Home >Mobile >7.5 steps to overlaying byod & iot

7.5 steps to overlaying byod & iot

Date post:10-Feb-2017
Category:
View:169 times
Download:2 times
Share this document with a friend
Transcript:
  • 2015 InterWorks, Page 1

    Caston Thomas

    7 Steps to Bolt On

    Mobile/Cloud/BYoD/IoTto our

    Existing Network & Security

    $$$

    [email protected] 586.530.4981

    mailto:[email protected]

  • 2015 InterWorks, Page 2

    What is BYOD?

    Option 1:

    BYoD refers to employees bringing their own computing devices to

    the workplace for use on the corporate network.

    Option 2:

    BYoD is a change in how we move the cost of computing from

    corporate owned devices to personally owned devices.

    Option 3:

    BYoD is the fundamental change in how we view ownership of, not just

    devices, but also data, applications, & network. It changes how we

    approach our companys security, responsibilities & culture.

  • 2015 InterWorks, Page 3

    The BYOD/IoT Phenomenon

    68% of devices used by information workers to access

    business applications are ones they own themselves,

    including laptops, smartphones & tablets.

    IT organizations typically underestimate the number of

    personal mobile devices on their networks by 50%.

    By 2020, 70% of 4 Pillar buyers will have the LOB as

    their buyer. 1

    (4 Pillars = mobile, cloud, big data, social media)

    1IDC Research, The Mobility Game Changer, June 2013

  • 2015 InterWorks, Page 4

    Fight or Embrace?

    The rise of BYoD" is the single most radical shift in

    the economics of client computing for business since

    PCs invaded the workplace. - Gartner1

    The rise of BYoD" is the single most radical cultural shift in the

    corporate workplace since the copy machine.

    - Caston Thomas

    1Gartner Bring Our Own Device: New Opportunities, New Challenges, August 16, 2012

  • 2015 InterWorks, Page 5

    Data Loss Lost phone/tablet/laptop/device

    Unauthorized access

    Compromised device/backdoor

    APT/Malware Threats inside the network

    Compliance Unauthorized infrastructure

    Unauthorized apps (e.g., dropbox)

    Unauthorized data (e.g., drug interaction database)

    The Risk in BYOD

    For more detail, a good resource is still:

    Gartner Strategic Road Map for Network Access Control, October 11, 2011

  • 2015 InterWorks, Page 6

    Fight or Embrace?

  • 2015 InterWorks, Page 7

    What is Our Framework?

    Govern & Comply Educate & Manage Control & Prevent Monitor & Detect Respond & Mitigate

  • 2015 InterWorks, Page 8

    What Are Our Options?

    CHARACTERISTICSSOLUTION

    Security

    Access

    Agility

  • 2015 InterWorks, Page 9

    What Are Our Options?

    CHARACTERISTICSSOLUTION

    Manage devices (MDM) Good security at the device level

    Secures device user & content

    Separate management console

    Lacks protecting network resources,

    network access & data in motion

  • 2015 InterWorks, Page 10

    What Are Our Options?

    CHARACTERISTICSSOLUTION

    Manage devices (MDM) Good security at the device level

    Secures device user & content

    Separate management console

    Lacks protecting network resources,

    network access & data in motion

    Restrict data (VDI) Strong data protection

    Poor user experience

    Not for the road warrior

  • 2015 InterWorks, Page 11

    What Are Our BYOD Options?

    CHARACTERISTICSSOLUTION

    Manage devices (MDM) Good security at the device level

    Secures device user & content

    Separate management console

    Lacks protecting network resources,

    network access & data in motion

    Restrict data (VDI) Strong data protection

    Poor user experience

    Not for the road warrior

    Control applications (MAM, MAW) Leading edge approach

    Must be used with other controls

  • 2015 InterWorks, Page 12

    What Are Our BYOD Options?

    CHARACTERISTICSSOLUTION

    Control devices (MDM) Good security at the device level

    Secures device user & content

    Separate management console

    Lacks protecting network resources,

    network access & data in motion

    Control data (VDI) Strong data protection

    Poor user experience

    Not for the road warrior

    Control applications (MAM, MAW) Leading edge approach

    Must be used with other controls

    Control the network (NAC) Simple, fast, 100% coverage

    Protects data on the network, not on

    the device

  • 2015 InterWorks, Page 13

    No matter what BYOD strategy is selected, the

    ability to detect when unmanaged devices are in

    use for business purposes will be required &

    that requires NAC.

