mobile device security - responsible not repressive
DESCRIPTION
Users want mobility and their own devices on the network - IT wants security! How can both groups get what they need? Tools exist to make that happen and this presentation provides an overview of what National Gypsum did recently (2011/2)TRANSCRIPT
1
Responsible Not Restrictive
Mike Brannon
Dir. Infrastructure & Security, National Gypsum
2
National Gypsum Company is a fully integrated building products manufacturer
Headquartered in Charlotte, NC with mines and quarries, and manufacturing plants across
North America
3
National Gypsum and MobileIron
MobileIron - Confidential 3
Nov 2009 (National Gypsum buys MobileIron)
7MobileIron customers
2300
2… countries 32
June 2012(M2)
0iPads sold by Apple
>70 million
39… employees 320
4
National Gypsum Mobile Requirements
Business users pick devices they want (not Blackberry)
SECURE process to enable / allow BYOD phones, iPads
ActiveSync and Juniper VPN connections
DEVICE level security and respect for “employee data”– PIN/passcode, device / backup, encryption– NO jailbreaks, MDM and SW inventories
Elected NOT to use most “mobile intel” – employee issues– Using last location / international warning message
Next: PKI SCEP mgmt, app deployment coming, iOS domination
5
Evolving Mobile Strategy
NOW:
Connect our data/processes with employees, partners, customers
• NGC4ME is .NET custom web app – one-stop shop
• SharePoint is private cloud/content manager/etc.
Connecting data
NEXT:
Leverage the app store for personal tools
• Sales/service, office, plant, engineers – DIVERSITY
Personal tools
FIRST:
It’s all about email all the time
6
Principles / Learning…
Do not custom develop unless absolutely required– Leverage smart devices and off-the-shelf components– Stay away from super customized work – takes resources– Approach as “Systems Integrator” – assemble proven components
Keep focused on USABLE solutions to business issues– “Voice of the Customer” as the priority guide!
Remember technically simple solutions are better (Agile/Nimble)– Cannot assume that “best” will always be “best”
Leverage existing technology components– Microsoft AD/PKI, Servers; Juniper VPN; .NET Development
Security cannot just say NO – offer the secure option
7
What we implemented
ActiveSync email access – Exchange 2007/ISA then; – Now Exchange 2010 and Juniper/Junos Pulse– All devices “under management”; all users
Juniper – Junos Pulse VPN access (iPad/iOS) – SharePoint and .NET web applications delivered (“NGC4ME”) -- SharePlus and Colligo Briefcase
Field sales / customer svc / marketing deployment– Collection of apps (BrainShark/SharePlus/Concur)– Now working on custom app / deployment / one click (NGC4ME)
Legal / security issues with some approaches – DropBox NOT permitted – Box.Com and SharePoint in use instead– Avoid “personal accounts” in favor of more “enterprise ready”
answers
8
High Level Architecture
NGC AD Servers
Exchange CASMailboxesMI Sentry
MobileIron
Juniper SSL VPNiPhone,Android
iPad
Mainframe
SQL Databases
PKI Server,HSM
SharePoint / .NET
MobileIron Enrollment• Policy Checking
MDM Configuration• WiFi, VPN, Certs/Apps
Exchange CAS Sentry• Email is ‘User Driver”
Juniper VPN as Proxy• AD Integrated
SharePoint Portal/.NET• Windows Servers SQL• XML Interfaces M/F
9
App Challenges - Responses
Challenge Response
Beyond email, our employees leverage shared content
SharePoint is open, web oriented content manager
Apps deliver data into SharePoint (Reports, Search-BCS)
Users save data into team sites, workflow and email ties
“Personal Cloud” based upon MySites and user profiles
Simple web forms SharePoint Lists – Mobile Safari OR Apps (see below)
Surveys, pictures and easy analysis (More complex!)
Colligo, SharePlus, Filamente and Docs2Go provide great tools
10
Core philosophy – Responsible but not restrictive
Vision: “Do the right thing for the right reason” (Security, risk & compliance – collaboration with the business)
Security cannot just say NO … Must offer a secure option
Business Need Options Proposed Response / Solution
Easy-to-use cloud storage
DropBox, iCloud, various “personal” storage
accounts and services
Internal users: SharePoint MySitesExternal: Box.Com
Full-fidelity presentations with animations
Keynote conversion, personal Slideshare,
SlideShark
Business account: BrainShark
11
Thank you