Upload
rhett-biglin
View
215
Download
3
Tags:
Embed Size (px)
Citation preview
Understanding the benefits and the risks.
Presented by Corey Nachreiner, CISSP
BYOD - Bring Your Own Device or Bring Your Own Danger?
The way we wereHardware, software, and not much more.
2
Change began in 2007
Business risk increased significantly
Social Media encouraged sharing of confidential information
The way we areMobile technology and social media have changed everything.
3
4
The love affair employees have with mobile devices assures that they are here to stay.
Blurring of the linesWork anytime, anywhere.
40% of devices are consumer owned
80% of professionals will use 2 or more devices
Corporate systems and data are more accessible than ever
Do the benefits of BYOD outweigh the risks?More security challenges and less control.
5
2008
2009
2010
2013
2007200
6
2011
2012
2005200
4
The benefits of adopting a BYOD strategyDo the pluses outweigh the minuses?
Mobile devices are less expensive than old-school IT assets
Less provisioning and managing means less cost
Increased productivity
6
BYOD Challenges!
You can’t protect what you don’t knowUnderstanding and managing risks associated with BYOD.
!8
9
!
Risking data lossThe consequences can be extreme.
One office data breach can incur
– legal fees– disclosure expenses– consulting fees– remediation expenses
One retail data breach can incur
– credit monitoring expenses– legal settlements– information control audits
Risky viruses & malwareMobile devices offer little protection.
10
!
Uninvited guests
Enter workplace via consumer devices
Access to other devices and data
Potential for company-wide infections
The risk from hackers and intrusions.
11
!
12
!
The arrival of browser zombiesTrouble at every turn.
Man-in-the-Browser (MitB) attacks will escalate
Traditional malware runs every time a computing device is turned on
Browser malware only takes control of the web browser
13
!
Policy enforcementIT is challenged by a BYOD workplace.
Creating device-specific policies is difficult
We’ve given up some direct control
Solutions for these mobile platforms are immature
Challenges to productivityAdopting & enforcing a BYOD strategy.Younger employees collaborate in new ways
Employees want freedom to use mobile devices at work
Secure access solutions are necessary for empowering employees to work anywhere
14
!
BYOD Missteps
15
Failure to know what employees are doing on the network prevents successful planning
1. Not knowing what devices and applications are being used.
BYOD missteps
16
Employees accessing social networks and social applications are not always wasting time
2. Not knowing how your social media strategy works with your BYOD policies.
BYOD missteps
17
passwor
User-generated passwords are often weak and can compromise IT systems
3. Weak password management.
BYOD missteps
18
BYOD Strategies
Determine which devices are allowed to access the network
Determine which devices you will support
Focusing on policy is the first step.
Policy = Simplicity
20
Separate work from fun Make sure employees understand the rules and the risks.
Work life and personal life should be kept separate
To get network access, employees must agree to acceptable use policies
IT should monitor activity
21
Protect corporate dataFor high-level protection, limit access to devices that support VPN connectivity and require a secure connection
Limit access using VPN.
23
Application control strategies make BYOD policies more secure
Decide which applications are acceptable, and which are not
Segment networks for additional protection
Applications should not be ignored.
Controls that go beyond mobile devices
24
Consider additional risksAre you subject to controls such as HIPAA or PCI DSS?
If a device is lost, can you wipe the data?
Do employees know what rights they give up when using a mobile device?
Best practices and policy enforcement are essential
25
BYOD & WatchGuard
Manage BYODwith WatchGuard
WatchGuard makes managing BYOD easy by designing all products with easy-to-use policy tools. Administrators can enforce policies for small businesses or large enterprises
Easy-to-use security services for IT administrators.
27
Control the network and the applications
Easily and quickly set up network segments
Maintain compliance and high-security
Monitor over 1,800 types of applications
WatchGuard products give you control over how devices are used.
28
Protect all connected devices from mobile malware.
WatchGuard utilizes a “best-in-class” approach, ensuring network connected devices are shielded with an antivirus umbrella.
The network perimeter is the first line of defense.
29
d
Safe surfing solution
Resides at the gateway
Device agnostic
Easy for IT to set up
WatchGuard’s WebBlocker protects users in hostile environments.
30
Protect corporate dataFor high-level protection, limit access to devices that support VPN connectivity and require a secure connection
Limit access using VPN.
31
What’s connected? What’s being used?
Logging and reporting are one of the most valuable resources that IT can leverage for a BYOD strategy. This insight helps protect resources and address areas of concern
WatchGuard illuminates trouble spots and potential
32
Summary
!
!
34
A major trend that is changing IT.
BYOD is here to stay
Will grow in size and scope
Presents new challenges and opportunities
A BYOD strategy is critical for data security
Thank You
35