SlideShare une entreprise Scribd logo

7.5 steps to overlaying BYoD & IoT on Existing Investments

Caston Thomas
Caston Thomas
MobileTechnologie
1  sur  43
Télécharger pour lire hors ligne
Welcome, my name is Caston Thomas, with InterWorks We’re all struggling with this BYoD/IoT phenomenon. It’s become the rule rather than the exception. Although it may be a convenience to users, we need to think about its impact on our organizations – from a risk standpoint but also from a cultural standpoint as well. Today, I’m going to talk about the risks & rewards of BYOD, the cloud, mobile and the “Internet of Things”. We’ll discuss how we can adapt to this fast changing world while preserving the investments you’ve already made into security, applications, Infrastructure, processes, HR procedures, etc. 1
When I talk about these things, let’s take “BYOD” as the example, the first thing I do is to look at the subject through the same prism. From my standpoint, there are three ways to look at BYoD. And similar perspectives on IoT & cloud hold true as well. We’re talking about the single greatest evolution that IT has ever had to grapple with these days. It is a transformation of not only the device types, but who owns thm, who manages them, who supports them, who pays for them. And the worst part, there’s no “line of demarkation”. It’s a world of gray and I don’t expect that to change any time soon, just because of how fast things are changing. Option 1… personal vs corporate data Option 2…who pays? Option 3… fundamental shift in culture and the relationships that IT & management have with our end users, contractors, guests, & even trading partners BYOD encompasses smartphones, tablets, BlackBerrys, as well as traditional notebook computers. Moving forward it will include things like personal health devices & monitoring equipment, google glass, Apple TV, and new technologies that will sit on our network that provide new information creation points as well as security exposures. Get ready, because here it comes. The last ten years was a cakewalk compared with where we’re headed the next ten years! & it is not just about the devices, it is also about the software & services that will be used -- cloud services & other tools on the web. 2
I won’t be telling we anything we don’t already know. I hope to put it into a perspective and then a framework that allows we to prepare & adapt. The role of IT will change. Budget battles will change. IT operations might slip into irrelevance if LOB can buy its ERP/MRP/CRM from the cloud. But even if that extreme view did occur, the strategic relevance of IT becomes even more instrumental. New turf… new battles… new opportunities… new risks…. 3
So we are an IT security manager, we might be wondering, should we fight or embrace the trends? Many analysts have spoken out on this issue, such as Gartner & Forrester. They think fighting the tide is impossible, & not only that, it’s not even a sensible decision when we look at all the dimensions of the issue. 4
Other analysts have stated that BYOD & IoT will be huge cost-savers, if it is done right. Either way, it’s going to transform our organizations, for better… or worse. 5
Questionsarise… Internal threats Incident response Change management If we don’t change some fundamentalassumptions and our ways of thinking, things will get even worse. Today, on average, there’s a 2.5 day gap between identifying a security breech and fixing it. We have to change!!! Just one example, we as IT & IT security professionalshave a fundamental flaw in how we’ve approached network security. This is it. Everything we’ve done until now has been under the assumption that we must detect and then respond, remediate, fix the vulnerability. We think… “no matter what we do, the bad guys will find a way to get what they want. We’re always on our heels. We’re always on defense. It not part of this presentation,but there are exciting,revolutionary technologies& processes that have been developed. They’re starting to come onto the market and will be mainstreamsoon. I won’t go into it now, but here’s my challenge to you… What if we stop thinking about detecting & responding, and start thinking about PREVENTING!?! Obviously, mobile devices, & more specificallypersonally owned mobile devices, opens we up to all kinds of bad stuff on our network. The most pressing concern is data loss. What happens when the device is stolen, or jailbroken. What happens when an unauthorizeduser or device downloads or uploads data from our network. Malware: In 2013, 80% of organizationswith BYOD policies have seen botnet compromises increase by 100 percent inside their networks. And of course, compliance.The number & type of endpoint devices is multiplying rapidly, & yet we as an IT security manager are tasked with compliance issues. How do we do it? It gets much harder if the endpoint is not one that we own, as is the case with BYOD. & besides mobile devices, there are other issues, such as an employee trying to work around IT by installing their own wireless access point, or using iCloud or Dropbox which we might not want. 6
Comprehensive approach solves different exposures to how different end users need data. It’s how we create a structure for addressing flexibility AND control. We’ve got to stop being “the guys who only say NO”! So let’s talk about the most common security controls for this new world, & I will describe the characteristics of each type of control. 7
When we think about “mobile”, we tend to think about tablets & phones. But we need to think of it more as mobile data, NOT mobile devices. When we think mobile data, we think also about he data on laptops, on home computers, portable storage, maybe even sites like box & dropbox – and certainly those new classes of devices that will come onto our networks in the future. We think about MDM in a generic sense, but that primarily manages the devices. MDM as we know ti today doesn’t do the DLP, or malware, or document classification. There ahs to be more… and there is! --- old notes ---- you could try to manage all the devices on our network. The first iteration of this we know as “Mobile Device Management”, or MDM. This approach has gained a lot of traction, & it allows to lock down parts of the device itself – assuming the device has actually been enrolled in the MDM system & has an agent installed. But MDM usually does not support all the mobile devices that employees are bringing into the office, for example it doesn’t help we secure personally-owned MacBooks & windows PCs. Another problem is the fact that MDM is usually installed as a separate system, with a separate management console, not integrated with anything else. & MDM does nothing to protect our network from unauthorized devices, or devices that are not yet enrolled into the MDM system. 8
Limits of this use case is when the users is disconnected, poor user interface, and a few other minor things. The important part of this is that it goes far in protecting the DATA! --- old presentation --- Your second option, we could restrict the data so that it never gets onto mobile devices. The data never gets copied down to the device. This is very strong data protection, but it does not provide a good user experience for owners of phones & tablets. The form-factor is wrong. These are small-screen devices, & the users are not going to want to use a Windows interface on their iPhone. Moreover, VDI does not work if we don’t have a live Internet connection. So for large populations of mobile users who work on airplanes & taxis, this is a non-starter. Some people think that if we user VDI, we don’t have to worry about the security of the endpoint, but Gartner says this is not the case. They say that “Network access control (NAC) & Network Access Protection (NAP) solutions, including Secure Sockets Layer (SSL) VPN, become vital, allowing policy engines to check that endpoint devices meet minimum specifications before accessing their VDI session (including OS patch levels, presence of an antivirus [AV] solution, up-to-date AV signature files & an acceptable network context).” 9
Wrapper approach, or the mobile application specific VPN In most cases, this needs to still operating side by side with an MDM, but this is really about application control and a degree of data security. IT doesn’t take care of email, calendaring, address books, etc. --- old presentation --- The third option is that we can control the applications that mobile users run. We can build our own enterprise applications using a mobile enterprise application platform (MEAM), or we can use a mobile application wrapper (MAW) from vendors like Mocana & Nukona. These application wrappers help we encrypt & contain the data that the applications use. These approaches are fairly new, it is a niche market. We would probably need some in-house development expertise to roll it out. It looks like a promising approach. But even this approach is not a panacea, because if we read the whitepapers written by these vendors, you’ll see that they rely on we having a distribution mechanism like MDM to distribute & manage the apps. & they don’t necessarily work with email, which is the most common application. 10
A lot of organizations are moving to NAC… Start thinking about the next evolution of NAC. It’s not about “access control”. Change our thinking to “policy enforcement”. Again, a slightly different approach that makes a HUGE difference. Let’s start thinking in terms of “network access policy enforcement”! In doing so, we start to create congruence between security policy (compliance, governance, framework & architecture) and SecOps! Another change… A single “point of policy” should cover all access methods, whether wired, wireless, VPN or mobile. --- old presentation --- Lastly, we can control network access in a very intelligent way. I’m not talking about “blocking all personal devices” from the network, that was solution #1, I’m talking about granting specific network access on the basis of who the user is & what the user has, & how secure that device is. This too is not a panacea, but it’s simple, it’s future- proof. Get 100% visibility & control over everything on our network, & we won’t need any software agents. NAC doesn’t protect the device itself, so if we decide to allow mobile devices onto our network, & we decide to allow data onto the mobile devices (or unbeknownst to you, data winds up on the mobile device), you’ll need something else to protect that data. For example, MDM. 11
