SlideShare a Scribd company logo

ISSA Houston – The Consumerization of IT

Download as PPTX, PDF
NetIQ
NetIQ

Life as a security professional seems to be full of good news and bad news scenarios. For example, today, your budget was just cut again… The good news is that the employees are more than willing to help out by using their own equipment. While on the surface this may sound like a good idea it can be full of issues. This presentation will go over the basics of Consumerization, why it is happening, and what can be done to mitigate the potential issues. It will also touch on some strategies that we might see in the future… Michael F. Angelo, CRISC, is currently the Chief Security Architect for NetIQ and is the Chair of the ISSA Inter-National webinar committee. He is a technical advisor to the US Department of Commerce and is the chair of the team working on security export controls. You can read his blog at http://community.netiq.com/blogs/security_webb/default.aspx

Technology
1 of 22
Consumerization ISSA, January 13th 2011 Michael F. Angelo Chief Security Architect NetIQ Corporation blog: http://community.netiq.com/blogs/
Agenda What is Consumerization? Motivation How does it impact you? What can you do about it? Future 2 © 2011 NetIQ Corporation. All rights reserved.
What is Consumerization? Leveraging technology, that was originally directed at the consumer, for business purposes. 3 © 2011 NetIQ Corporation. All rights reserved.
Two Aspects  Use of consumer based services (facilities) for work −Not going to cover  Use of consumer oriented equipment and software for work (IT) −Going to cover 4 © 2011 NetIQ Corporation. All rights reserved.
Motivation (Corporate)  Exit the: −hardware inventory and repair business −phone / pager business −Internet business  Improve productivity  Improve employee satisfaction 5 © 2011 NetIQ Corporation. All rights reserved.
Motivation (Employee)  Familiarity with O/S, Software, and Hardware −Can’t do the job with a Pentium II, 512MB, and 30GB −Can’t get information with IE6 −Need features of updated applications. 6 © 2011 NetIQ Corporation. All rights reserved.
Does it Happen??? Smart phones/ Mice Keyboards Monitors WiFi Cards Phones/PDAs Laptops The trend has been accelerating, as the base cost of the technology has decreased and employee experience has increased. In addition the ever shrinking corporate budget is acting as an accelerant to the trend. 7 © 2011 NetIQ Corporation. All rights reserved.
Does it Happen???  Corporate Stance −Secretive −Ignored −Unofficially Supported −Officially Supported −Subsidized 8 © 2011 NetIQ Corporation. All rights reserved.
Does it Happen? “Security is always a tradeoff, and security decisions are often made for non-security reasons. In this case, the right decision is to sacrifice security for convenience and flexibility. Corporations want their employees to be able to work from anywhere, and they‟re going to have loosened control over the tools they allow in order to get it.” -- Bruce Schneier 9 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact?  Information Blending  Software Licensing  Legislative Issues 10 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact?  Information Leakage −Family & friends −Device Loss −Virus −Personal email – Spear Fishing  Increased Exposure to Threats −Surfing at Home <> Surfing at Work −Torrents 11 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact?  Acceptable use policies − How to apply to personal machines?  Out processing of individuals − How do you know organizational data is removed from the employee machine? − Software − PST files − Passwords / wireless / VPN Access − Residual data − Employee / corporate backups 12 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact? „23 percent of the largest organizations surveyed have experienced a serious breach or incident because of a personal device on the corporate network.‟ − RSA Study 13 © 2011 NetIQ Corporation. All rights reserved.
What is the Impact?  What is your current state? −Is it already there?  Decide if you will allow Consumerization −Don’t wait for it to happen and then rush to formulate policy and procedures −Decision must explicitly include all possible components −Decision must be extended as new technology becomes available 14 © 2011 NetIQ Corporation. All rights reserved.
Action today - Define Policies  Balance : − Corporate vs. Employee Accommodations − Corporate vs. Employee vs. Customer Exposures  Corporate: − Must comply with laws − Must maintain fiduciary responsibility − Must not expose corporate assets − At a minimum should address − Employee responsibility − Acceptable use − Protection of assets 15 © 2011 NetIQ Corporation. All rights reserved.
Action today – Identify Infrastructure to Extend  Current Tools will work, but do you want to use all of them? − Policy Compliance Tools − Configuration Enforcement Tools − Security Audit Tools − Security Vulnerability Updates − Performance Audit Tools 16 © 2011 NetIQ Corporation. All rights reserved.
Action today - Incident response plan Remember: Even with Policies, Procedures, and Tools accidents can happen… Need incident response plan. 17 © 2011 NetIQ Corporation. All rights reserved.
Additional Ideas  Security 101: − Keep secret stuff separate from non–secret stuff − Keep corporate stuff separate from personal stuff  Create Virtual Containers for Corporate Work. − Provides compartmentalized facility − Re-boot to access corporate environment 18 © 2011 NetIQ Corporation. All rights reserved.
Action today - Native OS or VM on USB Encrypted OS Partition Boot Partition Operating System Applications and Files Boot Loader − Boots OS directly from device − Host provides mouse, keyboard, RAM − Encryption can protect information if device is lost − Limited to OS on device 19 © 2011 NetIQ Corporation. All rights reserved.
Action tomorrow - Native OS / VM on USB + TPM Encrypted OS Partition Boot Partition Operating System Secure Boot Loader Applications and Files − Provides a mechanism to generate and measure system characteristics upon which a security decision can be made. − TPM is in almost all commercial grade computers − For more info see: the Trusted Computing Group www.trustedcomputinggroup.org 20 © 2011 NetIQ Corporation. All rights reserved.
To Continue the Conversation Please See: Twitter: @mfa007 or @NetIQ For mine, and NetIQ, Security Blogs see: http://bit.ly/11BhzC
Image Credits http://www.flickr.com/photos/sanfranannie/3695457758/lightbox http://www.flickr.com/photos/themuuj/3787043200/lightbox/ http://www.flickr.com/photos/nekonoir/2231873666/lightbox/ http://www.flickr.com/photos/scarpagialla/488834555/lightbox/ http://www.flickr.com/photos/schatz/484932511/lightbox/ 22 © 2011 NetIQ Corporation. All rights reserved.

