• Home

  • Technology

  • IT Consumerization – iPad’ing the Enterprise or BYO Malware?
132
BAR RY CAPLI N IT CONSUMERIZAT I ON MON . MAY 13, 20 13, 8 A

IT Consumerization – iPad’ing the Enterprise or BYO Malware?

Tags:

Embed Size (px)

DESCRIPTION

Companies are increasingly encouraging employees to purchase their own devices such as smartphones, tablets and laptops to use at work according to a recent survey by CIO magazine. The acronyms BYOC and BYOD (like Bring Your Own Beer - Bring Your Own Computer/Device) have become mainstream technology terms. But what does BYOD mean for the enterprise? Can we mix personally owned devices and enterprise workstations/cellphones in our environment? How do we control configuration and data on personal devices? What about malware and other security concerns? What about improper disclosure of private data and intellectual property? And how will staff get work done when they are busy playing Angry Birds? Is BYOD the flavor of the week or is the future of end-user hardware? Regardless of how security leaders may feel about the concept, we need to be prepared. We must understand what is driving BYOD, how it may, or may not, fit our environments, and have policy and tools ready. In this interactive session we will discuss: What is IT Consumerization/BYOD? What are the benefits and concerns? Is there a cost savings? What are the Security concerns - BYOMalware? How do we protect data? And how can I start BYOD in my organization? And yes, you can Bring Your Own Devices to this session! Secure360 05-13-2013.

Citation preview

  • 1. WELCOME TO SECURE360 2013 Dont forget to pick up your Certificate ofAttendance at the end of each day. Please complete the Session Survey frontand back, and leave it on your seat. Are you tweeting? #Sec360