I agree with Gartner that two of these controls are especially useful. NAC is foundational to any BYOD strategy, & MDM is also a very popular & useful approach. & these technologies can work together. We can mix-and-match technologies, because in the area of BYOD, a single control is probably not sufficient. In fact, depending on what we are trying to do, different controls are appropriate. Let me explain. 12
Here’s the way I look at the our options. One of our first decisions will have to be to what extent we want to mobilize our workforce. & our choice might be different for different populations of users. For some users, we want to support mobile devices in a limited way, say with just email. But for other users we might choose to fully mobilize them & extend sales force automation systems or home- grown business applications to these users. So think in terms of a range of choices, as shown on this diagram. What are the appropriate security controls for each choice? *** There’s a fundamental process in doing this. We can go through this process for each use case, each user group or role, and/or each application. *** 13
Going back to the issue of NAC. There’s a low cost BYoD/NAC approach. And that’s what I call WAP-NAC. Built into wifi vendors Aerohive, Meraki, & Rukus/Meru (to a lessor degree) are NAC-like capabilities. This gives a good solution for wifi only access, and can be a good interim solution. On all these solutions, there is no additional license charge above the base cost. A slightly different approach could include a guest access/802.1X/certificate approach. There are certainly places where this can (or should) be done, but it’s clearly not a long-term, strategic, unified solution. If we choose to block mobile devices completely, the most common approach is to lock down the wifi and implement MDM restrictions. We can use the built-in mechanisms from the wifi, such as requiring certs on every endpoint that connects to the wireless access point. *** New malware exposures are opening a new issue on personal devices. Hackers are going after their ability to turn on mic’s, camera, GPS tracking etcetera. The problem is that “high value conversations” (board meetings, planning sessions, preparation for negotiations, or personal conversations with loved ones can expose individuals, but also corporate assets. 14
If we want to be more flexible, we want to let mobile devices get onto our wireless network, but we want to limit access with more granularity. NAC can do this, & in fact they allow us to provide different levels of access for different people, groups, roles, and/or device types.. Reiterate a single policy for ALL access. 15
If we want to more aggressively extend mobile applications & out to our users, or to certain classes of users, on top of NAC we should think about combinations of NAC, VDI & MDM systems. Multiple levels of security. TO complete this, we need to add endpoint posture & endpoint tools. Some NAC systems can do posture without a dedicated client. 802.1X can’t do this alone. 16
This is where we want to end up. Even if we do this over a couple of budget cycles, we should create the vision now. There’s a lot of “feature overlap” so having a plan is absolutely required. (This is one good place where InterWorks can help. There are some framing questions that can make the entire process much more linear.) This is a good place to talk about market consolidation… emergence of VDI/MDM convergence vs document classification. Good point for discussion/dialogue, if time. === old presentation === And if we want to fully mobilize our workforce, we should be thinking about a mobile enterprise application management system & ways to push out the applications, update the applications, push out data, secure the data, etc. 17
When security comes face-to-face with business, rule #1 is “Business always win!” Security vs. agility… And if we want to fully mobilize our workforce, we have to be thinking about onboarding, offboarding, mobile enterprise application management system, ways to push out the applications, update the applications, push out data, secure the data, etc. So what do NAC and these other technologies look like with implemented? What is the ultimate approach to all of this look like? 18
19
CAN’T SECURE WHAT WE CAN’T SEE!! Grant access vs. limit access approach Remediation vs. prevention Agility vs security Don’t just find the gaps, fill them! Don’t just find the problems, fix them! Orders of magnitude faster filling of gaps. If time, discuss the changing landscape of technology integration. === old presentation === The key problem to address – is how to balance “access agility” with security. [click] What I mean when I say “access agility” is the ability to have all kinds of people, & all kinds of devices such as smartphones,connecting to our network through many different types of connections. This is what is happening today, it is the road warrior experience, ant it is driving increases in productivity. [click] Of course we have to be concerned about security. We lose a laptop or a smartphone that has corporate data on it, we have a data loss event. Are all the many devices like iPads running antivirus? We bet they are not, & we don’t control those devices anyway, so this is a potential threat vector. What does all this mean with respect to regulations & compliance? It is a concern, because many of these mobile devices are devices that we do not control. Yet we remain responsible for network security. [click twice] To manage these risks & enable the business benefits of accessibility requires a solution that provides visibility & control which is seamless to the end user & highly automated for IT. Now …. Let me expand on the idea of comprehensive visibility. Becauseit is extremely important. We can’t secure what we can’t see. Let me illustratewhat gaps we might have today. 20
21 ===ADD === Continually inspect the device, the traffic, the posture, the “state”… Let’s see how this cycle works… 1. visibility into what is on our network. “see” everything. what is on our network, with deep information about security posture & who is logged into the device. 2. grant network access as per our security policy. Be flexible, for example if we prefer to grant access very liberally & only block access to computers that are seriously infected. This is the stage where we can limit access to just portions of our network, or maybe just grant Internet access. 3. The fourth step is Remediation. not only find security gaps, fix them. 4. continuously inspect the traffic from ever network device to protect our network against attacks. Let me show we details of how this entire cycle works. Let’s start with “see”.
– in real time – what is on our network. [click] detect endpoints, network devices, users & applications. 22
The next step is to grant network access. Have a range of actions ranging from gentle actions such as sending alerts to the administrator, educational actions such as telling the user that they are violating a policy, or more assertive actions such as restricting network access. If we don’t want unauthorized devices or people on our network… [click] remove them. Automatically. So those unauthorized devices are now gone from our network. But we still might have some problems with the authorized endpoints themselves. That is where our second level of automated enforcement comes into play. Automated endpoint remediation. 23
We help we find & fix problems with our endpoints. [click] Update the operating system. [click] Disable USB memory sticks. [click] Kill applications we don’t want running. Automated, saving time & money. 24
Talk about the “range of enforcement” -> gentle actions versus assertive Even though unauthorized devices are gone, my still have significant exposures Good endpoint goes bad Automate the process Zeroday??? What to do? What to do!?! built-in threat prevention that has the smarts to detect when an otherwise “good” endpoint has gone bad due to some sort of infection or compromise. zero-day protection against like Conficker, Zeus, Stuxnet. 25
Let’ revisit the range of actions, from gentle to assertive. 26
directly remediate Apple iOS devices. Some of the actions are shown here – we can lock the device, set the password, wipe the data, etc. 27
If you’d like to download a complementary whitepaper from the SANS institute, or from IDC, drop me an email & I’ll be happy to forward we links. 28
Step 1: Form a committee The BYOD program will fail if it does not meet theneeds of all theconstituencies. So we will need a team which includes members from different IT departments (e.g., security, network, endpoint & application) plus a representativesampleof users in our organization. It’s important to discuss who is actually accountablefor thesuccess of the BYOD program, & who will beaccountablefor the enforcement of whatever security policies wedecide on. An exampleof why a committeeis important is that in our experience, the IT department should not beheld accountablefor enforcement, because that puts IT in a bad position, & thewrong position. Theemployeeworks for his business unit, for his manager, & theemployeeusually has a dotted linerelationship usuallyto HR. Whatever BYODpolicy that our committeedevelops needs to bean agreement between theemployee& his manager, or between theemployee& HR. So if the employeedoes something against policy, & wehavean IT control that discovers theviolation, & theIT control revokes theability for thedeviceto access the network –we want the business unit & theHR department to bethe primary stakeholders that are responsiblefor that situation between theemployee& theorganization. Step 2: Gatherdata You need to document the status quo. Review current policies, & make note of the prevailingattitudes toward security & management. Is it supportive, antagonistic or Indifferent? Identify which departments/groups/individualshave been most active in developing policies in the past. Gather data about our status quo including • Counts of devices in use by platform, OS version, company-owned, personally owned or in the hands of non- company personnel, such as contractors • Assessment of data currently passing onto & through mobile devices • Mobile device applications in use, app ownership & app security profiles • All entry paths used by mobile devices, such as cellular, Wi-Fi, bridge to workstation or VPN Step 3: Identify & Prioritize Use Cases via WorkforceAnalysis To be effective, mobile device policies must be context-oriented to match the reality of a company's use cases. We will need to plan out: • How will mobile devices be used? • Which mobile applicationsneed to be used offline such as on airplanes & in elevators? • What informationwill be accessible through mobile devices? • What informationwill be stored on the mobile devices? Step 4: Create an economic model Step 4 is the point where we can start to create an economic model. We won’t finish it in step 4, because subsequent steps are going to feed into that moel, but this is the right place to start the process. 29
