embracing the it consumerization imperative ng security
DESCRIPTION
Consumerization and mobility in the enterprise – and our daily lives – is not only here to stay, but its footprint and influence is expanding. What does the broader consumerization and mobile environment look like? How do you assess the drivers for adoption and the cost/benefit of a mobile-enabled organization? Join us for this session to get an understanding of how a large state government agency took a proactive approach to enablement that ultimately set them ahead of the security challenges, rather than behind.TRANSCRIPT
Barry CaplinCISO
MN Dept. of Human ServicesNG Security Summit
[email protected]@bjb.org, @bcaplin, +barry caplinsecurityandcoffee.blogspot.com
http://about.me/barrycaplin
Apr. 3, 2010
300K ipads1M apps250K ebooks… day 1!
2011 – tablet/smartphone sales exceeded PCs
Why are we talking about this?
But really, all connected!
Business Driver?
What about…
Ineffective Controls
1 Day
5 Stages of Tablet Grief
• Surprise• Fear• Concern• Understanding• Evangelism
Security ChallengesDevices:Exposure of dataLeakage of data – sold, donated, tossed, repaired drivesMalware
But don’t we have all this now???
Consumer App Security“non-standard” software a challenge
Vetting, updates/patches, malwareNo real 3rd party agreementsPrivacy policies, data ownershipSOPA/PIPA/CISPA
Legal (IANAL)
Privacy – exposing company dataLitigation hold – on 3rd party services
Separation – what’s on Dropbox?Copyright, trademark, IP?How do you?:
Get data from a 3rd party service?
BYOD Security Solutions• Sync/MDM – Network or OTA
• VDI – Citrix or similar
• Containerization – Sandbox, MAM
• Direct Connection – Don’t!
DHS view - POE• Policy• Supervisor
approval• Citrix only• No Gov't records
on POE (unencrypted)
• 3G/4G or wired
• Guest wireless• FAQs for
users/sups• Metrics• $ - not yet
Software Security SolutionsPolicy – Examine existing – augment
Process – Vetting, updates, malware
3rd party agreements – where possible
Data classification/labelingPIE – pre-Internet encryption
CoIT NirvanaAny, Any, Any – work, device, where
Be nimbleData stays “home”++Situational awareness
Key PointsBusiness Need – Partner internallyBYOD, Consumer apps, or both?Policy, Technical, Financial aspectsWatch the dataMake easy for usersEducation/Awareness
Discussion…
Slides at http://slideshare.net/[email protected]
[email protected], @bcaplin, +barry caplinsecurityandcoffee.blogspot.com
TopicsPolicyCompliance/ConsequencesRegulatory – IRS, HIPAA, MARS-EData LeakageRemote wipe issuesDLP/DRMReimbursementThe “Non-Standard” Software issue
Non-Standard Software
New Request