SlideShare une entreprise Scribd logo

Embracing the IT Consumerization Imperitive

Télécharger en tant que PPT, PDF
Barry Caplin
Barry Caplin
Technologie
1  sur  23
Embracing the IT Consumerization Imperative Barry Caplin CISO MN Dept. of Human Services barry.caplin@state.mn.us bc@bjb.org, @bcaplin, +barry caplin
http://about.me/barrycaplin
More About Me • Native New Yorker! • 30 years in IT/ 20 years in InfoSec
Apr. 3, 2010 300K ipads 1M apps 250K ebooks … day 1!
2011 – tablet/smartphone sales exceeded PCs
The real reason we need tablets
Why are we talking about this? But really, all connected!
Business Driver?
What about…
Ineffective Controls
1 Day
5 Stages of Tablet Grief • Surprise • Fear • Concern • Understanding • Evangelism
Security Challenges Devices: •Exposure of data •Leakage of data – sold, donated, tossed, repaired drives •Malware But don’t we have all this now???
Consumer App Security • “non-standard” software a challenge • Vetting, updates/patches, malware • No real 3rd party agreements • Privacy policies, data ownership • SOPA/PIPA/CISPA
Legal (IANAL) • Privacy – exposing company data • Litigation hold – on 3rd party services • Separation – what’s on Dropbox? • Copyright, trademark, IP? • How do you?: – Get data from a 3rd party service?
BYOD Security Solutions • Sync – Network or OTA • VDI – Citrix or similar • Containerization – Sandbox, MAM • Direct Connection – Don’t!
DHS view - POE • Policy • Guest wireless • Supervisor • FAQs for approval users/sups • Citrix only • Metrics • No Gov't records • $ - not yet on POE (unencrypted) • 3G/4G or wired
Software Security Solutions • Policy – Examine existing – augment • Process – Vetting, updates, malware • 3rd party agreements – where possible • Data classification/labeling • PIE – pre-Internet encryption
CoIT Nirvana • Any, Any, Any – work, device, where • Be nimble • Data stays “home”++ • Situational awareness
Key Points • Business Need – Partner internally • BYOD, Consumer apps, or both? • Policy, Technical, Financial aspects • Watch the data • Make easy for users • Education/Awareness
Embracing the IT Consumerization Imperitive

Recommandé

Embracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityEmbracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityBarry Caplin
 
Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Barry Caplin
 
How to keep women safe, online?
How to keep women safe, online?How to keep women safe, online?
How to keep women safe, online?Ankit Mehta
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureFacundo Mauricio
 
Top Ten IT Legal Issues for the Enterprise
Top Ten IT Legal Issues for the EnterpriseTop Ten IT Legal Issues for the Enterprise
Top Ten IT Legal Issues for the EnterpriseHawley Troxell
 
Mobile Practice Management
Mobile Practice ManagementMobile Practice Management
Mobile Practice ManagementClio - Cloud-Based Legal Technology
 
Krishna kumar singh
Krishna kumar singhKrishna kumar singh
Krishna kumar singhkrishnakumarkrishnak3
 
Com 300 dl
Com 300 dlCom 300 dl
Com 300 dlchiameity
 

Recommandé

Embracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityEmbracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityBarry Caplin
 
Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Barry Caplin
 
How to keep women safe, online?
How to keep women safe, online?How to keep women safe, online?
How to keep women safe, online?Ankit Mehta
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureFacundo Mauricio
 
Top Ten IT Legal Issues for the Enterprise
Top Ten IT Legal Issues for the EnterpriseTop Ten IT Legal Issues for the Enterprise
Top Ten IT Legal Issues for the EnterpriseHawley Troxell
 
Mobile Practice Management
Mobile Practice ManagementMobile Practice Management
Mobile Practice ManagementClio - Cloud-Based Legal Technology
 
Krishna kumar singh
Krishna kumar singhKrishna kumar singh
Krishna kumar singhkrishnakumarkrishnak3
 
