SlideShare une entreprise Scribd logo

ISSA Houston – The Consumerization of IT

Télécharger en tant que PPTX, PDF
NetIQ
NetIQ

Life as a security professional seems to be full of good news and bad news scenarios. For example, today, your budget was just cut again… The good news is that the employees are more than willing to help out by using their own equipment. While on the surface this may sound like a good idea it can be full of issues. This presentation will go over the basics of Consumerization, why it is happening, and what can be done to mitigate the potential issues. It will also touch on some strategies that we might see in the future… Michael F. Angelo, CRISC, is currently the Chief Security Architect for NetIQ and is the Chair of the ISSA Inter-National webinar committee. He is a technical advisor to the US Department of Commerce and is the chair of the team working on security export controls. You can read his blog at http://community.netiq.com/blogs/security_webb/default.aspx

Technologie
1  sur  22
Consumerization ISSA, January 13th 2011 Michael F. Angelo Chief Security Architect NetIQ Corporation blog: http://community.netiq.com/blogs/
Agenda What is Consumerization? Motivation How does it impact you? What can you do about it? Future 2 © 2011 NetIQ Corporation. All rights reserved.
What is Consumerization? Leveraging technology, that was originally directed at the consumer, for business purposes. 3 © 2011 NetIQ Corporation. All rights reserved.
Two Aspects  Use of consumer based services (facilities) for work −Not going to cover  Use of consumer oriented equipment and software for work (IT) −Going to cover 4 © 2011 NetIQ Corporation. All rights reserved.
Motivation (Corporate)  Exit the: −hardware inventory and repair business −phone / pager business −Internet business  Improve productivity  Improve employee satisfaction 5 © 2011 NetIQ Corporation. All rights reserved.
Motivation (Employee)  Familiarity with O/S, Software, and Hardware −Can’t do the job with a Pentium II, 512MB, and 30GB −Can’t get information with IE6 −Need features of updated applications. 6 © 2011 NetIQ Corporation. All rights reserved.
Does it Happen??? Smart phones/ Mice Keyboards Monitors WiFi Cards Phones/PDAs Laptops The trend has been accelerating, as the base cost of the technology has decreased and employee experience has increased. In addition the ever shrinking corporate budget is acting as an accelerant to the trend. 7 © 2011 NetIQ Corporation. All rights reserved.
Does it Happen???  Corporate Stance −Secretive −Ignored −Unofficially Supported −Officially Supported −Subsidized 8 © 2011 NetIQ Corporation. All rights reserved.
Does it Happen? “Security is always a tradeoff, and security decisions are often made for non-security reasons. In this case, the right decision is to sacrifice security for convenience and flexibility. Corporations want their employees to be able to work from anywhere, and they‟re going to have loosened control over the tools they allow in order to get it.” -- Bruce Schneier 9 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact?  Information Blending  Software Licensing  Legislative Issues 10 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact?  Information Leakage −Family & friends −Device Loss −Virus −Personal email – Spear Fishing  Increased Exposure to Threats −Surfing at Home <> Surfing at Work −Torrents 11 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact?  Acceptable use policies − How to apply to personal machines?  Out processing of individuals − How do you know organizational data is removed from the employee machine? − Software − PST files − Passwords / wireless / VPN Access − Residual data − Employee / corporate backups 12 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact? „23 percent of the largest organizations surveyed have experienced a serious breach or incident because of a personal device on the corporate network.‟ − RSA Study 13 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact?  What is your current state? −Is it already there?  Decide if you will allow Consumerization −Don’t wait for it to happen and then rush to formulate policy and procedures −Decision must explicitly include all possible components −Decision must be extended as new technology becomes available 14 © 2011 NetIQ Corporation. All rights reserved.
Action today - Define Policies  Balance : − Corporate vs. Employee Accommodations − Corporate vs. Employee vs. Customer Exposures  Corporate: − Must comply with laws − Must maintain fiduciary responsibility − Must not expose corporate assets − At a minimum should address − Employee responsibility − Acceptable use − Protection of assets 15 © 2011 NetIQ Corporation. All rights reserved.
Action today – Identify Infrastructure to Extend  Current Tools will work, but do you want to use all of them? − Policy Compliance Tools − Configuration Enforcement Tools − Security Audit Tools − Security Vulnerability Updates − Performance Audit Tools 16 © 2011 NetIQ Corporation. All rights reserved.
Action today - Incident response plan Remember: Even with Policies, Procedures, and Tools accidents can happen… Need incident response plan. 17 © 2011 NetIQ Corporation. All rights reserved.
Additional Ideas  Security 101: − Keep secret stuff separate from non–secret stuff − Keep corporate stuff separate from personal stuff  Create Virtual Containers for Corporate Work. − Provides compartmentalized facility − Re-boot to access corporate environment 18 © 2011 NetIQ Corporation. All rights reserved.
Action today - Native OS or VM on USB Encrypted OS Partition Boot Partition Operating System Applications and Files Boot Loader − Boots OS directly from device − Host provides mouse, keyboard, RAM − Encryption can protect information if device is lost − Limited to OS on device 19 © 2011 NetIQ Corporation. All rights reserved.
Action tomorrow - Native OS / VM on USB + TPM Encrypted OS Partition Boot Partition Operating System Secure Boot Loader Applications and Files − Provides a mechanism to generate and measure system characteristics upon which a security decision can be made. − TPM is in almost all commercial grade computers − For more info see: the Trusted Computing Group www.trustedcomputinggroup.org 20 © 2011 NetIQ Corporation. All rights reserved.
To Continue the Conversation Please See: Twitter: @mfa007 or @NetIQ For mine, and NetIQ, Security Blogs see: http://bit.ly/11BhzC
Image Credits http://www.flickr.com/photos/sanfranannie/3695457758/lightbox http://www.flickr.com/photos/themuuj/3787043200/lightbox/ http://www.flickr.com/photos/nekonoir/2231873666/lightbox/ http://www.flickr.com/photos/scarpagialla/488834555/lightbox/ http://www.flickr.com/photos/schatz/484932511/lightbox/ 22 © 2011 NetIQ Corporation. All rights reserved.