The jury is out as to whether BYOD programs save money or not. Some organizationssay they do, some organizationssay they don’t. Even if BYOD does not save we money, it still might be a great thing for our organizationbecause it will result in productivitygains & employee satisfaction gains. If our company’s success depends on our ability to hire bright 20-year-olds, & if we are competing for talent, then having a BYOD program might be an essential element in our corporate strategy. Some of the costs are shown here – we have device costs & data connectivitycosts. We may or may not choose to give our employees a stipend to cover either. Some companies decide to cover the data plans for their employees, achieve economies of scale, & not have to worry about hassling with expense reports. We may with to provide our employees with 3G or 4G data access for their laptop computers – turn them into road warriors. Then we have the cost of software licenses. Keeping track of software that we own, but which is installed on personally owned computers, might be challenging. You’ll need a tracking system for that. Last on this list are infrastructurecosts. We will likely need additional security & management systems for BYOD. We may choose to deploy a mobile device managementsystem. They are not cheap. Some strategies for providingnetwork access involve putting the mobile devices directly on the wireless LAN, some strategies involve putting the mobile devices on the Internet & routing them back into the network via a VPN. The latter is a much more expensive route to take, & we need to account for it if that is what we choose to do. Last is the cost for data protection. We may choose to deploy encryption & data loss prevention tools to BYOD devices. Step 5: Formulate policies If yours is a large organization,we may wish to consider different policies for different populations of users. For example, for the majority of our employees, we might wish to support simple applicationslike email & just a small number of mobile devices, like Blackberry& Apple. For another population of users, for example our sales organization, we might wish to additionallysupport a sales force automation package, & we might wish to extend support to Android devices in addition to the Blackberry & Apple devices. & for key executives, we will provide best effort support for other applications on these devices, on a per-request basis. Analysts at Gartner are big proponents of this model, which is the opposite of “one size fits all”. They call their model “managed diversity.” When we decide on our policies, we need to strike a balance between user flexibility & security. The user experience is important & must be taken into account in the new policies. However, user experience is not the trump card. We cannot allow employees to dictate a path that causes the enterprise to accept too much risk. Where applications & data will reside on personal devices, companies should set limits on which personal platforms are supported & should be prepared to limit the types of information made availableto personal devices. Step 6: Decide how to protect our network Now that we have a plan for which kinds of devices we are going to allow, & what kinds of applications we are going to authorize on each device, our next step is to decide how to protect our network from unauthorized devices, non-compliantdevices, rogue devices, & how we are going to limit network access. The first decision we need to make is how automated we want to get. Some organizations aim for the lowest possible investment in network security, which is a manual system. Essentially, we can manually deploy 802.1X configurations& certificates to whichever devices we want to allow on the network, then we tell our wireless network to block anything that is not correctly configured. If this is our choice, we don’t need a separate network access control product, but we don’t gain the benefits of network access control automation. The process of figuring out which devices should receive a certificate & an 802.1X supplicant is manual, & it is static. If we change our mind in the future, for example we decide we want to revoke network privilegesfor certain types of Android systems, then a manual system is very difficult to work with. 29
A manual 802.1X system is also quite dumb. All it can really do is distinguish devices with certificates & those without certificates. It can’t perform any sort of compliancecheck on the endpoint. So go back to step 5: If our policy is to only allow certain types of devices, with certain types of configurations– for example, a password if the device is a smartphone, & antivirus if the device is a PC – then we need a network access control system that can enforce the complexitiesof our policy. Another decision we will need to make is how many wireless networks we are going to deploy. If we have a network access control system, we can probably get away with one wireless network, or maybe a two- network scenario in which one wireless network is used for production & another wireless network is used for open access to the internet. If we have chosen not to purchase a NAC system, then we may need at least three wireless networks – one for corporate-owned devices, one for BYOD devices, & a third for Internet access. Step 7: Decide how to protect our data In any BYOD project, we need to figure out a way to secure our data. Network access control will protect data on our network from unauthorized devices & non-compliantdevices, but in this step we are trying to figure out how to protect data on a mobile device. In this scenario, a device has been authenticated, & the device is (or was) seen to be compliant with security policies, & we are going to let the user access sensitive data on our network. SO how do we protect the data on that device? There are two basic methods that we will need to choose from: The first method is to deploy a container onto the mobile device. That container is some sort of mobile app, or maybe multipleapps each with its own container. The container prevents data from moving from one app to another, & it typicallyincludes encryption & data loss prevention controls built into the container. Often we will find that mobile device management products include containers for data. The most popular containerized applicationis an email app. If we deploy an email app with a strong container, we can force our users to use that email app for all corporate email. That will ensure that corporate email does not get mixed with personal email, & it will ensure that the device communicates to & through whatever data security products we have deployed at our corporate gateway. For example, supposed we have implementeda content filteringsystem for all inbound & outbound email to our organization.The containerizedemail app that we deploy onto mobile devices will be forced to send & receive through this content filtering system. This means that our email security controls will be consistently applied to all employees, no matter what type of device they are using. The container also helps we delete data whenever we need to, without fear of deleting the employee’s valuable personal information. Separation of corporate data from personal data is the goal when we use containers to protect data. An alternative approach to protect data is to never let the data get onto the mobile device in the first place. We can use a hosted virtual desktop product, for example something like Citrix, to allow the end- user to interact with data, & to see data, but the data always remains firmlyon the corporate network. The data itself never travels onto the mobile device, never gets stored onto the mobile device. There are two significant drawbacks with this method: First, the user experience tends to be poor, because the applicationstend to emulate a Windows environment. But the employee who is using an iPhone does not want to interact with a Windows app on his small screen, he wants to interact with a native iPhone app that has been optimizedfor his small format screen. The second drawback is the fact that in this approach, the end-user needs to always have a live Internet connection. If we are on a plane at 30,000 feet, this approach won’t work. Whatever productivity gains we were hoping to achieve from the BYOD program, they pretty quickly fall to zero with this approach. 29
That said, BYOD is not only about smartphones, it is also about computers. So a hosted virtual desktop approach might make perfect sense for employees that wiish to use their personal windows computers for business purposes. Step 8: Build a project plan You will need a plan for implementingwhatever controls we want to implement, which might include • remote device management • application controls • Policy compliance& audit reports • Data & device encryption • Augmenting cloud storage security • Wiping devices when retired • Revoking access to devices when end-user relationshipchanges from employee to guest • Revoking access to devices when employees are terminated by the company Step 9: Evaluate solutions We will be happy to engage with our team & recommend the right solutions for our organization. When we do evaluate a solution , make sure that we consider the impact on our existing network & how well the solution will strike the right balance between cost, security, & user concerns. The most secure solution is never the most usable solution, we need to strike a balance. Step 10. Implement solutions Begin with a pilot group from each of the stakeholders' departments Expand pilot to departments based on our organizationalcriteria Open BYOD program to all employees 29
30
31
32
33
34
35
36
37
38
I would like to go back to steps 6 & 7 & give we a little more detailed information about the various types of enforcement solutions that are available. 39
I hope this has been valuable to you, to understand the different approaches that we could take to enforce mobile security policies. 40

