mobility & byod: leveraging best practices and latest technologies for comprehensive security
TRANSCRIPT
ASUG Georgia Chapter May 16, 2014 Michael Kummer, President Americas -‐ SECUDE
Mobility & BYOD: Leveraging Best Prac9ces and Latest Technologies for Comprehensive Security
Mobility & BYOD trends and what they mean for you
Mobility & BYOD challenges
Current approach and why it’s failing
What else can be done? A look at new technologies
Agenda
1
2
3
4
About SECUDE
1996 Startup of Secude, Spin-‐Off from Fraunhofer & SAP
2000 SAP partnership (world-‐wide deployment of SECUDE SNC-‐SW)
2001 Market entry file/folder encrypWon
2002 Market entry Smartcard Management and E-‐SSO
2004 Startup of SECUDE USA
2005 Market entry Full Disc EncrypWon (FDE)
2006 Launch of FinallySecure Enterprise with Seagate (HW-‐based FDE)
2011 Spin-‐off of SECUDE’s SAP Security products to SAP AG
2011 Re-‐focus on endpoint protecWon & later SAP NetWeaver Single Sign-‐On
2012 Halocore iniWaWve to bridge Microso] RMS with SAP
2014 Spin-‐off of non-‐SAP por^olio
§ 83% of people sleep next to their cell phones (Pew Research Center)
§ 29% of Americans say their phone is the first and last thing they look at every day (Qualcomm)
Mobility Goes Boom
St. Peter's Square in 2005 and 2013
4.38%
14.79%
24.02%
27.21%
29.59%
Mobility Landscape
Other
NO CONSENSUS ON OPERATING SYSTEM
DEVICE OBSESSION
86% are device obsessed or “always on”
44% use their devices to work during meals
20% consider themselves workaholics
15% bring their devices on vacaWon
Source: Varonis Systems
What is “Bring Your Own Device”?
§ Bring Your Own Devices enables users to bring devices they choose to perform company work acWviWes
§ Employees want BYOD for choice of device, applicaWons, and ability to combine personal and work lives
BYOD means any device with any ownership, used anywhere.
There is No Stopping BYOD
" The BYOD market will increase to $181 billion by 2017 (MarketsandMarkets)
" 95% of organizaWons permit employee-‐owned devices (Cisco IBSG)
" 71% require technology that enables their staff to work anywhere at any Wme (Microso5)
" 70% of employees use personal devices for business use (Forrester)
Why They BYOD: Benefits to Employees
§ Flexibility: No hassle with one device to combine work and personal acWviWes
§ Efficiency: Can get more done with my own device
§ Control: Can have greater control of my work experience through choice of device
Why They BYOD: Benefits to Enterprises
§ Cost reduc9on: Annual benefits from BYOD range from $300 to $1300 per employee (Cisco IBSG)
§ Produc9vity: 53% have raised work producWvity through innovaWve pracWces enabled by their devices (Cisco IBSG)
§ Employee sa9sfac9on: Employees feel more comfortable while working on personal devices, which improves their job saWsfacWon levels.
