going_mobile_101_iimc_v5
TRANSCRIPT
Going Mobile: Handling Devices in the Public Sector
Steven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK
Principal, nControl, LLCAdjunct Professor
• Presentation Overview– Mobile Computing Overview
• Mobile Device Overview• Security Guidance• Bring Your Own Device (BYOD)• Mobile Applications (Social Media, etc.)
– Case Studies• Fairfax County Public School (FCPS)
Going Mobile
• What is Mobile Computing?– (Relatively) New Business Model
• Taking remote computing (laptops) to the next level• Includes Smartphones & Tablets• OEMs, Content & (Connectivity) Service Providers
– Causing the Blur of Business & Personal Use• Personal content / access on business device• Business content / access on personal device• Personal use has driven business use
Going Mobile
• Mobile Computing– Pros
• Enhanced Productivity• Enables Remote Work• Potential Cost Savings• Enhanced Worker / Customer Satisfaction
– Cons• Security, Legal & Privacy Issues Abound• Blurred Ownership for BYOD• Immature Technology• Lack of Strategy, Tactics & Policies
Going Mobile
• Security Guidance– To Go or Not To Go Mobile
• Go– Customers Are Asking / Begging for It!– Budget & Executive Support
• Do Not Go– To Be Cool / Bleeding Edge– Save Money
» Mobile technology is usually an enhancement/added functionality– Without a Strategy, Tactics & Policies
Going Mobile
Going Mobile• Data Breaches & Security Incidents
– Average Cost: $7.2 million– http://www.networkworld.com/news/2011/030811-
ponemon-data-breach.html
– Leading Cause: Negligence, 41%; Hacks, 31%– http://www.networkworld.com/news/2011/030811-
ponemon-data-breach.html
– Responsible Party: Vendors, 39%– http://www.theiia.org/chapters/index.cfm/view.news_detail/
cid/197/newsid/13809
– Increased Frequency: 2010-2011, 58%– http://www.out-law.com/en/articles/2011/october/personal-
data-breaches-on-the-increase-in-private-sector-reports-ico/
• Security Guidance– Mobile Device Digital Forensics
• Policy– City of Ontario, CA v. Quon
• Vendor / Counsel Due Diligence
– Physical Security• Screen Filters
Going Mobile
Going Mobile
Outdated Thinking: 75% of companies have not addressed smartphone security*(60% cite security as biggest mobility obstacle*)
IT is Organizing:Ad hoc deployment giving way to centralized policies that include all endpoints (Server, PC, Laptop and Mobile)
Mobile/wireless IT spending likely to exceed IT budget growth in many organizations: 12.5% avg. growth rate (Source: Gartner)
Increasing Mobile Device Threats: Mobile virus variants have doubled
every 6 months since 2004 (235 mobile virus variants in H1’06)
(Source: Symantec Security Response)
Enterprise Faith: 80% of companies are
allowing corporate data on devices, yet
continue to not secure the data*
Fastest Growing Device Segment: Smartphone growth = 77%Other mobiles = 27%Mobiles out ship PC’s 5:1 in 2006(Source: Canalys for H1’05 to H1’06, IDC & Gartner)
Source: Symantec
• BYOD– Affects all with devices and access to your network
• Employees / Contractors / Vendors
– Strategy First, Policy Second, Technology Third• Deployment
– Who can and who cannot use BYOD?– Devices & applications supported?– Data wipes?– Replace procured devices (BlackBerries)?– Reimbursements?– Functionality?
• Acceptable Use– Jailbreaking?– Back-ups?– Indemnity?
Going Mobile
• BYOD– Strategy First, Policy Second, Technology Third
• Technical Details– Mobile Device Management (MDM)– Mobile Application Management (MAM)– Enterprise App Stores– Data-boxing / Sandboxing
Going Mobile
• BYOD– Money
• Additional Staff (IT Support, Accounting)• 100 Devices Cost $170,000 / Year
– $172 / Month / User for VMware
• What is reimbursable? What is not?– Batteries– Screen Covers– Docking Stations– Carrier Service Plans– Apps– Chargers
Going Mobile
Source: CIO
• BYOD– Productivity
• Mobile Device Users Work More Hours– 240+ Hours Year
• Classify Workers– Executives– (Non) Customer Facing– (Non) Exempt– FTEs / Contractors
Going Mobile
Source: WatchGuard
• Mobile Applications– Strategy First, Technology Second
• Strategy– Centralized / De-centralized Departmental Deployments– End-User: Internal, External or Both– Development: Internal, External or Both– Mobile Device Platform(s)– Administration & Management
• Technologies– Social Media– Custom Apps– Commercial Off the Shelf (COTS) Apps– Modified Apps
Going Mobile
Seven Mobile App Development Tips
• Keep it simple — Don’t overdo it. The app should mean one thing when you publicize it. Multiple functions may require a separate app or system.
• Be open to ideas — Engage other departments in the design and functionality of the app.
• Know your audience — The Internet is accessed more frequently via mobile solutions by people below the poverty line (due to the low initial price point). You’re involving a new group and need to plan your outreach accordingly.
• Make it relevant — Know what functions and issues are of concern to the community and make your app more than just a problem reporting program.
• Location, location, location — If your app doesn’t have a spatial component to it and you don’t have an ability to extract GIS information from the app, you’re more than missing the boat — you don’t know where the water is.
• Data integration — Make sure the mobile app can feed into your existing work order or dispatch systems. You don’t want to waste staff time trying to bridge systems.
• Cross-platform support — Don’t leave two-thirds of your public unable to interact with their local government easily because you decide to only develop
Going Mobile
Source: GovTech
Going Mobile• Mobile AppDev Vendor Due Diligence
– Certifications, Attestations & Best Practices• SAS 70 Type II / SSAE 16 SOC I-II-III / ISAE 3402• ISO 27001 / 2• ISO 27036• ISO 9000• Capability Maturity Model Integration, CMMi• Building Security In Maturity Model, BSIMM
• Case Study: FCPS– Background– Drivers – Technologies– Limitations– Risks– Lessons Learned– Next Steps
Going Mobile
• Case Study: FCPS– Background
–Push BYOD to 180k Students, 23k Staff– Drivers
–Cost– Technologies
– iOS, Android, BlackBerry Devices–WiFi via WPA2-Enterprise–XpressConnect WLAN
Going Mobile
• Case Study: FCPS– Limitations
–COPPA-based Regulations–Limited Staff & Budget
– Risks–Lost Devices–Malware Infestations–COPPA Violations
Going Mobile
• Case Study: FCPS– Lessons Learned
–(Assumed) Choose Your Battles–(Assumed) Policy First
– Nest Steps–(Assumed) Malware Detection–(Assumed) White Listing of Apps
Going Mobile
Going Mobile• Presentation Take Aways
– Mobile is here to stay.–With New Bells & Whistles (Big Data, etc.)
– Paradigm Shift Towards Empowerment– Strategy & Due Diligence Are VERY Important
–Must Consider the Ecosystem–Probably Not Cost Effective, Yet Productive
• Questions?• Contact
– Email: [email protected]– Twitter: @markes1– LI: http://www.linkedin.com/in/smarkey