Com 300 dl
Com 300 dlCom 300 dl
Com 300 dlchiameity
 
Digital Accessibility - Section 508 Refresh: Now What?
Digital Accessibility - Section 508 Refresh: Now What?Digital Accessibility - Section 508 Refresh: Now What?
Digital Accessibility - Section 508 Refresh: Now What?Lisa Marchand
 
Cyber and Data Risks
Cyber and Data RisksCyber and Data Risks
Cyber and Data Risksrisksmith
 
Mobile Technologies, BYOD and the Law
Mobile Technologies, BYOD and the LawMobile Technologies, BYOD and the Law
Mobile Technologies, BYOD and the LawJamesDiffin
 
A Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information TechnologyA Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information TechnologyLaguna State Polytechnic University
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital EraFrederick Lane
 
Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)YUSRA FERNANDO
 
Data ethics for developers
Data ethics for developersData ethics for developers
Data ethics for developersanilramnanan
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
04 privacy
04 privacy04 privacy
04 privacyEsmhel Briones
 
How To Enable a Remote Workforce & Stay Productive
How To Enable a Remote Workforce & Stay ProductiveHow To Enable a Remote Workforce & Stay Productive
How To Enable a Remote Workforce & Stay ProductiveChristi Williams (Keating)
 
Service goes accessible_2013_sh
Service goes accessible_2013_shService goes accessible_2013_sh
Service goes accessible_2013_shTomppa Järvinen
 
Everything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three SlidesEverything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three SlidesJohn Mancini
 
Wake up, Enterprise IT
Wake up, Enterprise ITWake up, Enterprise IT
Wake up, Enterprise ITJohn Mancini
 
The Data Ethical Company
The Data Ethical CompanyThe Data Ethical Company
The Data Ethical CompanyPernille Tranberg 🍀
 
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrbIoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrbMicheleNati
 
IS and the Innovator's Dilemma DCass_Final
IS and the Innovator's Dilemma DCass_FinalIS and the Innovator's Dilemma DCass_Final
IS and the Innovator's Dilemma DCass_FinalDavid Cass
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...Andris Soroka
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesThe Lorenzi Group
 

Contenu connexe

Tendances

Digital Accessibility - Section 508 Refresh: Now What?
Digital Accessibility - Section 508 Refresh: Now What?Digital Accessibility - Section 508 Refresh: Now What?
Digital Accessibility - Section 508 Refresh: Now What?Lisa Marchand
 
Cyber and Data Risks
Cyber and Data RisksCyber and Data Risks
Cyber and Data Risksrisksmith
 
Mobile Technologies, BYOD and the Law
Mobile Technologies, BYOD and the LawMobile Technologies, BYOD and the Law
Mobile Technologies, BYOD and the LawJamesDiffin
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital EraFrederick Lane
 
Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)YUSRA FERNANDO
 
Data ethics for developers
Data ethics for developersData ethics for developers
Data ethics for developersanilramnanan
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
How To Enable a Remote Workforce & Stay Productive
How To Enable a Remote Workforce & Stay ProductiveHow To Enable a Remote Workforce & Stay Productive
How To Enable a Remote Workforce & Stay ProductiveChristi Williams (Keating)
 
Service goes accessible_2013_sh
Service goes accessible_2013_shService goes accessible_2013_sh
Service goes accessible_2013_shTomppa Järvinen
 
Everything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three SlidesEverything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three SlidesJohn Mancini
 
Wake up, Enterprise IT
Wake up, Enterprise ITWake up, Enterprise IT
Wake up, Enterprise ITJohn Mancini
 
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrbIoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrbMicheleNati
 
IS and the Innovator's Dilemma DCass_Final
IS and the Innovator's Dilemma DCass_FinalIS and the Innovator's Dilemma DCass_Final
IS and the Innovator's Dilemma DCass_FinalDavid Cass
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 

Tendances (20)

Digital Accessibility - Section 508 Refresh: Now What?
Digital Accessibility - Section 508 Refresh: Now What?Digital Accessibility - Section 508 Refresh: Now What?
Digital Accessibility - Section 508 Refresh: Now What?
 