    Gartner Recommendations

    Gartner, NAC Strategies for Supporting BYOD Environments,

    22 December 2011, Lawrence Orans & John Pescatore

  • 2015 InterWorks, Page 14

    Multiple Security Choices

  • 2015 InterWorks, Page 15

    Multiple Security Choices

  • 2015 InterWorks, Page 16

    Multiple Security Choices

  • 2015 InterWorks, Page 17

    Multiple Security Choices

  • 2015 InterWorks, Page 18

    Multiple Security Choices

  • 2015 InterWorks, Page 19

    Blending These Multiple Security Choices

    MDM

    Policy & configuration management for mobile devices

    Solution for securing mobile users & content

    NAC

    Inspect & remediate devices when connecting to network

    Facilitate, monitor, & interdict access as appropriate

    Coordinate

    Reports, interfaces, alerts, & incident response

    Vendor cooperation? Critical

  • 2015 InterWorks, Page 20

    Network Access Policy

    User Access Policy

    Device Access Policy

    Points of Integration

    Enterprise visibility

    Single policy

    Enterprise reporting

    Enrollment Automated

    On-access assessment

    Malicious activity

    detected/enforced

  • 2015 InterWorks, Page 21

    The Enterprise Challenge: Balance Access Agility With Security

    Employees, Guests,

    Contractors

    Personal devices

    Wireless, wired,

    VPN, mobile

    Data loss

    Zero-day attacks

    & malware

    Endpoint integrity

    Regulations &

    compliance

    Security

    Access

    Agility

    Requires real-time,

    comprehensive

    visibility

    Requires real-time,

    automated controls

  • 2015 InterWorks, Page 22

    End-To-End Security Automation

    See

    Grant

    Fix

    Protect

  • 2015 InterWorks, Page 23

    ( ( ( ( ( ( (

    See Grant Fix Protect

    What type of device?

    Who owns it?

    Who is logged in?

    What applications?

  • 2015 InterWorks, Page 24

    See Grant Fix Protect

    Grant access

    Register guests

    Block access

    Restrict access

    ( ( ( ( ( ( (

  • 2015 InterWorks, Page 25

    See Grant Fix Protect

    Remediate OS

    Fix security agents

    Fix configuration

    Start/stop applications

    Disable peripheral

  • 2015 InterWorks, Page 26

    See Grant Fix Protect

    Detect unexpected behavior

    Address insider threats

    Stop worm propagation

    Block intrusions

  • 2015 InterWorks, Page 27

    See Grant Fix Protect

    MOVE & DISABLERESTRICT ACCESSALERT & REMEDIATE

    Deploy a Virtual Firewall around an infected

    or non-compliant device

    Reassign the device into a VLAN with

    restricted access

    Update access lists (ACLs) on switches,

    firewalls & routers to restrict access

    Automatically move device to a pre-

    configured guest network

    Open trouble ticket

    Send email notification

    SNMP Traps

    Syslog & SIEMs & behavior monitors

    HTTP browser hijack

    Auditable end-user acknowledgement

    Self-remediation

    Integrate with SMS, WSUS, SCCM, BigFix,

    Darktrace, Cylance, etc

    Reassign devices from production to

    quarantine VLANs

    Block access with 802.1X, ACLs & certs

    Alter login credentials to block access

    Block access with device authentication

    Turn off ports (802.1X/SNMP/CLI)

    Terminate unauthorized apps

    Disable peripheral devices

  • 2015 InterWorks, Page 28

    A variety of actions are

    available to manage, remediate

    & restrict mobile devices

    Multiple actions can be stacked

    together to provide even more

    control

    Mobile Security Remediation

  • 2015 InterWorks, Page 29

    SANS Report: Your Pad or Mine:

    Enabling Secure Personal & Mobile Device

    Use on Our Network

    IDC Report: Architecting a Flexible

    Strategy for Securing Enterprise Bring Our

    Own Device (BYOD)

    Whitepapers

  • 2015 InterWorks, Page 30

    1. Assemble a team Multiple IT departments

    Users across departments

    10 Steps to BYOD Implementation

  • 2015 InterWorks, Page 31

    1. Assemble a team

    2. Gather data Devices in use?

    Ownership of devices?

    Applications in use?

    Entry paths?

    10 Steps to BYOD Implementation

  • 2015 InterWorks, Page 32

    1. Assemble a team

    2. Gather data

    3. Identify use cases Which applications?

    Which users? Role?

    Offline use?

    Sensitivity of data?

    10 Steps to BYOD Implementation

  • 2015 InterWorks, Page 33

    1. Assemble a team

    2. Gather data

Click here to load reader

Reader Image
Embed Size (px)
Recommended