFlash, Intel Viiv, Intel vPro, Intel XScale, Itanium, Itanium Inside, MCS, MMX, Oplus, OverDrive,

PDCharm, Pentium, Pentium Inside, skoool, Sound Mark, The Journey Inside, Viiv Inside, vPro Inside, VTune, Xeon, and Xeon Inside are trademarks of Intel

Corporation in the U.S. and other countries.

Copyright © 20112 Intel Corporation. All rights reserved.

http://www.intel.com/benchmarks

3


“I need IT to understand the way I work and the needs that I have and incorporate my needs into their solution.”

Consumerization… A Key Enterprise Trend

4


Some Perspective….

• 1994 - Email has no place at work

• 1996 - Internet access has no place at work

• 1998 - eCommerce is too high risk for our company

• 2002 - Instant Messaging has no place at work

• 2004 - Mobility & Wireless has no place at work

• 2007 - Social Software has no place at work

• 2011 – Consumer devices have no place at work

Source: Adapted from Go Big Always

Keep Your Scary Devices, Software, Services Out of the Workplace!

5


consumerization n. a stable neologism that describes the

trend for new information technology to emerge first in the

consumer market and then spread into business organizations,

resulting in the convergence of the IT and consumer

electronics industries…

Wikipedia, January 2012

Reality - Consumer Devices are Already at Work

6


The Challenge

How Do We Balance?

Employee Productivity

& IT Cost Efficiencies

Risk in the

Enterprise

• Privacy

• E-discovery

• Data Protection

• Malware Risk

• HR and HR Legal concerns

• Geography differences

7


It’s Not Only About Technology

• Need to reorient traditional corporate mindset – Who is responsible to define policy and enforce compliance ?

Legal? HR? IT? Security?

– Risk taking is not part of the culture in some of these groups

– Reluctance to characterize risk, especially where legal precedence does not exist … may be difficult to get anything in writing

• Traditional requirements need to be re-evaluated HR & Legal implications for anything “personal” confuse

the way we think about and design for the employee

• Privacy

• Legal Discovery

• Appropriate Use

• Ergonomics

• Compensation

• Taxation

• Software Licensing

• Liability

How Do We Enforce Policy in This New World?

8


Client Environment at Intel

• Shift to laptops and mobility began in 1997

• Ubiquitous wireless access points started in 2002

• End point security critical – Clients traditionally have been expected to resist attack

• We have always allowed for reasonable personal use of devices on and off network

9


The Opportunity

Manage risk while allowing personal devices

10


Approach

• Involve the users in creating a policy

• Make the process open with blogs, forums and invitations to participants

• Get the employees thinking about what they would allow others to do.

• Encourage constructive criticism

• Build a diverse team and don’t aim for unanimous agreement

11


The Policy Team

Internal communications

Privacy Management

Legal

E Discovery

Investigations Finance HR

Co-Workers

The Employees

Employee Service Agreement

This agreement is between Intel Corporation and its employees using devices owned by Intel or employees choosing to use their own personal devices.

In either case…

Diverse Functions Working Together

12


Software & Services

• Software License requirements, what's free for

personal use may not be for company use

• User paid for data storage - e.g. Google docs

• Collaboration tools like remote screen sharing

• GPS Map updates

• Location based services

• Voice services

13


Five Tier Model to Get Value and Manage the Risk

Multiple Tiers Give Greatest ROI & Security

14


Security model defined

Exceptions accepted

Technology Identified

Communications

Policy

Service Agreement

Training

Penetration test

Our solution never stops

evolving

15


Emerging Cloud Managed Client-aware

• Cloud Computing • On demand computing • Elastic, ubiquitous • Virtual computing • Device independent mobility • N-screens • 3D Internet

Public Cloud Services

Private Cloud Services

Personal Cloud Services

Enterprise Client Evolution

Centrally Managed Virtual Client

• CHV (DVC) & SHV (VDI)

• Drive to centralized administration • Virtual workspaces • 1:many user/device • Compute, collaborate & communicate • Wireless broadband

Evolving Today

Device Managed Fixed & Mobile

Client

• Focus on TCO efficiency

• “One size fits all” • Monolithic image locked to device • Mainstream mobility • Internet Computing

Unmanaged Fixed Client

• Security Challenges • Unmanaged • Inefficient

operations • Client-server

Yesterday

Device Centric User Centric

http://images.google.co.uk/imgres?imgurl=http://gadgetsworld.co.in/wp-content/uploads/2008/12/netbook-snapshot.jpg&imgrefurl=http://gadgetsworld.co.in/2008/12/netbook-tips-how-to-choose/&usg=___vKM5QIDLSehuwh9Fc51VF36S5Y=&h=620&w=600&sz=45&hl=en&start=6&um=1&tbnid=srCzDyIwtpuUFM:&tbnh=136&tbnw=132&prev=/images?q=netbook&hl=en&rlz=1T4GZEZ_en-GBGB287GB287&sa=N&um=1

http://images.google.co.uk/imgres?imgurl=http://gadgetsworld.co.in/wp-content/uploads/2008/12/netbook-snapshot.jpg&imgrefurl=http://gadgetsworld.co.in/2008/12/netbook-tips-how-to-choose/&usg=___vKM5QIDLSehuwh9Fc51VF36S5Y=&h=620&w=600&sz=45&hl=en&start=6&um=1&tbnid=srCzDyIwtpuUFM:&tbnh=136&tbnw=132&prev=/images?q=netbook&hl=en&rlz=1T4GZEZ_en-GBGB287GB287&sa=N&um=1

16


Allowing Personal Devices at Intel

• ~30,000 handhelds & tablets today

• Growing number & diversity; choice of service plans

• Service Agreement with manager approval

• Focused services – e.g. email, calendar, contacts, etc.

• Support 99% of the mobile OS market

• 640,000 emails via personal handhelds per qtr

• Avg. 57 minutes user productivity (time back per day)

• Fewer unauthorized devices on our network

Program Status Smart Phones & Handhelds

Tablets & Readers

Business Value

Improved Employee Productivity Through Work Flexibility

17


Security Advantages

• Higher level of employees awareness

– Want to protect their device & data

– Choosing more secure devices

– Chasing IT for security fixes

• Quick refresh – oldest device 2 years

• Less data exposed - device compromise won’t give everything

• More control factors, users help with security settings

• Mobility improves availability risk by improving time to respond, time to contain, and time to recover from events

18


Key Messages

• Consumerization works at Intel – greater security and

improved employee productivity

• Employees involvement & openness improves processes

and policy compliance

• Don’t forget about software and services

• ROI / Business Value – recognizable but difficult to quantify

• Doing nothing is not an option. Employees will work around

and unknowingly expose the enterprise

19


Resources

To learn more visit: Intel.com/IT

Enabling Personal Handheld Devices in the Enterprise

Preparing the Enterprise for Impact of Alternative Form Factor Devices

Enabling Smart Phones in Intel’s Factory Environment

Planning for the Future of Enterprise Computing: the Compute Continuum

Applying Client-aware Technologies for Desktop Virtualization and Cloud Services

https://www-ssl.intel.com/content/www/us/en/it-management/intel-it/intel-it-best-practices.html

http://www.intel.com/content/www/us/en/intel-innovation/inte-it-it-leadership-benefits-of-enabling-personal-handheld-devices-in-the-enterprise-practices.html

http://communities.intel.com/docs/DOC-6833


http://www.intel.com/en_US/Assets/PDF/whitepaper/iai_future_enterprise_computing_preparing_compute_continuum.pdf




Documents

Re-thinking Enterprise Security - Aventri