Cyber and Data Risks
Cyber and Data RisksCyber and Data Risks
Cyber and Data Risks
 
Mobile Technologies, BYOD and the Law
Mobile Technologies, BYOD and the LawMobile Technologies, BYOD and the Law
Mobile Technologies, BYOD and the Law
 
A Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information TechnologyA Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information Technology
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital Era
 
Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)
 
Data ethics for developers
Data ethics for developersData ethics for developers
Data ethics for developers
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breach
 
04 privacy
04 privacy04 privacy
04 privacy
 
How To Enable a Remote Workforce & Stay Productive
How To Enable a Remote Workforce & Stay ProductiveHow To Enable a Remote Workforce & Stay Productive
How To Enable a Remote Workforce & Stay Productive
 
Service goes accessible_2013_sh
Service goes accessible_2013_shService goes accessible_2013_sh
Service goes accessible_2013_sh
 
Everything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three SlidesEverything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three Slides
 
Wake up, Enterprise IT
Wake up, Enterprise ITWake up, Enterprise IT
Wake up, Enterprise IT
 
The Data Ethical Company
The Data Ethical CompanyThe Data Ethical Company
The Data Ethical Company
 
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrbIoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
 
IS and the Innovator's Dilemma DCass_Final
IS and the Innovator's Dilemma DCass_FinalIS and the Innovator's Dilemma DCass_Final
IS and the Innovator's Dilemma DCass_Final
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 

Similaire à Embracing the IT Consumerization Imperitive

DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...Andris Soroka
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesThe Lorenzi Group
 
Isc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagyeIsc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagyeLenin Aboagye
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?Barry Caplin
 
Shadow it risks & control managing the unknown unknowns in the deep &...
Shadow it risks & control managing the unknown unknowns in the deep &...Shadow it risks & control managing the unknown unknowns in the deep &...
Shadow it risks & control managing the unknown unknowns in the deep &...Priyanka Aash
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Peter Wood
 
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...Cengage Learning
 
Data Protection, Humans and Common Sense
Data Protection, Humans and Common SenseData Protection, Humans and Common Sense
Data Protection, Humans and Common Senseusbcopynotify
 
Perspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernancePerspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernanceCloudera, Inc.
 
Falcon.io | 2021 Trends Virtual Summit - Data Privacy
Falcon.io | 2021 Trends Virtual Summit - Data PrivacyFalcon.io | 2021 Trends Virtual Summit - Data Privacy
Falcon.io | 2021 Trends Virtual Summit - Data PrivacyFalcon.io
 
Data Quality Success Stories
Data Quality Success StoriesData Quality Success Stories
Data Quality Success StoriesDATAVERSITY
 
Identity - The Cornerstone of Information Security
Identity - The Cornerstone of Information SecurityIdentity - The Cornerstone of Information Security
Identity - The Cornerstone of Information SecurityBen Boyd
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19TechSoup
 
Recent developments in data analytics and big data
Recent developments in data analytics and big dataRecent developments in data analytics and big data
Recent developments in data analytics and big dataDez Blanchfield
 

Similaire à Embracing the IT Consumerization Imperitive (20)

DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR Executives
 
Isc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagyeIsc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagye
 
Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
 
Shadow it risks & control managing the unknown unknowns in the deep &...
Shadow it risks & control managing the unknown unknowns in the deep &...Shadow it risks & control managing the unknown unknowns in the deep &...
Shadow it risks & control managing the unknown unknowns in the deep &...
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
 
Data Protection, Humans and Common Sense
Data Protection, Humans and Common SenseData Protection, Humans and Common Sense
Data Protection, Humans and Common Sense
 
Where IT's At 2012
Where IT's At 2012Where IT's At 2012
Where IT's At 2012
 
Internal social media: risks and added value
Internal social media: risks and added valueInternal social media: risks and added value
Internal social media: risks and added value
 
Perspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernancePerspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data Governance
 
Falcon.io | 2021 Trends Virtual Summit - Data Privacy
Falcon.io | 2021 Trends Virtual Summit - Data PrivacyFalcon.io | 2021 Trends Virtual Summit - Data Privacy
Falcon.io | 2021 Trends Virtual Summit - Data Privacy
 