Recommended

Are You Being Anti-Social
Are You Being Anti-SocialAre You Being Anti-Social
Are You Being Anti-SocialNetIQ
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
5 insider tips for using it audits to maximize security
5 insider tips for using it audits to maximize security5 insider tips for using it audits to maximize security
5 insider tips for using it audits to maximize securityNetIQ
 
BrainShare 2014
BrainShare 2014 BrainShare 2014
BrainShare 2014 NetIQ
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
Open Enterprise Server With Windows
Open Enterprise Server With Windows Open Enterprise Server With Windows
Open Enterprise Server With Windows NetIQ
 
Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility NetIQ
 
Mobile Apps in Your Business
Mobile Apps in Your BusinessMobile Apps in Your Business
Mobile Apps in Your BusinessNetIQ
 

Recommended

Are You Being Anti-Social
Are You Being Anti-SocialAre You Being Anti-Social
Are You Being Anti-SocialNetIQ
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
5 insider tips for using it audits to maximize security
5 insider tips for using it audits to maximize security5 insider tips for using it audits to maximize security
5 insider tips for using it audits to maximize securityNetIQ
 
BrainShare 2014
BrainShare 2014 BrainShare 2014
BrainShare 2014 NetIQ
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
Open Enterprise Server With Windows
Open Enterprise Server With Windows Open Enterprise Server With Windows
Open Enterprise Server With Windows NetIQ
 
Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility NetIQ
 
Mobile Apps in Your Business
Mobile Apps in Your BusinessMobile Apps in Your Business
Mobile Apps in Your BusinessNetIQ
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.NetIQ
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerNetIQ
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...NetIQ
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessNetIQ
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQNetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerNetIQ
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNetIQ
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bankNetIQ
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...NetIQ
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQNetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQNetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed ServiceNetIQ
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...NetIQ
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud IdentityNetIQ
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense ReportNetIQ
 
