toys in the office 11
DESCRIPTION
2011 may be the "year of the handheld". That is unless 2010 was! iPad sales exceeded all expectations in 2010. For the holiday season, many manufacturers came out with (and are coming out with) tablets. iPhones and Android devices can be seen everywhere... including the office. That means that people want to use these personal devices for work for a variety of reasons: they are more convenient; might be more powerful than company-issued gear; easy interfaces; they can carry less equipment, but, perhaps most importantly; these devices are finally like "real" computers. But use of these personally owned devices bring all kinds of security concerns including data leakage and vulnerabilities in these newer operating systems and apps. We'll take a look at the convergence of mobile and desktop computing devices, security concerns and discuss some potential solutions. Session Learning Objectives: 1. Define the convergence of mobile and desktop computing devices. 2. Discuss the tablet phenomenon. 3. Review security concerns with the use of these devices, particularly employee-owned. 4. Discuss possible solutions.TRANSCRIPT
You Got Chocolate On My iPad!
Barry Caplin
Chief Information Security Officer
MN Department of Human Services
MN Gov’t. IT Symposium
Session 100: Thurs. Dec. 8, 2011
[email protected], @bcaplin, +barry caplin
(Toys in the Office)
http://about.me/barrycaplin
Apr. 3, 2010
300K ipads1M apps250K ebooks… day 1!
http://www.bbspot.com/News/2010/03/should-i-buy-
an-ipad.html
Don't Touch!
Pharmaceuticalcoating
• 17% have > 1 in their household• 37% - their partner uses it• 14% bought cause their kid has one• 19% considering purchasing another
http://today.yougov.co.uk/sites/today.yougov.co.uk/files/Tablet_ownership_in_households.pdf
Of iPad owners...
Our Story Begins...
PEDs
Computers
Device Convergence
Example
• The “PED” policy• Personal Electronic Device
• Acceptable use• Connections• Data storage
1 Day
5 Stages of Tablet Grief
• Surprise• Fear• Concern• Understanding• Evangelism
Considerations
What needs to change for “local” remote access?
BYO
BYO
BYOC or BYOD
Security Concerns
Data Leakage
Unauthorized Access
“Authorized” Access
Risk v Hype
How can we do BYOC?
Method 1 - Sync
• Direct or Net ConnectIssues:• Need Controls – a/v, app install control,
filtering, encryption, remote detonation• Authentication – 2-factor?• Leakage!• Support
Method 2 – ssl vpn• Citrix or similarPros:• Leakage – no remnants; disable screen
scrape, local save, print• Reduced support needed• Web filtering coveredIssues:• Unauthorized access still an issue; User
experience; Support
Method 3 – data/app segregation• Encrypted sandbox• Separate work and home• Many productsPros:• Better user experience• Central management/policy• Many products – local/cloud• Leakage – config separation, encryptionIssues: access ; support; cloud issues
DHS view
• Policy• Supervisor
approval• Citrix only• No Gov't records
on POE (unencrypted)
• 3G or wired
• Guest wireless• 802.1x• FAQs for
users/sups• Metrics
Other Issues
• Notes or manually entered data• Enterprise email/OWA• Discovery• Voicemail/video
The Future
• More tablets/phones/small devices• More “slim” OS's – chrome, android,
ios, etc• Cost savings/stipend?• Cloud• User Experience – Citrix GoldenGate,
Divide, Good• BES Fusion
Capabilities to Consider
• Device encryption• Transport encryption• Complex PWs/policy• VPN support• Disable camera• Restrict/block apps• Anti-malware InfoWorld March 2011 MDM Deep
Dive
• Restrict/block networks
• Remote lockout• Remote/selected wipe• Policy enforcement• OTA management• 2-factor/OTP