2. WELCOME TO SECURE360 2013 Come see my talks on Wed! The Accidental Insider Wed. 1:15P 3 Factors of Fail! Wed. 2:35P 3. http://about.me/barrycaplinsecurityandcoffee.blogspot.com 4. Housekeeping Were here all morning! There will be breaks (but make your own if you need one) Questions ask em if you got em IT Consumer devices on of course! (butvibrate or silent would be polite) 5. AgendaAdmire the problemSolve the problem(kind of) 6. Please ShareThis is not a solved problem(I dont know what is!)We all learn from each othersexperiences 7. Agenda 1Admire the problemFraming the IssueSolve the problem (kind of) 8. Etrade baby video 9. Baby trying to scroll magazine like ipad video 10. Why are we here?1. Have a program2. Considering a program3. Just discovered iPads in the office4. Wanted out of the office for themorning 11. What is IT Consumerization? More than just devices. 2 Parts: Consumer devices Consumer software tools Using these in the workplace in addition to,or instead of, company provided 12. Why are we talking about this?But really, allconnected! 13. History 1980s Early home PCs Could augment work withhome learning/practice First MacMac$2500Commodore 64$600 14. History 1980s luggablesIBM Portable 5155$422530 lbs4.77MHz 8088 15. History 1990sHome machinesget smallerLaptopsPDAs 16. History 2000sLaptops get lighterPDAs go mainstream(then disappear!)BlackberryiPhone/Android 17. History Now 18. Apr. 3, 2010300K ipads1M apps250K ebooks day 1! 19. Apple 12 20. 2011 tablet/smartphonesales exceededPCs 21. The real reason we need tablets 22. Dont Touch!Pharmaceuticalcoating 23. 17% have > 1 in their household 37% - their partner uses it 14% bought cause their kid has one 19% considering purchasing anotherhttp://today.yougov.co.uk/sites/today.yougov.co.uk/files/Tablet_ownership_in_households.pdfOf iPad owners... 24. Business Driver? 25. What about 26. IneffectiveControls 27. Forrester 2011 study 37% using consumertech without permission IDC survey 2010 30% BYOPC / 2011 40% 2010 69% company device / 2011 59% Use of social doubled Most important tool 49% laptop, 9%tablet, 6% smartphone 28. Self Sufficient? PwC white paper:companies that have allowed Macintoshcomputers into their workplaces findthose users support themselves and eachother. The same is true of iOS and Androidmobile users, users of software as a service[SaaS] and other cloud services, and socialnetworking users. 29. Empowered EmployeesForrester report, HowConsumerization Drives Innovation,a businesss best friend Empowerment Drives Innovation Empowered employees improve processesand productivity 30. Empowered EmployeesSelf-taught experts know: how to use smartphones, tablets, Webapps like Google Docs and Dropbox what theyre good for how they can help the business willing to do just that 31. BenefitsForrester lists four1. Communications internal use speedscommunication2. Social use of tools to be in touch withcustomers and shape message/attitude3. HR allow personal devices and you attractyoung workers4. Productivity much consumer tech is self-supported 32. Our Story Begins... 33. PEDsComputersDevice Convergence 34. Example The PED policy Personal Electronic Device Acceptable use Connections Data storage 35. 1 Day 36. 5 Stages of Tablet Grief Surprise Fear Concern Understanding Evangelism 37. ConsiderationsScaled-downdevice vmulti-purposecomputerWant v NeedReducedattacksurface veggs in onebasketNeed formobility vmobileissuesDoes remoteaccess apply? 38. What needs to change for localremote access? 39. BYO 40. BYOBYOC or BYOD 41. Agenda 2Admire the problemFraming the IssueSecurity ConcernsSolve the problem (kind of) 42. Security Concerns 43. ConsiderationsPhysical*Access control*LogicalData*CommunicationsValidation (config control)Havent been around that longUsers are the administrators 44. Data Leakage 45. Unauthorized Access 46. Authorized Access 47. Risk v Hype 48. LegalIANALPrivacy mixing staff/company dataDiscovery on POESeparation what going out the door? 49. LegalCollection when staff leaveHow do you?: Get data from a personal device? Keep personal data off company networks? 50. Phones and textingPhone?Exposing personal phone numberVoicemailText history and storageSiri, Google Now, etc. 51. Consumer SoftwareWe have enough problems withcommercial and internally developedsoftware!Privacy policiesLeakageDiscovery 52. Consumer SoftwareOwnershipData Disposition if they go underCompetitive IntelligenceTrade SecretsMixing personal and professional(twitter) 53. The Business Side 54. The Business SideIt is critical that weThink asAre seen asA strategic partner with the businessThis doesnt happen enough 55. A Doctor Lawyer Salesperson Systems AdministratorWalk into a bar 56. Use CasesWhat do you need?What do you want? 57. Security ResponseConsider the business requestWhat works?What doesnt?What compromise can be made? 58. Agenda 3Admire the problemFraming the IssueSecurity ConcernsSolve the problem (kind of)BYOD 59. What is IT Consumerization? More than just devices. 2 Parts: Consumer devices Consumer software tools Using these in the workplace in addition to,or instead of, company provided 60. Three Main IssuesTechnologyPolicyFinancial 61. How can we do BYOD? 62. CapacityNot necessarily a security issueWith greater use:Access Points (issue with anyportables)Upstream bandwidth3G/4G repeaters 63. BenefitsCostsProductivityInnovationSpeed to MarketOften better home device morefrequent upgrade 64. BenefitsDeputized IT rather than Shadow ITUsers help each otherAlways-On =? Always-Available(hourly issues)This takes time 65. 2 Key Financial DecisionsProvisioningPurchasePlanUsageWho Pays 66. More DecisionsUsageTermsSoftwareWipe (remote detonation)Lock (aut0-detonation?)EncryptionMonitoringManagement 67. 2012 Trend Micro studyPros and cons that emerged from the analysis: 12%+ productivity 15%- device replacement costs 8%- reimbursement for employee data expense 5%- training/education costs 3%+ bottom line revenues 8%+ help desk calls 7%+ MDM costs 3%+ corporate liable data costs 3%+ server costs 2%+ regulatory compliance expenses 68. Classic Security BalanceControlUsability 69. Security ChallengesExposure of dataLeakage of data sold, donated, tossed,repaired drivesMalwareBut dont we have all this now??? 70. Cant be bothTrend Micro survey91% of employees would not grantemployer control over personal device80% of enterprises stated they wouldhave to install managementmechanisms on mobile devices. 