Recommandé

Are You Being Anti-Social
Are You Being Anti-SocialAre You Being Anti-Social
Are You Being Anti-SocialNetIQ
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
5 insider tips for using it audits to maximize security
5 insider tips for using it audits to maximize security5 insider tips for using it audits to maximize security
5 insider tips for using it audits to maximize securityNetIQ
 
BrainShare 2014
BrainShare 2014 BrainShare 2014
BrainShare 2014 NetIQ
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
Open Enterprise Server With Windows
Open Enterprise Server With Windows Open Enterprise Server With Windows
Open Enterprise Server With Windows NetIQ
 
Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility NetIQ
 
Mobile Apps in Your Business
Mobile Apps in Your BusinessMobile Apps in Your Business
Mobile Apps in Your BusinessNetIQ
 

Recommandé

Are You Being Anti-Social
Are You Being Anti-SocialAre You Being Anti-Social
Are You Being Anti-SocialNetIQ
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
5 insider tips for using it audits to maximize security
5 insider tips for using it audits to maximize security5 insider tips for using it audits to maximize security
5 insider tips for using it audits to maximize securityNetIQ
 
BrainShare 2014
BrainShare 2014 BrainShare 2014
BrainShare 2014 NetIQ
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
Open Enterprise Server With Windows
Open Enterprise Server With Windows Open Enterprise Server With Windows
Open Enterprise Server With Windows NetIQ
 
Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility NetIQ
 
Mobile Apps in Your Business
Mobile Apps in Your BusinessMobile Apps in Your Business
Mobile Apps in Your BusinessNetIQ
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.NetIQ
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerNetIQ
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...NetIQ
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessNetIQ
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQNetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerNetIQ
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNetIQ
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bankNetIQ
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...NetIQ
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQNetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQNetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed ServiceNetIQ
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...NetIQ
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud IdentityNetIQ
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense ReportNetIQ
 