Data Quality Success Stories
Data Quality Success StoriesData Quality Success Stories
Data Quality Success Stories
 
Identity - The Cornerstone of Information Security
Identity - The Cornerstone of Information SecurityIdentity - The Cornerstone of Information Security
Identity - The Cornerstone of Information Security
 
Wipo smes ge_08_topic07
Wipo smes ge_08_topic07Wipo smes ge_08_topic07
Wipo smes ge_08_topic07
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
 
Recent developments in data analytics and big data
Recent developments in data analytics and big dataRecent developments in data analytics and big data
Recent developments in data analytics and big data
 

Plus de Barry Caplin

Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare securityBarry Caplin
 
It’s not If but When 20160503
It’s not If but When 20160503It’s not If but When 20160503
It’s not If but When 20160503Barry Caplin
 
Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Barry Caplin
 
It’s not if but when 20160503
It’s not if but when 20160503It’s not if but when 20160503
It’s not if but when 20160503Barry Caplin
 
CISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusCISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusBarry Caplin
 
Online Self Defense - Passwords
Online Self Defense - PasswordsOnline Self Defense - Passwords
Online Self Defense - PasswordsBarry Caplin
 
The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?Barry Caplin
 
Bullying and Cyberbullying
Bullying and CyberbullyingBullying and Cyberbullying
Bullying and CyberbullyingBarry Caplin
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13Barry Caplin
 
Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Barry Caplin
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self DefenseBarry Caplin
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveBarry Caplin
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso saysBarry Caplin
 
Toys in the office 11
Toys in the office 11Toys in the office 11
Toys in the office 11Barry Caplin
 
Accidental Insider
Accidental InsiderAccidental Insider
Accidental InsiderBarry Caplin
 
Teens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksTeens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksBarry Caplin
 
Laws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refsLaws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refsBarry Caplin
 
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refsLaws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refsBarry Caplin
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart ParentBarry Caplin
 
Internet Safety for Families and Children
Internet Safety for Families and ChildrenInternet Safety for Families and Children
Internet Safety for Families and ChildrenBarry Caplin
 

Plus de Barry Caplin (20)

Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare security
 
It’s not If but When 20160503
It’s not If but When 20160503It’s not If but When 20160503
It’s not If but When 20160503
 
Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16
 
It’s not if but when 20160503
It’s not if but when 20160503It’s not if but when 20160503
It’s not if but when 20160503
 
CISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusCISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from Venus
 
Online Self Defense - Passwords
Online Self Defense - PasswordsOnline Self Defense - Passwords
Online Self Defense - Passwords
 
The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?
 
Bullying and Cyberbullying
Bullying and CyberbullyingBullying and Cyberbullying
Bullying and Cyberbullying
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13
 
Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Tech smart preschool parent 2 13
Tech smart preschool parent 2 13
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self Defense
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso says
 
Toys in the office 11
Toys in the office 11Toys in the office 11
Toys in the office 11
 
Accidental Insider
Accidental InsiderAccidental Insider
Accidental Insider
 
Teens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksTeens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social Networks
 
Laws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refsLaws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refs
 
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refsLaws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart Parent
 
Internet Safety for Families and Children
Internet Safety for Families and ChildrenInternet Safety for Families and Children
Internet Safety for Families and Children
 

Dernier

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Dernier (20)