Recommandé

Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010thaiantivirus
 
Security that works
Security that worksSecurity that works
Security that worksJames1280
 
How the Internet of Things Leads to Better, Faster Crisis Communication
How the Internet of Things Leads to Better, Faster Crisis Communication How the Internet of Things Leads to Better, Faster Crisis Communication
How the Internet of Things Leads to Better, Faster Crisis CommunicationBlackBerry
 
Internet of things enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)Internet of things enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)Davor Dokonal
 
Is Your Organization in Crisis?
Is Your Organization in Crisis?Is Your Organization in Crisis?
Is Your Organization in Crisis?BlackBerry
 
Enterprise Mobility Applications: Addressing a Growing Gap
Enterprise Mobility Applications: Addressing a Growing GapEnterprise Mobility Applications: Addressing a Growing Gap
Enterprise Mobility Applications: Addressing a Growing GapBlackBerry
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityТранслируем.бел
 

Recommandé

Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010thaiantivirus
 
Security that works
Security that worksSecurity that works
Security that worksJames1280
 
How the Internet of Things Leads to Better, Faster Crisis Communication
How the Internet of Things Leads to Better, Faster Crisis Communication How the Internet of Things Leads to Better, Faster Crisis Communication
How the Internet of Things Leads to Better, Faster Crisis CommunicationBlackBerry
 
Internet of things enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)Internet of things enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)Davor Dokonal
 
Is Your Organization in Crisis?
Is Your Organization in Crisis?Is Your Organization in Crisis?
Is Your Organization in Crisis?BlackBerry
 
Enterprise Mobility Applications: Addressing a Growing Gap
Enterprise Mobility Applications: Addressing a Growing GapEnterprise Mobility Applications: Addressing a Growing Gap
Enterprise Mobility Applications: Addressing a Growing GapBlackBerry
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityТранслируем.бел
 
The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019Insights success media and technology pvt ltd
 
Networking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersNetworking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersEric Wong
 
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...Dana Gardner
 
CIO Mobility Playbook
CIO Mobility PlaybookCIO Mobility Playbook
CIO Mobility PlaybookJuniper Networks
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreIBM Software India
 
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMStaying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMRick Bouter
 
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...Dana Gardner
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile SecurityRogers Communications
 
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...mkeane
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeBlackBerry
 
Navigating the Flood of BYOD
Navigating the Flood of BYODNavigating the Flood of BYOD
Navigating the Flood of BYODLiveAction Next Generation Network Management Software
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devicesiSSAL
 
Cisco io t for vietnam cio community 2 apr 2015 - split
Cisco io t for vietnam cio community 2 apr 2015 - splitCisco io t for vietnam cio community 2 apr 2015 - split
Cisco io t for vietnam cio community 2 apr 2015 - splitPhuc (Peter) Huynh
 
The Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesThe Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesWavestone
 
Social Enterprise: Trust; Vision; Revolution
Social Enterprise: Trust; Vision; RevolutionSocial Enterprise: Trust; Vision; Revolution
Social Enterprise: Trust; Vision; RevolutionPeter Coffee
 
IS_Associates_IoT_Pres_Miller_Broadcom
IS_Associates_IoT_Pres_Miller_BroadcomIS_Associates_IoT_Pres_Miller_Broadcom
IS_Associates_IoT_Pres_Miller_BroadcomWilliam H. Miller, Jr.
 
Overcoming The Biggest Barriers To Cloud Computing?
Overcoming The Biggest Barriers To Cloud Computing?Overcoming The Biggest Barriers To Cloud Computing?
Overcoming The Biggest Barriers To Cloud Computing?Bernard Marr
 
Dell's Intelligent Data Management Strategy by IDC
Dell's Intelligent Data Management Strategy by IDCDell's Intelligent Data Management Strategy by IDC
Dell's Intelligent Data Management Strategy by IDCarms8586
 
Consumidores Digitais: The Executive's Guide to the Internet of Things (ZD Net)
Consumidores Digitais: The Executive's Guide to the Internet of Things (ZD Net)Consumidores Digitais: The Executive's Guide to the Internet of Things (ZD Net)
Consumidores Digitais: The Executive's Guide to the Internet of Things (ZD Net)Consumidores Digitais
 
2015 12 08 Evanta CIO Summit_Miller
2015 12 08 Evanta CIO Summit_Miller2015 12 08 Evanta CIO Summit_Miller
2015 12 08 Evanta CIO Summit_MillerWilliam H. Miller, Jr.
 
Mti byod wp_uk
Mti byod wp_ukMti byod wp_uk
Mti byod wp_ukJ
 
Securing a mobile oriented enterprise
Securing a mobile oriented enterpriseSecuring a mobile oriented enterprise
Securing a mobile oriented enterpriseinfra-si
 

Contenu connexe

Tendances

Networking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersNetworking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersEric Wong
 
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...Dana Gardner
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreIBM Software India
 
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMStaying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMRick Bouter
 
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...Dana Gardner
 
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...mkeane
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeBlackBerry
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devicesiSSAL
 
Cisco io t for vietnam cio community 2 apr 2015 - split
Cisco io t for vietnam cio community 2 apr 2015 - splitCisco io t for vietnam cio community 2 apr 2015 - split
Cisco io t for vietnam cio community 2 apr 2015 - splitPhuc (Peter) Huynh
 
The Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesThe Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesWavestone
 
Social Enterprise: Trust; Vision; Revolution
Social Enterprise: Trust; Vision; RevolutionSocial Enterprise: Trust; Vision; Revolution
Social Enterprise: Trust; Vision; RevolutionPeter Coffee
 
IS_Associates_IoT_Pres_Miller_Broadcom
IS_Associates_IoT_Pres_Miller_BroadcomIS_Associates_IoT_Pres_Miller_Broadcom
IS_Associates_IoT_Pres_Miller_BroadcomWilliam H. Miller, Jr.
 
Overcoming The Biggest Barriers To Cloud Computing?
Overcoming The Biggest Barriers To Cloud Computing?Overcoming The Biggest Barriers To Cloud Computing?
Overcoming The Biggest Barriers To Cloud Computing?Bernard Marr
 
Dell's Intelligent Data Management Strategy by IDC
Dell's Intelligent Data Management Strategy by IDCDell's Intelligent Data Management Strategy by IDC
Dell's Intelligent Data Management Strategy by IDCarms8586
 
Consumidores Digitais: The Executive's Guide to the Internet of Things (ZD Net)
Consumidores Digitais: The Executive's Guide to the Internet of Things (ZD Net)Consumidores Digitais: The Executive's Guide to the Internet of Things (ZD Net)
Consumidores Digitais: The Executive's Guide to the Internet of Things (ZD Net)Consumidores Digitais
 

Tendances (20)

The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019
 
Networking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersNetworking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile Workers
 
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...
 
CIO Mobility Playbook
CIO Mobility PlaybookCIO Mobility Playbook
CIO Mobility Playbook
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangalore
 
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMStaying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBM
 
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
How to Gain Advanced Cyber Resilience and Recovery Across Digital Business Wo...
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile Security
 
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat Landscape
 
Navigating the Flood of BYOD
Navigating the Flood of BYODNavigating the Flood of BYOD
Navigating the Flood of BYOD
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devices
 
Cisco io t for vietnam cio community 2 apr 2015 - split
Cisco io t for vietnam cio community 2 apr 2015 - splitCisco io t for vietnam cio community 2 apr 2015 - split
Cisco io t for vietnam cio community 2 apr 2015 - split
 
The Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesThe Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devices
 
Social Enterprise: Trust; Vision; Revolution
Social Enterprise: Trust; Vision; RevolutionSocial Enterprise: Trust; Vision; Revolution
Social Enterprise: Trust; Vision; Revolution
 
IS_Associates_IoT_Pres_Miller_Broadcom
IS_Associates_IoT_Pres_Miller_BroadcomIS_Associates_IoT_Pres_Miller_Broadcom
IS_Associates_IoT_Pres_Miller_Broadcom
 
Overcoming The Biggest Barriers To Cloud Computing?
Overcoming The Biggest Barriers To Cloud Computing?Overcoming The Biggest Barriers To Cloud Computing?
Overcoming The Biggest Barriers To Cloud Computing?
 