71. Impasse?Resolution is in approachStrategicCross-organizationBusiness and IT togetherHR, Security, Privacy, Legal, Audit 72. Impasse?Define approachCreate clear policy/proceduresIT toolsSelf-help documentation 73. MDM~60 vendor tools and more comingBasic types: Pure MDM Containerization/MAM Hybrid VDI (not really MDM but can be used) 74. MDMSelection criteria: Device diversity Policy enforcement Security/compliance Containerization Inventorymanagement Softwaredistribution Administration Reporting; more? 75. Method 1 - Sync Direct, Net Connect or OTAIssues: Need Controls a/v, app installcontrol, filtering, encryption, remotedetonation Authentication 2-factor? Leakage! Support 76. Method 2 VDI Citrix or similarPros: Leakage no remnants; disable screenscrape, local save, print Reduced support needed Web filtering coveredIssues: Unauthorized access still an issue; Userexperience; Support 77. Method 3 Containerization Encrypted sandbox Separate work and home Many productsPros: Better user experience Central management/policy Many products local/cloud Leakage config separation, encryptionIssues: access ; support; cloud issues 78. Method 4 Direct Connection Directly connect devices tonetwork Or PC via usb Dont do this! - Included forcompletenessPros: EasyIssues: no controls; no management;no enforcement; leakage; remants; etc. 79. Appsnon-standard software a challengeUpdates, patchesMalware detection cant enumeratebadnessBusiness how to transfer knowledge ifeveryone uses different tools? 80. Case StudyKraft Deployed iPhones 2008 by 2009 to halfof mobile users Wanted to instill innovation opens employees minds to what ispossible Internal success led to successfulconsumer apps recipes, cooking videos,shopping lists, store locator 81. Cost Example Hypothetical 1000 blackberrys Unlimited data + calling = ~$50 -$70/user/month ($60K/m) BES ~$35K Hardware $20K/3y Helpdesk 1 FTE $50K/y Server Ops 1 FTE $100K/y Total = >$900K/y 82. Cost Example Hypothetical 1000 BYODs Stipend = $25/user/month ($25K/m) MDM ~$50K/y Hardware $20K/3y Helpdesk none! Server Ops 1 FTE $100K/y Total = ~$450K/y 83. Other HR benefitsEmployee satisfactionRecruiting young workersHip factor 84. Phones and textingPhone?Exposing personal phone numberVoicemailText history and storage 85. DHS view - POE Policy Supervisorapproval Citrix only No Govt recordson POE(unencrypted) 3G or wired Guest wireless FAQs forusers/sups Metrics 86. DHS view State-owned Policy Supervisorapproval MDM 3G or wired Apple-only Core wireless 802.1x FAQs forusers/sups Metrics 87. Other Issues Notes or manually entered data Enterprise email/OWA Discovery Voicemail/video 88. The Future More tablets/phones/small devices More slim OSs chrome, android,ios, etc Cost savings/stipend? Cloud User Experience Divide, Good,Fixmo, VMware Horizon, Citrix XEN BES Fusion, Microsoft ??? 89. MDM Capabilities to Consider Device encryption Transport encryption Complex PWs/policy VPN support Disable camera Restrict/block apps Anti-malware InfoWorld Feb 2013 MDM Deep Dive Restrict/blocknetworks Remote lockout Remote/selectedwipe Policy enforcement OTA management 2-factor/OTP 90. Agenda 4Admire the problemFraming the IssueSecurity ConcernsSolve the problem (kind of)BYODSoftware 91. What is IT Consumerization? More than just devices. 2 Parts: Consumer devices Consumer software tools Using these in the workplace in addition to,or instead of, company provided 92. Use of Consumer ToolsSkype key for communications insome countriesFacebook/Twitter for interacting withcustomersTwelpforce 93. Twelpforce video 94. Examples Google docs or Dropbox for public info(make sure the data is public) Youtube, Vimeo for training videos (avoidsocial engineering blueprints) Facebook fan page Twitter, LinkedIn, G+ for press releases,outreach, customer support (just rememberwho you are!) 95. Customer ExpectationsAccess to you is:Mobile capableAvailable online and on socialThrough no wrong door 96. Twitter and FacebookThe places to beWhat are peoplesaying about yourcompany? 97. Great Ideas Ford gave Fiestas to 100 social mediainfluencers, sent on missions, documentedon channels. Rcvd 50K inquires and sold 10Kcars in 6 days. Pepsi used social network outreach forideas for new Dew flavors Levi Strauss early use of location-specificdeals. 98. SocialIs there a strategy?Or doing it to be hip? (and without aclue?) 99. SocialConnecting with customersInternal collaborationInternal connections communities of interestInnovationDoesnt happen in a vacuum 100. Phishing 101. Phishing on Social NetworksScams seem real when they come froma friendMalicious links/appsSpread quickly when posted or likedJust say no to apps 102. Installs appGrabs infoPosts on your wallClick-fraud 103. Expectations 104. What Should We Do? 105. ProactivePolicyManagement SupportSupport/Helpdesk Implications 106. PolicyExamine existing augmentNew, but only if needed(shouldnt use of social be part ofyour AUP? Who needs a socialmedia policy?) 107. Software/Appsnon-standard software is a challengeUpdates, patchesMalware detection cant enumeratebadnessBusiness how to transfer knowledge ifeveryone uses different tools? 108. Non-Standard Software - YMMVInventoryWatchchangesX-ref v.CVE/malwareWatchrightsAuto-patchHandleexceptions 109. CloudAsk:Whose data is it?Where is it going?3rd party agreements?Know your data (classification)PIE pre-Internet encryption 110. BYOPlan 111. SummaryWhat are people doing?Establish business needBYOD, Consumer apps, or both?Cross-domain planning (security,IT, legal, audit, privacy, HR,business)Document requirements 112. SummaryPolicy, Technical, FinancialaspectsWatch the dataMake easy for usersEducation/AwarenessReap the benefits! 113. DiscussionSlides at http://slideshare.net/[email protected]@bjb.org, @bcaplin, +barry caplinhttp://securityandcoffee.blogspot.com/