Identity-Powered Security
Identity-Powered SecurityIdentity-Powered Security
Identity-Powered SecurityNetIQ
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 

Contenu connexe

Plus de NetIQ

NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.NetIQ
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerNetIQ
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...NetIQ
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessNetIQ
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQNetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerNetIQ
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNetIQ
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bankNetIQ
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...NetIQ
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQNetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQNetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed ServiceNetIQ
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...NetIQ
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud IdentityNetIQ
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense ReportNetIQ
 
Identity-Powered Security
Identity-Powered SecurityIdentity-Powered Security
Identity-Powered SecurityNetIQ
 

Plus de NetIQ (20)

NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity Manager
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User Access
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log Manager
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bank
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal University
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud Identity
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report
 
Identity-Powered Security
Identity-Powered SecurityIdentity-Powered Security
Identity-Powered Security
 

Dernier

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 

Dernier (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

ISSA Houston – The Consumerization of IT

  • 1. Consumerization ISSA, January 13th 2011 Michael F. Angelo Chief Security Architect NetIQ Corporation blog: http://community.netiq.com/blogs/
  • 2. Agenda What is Consumerization? Motivation How does it impact you? What can you do about it? Future 2 © 2011 NetIQ Corporation. All rights reserved.
  • 3. What is Consumerization? Leveraging technology, that was originally directed at the consumer, for business purposes. 3 © 2011 NetIQ Corporation. All rights reserved.
  • 4. Two Aspects  Use of consumer based services (facilities) for work −Not going to cover  Use of consumer oriented equipment and software for work (IT) −Going to cover 4 © 2011 NetIQ Corporation. All rights reserved.
  • 5. Motivation (Corporate)  Exit the: −hardware inventory and repair business −phone / pager business −Internet business  Improve productivity  Improve employee satisfaction 5 © 2011 NetIQ Corporation. All rights reserved.
  • 6. Motivation (Employee)  Familiarity with O/S, Software, and Hardware −Can’t do the job with a Pentium II, 512MB, and 30GB −Can’t get information with IE6 −Need features of updated applications. 6 © 2011 NetIQ Corporation. All rights reserved.
  • 7. Does it Happen??? Smart phones/ Mice Keyboards Monitors WiFi Cards Phones/PDAs Laptops The trend has been accelerating, as the base cost of the technology has decreased and employee experience has increased. In addition the ever shrinking corporate budget is acting as an accelerant to the trend. 7 © 2011 NetIQ Corporation. All rights reserved.
  • 8. Does it Happen???  Corporate Stance −Secretive −Ignored −Unofficially Supported −Officially Supported −Subsidized 8 © 2011 NetIQ Corporation. All rights reserved.
  • 9. Does it Happen? “Security is always a tradeoff, and security decisions are often made for non-security reasons. In this case, the right decision is to sacrifice security for convenience and flexibility. Corporations want their employees to be able to work from anywhere, and they‟re going to have loosened control over the tools they allow in order to get it.” -- Bruce Schneier 9 © 2011 NetIQ Corporation. All rights reserved.
  • 10. What is the Impact?  Information Blending  Software Licensing  Legislative Issues 10 © 2011 NetIQ Corporation. All rights reserved.
  • 11. What is the Impact?  Information Leakage −Family & friends −Device Loss −Virus −Personal email – Spear Fishing  Increased Exposure to Threats −Surfing at Home <> Surfing at Work −Torrents 11 © 2011 NetIQ Corporation. All rights reserved.