Dell's Intelligent Data Management Strategy by IDC
Dell's Intelligent Data Management Strategy by IDCDell's Intelligent Data Management Strategy by IDC
Dell's Intelligent Data Management Strategy by IDC
 
Consumidores Digitais: The Executive's Guide to the Internet of Things (ZD Net)
Consumidores Digitais: The Executive's Guide to the Internet of Things (ZD Net)Consumidores Digitais: The Executive's Guide to the Internet of Things (ZD Net)
Consumidores Digitais: The Executive's Guide to the Internet of Things (ZD Net)
 
2015 12 08 Evanta CIO Summit_Miller
2015 12 08 Evanta CIO Summit_Miller2015 12 08 Evanta CIO Summit_Miller
2015 12 08 Evanta CIO Summit_Miller
 

Similaire à 7.5 steps to overlaying BYoD & IoT on Existing Investments

Mti byod wp_uk
Mti byod wp_ukMti byod wp_uk
Mti byod wp_ukJ
 
Securing a mobile oriented enterprise
Securing a mobile oriented enterpriseSecuring a mobile oriented enterprise
Securing a mobile oriented enterpriseinfra-si
 
Cloud migration risk
Cloud migration riskCloud migration risk
Cloud migration riskEdgevalue
 
how_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxhow_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxMarta Kusinska
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanShuja Ahmad
 
Bring Your Own Device (BYOD) is Here to Stay, But What About The Risks
Bring Your Own Device (BYOD) is Here to Stay, But What About The RisksBring Your Own Device (BYOD) is Here to Stay, But What About The Risks
Bring Your Own Device (BYOD) is Here to Stay, But What About The RisksLogicalis
 
Bring your own device (byod) is here to stay, but what about the risks
Bring your own device (byod) is here to stay, but what about the risksBring your own device (byod) is here to stay, but what about the risks
Bring your own device (byod) is here to stay, but what about the risksLogicalis
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxjeffevans62972
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxodiliagilby
 
TEC H 10042013 @ 615PM 15,497 viewsCell phone.docx
TEC H 10042013 @ 615PM 15,497 viewsCell phone.docxTEC H 10042013 @ 615PM 15,497 viewsCell phone.docx
TEC H 10042013 @ 615PM 15,497 viewsCell phone.docxssuserf9c51d
 
TEC H 10042013 @ 615PM 15,497 viewsCell phone.docx
TEC H 10042013 @ 615PM 15,497 viewsCell phone.docxTEC H 10042013 @ 615PM 15,497 viewsCell phone.docx
TEC H 10042013 @ 615PM 15,497 viewsCell phone.docxmattinsonjanel
 
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERIntegrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERMobiloitte
 
How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...
How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...
How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...Dana Gardner
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
Telecommunications Working from home  Security and remote working ca
Telecommunications Working from home  Security and remote working caTelecommunications Working from home  Security and remote working ca
Telecommunications Working from home  Security and remote working caalehosickg3
 
Be Prepared For Byod
Be Prepared For ByodBe Prepared For Byod
Be Prepared For ByodNováccent
 
1594884 - Pearson Education Limited ©Q7-8 2026 Within t.docx
1594884 - Pearson Education Limited ©Q7-8 2026 Within t.docx1594884 - Pearson Education Limited ©Q7-8 2026 Within t.docx
1594884 - Pearson Education Limited ©Q7-8 2026 Within t.docxdurantheseldine
 
How to fail in the IoT business
How to fail in the IoT businessHow to fail in the IoT business
How to fail in the IoT businessPerry Lea
 
IT trends – 2013 & beyond
IT trends – 2013 & beyondIT trends – 2013 & beyond
IT trends – 2013 & beyondNeha Mehta
 
Intel and the Internet of Things
Intel and the Internet of ThingsIntel and the Internet of Things
Intel and the Internet of ThingsDaren Dunkel
 

Similaire à 7.5 steps to overlaying BYoD & IoT on Existing Investments (20)

Mti byod wp_uk
Mti byod wp_ukMti byod wp_uk
Mti byod wp_uk
 
Securing a mobile oriented enterprise
Securing a mobile oriented enterpriseSecuring a mobile oriented enterprise
Securing a mobile oriented enterprise
 
Cloud migration risk
Cloud migration riskCloud migration risk
Cloud migration risk
 
how_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxhow_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knox
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in Pakistan
 
Bring Your Own Device (BYOD) is Here to Stay, But What About The Risks
Bring Your Own Device (BYOD) is Here to Stay, But What About The RisksBring Your Own Device (BYOD) is Here to Stay, But What About The Risks
Bring Your Own Device (BYOD) is Here to Stay, But What About The Risks
 
Bring your own device (byod) is here to stay, but what about the risks
Bring your own device (byod) is here to stay, but what about the risksBring your own device (byod) is here to stay, but what about the risks
Bring your own device (byod) is here to stay, but what about the risks
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docx
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docx
 
TEC H 10042013 @ 615PM 15,497 viewsCell phone.docx
TEC H 10042013 @ 615PM 15,497 viewsCell phone.docxTEC H 10042013 @ 615PM 15,497 viewsCell phone.docx
TEC H 10042013 @ 615PM 15,497 viewsCell phone.docx
 
TEC H 10042013 @ 615PM 15,497 viewsCell phone.docx
TEC H 10042013 @ 615PM 15,497 viewsCell phone.docxTEC H 10042013 @ 615PM 15,497 viewsCell phone.docx
TEC H 10042013 @ 615PM 15,497 viewsCell phone.docx
 
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERIntegrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPER
 
How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...
How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...
How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
Telecommunications Working from home  Security and remote working ca
Telecommunications Working from home  Security and remote working caTelecommunications Working from home  Security and remote working ca
Telecommunications Working from home  Security and remote working ca
 
Be Prepared For Byod
Be Prepared For ByodBe Prepared For Byod
Be Prepared For Byod
 
1594884 - Pearson Education Limited ©Q7-8 2026 Within t.docx
1594884 - Pearson Education Limited ©Q7-8 2026 Within t.docx1594884 - Pearson Education Limited ©Q7-8 2026 Within t.docx
1594884 - Pearson Education Limited ©Q7-8 2026 Within t.docx
 
How to fail in the IoT business
How to fail in the IoT businessHow to fail in the IoT business
How to fail in the IoT business
 
IT trends – 2013 & beyond
IT trends – 2013 & beyondIT trends – 2013 & beyond
IT trends – 2013 & beyond
 
Intel and the Internet of Things
Intel and the Internet of ThingsIntel and the Internet of Things
Intel and the Internet of Things
 

Plus de Caston Thomas

Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"Caston Thomas
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Caston Thomas
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)Caston Thomas
 
How to adapt to the IoT
How to adapt to the IoTHow to adapt to the IoT
How to adapt to the IoTCaston Thomas
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iotCaston Thomas
 
How to adapt to the IOT
How to adapt to the IOTHow to adapt to the IOT
How to adapt to the IOTCaston Thomas
 
The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3Caston Thomas
 
Inter works golden circles for healthcare it
Inter works golden circles for healthcare itInter works golden circles for healthcare it
Inter works golden circles for healthcare itCaston Thomas
 
How I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYODHow I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYODCaston Thomas
 

Plus de Caston Thomas (9)

Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"Master gardeners... meet... "High Yech"
Master gardeners... meet... "High Yech"
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)
 
How to adapt to the IoT
How to adapt to the IoTHow to adapt to the IoT
How to adapt to the IoT
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot
 
How to adapt to the IOT
How to adapt to the IOTHow to adapt to the IOT
How to adapt to the IOT
 
The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3The internet of things (io t) for issa v1.3
The internet of things (io t) for issa v1.3
 
Inter works golden circles for healthcare it
Inter works golden circles for healthcare itInter works golden circles for healthcare it
Inter works golden circles for healthcare it
 
How I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYODHow I learned to stop worrying & love the BYOD
How I learned to stop worrying & love the BYOD
 