Identity-Powered Security
Identity-Powered SecurityIdentity-Powered Security
Identity-Powered SecurityNetIQ
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 

More Related Content

More from NetIQ

NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.NetIQ
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerNetIQ
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...NetIQ
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessNetIQ
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQNetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerNetIQ
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNetIQ
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bankNetIQ
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...NetIQ
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQNetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQNetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed ServiceNetIQ
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...NetIQ
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud IdentityNetIQ
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense ReportNetIQ
 
Identity-Powered Security
Identity-Powered SecurityIdentity-Powered Security
Identity-Powered SecurityNetIQ
 

More from NetIQ (20)

NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity Manager
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User Access
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log Manager
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bank
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal University
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQ
 
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Servicebluesource Uses NetIQ AppManager to Offer Standout Managed Service
bluesource Uses NetIQ AppManager to Offer Standout Managed Service
 
Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...Central Denmark Region Strengthens Administrative Security with Identity Mana...
Central Denmark Region Strengthens Administrative Security with Identity Mana...
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud Identity
 
2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report2014 Cyberthreat Defense Report
2014 Cyberthreat Defense Report
 
Identity-Powered Security
Identity-Powered SecurityIdentity-Powered Security
Identity-Powered Security
 

Recently uploaded

Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPTiSEO AI
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 

Recently uploaded (20)

Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 

ISSA Houston – The Consumerization of IT

  • 1. Consumerization ISSA, January 13th 2011 Michael F. Angelo Chief Security Architect NetIQ Corporation blog: http://community.netiq.com/blogs/
  • 2. Agenda What is Consumerization? Motivation How does it impact you? What can you do about it? Future 2 © 2011 NetIQ Corporation. All rights reserved.
  • 3. What is Consumerization? Leveraging technology, that was originally directed at the consumer, for business purposes. 3 © 2011 NetIQ Corporation. All rights reserved.
  • 4. Two Aspects  Use of consumer based services (facilities) for work −Not going to cover  Use of consumer oriented equipment and software for work (IT) −Going to cover 4 © 2011 NetIQ Corporation. All rights reserved.
  • 5. Motivation (Corporate)  Exit the: −hardware inventory and repair business −phone / pager business −Internet business  Improve productivity  Improve employee satisfaction 5 © 2011 NetIQ Corporation. All rights reserved.
  • 6. Motivation (Employee)  Familiarity with O/S, Software, and Hardware −Can’t do the job with a Pentium II, 512MB, and 30GB −Can’t get information with IE6 −Need features of updated applications. 6 © 2011 NetIQ Corporation. All rights reserved.
  • 7. Does it Happen??? Smart phones/ Mice Keyboards Monitors WiFi Cards Phones/PDAs Laptops The trend has been accelerating, as the base cost of the technology has decreased and employee experience has increased. In addition the ever shrinking corporate budget is acting as an accelerant to the trend. 7 © 2011 NetIQ Corporation. All rights reserved.
  • 8. Does it Happen???  Corporate Stance −Secretive −Ignored −Unofficially Supported −Officially Supported −Subsidized 8 © 2011 NetIQ Corporation. All rights reserved.
  • 9. Does it Happen? “Security is always a tradeoff, and security decisions are often made for non-security reasons. In this case, the right decision is to sacrifice security for convenience and flexibility. Corporations want their employees to be able to work from anywhere, and they‟re going to have loosened control over the tools they allow in order to get it.” -- Bruce Schneier 9 © 2011 NetIQ Corporation. All rights reserved.
  • 10. What is the Impact?  Information Blending  Software Licensing  Legislative Issues 10 © 2011 NetIQ Corporation. All rights reserved.
  • 11. What is the Impact?  Information Leakage −Family & friends −Device Loss −Virus −Personal email – Spear Fishing  Increased Exposure to Threats −Surfing at Home <> Surfing at Work −Torrents 11 © 2011 NetIQ Corporation. All rights reserved.
  • 12. What is the Impact?  Acceptable use policies − How to apply to personal machines?  Out processing of individuals − How do you know organizational data is removed from the employee machine? − Software − PST files − Passwords / wireless / VPN Access − Residual data − Employee / corporate backups 12 © 2011 NetIQ Corporation. All rights reserved.
  • 13. What is the Impact? „23 percent of the largest organizations surveyed have experienced a serious breach or incident because of a personal device on the corporate network.‟ − RSA Study 13 © 2011 NetIQ Corporation. All rights reserved.
  • 14. What is the Impact?  What is your current state? −Is it already there?  Decide if you will allow Consumerization −Don’t wait for it to happen and then rush to formulate policy and procedures −Decision must explicitly include all possible components −Decision must be extended as new technology becomes available 14 © 2011 NetIQ Corporation. All rights reserved.
  • 15. Action today - Define Policies  Balance : − Corporate vs. Employee Accommodations − Corporate vs. Employee vs. Customer Exposures  Corporate: − Must comply with laws − Must maintain fiduciary responsibility − Must not expose corporate assets − At a minimum should address − Employee responsibility − Acceptable use − Protection of assets 15 © 2011 NetIQ Corporation. All rights reserved.
  • 16. Action today – Identify Infrastructure to Extend  Current Tools will work, but do you want to use all of them? − Policy Compliance Tools − Configuration Enforcement Tools − Security Audit Tools − Security Vulnerability Updates − Performance Audit Tools 16 © 2011 NetIQ Corporation. All rights reserved.
  • 17. Action today - Incident response plan Remember: Even with Policies, Procedures, and Tools accidents can happen… Need incident response plan. 17 © 2011 NetIQ Corporation. All rights reserved.
  • 18. Additional Ideas  Security 101: − Keep secret stuff separate from non–secret stuff − Keep corporate stuff separate from personal stuff  Create Virtual Containers for Corporate Work. − Provides compartmentalized facility − Re-boot to access corporate environment 18 © 2011 NetIQ Corporation. All rights reserved.
  • 19. Action today - Native OS or VM on USB Encrypted OS Partition Boot Partition Operating System Applications and Files Boot Loader − Boots OS directly from device − Host provides mouse, keyboard, RAM − Encryption can protect information if device is lost − Limited to OS on device 19 © 2011 NetIQ Corporation. All rights reserved.
  • 20. Action tomorrow - Native OS / VM on USB + TPM Encrypted OS Partition Boot Partition Operating System Secure Boot Loader Applications and Files − Provides a mechanism to generate and measure system characteristics upon which a security decision can be made. − TPM is in almost all commercial grade computers − For more info see: the Trusted Computing Group www.trustedcomputinggroup.org 20 © 2011 NetIQ Corporation. All rights reserved.
  • 21. To Continue the Conversation Please See: Twitter: @mfa007 or @NetIQ For mine, and NetIQ, Security Blogs see: http://bit.ly/11BhzC
  • 22. Image Credits http://www.flickr.com/photos/sanfranannie/3695457758/lightbox http://www.flickr.com/photos/themuuj/3787043200/lightbox/ http://www.flickr.com/photos/nekonoir/2231873666/lightbox/ http://www.flickr.com/photos/scarpagialla/488834555/lightbox/ http://www.flickr.com/photos/schatz/484932511/lightbox/ 22 © 2011 NetIQ Corporation. All rights reserved.

Editor's Notes

  1. LoginsPersonal login information on corporate machine Social Networks / Professional AssociationsCorporate login information on personal machineVPN ConfigurationUser IDs and passwords stored in browsersSoftwarePersonal softwareRestricted use licensesCorporate software on home equipmentLegislated PrivacyEU data protection actUSA HIPAA, SOX, GLBACountry, state/province, local (e.g. CA SB 1386)More laws pendingCross contaminationCorporate backup includes personal informationPersonal backup includes corporate information
  2. http://www.securityweek.com/consumerization-user-driven-it-security-threat#
  3. Various laws protect customer dataEmployee must protect assets whether physical or informational. Protect devices, encrypt HD, remove HD if needed.