Consumerization and the MyIT Experience

Consumerization and the MyIT Experience

Technology
IT Consumerization

IT Consumerization

Documents
Batty consumerization of geospatial

Batty consumerization of geospatial

Documents
Strategies for Embracing Consumerization

Strategies for Embracing Consumerization

Documents
Enable consumerization-of-it

Enable consumerization-of-it

Technology
Mobility & Consumerization Le nuove sfide IT...60,000+ per day New unique malware pieces 6,000,000 per month New botnet infections Key Specs: * All functionality, features, specifications

Mobility & Consumerization Le nuove sfide IT...60,000+ per day New unique malware pieces 6,000,000 per month New botnet infections Key Specs: * All functionality, features, specifications

Documents
Healthcare Consumerization

Healthcare Consumerization

Health & Medicine
Consumerization of the Enterprise (Subscribed13)

Consumerization of the Enterprise (Subscribed13)

Technology
Implementing BYOD Plans: Are You Letting Malware In?...consumerization.1 During the actual execution of a consumerization strategy, however, IT groups find that the increasing demand

Implementing BYOD Plans: Are You Letting Malware In?...consumerization.1 During the actual execution of a consumerization strategy, however, IT groups find that the increasing demand

Documents
PLM and IT consumerization

PLM and IT consumerization

Technology
Consumerization and the digital enterprise

Consumerization and the digital enterprise

Documents
Consumerization of IT meets Cloud

Consumerization of IT meets Cloud

Documents
Embracing the IT Consumerization Imperitive

Embracing the IT Consumerization Imperitive

Technology
Consumerization of change

Consumerization of change

Business
The Consumerization of B2B Marketing

The Consumerization of B2B Marketing

Marketing
The Road to BYO

The Road to BYO

Education
Play Parade - BYO Playground

Play Parade - BYO Playground

Documents
BYO D Program - e Q

BYO D Program - e Q

Documents
Options ByO Henry

Options ByO Henry

Documents
Business Intelligence Consumerization

Business Intelligence Consumerization

Business
Consumerization of Medical Devices

Consumerization of Medical Devices

Presentations & Public Speaking
Opportunities in Consumerization of IT

Opportunities in Consumerization of IT

Documents
Enterprise it consumerization survey

Enterprise it consumerization survey

Technology
The Consumerization of HR

The Consumerization of HR

Business
Consumerization of HR

Consumerization of HR

Business
BYO Mobile & Get More

BYO Mobile & Get More

Documents
Consumerization Of Energy 14 Sep2011

Consumerization Of Energy 14 Sep2011

Documents
Application virtualization Smackdown - Softtailor GmbH · 3. APPLICATION AND DESKTOP DELIVERY 3.1 STRATEGY Enterprise Mobility, BYO, Consumerization of IT, BigData, Cloud Computing,

Application virtualization Smackdown - Softtailor GmbH · 3. APPLICATION AND DESKTOP DELIVERY 3.1 STRATEGY Enterprise Mobility, BYO, Consumerization of IT, BigData, Cloud Computing,

Documents
BYO - halcofolie.dk filer/PDF-Datablade... · BYO Bolphane® BYO is 100 % degradable through the oxo-biodegradation process : fragmentation and oxidation, followed by a bio-assimilation

BYO - halcofolie.dk filer/PDF-Datablade... · BYO Bolphane® BYO is 100 % degradable through the oxo-biodegradation process : fragmentation and oxidation, followed by a bio-assimilation

Documents
Consumerization of - Trusted Computing Group · ABSTRACT: Consumerization of Trusted Computing . Consumerization of I.T. Easy to use . Transparent . Robust . Inexpensive . Trusted

Consumerization of - Trusted Computing Group · ABSTRACT: Consumerization of Trusted Computing . Consumerization of I.T. Easy to use . Transparent . Robust . Inexpensive . Trusted

Documents