7.5 steps to overlaying BYoD & IoT on Existing Investments

  • 1. Welcome, my name is Caston Thomas, with InterWorks We’re all struggling with this BYoD/IoT phenomenon. It’s become the rule rather than the exception. Although it may be a convenience to users, we need to think about its impact on our organizations – from a risk standpoint but also from a cultural standpoint as well. Today, I’m going to talk about the risks & rewards of BYOD, the cloud, mobile and the “Internet of Things”. We’ll discuss how we can adapt to this fast changing world while preserving the investments you’ve already made into security, applications, Infrastructure, processes, HR procedures, etc. 1
  • 2. When I talk about these things, let’s take “BYOD” as the example, the first thing I do is to look at the subject through the same prism. From my standpoint, there are three ways to look at BYoD. And similar perspectives on IoT & cloud hold true as well. We’re talking about the single greatest evolution that IT has ever had to grapple with these days. It is a transformation of not only the device types, but who owns thm, who manages them, who supports them, who pays for them. And the worst part, there’s no “line of demarkation”. It’s a world of gray and I don’t expect that to change any time soon, just because of how fast things are changing. Option 1… personal vs corporate data Option 2…who pays? Option 3… fundamental shift in culture and the relationships that IT & management have with our end users, contractors, guests, & even trading partners BYOD encompasses smartphones, tablets, BlackBerrys, as well as traditional notebook computers. Moving forward it will include things like personal health devices & monitoring equipment, google glass, Apple TV, and new technologies that will sit on our network that provide new information creation points as well as security exposures. Get ready, because here it comes. The last ten years was a cakewalk compared with where we’re headed the next ten years! & it is not just about the devices, it is also about the software & services that will be used -- cloud services & other tools on the web. 2
  • 3. I won’t be telling we anything we don’t already know. I hope to put it into a perspective and then a framework that allows we to prepare & adapt. The role of IT will change. Budget battles will change. IT operations might slip into irrelevance if LOB can buy its ERP/MRP/CRM from the cloud. But even if that extreme view did occur, the strategic relevance of IT becomes even more instrumental. New turf… new battles… new opportunities… new risks…. 3
  • 4. So we are an IT security manager, we might be wondering, should we fight or embrace the trends? Many analysts have spoken out on this issue, such as Gartner & Forrester. They think fighting the tide is impossible, & not only that, it’s not even a sensible decision when we look at all the dimensions of the issue. 4
  • 5. Other analysts have stated that BYOD & IoT will be huge cost-savers, if it is done right. Either way, it’s going to transform our organizations, for better… or worse. 5
  • 6. Questionsarise… Internal threats Incident response Change management If we don’t change some fundamentalassumptions and our ways of thinking, things will get even worse. Today, on average, there’s a 2.5 day gap between identifying a security breech and fixing it. We have to change!!! Just one example, we as IT & IT security professionalshave a fundamental flaw in how we’ve approached network security. This is it. Everything we’ve done until now has been under the assumption that we must detect and then respond, remediate, fix the vulnerability. We think… “no matter what we do, the bad guys will find a way to get what they want. We’re always on our heels. We’re always on defense. It not part of this presentation,but there are exciting,revolutionary technologies& processes that have been developed. They’re starting to come onto the market and will be mainstreamsoon. I won’t go into it now, but here’s my challenge to you… What if we stop thinking about detecting & responding, and start thinking about PREVENTING!?! Obviously, mobile devices, & more specificallypersonally owned mobile devices, opens we up to all kinds of bad stuff on our network. The most pressing concern is data loss. What happens when the device is stolen, or jailbroken. What happens when an unauthorizeduser or device downloads or uploads data from our network. Malware: In 2013, 80% of organizationswith BYOD policies have seen botnet compromises increase by 100 percent inside their networks. And of course, compliance.The number & type of endpoint devices is multiplying rapidly, & yet we as an IT security manager are tasked with compliance issues. How do we do it? It gets much harder if the endpoint is not one that we own, as is the case with BYOD. & besides mobile devices, there are other issues, such as an employee trying to work around IT by installing their own wireless access point, or using iCloud or Dropbox which we might not want. 6
  • 7. Comprehensive approach solves different exposures to how different end users need data. It’s how we create a structure for addressing flexibility AND control. We’ve got to stop being “the guys who only say NO”! So let’s talk about the most common security controls for this new world, & I will describe the characteristics of each type of control. 7
  • 8. When we think about “mobile”, we tend to think about tablets & phones. But we need to think of it more as mobile data, NOT mobile devices. When we think mobile data, we think also about he data on laptops, on home computers, portable storage, maybe even sites like box & dropbox – and certainly those new classes of devices that will come onto our networks in the future. We think about MDM in a generic sense, but that primarily manages the devices. MDM as we know ti today doesn’t do the DLP, or malware, or document classification. There ahs to be more… and there is! --- old notes ---- you could try to manage all the devices on our network. The first iteration of this we know as “Mobile Device Management”, or MDM. This approach has gained a lot of traction, & it allows to lock down parts of the device itself – assuming the device has actually been enrolled in the MDM system & has an agent installed. But MDM usually does not support all the mobile devices that employees are bringing into the office, for example it doesn’t help we secure personally-owned MacBooks & windows PCs. Another problem is the fact that MDM is usually installed as a separate system, with a separate management console, not integrated with anything else. & MDM does nothing to protect our network from unauthorized devices, or devices that are not yet enrolled into the MDM system. 8
  • 9. Limits of this use case is when the users is disconnected, poor user interface, and a few other minor things. The important part of this is that it goes far in protecting the DATA! --- old presentation --- Your second option, we could restrict the data so that it never gets onto mobile devices. The data never gets copied down to the device. This is very strong data protection, but it does not provide a good user experience for owners of phones & tablets. The form-factor is wrong. These are small-screen devices, & the users are not going to want to use a Windows interface on their iPhone. Moreover, VDI does not work if we don’t have a live Internet connection. So for large populations of mobile users who work on airplanes & taxis, this is a non-starter. Some people think that if we user VDI, we don’t have to worry about the security of the endpoint, but Gartner says this is not the case. They say that “Network access control (NAC) & Network Access Protection (NAP) solutions, including Secure Sockets Layer (SSL) VPN, become vital, allowing policy engines to check that endpoint devices meet minimum specifications before accessing their VDI session (including OS patch levels, presence of an antivirus [AV] solution, up-to-date AV signature files & an acceptable network context).” 9
  • 10. Wrapper approach, or the mobile application specific VPN In most cases, this needs to still operating side by side with an MDM, but this is really about application control and a degree of data security. IT doesn’t take care of email, calendaring, address books, etc. --- old presentation --- The third option is that we can control the applications that mobile users run. We can build our own enterprise applications using a mobile enterprise application platform (MEAM), or we can use a mobile application wrapper (MAW) from vendors like Mocana & Nukona. These application wrappers help we encrypt & contain the data that the applications use. These approaches are fairly new, it is a niche market. We would probably need some in-house development expertise to roll it out. It looks like a promising approach. But even this approach is not a panacea, because if we read the whitepapers written by these vendors, you’ll see that they rely on we having a distribution mechanism like MDM to distribute & manage the apps. & they don’t necessarily work with email, which is the most common application. 10
  • 11. A lot of organizations are moving to NAC… Start thinking about the next evolution of NAC. It’s not about “access control”. Change our thinking to “policy enforcement”. Again, a slightly different approach that makes a HUGE difference. Let’s start thinking in terms of “network access policy enforcement”! In doing so, we start to create congruence between security policy (compliance, governance, framework & architecture) and SecOps! Another change… A single “point of policy” should cover all access methods, whether wired, wireless, VPN or mobile. --- old presentation --- Lastly, we can control network access in a very intelligent way. I’m not talking about “blocking all personal devices” from the network, that was solution #1, I’m talking about granting specific network access on the basis of who the user is & what the user has, & how secure that device is. This too is not a panacea, but it’s simple, it’s future- proof. Get 100% visibility & control over everything on our network, & we won’t need any software agents. NAC doesn’t protect the device itself, so if we decide to allow mobile devices onto our network, & we decide to allow data onto the mobile devices (or unbeknownst to you, data winds up on the mobile device), you’ll need something else to protect that data. For example, MDM. 11