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

Embracing the IT Consumerization Imperitive

  • 1.
  • 2. Embracing the IT Consumerization Imperative Barry Caplin CISO MN Dept. of Human Services barry.caplin@state.mn.us bc@bjb.org, @bcaplin, +barry caplin
  • 4. More About Me • Native New Yorker! • 30 years in IT/ 20 years in InfoSec
  • 5.
  • 6. Apr. 3, 2010 300K ipads 1M apps 250K ebooks … day 1!
  • 7. 2011 – tablet/smartphone sales exceeded PCs
  • 8. The real reason we need tablets
  • 9. Why are we talking about this? But really, all connected!
  • 13. 1 Day
  • 14. 5 Stages of Tablet Grief • Surprise • Fear • Concern • Understanding • Evangelism
  • 15. Security Challenges Devices: •Exposure of data •Leakage of data – sold, donated, tossed, repaired drives •Malware But don’t we have all this now???
  • 16. Consumer App Security • “non-standard” software a challenge • Vetting, updates/patches, malware • No real 3rd party agreements • Privacy policies, data ownership • SOPA/PIPA/CISPA
  • 17. Legal (IANAL) • Privacy – exposing company data • Litigation hold – on 3rd party services • Separation – what’s on Dropbox? • Copyright, trademark, IP? • How do you?: – Get data from a 3rd party service?
  • 18. BYOD Security Solutions • Sync – Network or OTA • VDI – Citrix or similar • Containerization – Sandbox, MAM • Direct Connection – Don’t!
  • 19. DHS view - POE • Policy • Guest wireless • Supervisor • FAQs for approval users/sups • Citrix only • Metrics • No Gov't records • $ - not yet on POE (unencrypted) • 3G/4G or wired
  • 20. Software Security Solutions • Policy – Examine existing – augment • Process – Vetting, updates, malware • 3rd party agreements – where possible • Data classification/labeling • PIE – pre-Internet encryption
  • 21. CoIT Nirvana • Any, Any, Any – work, device, where • Be nimble • Data stays “home”++ • Situational awareness
  • 22. Key Points • Business Need – Partner internally • BYOD, Consumer apps, or both? • Policy, Technical, Financial aspects • Watch the data • Make easy for users • Education/Awareness

Notes de l'éditeur

  1. IT Consumerization is a major buzz-phrase
  2. 1. Check out my about.me, with links to twitter feed and Security and Coffee blog. 2. More about me… including the most important thing…
  3. Mobile/portable devices are not new. Then an event occurred that changed the game… IBM “Portable” 5155, $4225, 30 lbs, 4.77MHz 8088; Apple Newton; AppleBook; original ThinkPad; 1 st gen android; Palm III; early Blackberry
  4. 1 st iPad, 4/3/2010. 300K iPads sold, 1M apps, 250K ebooks downloaded on the first day. Features, form factor, intuitive use made it the people’s choice.
  5. 1. mid-2011 tipping point 2. By early 2012, 50% of US mobile users use a smartphone
  6. 2012 survey of IT leaders – Mobile is #1 tech impact But Cloud is 2, CoIT 3 and Social 4 – all connected
  7. The devices are hot and driving the space, but it’s really about the ability to have mobility – to bring the product or service to the consumer/customer. Not just “flavor of the week”.
  8. Just say no is not a viable IT or Security strategy or response. We must partner with the business/user to provide what is needed. Just say no is an…
  9. If your organization is saying “just say no” to consumer devices and apps, then they are already in your environment Take opportunity to partner, lead and add value.
  10. 2.5 years ago Story of call from lawyer about iPads in a meeting This lead to…
  11. Quickly moved to last stage – evangelism Now security is dragging other groups kicking and screaming into the present. Security is leading and adding value.
  12. Exposure is device in hand – eavesdropping, MitM Leakage is device is gone. We have all this already. Datalossdb.org and Accidental Insider. 10% of 2 nd -hand drives bought had company/private data. StarTrib malware.
  13. 1. Similarly, we have had software issues – local admin, devs, etc. can’t enumerate badness. If the service is free, we are the product not the customer.
  14. Be sure to include legal Information Discovery, Litigation Hold are big issues.
  15. Now for solutions – 4 general categories for devices Containerization includes Enterprise App Store
  16. Extensible policy; Citrix (no remnants); looking at containerization; guest wireless/wired; not yet considering $ (reimbursement/stipend) Gartner says at least 3-5 years for financial payoff.
  17. Policy already mentioned Working on process to more seamlessly allow consumer apps Know your data classifications PIE great for online storage, file sharing.
  18. Partner; Lead; Add value Good user experience is key
  19. Users are changing; expectations are changing; keep “eyes on the prize”; partner, solve problems, and add value