This is What We are Facing
End-User Behavior
• Over 15 billion devices by 2015, with average worker with 3 devices
• New workspace: anywhere, anyWme
• 60% will download
sensiWve corporate data on a personal device
• 71% of Gen Y workforce don’t obey policies
IT Trends
• Must control mulWple devices and guests
• Security: top concern for BYOD
• 75% of IT professionals believe their organizaWon’s sensiWve data is at risk due to mobile devices
• IT consumed with fragmenta9on
Source: Logicalis
Issues in BYOD
§ Security issues
§ Privacy issues
§ Support issues
§ Infrastructure issues
§ Device control issues
Bring Your Own DISASTER
9 out of 10 employees don’t use password security on their devices (Osterman Research)
51% have had
data loss due to insecure devices (Websense)
81% admit
accessing their
employer’s network
without their employer’s
knowledge or permission
(Juniper Network)
46%
who use a personal device for
work have let someone else use It (Harris Poll of US Adults)
66%
who use a personal device for
work say that their
organizaWon doesn’t have
a BYOD policy
(Harris Poll of US Adults)
Main BYOD Security Concerns
7%
23%
29%
37%
44%
47%
65%
75%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Other
Support & Maintenance
Compliance with industry regulaWons
Device management
Lost or stolen devices
Malware infecWons
Unauthorized access to company data and systems
Loss of company or client data
Source: Lumension
Data is Most Valuable Resource
Apps $ Devices $$ Data $$$$$$$$$
Secure your data, not apps or devices 3 key factors
Storing Data
37%
12% 8%
51%
42%
11%
0%
10%
20%
30%
40%
50%
60%
Keep work files on personal laptops
Store work files on personal
smartphones
Keep enterprise documents on personal tablets
All Workers
Millenials
§ Corporate perimeter is eroding/has eroded
§ Knowing where your data has become a challenge
§ Keeping track is next to impossible
§ Let’s not forget: data exists to be consumed § So locking everything down and disallowing employees to producWvely use data is counter-‐producWve
The IT Challenge
File Server
Employees
Partner
Tradi9onal Security Solu9ons
§ Network § Data Loss PrevenWon (DLP) § Firewalls § Virtual Private Network (VPN)
§ Storage § Full Disk EncrypWon (FDE) § Database EncrypWon
§ File § Prepy Good Privacy (PGP) § InformaWon Rights Management (IRM)
Network
Storage
File
§ Firewall § Protects the (eroded) perimeter
§ DLP § Monitoring
§ Good to understand where data is going
§ Problem is wealth of informaWon it produces
§ PrevenWon § Too far away from where data is born
§ Doesn’t know the context § Frustrates users § O]en switched off
§ VPN § Protects data in transit only
Network-‐centric Solu9ons
§ FDE § Power-‐off protecWon § Good if you lose device or it’s stolen § No protecWon for data-‐in-‐use
§ Database encrypWon § Good to protect against unauthorized users
§ Complex and high maintenance § Mobile device encrypWon
§ Why that’s not possible § iOS devices come with built-‐in HW-‐based encrypWon
§ App sandboxes prevents encrypWon of app data
Storage-‐centric Solu9ons
§ File-‐encrypWon (PGP…) § Key/password management issues
§ ProtecWon is gone once file is unlocked/decrypted
§ Rights Management (DRM, IRM à RMS) § CapabiliWes of IRM
§ ProtecWon = encrypWon + policy
§ Control who can open, edit, print, copy/paste…
§ ExpiraWon date § Established IRM soluWons
§ Adobe § Oracle (SealedMedia) § Microso]
Data-‐centric Solu9ons
Microsob Rights Management (RMS)
Unauthorized User
Trusted Partner
Access Control EncrypWon Policy Enforcement
Data is Protected
§ Inside and outside the organizaWon
§ At a single locaWon
u And when moving amongst various locaWons
Partner
On premise Shared
Fine-‐grained Control
§ Content owners can define who can § Open the document § Edit the contents § Print the document § Forward to anyone, internal or external § Take other acWons with the informaWon
Can RMS data-‐centric protecWon be extended to SAP?
Halocore for SAP NetWeaver
§ Innova9ve: Enforces RMS protecWon on all data leaving SAP
§ Secure: Determines what users are authorized to access sensiWve data
§ Customizable: Offers fine-‐tuned control over who can do what with informaWon (view, edit, print, forward, etc.)
§ Flexible: Works for any file type
§ Powerful: ProtecWon persists beyond SAP, including mobile pla^orms
Comprehensive Approach
1. ProtecWon
2. Compliance
3. Audit
Halocore Data Export Auditor for SAP § Free tool to monitor all data leaving SAP § Each and every download is tracked § Intelligent classificaWon § Request download at www.secude.com/soluWons/halocore-‐data-‐export-‐auditor-‐for-‐sap
Where to Start?
Audi9ng Capabili9es -‐ Customizing your view
Audi9ng Capabili9es -‐ The Log File
QuesWons?