  • 12. I agree with Gartner that two of these controls are especially useful. NAC is foundational to any BYOD strategy, & MDM is also a very popular & useful approach. & these technologies can work together. We can mix-and-match technologies, because in the area of BYOD, a single control is probably not sufficient. In fact, depending on what we are trying to do, different controls are appropriate. Let me explain. 12
  • 13. Here’s the way I look at the our options. One of our first decisions will have to be to what extent we want to mobilize our workforce. & our choice might be different for different populations of users. For some users, we want to support mobile devices in a limited way, say with just email. But for other users we might choose to fully mobilize them & extend sales force automation systems or home- grown business applications to these users. So think in terms of a range of choices, as shown on this diagram. What are the appropriate security controls for each choice? *** There’s a fundamental process in doing this. We can go through this process for each use case, each user group or role, and/or each application. *** 13
  • 14. Going back to the issue of NAC. There’s a low cost BYoD/NAC approach. And that’s what I call WAP-NAC. Built into wifi vendors Aerohive, Meraki, & Rukus/Meru (to a lessor degree) are NAC-like capabilities. This gives a good solution for wifi only access, and can be a good interim solution. On all these solutions, there is no additional license charge above the base cost. A slightly different approach could include a guest access/802.1X/certificate approach. There are certainly places where this can (or should) be done, but it’s clearly not a long-term, strategic, unified solution. If we choose to block mobile devices completely, the most common approach is to lock down the wifi and implement MDM restrictions. We can use the built-in mechanisms from the wifi, such as requiring certs on every endpoint that connects to the wireless access point. *** New malware exposures are opening a new issue on personal devices. Hackers are going after their ability to turn on mic’s, camera, GPS tracking etcetera. The problem is that “high value conversations” (board meetings, planning sessions, preparation for negotiations, or personal conversations with loved ones can expose individuals, but also corporate assets. 14
  • 15. If we want to be more flexible, we want to let mobile devices get onto our wireless network, but we want to limit access with more granularity. NAC can do this, & in fact they allow us to provide different levels of access for different people, groups, roles, and/or device types.. Reiterate a single policy for ALL access. 15
  • 16. If we want to more aggressively extend mobile applications & out to our users, or to certain classes of users, on top of NAC we should think about combinations of NAC, VDI & MDM systems. Multiple levels of security. TO complete this, we need to add endpoint posture & endpoint tools. Some NAC systems can do posture without a dedicated client. 802.1X can’t do this alone. 16
  • 17. This is where we want to end up. Even if we do this over a couple of budget cycles, we should create the vision now. There’s a lot of “feature overlap” so having a plan is absolutely required. (This is one good place where InterWorks can help. There are some framing questions that can make the entire process much more linear.) This is a good place to talk about market consolidation… emergence of VDI/MDM convergence vs document classification. Good point for discussion/dialogue, if time. === old presentation === And if we want to fully mobilize our workforce, we should be thinking about a mobile enterprise application management system & ways to push out the applications, update the applications, push out data, secure the data, etc. 17
  • 18. When security comes face-to-face with business, rule #1 is “Business always win!” Security vs. agility… And if we want to fully mobilize our workforce, we have to be thinking about onboarding, offboarding, mobile enterprise application management system, ways to push out the applications, update the applications, push out data, secure the data, etc. So what do NAC and these other technologies look like with implemented? What is the ultimate approach to all of this look like? 18
  • 19. 19
  • 20. CAN’T SECURE WHAT WE CAN’T SEE!! Grant access vs. limit access approach Remediation vs. prevention Agility vs security Don’t just find the gaps, fill them! Don’t just find the problems, fix them! Orders of magnitude faster filling of gaps. If time, discuss the changing landscape of technology integration. === old presentation === The key problem to address – is how to balance “access agility” with security. [click] What I mean when I say “access agility” is the ability to have all kinds of people, & all kinds of devices such as smartphones,connecting to our network through many different types of connections. This is what is happening today, it is the road warrior experience, ant it is driving increases in productivity. [click] Of course we have to be concerned about security. We lose a laptop or a smartphone that has corporate data on it, we have a data loss event. Are all the many devices like iPads running antivirus? We bet they are not, & we don’t control those devices anyway, so this is a potential threat vector. What does all this mean with respect to regulations & compliance? It is a concern, because many of these mobile devices are devices that we do not control. Yet we remain responsible for network security. [click twice] To manage these risks & enable the business benefits of accessibility requires a solution that provides visibility & control which is seamless to the end user & highly automated for IT. Now …. Let me expand on the idea of comprehensive visibility. Becauseit is extremely important. We can’t secure what we can’t see. Let me illustratewhat gaps we might have today. 20
  • 21. 21 ===ADD === Continually inspect the device, the traffic, the posture, the “state”… Let’s see how this cycle works… 1. visibility into what is on our network. “see” everything. what is on our network, with deep information about security posture & who is logged into the device. 2. grant network access as per our security policy. Be flexible, for example if we prefer to grant access very liberally & only block access to computers that are seriously infected. This is the stage where we can limit access to just portions of our network, or maybe just grant Internet access. 3. The fourth step is Remediation. not only find security gaps, fix them. 4. continuously inspect the traffic from ever network device to protect our network against attacks. Let me show we details of how this entire cycle works. Let’s start with “see”.
  • 22. – in real time – what is on our network. [click] detect endpoints, network devices, users & applications. 22
  • 23. The next step is to grant network access. Have a range of actions ranging from gentle actions such as sending alerts to the administrator, educational actions such as telling the user that they are violating a policy, or more assertive actions such as restricting network access. If we don’t want unauthorized devices or people on our network… [click] remove them. Automatically. So those unauthorized devices are now gone from our network. But we still might have some problems with the authorized endpoints themselves. That is where our second level of automated enforcement comes into play. Automated endpoint remediation. 23
  • 24. We help we find & fix problems with our endpoints. [click] Update the operating system. [click] Disable USB memory sticks. [click] Kill applications we don’t want running. Automated, saving time & money. 24
  • 25. Talk about the “range of enforcement” -> gentle actions versus assertive Even though unauthorized devices are gone, my still have significant exposures Good endpoint goes bad Automate the process Zeroday??? What to do? What to do!?! built-in threat prevention that has the smarts to detect when an otherwise “good” endpoint has gone bad due to some sort of infection or compromise. zero-day protection against like Conficker, Zeus, Stuxnet. 25
  • 26. Let’ revisit the range of actions, from gentle to assertive. 26
  • 27. directly remediate Apple iOS devices. Some of the actions are shown here – we can lock the device, set the password, wipe the data, etc. 27
  • 28. If you’d like to download a complementary whitepaper from the SANS institute, or from IDC, drop me an email & I’ll be happy to forward we links. 28
  • 29. Step 1: Form a committee The BYOD program will fail if it does not meet theneeds of all theconstituencies. So we will need a team which includes members from different IT departments (e.g., security, network, endpoint & application) plus a representativesampleof users in our organization. It’s important to discuss who is actually accountablefor thesuccess of the BYOD program, & who will beaccountablefor the enforcement of whatever security policies wedecide on. An exampleof why a committeeis important is that in our experience, the IT department should not beheld accountablefor enforcement, because that puts IT in a bad position, & thewrong position. Theemployeeworks for his business unit, for his manager, & theemployeeusually has a dotted linerelationship usuallyto HR. Whatever BYODpolicy that our committeedevelops needs to bean agreement between theemployee& his manager, or between theemployee& HR. So if the employeedoes something against policy, & wehavean IT control that discovers theviolation, & theIT control revokes theability for thedeviceto access the network –we want the business unit & theHR department to bethe primary stakeholders that are responsiblefor that situation between theemployee& theorganization. Step 2: Gatherdata You need to document the status quo. Review current policies, & make note of the prevailingattitudes toward security & management. Is it supportive, antagonistic or Indifferent? Identify which departments/groups/individualshave been most active in developing policies in the past. Gather data about our status quo including • Counts of devices in use by platform, OS version, company-owned, personally owned or in the hands of non- company personnel, such as contractors • Assessment of data currently passing onto & through mobile devices • Mobile device applications in use, app ownership & app security profiles • All entry paths used by mobile devices, such as cellular, Wi-Fi, bridge to workstation or VPN Step 3: Identify & Prioritize Use Cases via WorkforceAnalysis To be effective, mobile device policies must be context-oriented to match the reality of a company's use cases. We will need to plan out: • How will mobile devices be used? • Which mobile applicationsneed to be used offline such as on airplanes & in elevators? • What informationwill be accessible through mobile devices? • What informationwill be stored on the mobile devices? Step 4: Create an economic model Step 4 is the point where we can start to create an economic model. We won’t finish it in step 4, because subsequent steps are going to feed into that moel, but this is the right place to start the process. 29