  • 12. What is the Impact?  Acceptable use policies − How to apply to personal machines?  Out processing of individuals − How do you know organizational data is removed from the employee machine? − Software − PST files − Passwords / wireless / VPN Access − Residual data − Employee / corporate backups 12 © 2011 NetIQ Corporation. All rights reserved.
  • 13. What is the Impact? „23 percent of the largest organizations surveyed have experienced a serious breach or incident because of a personal device on the corporate network.‟ − RSA Study 13 © 2011 NetIQ Corporation. All rights reserved.
  • 14. What is the Impact?  What is your current state? −Is it already there?  Decide if you will allow Consumerization −Don’t wait for it to happen and then rush to formulate policy and procedures −Decision must explicitly include all possible components −Decision must be extended as new technology becomes available 14 © 2011 NetIQ Corporation. All rights reserved.
  • 15. Action today - Define Policies  Balance : − Corporate vs. Employee Accommodations − Corporate vs. Employee vs. Customer Exposures  Corporate: − Must comply with laws − Must maintain fiduciary responsibility − Must not expose corporate assets − At a minimum should address − Employee responsibility − Acceptable use − Protection of assets 15 © 2011 NetIQ Corporation. All rights reserved.
  • 16. Action today – Identify Infrastructure to Extend  Current Tools will work, but do you want to use all of them? − Policy Compliance Tools − Configuration Enforcement Tools − Security Audit Tools − Security Vulnerability Updates − Performance Audit Tools 16 © 2011 NetIQ Corporation. All rights reserved.
  • 17. Action today - Incident response plan Remember: Even with Policies, Procedures, and Tools accidents can happen… Need incident response plan. 17 © 2011 NetIQ Corporation. All rights reserved.
  • 18. Additional Ideas  Security 101: − Keep secret stuff separate from non–secret stuff − Keep corporate stuff separate from personal stuff  Create Virtual Containers for Corporate Work. − Provides compartmentalized facility − Re-boot to access corporate environment 18 © 2011 NetIQ Corporation. All rights reserved.
  • 19. Action today - Native OS or VM on USB Encrypted OS Partition Boot Partition Operating System Applications and Files Boot Loader − Boots OS directly from device − Host provides mouse, keyboard, RAM − Encryption can protect information if device is lost − Limited to OS on device 19 © 2011 NetIQ Corporation. All rights reserved.
  • 20. Action tomorrow - Native OS / VM on USB + TPM Encrypted OS Partition Boot Partition Operating System Secure Boot Loader Applications and Files − Provides a mechanism to generate and measure system characteristics upon which a security decision can be made. − TPM is in almost all commercial grade computers − For more info see: the Trusted Computing Group www.trustedcomputinggroup.org 20 © 2011 NetIQ Corporation. All rights reserved.
  • 21. To Continue the Conversation Please See: Twitter: @mfa007 or @NetIQ For mine, and NetIQ, Security Blogs see: http://bit.ly/11BhzC
  • 22. Image Credits http://www.flickr.com/photos/sanfranannie/3695457758/lightbox http://www.flickr.com/photos/themuuj/3787043200/lightbox/ http://www.flickr.com/photos/nekonoir/2231873666/lightbox/ http://www.flickr.com/photos/scarpagialla/488834555/lightbox/ http://www.flickr.com/photos/schatz/484932511/lightbox/ 22 © 2011 NetIQ Corporation. All rights reserved.

Notes de l'éditeur

  1. LoginsPersonal login information on corporate machine Social Networks / Professional AssociationsCorporate login information on personal machineVPN ConfigurationUser IDs and passwords stored in browsersSoftwarePersonal softwareRestricted use licensesCorporate software on home equipmentLegislated PrivacyEU data protection actUSA HIPAA, SOX, GLBACountry, state/province, local (e.g. CA SB 1386)More laws pendingCross contaminationCorporate backup includes personal informationPersonal backup includes corporate information
  2. http://www.securityweek.com/consumerization-user-driven-it-security-threat#
  3. Various laws protect customer dataEmployee must protect assets whether physical or informational. Protect devices, encrypt HD, remove HD if needed.