  • 30. The jury is out as to whether BYOD programs save money or not. Some organizationssay they do, some organizationssay they don’t. Even if BYOD does not save we money, it still might be a great thing for our organizationbecause it will result in productivitygains & employee satisfaction gains. If our company’s success depends on our ability to hire bright 20-year-olds, & if we are competing for talent, then having a BYOD program might be an essential element in our corporate strategy. Some of the costs are shown here – we have device costs & data connectivitycosts. We may or may not choose to give our employees a stipend to cover either. Some companies decide to cover the data plans for their employees, achieve economies of scale, & not have to worry about hassling with expense reports. We may with to provide our employees with 3G or 4G data access for their laptop computers – turn them into road warriors. Then we have the cost of software licenses. Keeping track of software that we own, but which is installed on personally owned computers, might be challenging. You’ll need a tracking system for that. Last on this list are infrastructurecosts. We will likely need additional security & management systems for BYOD. We may choose to deploy a mobile device managementsystem. They are not cheap. Some strategies for providingnetwork access involve putting the mobile devices directly on the wireless LAN, some strategies involve putting the mobile devices on the Internet & routing them back into the network via a VPN. The latter is a much more expensive route to take, & we need to account for it if that is what we choose to do. Last is the cost for data protection. We may choose to deploy encryption & data loss prevention tools to BYOD devices. Step 5: Formulate policies If yours is a large organization,we may wish to consider different policies for different populations of users. For example, for the majority of our employees, we might wish to support simple applicationslike email & just a small number of mobile devices, like Blackberry& Apple. For another population of users, for example our sales organization, we might wish to additionallysupport a sales force automation package, & we might wish to extend support to Android devices in addition to the Blackberry & Apple devices. & for key executives, we will provide best effort support for other applications on these devices, on a per-request basis. Analysts at Gartner are big proponents of this model, which is the opposite of “one size fits all”. They call their model “managed diversity.” When we decide on our policies, we need to strike a balance between user flexibility & security. The user experience is important & must be taken into account in the new policies. However, user experience is not the trump card. We cannot allow employees to dictate a path that causes the enterprise to accept too much risk. Where applications & data will reside on personal devices, companies should set limits on which personal platforms are supported & should be prepared to limit the types of information made availableto personal devices. Step 6: Decide how to protect our network Now that we have a plan for which kinds of devices we are going to allow, & what kinds of applications we are going to authorize on each device, our next step is to decide how to protect our network from unauthorized devices, non-compliantdevices, rogue devices, & how we are going to limit network access. The first decision we need to make is how automated we want to get. Some organizations aim for the lowest possible investment in network security, which is a manual system. Essentially, we can manually deploy 802.1X configurations& certificates to whichever devices we want to allow on the network, then we tell our wireless network to block anything that is not correctly configured. If this is our choice, we don’t need a separate network access control product, but we don’t gain the benefits of network access control automation. The process of figuring out which devices should receive a certificate & an 802.1X supplicant is manual, & it is static. If we change our mind in the future, for example we decide we want to revoke network privilegesfor certain types of Android systems, then a manual system is very difficult to work with. 29
  • 31. A manual 802.1X system is also quite dumb. All it can really do is distinguish devices with certificates & those without certificates. It can’t perform any sort of compliancecheck on the endpoint. So go back to step 5: If our policy is to only allow certain types of devices, with certain types of configurations– for example, a password if the device is a smartphone, & antivirus if the device is a PC – then we need a network access control system that can enforce the complexitiesof our policy. Another decision we will need to make is how many wireless networks we are going to deploy. If we have a network access control system, we can probably get away with one wireless network, or maybe a two- network scenario in which one wireless network is used for production & another wireless network is used for open access to the internet. If we have chosen not to purchase a NAC system, then we may need at least three wireless networks – one for corporate-owned devices, one for BYOD devices, & a third for Internet access. Step 7: Decide how to protect our data In any BYOD project, we need to figure out a way to secure our data. Network access control will protect data on our network from unauthorized devices & non-compliantdevices, but in this step we are trying to figure out how to protect data on a mobile device. In this scenario, a device has been authenticated, & the device is (or was) seen to be compliant with security policies, & we are going to let the user access sensitive data on our network. SO how do we protect the data on that device? There are two basic methods that we will need to choose from: The first method is to deploy a container onto the mobile device. That container is some sort of mobile app, or maybe multipleapps each with its own container. The container prevents data from moving from one app to another, & it typicallyincludes encryption & data loss prevention controls built into the container. Often we will find that mobile device management products include containers for data. The most popular containerized applicationis an email app. If we deploy an email app with a strong container, we can force our users to use that email app for all corporate email. That will ensure that corporate email does not get mixed with personal email, & it will ensure that the device communicates to & through whatever data security products we have deployed at our corporate gateway. For example, supposed we have implementeda content filteringsystem for all inbound & outbound email to our organization.The containerizedemail app that we deploy onto mobile devices will be forced to send & receive through this content filtering system. This means that our email security controls will be consistently applied to all employees, no matter what type of device they are using. The container also helps we delete data whenever we need to, without fear of deleting the employee’s valuable personal information. Separation of corporate data from personal data is the goal when we use containers to protect data. An alternative approach to protect data is to never let the data get onto the mobile device in the first place. We can use a hosted virtual desktop product, for example something like Citrix, to allow the end- user to interact with data, & to see data, but the data always remains firmlyon the corporate network. The data itself never travels onto the mobile device, never gets stored onto the mobile device. There are two significant drawbacks with this method: First, the user experience tends to be poor, because the applicationstend to emulate a Windows environment. But the employee who is using an iPhone does not want to interact with a Windows app on his small screen, he wants to interact with a native iPhone app that has been optimizedfor his small format screen. The second drawback is the fact that in this approach, the end-user needs to always have a live Internet connection. If we are on a plane at 30,000 feet, this approach won’t work. Whatever productivity gains we were hoping to achieve from the BYOD program, they pretty quickly fall to zero with this approach. 29
  • 32. That said, BYOD is not only about smartphones, it is also about computers. So a hosted virtual desktop approach might make perfect sense for employees that wiish to use their personal windows computers for business purposes. Step 8: Build a project plan You will need a plan for implementingwhatever controls we want to implement, which might include • remote device management • application controls • Policy compliance& audit reports • Data & device encryption • Augmenting cloud storage security • Wiping devices when retired • Revoking access to devices when end-user relationshipchanges from employee to guest • Revoking access to devices when employees are terminated by the company Step 9: Evaluate solutions We will be happy to engage with our team & recommend the right solutions for our organization. When we do evaluate a solution , make sure that we consider the impact on our existing network & how well the solution will strike the right balance between cost, security, & user concerns. The most secure solution is never the most usable solution, we need to strike a balance. Step 10. Implement solutions Begin with a pilot group from each of the stakeholders' departments Expand pilot to departments based on our organizationalcriteria Open BYOD program to all employees 29
  • 33. 30
  • 34. 31
  • 35. 32
  • 36. 33
  • 37. 34
  • 38. 35
  • 39. 36
  • 40. 37
  • 41. 38
  • 42. I would like to go back to steps 6 & 7 & give we a little more detailed information about the various types of enforcement solutions that are available. 39
  • 43. I hope this has been valuable to you, to understand the different approaches that we could take to enforce mobile security policies. 40