February 27, 2012 Copyright 2012 Trusted Computing Group 1

Making BYOD a Security Plus

Steve Hanna

Trusted Network Connect WG Co-Chair

Distinguished Engineer, Juniper Networks

BYOD = Bring Your Own Device

February 27, 2012 Copyright 2012 Trusted Computing Group 2

BYOD = User-Owned Equipment That’s Used for Work

February 27, 2012 Copyright 2012 Trusted Computing Group 3

February 27, 2012 Copyright 2012 Trusted Computing Group 4

0%

5%

10%

15%

20%

25%

30%

35%

40%

Sep-09 Nov-10 Dec-11 Jan-12

Tablet Ownership among US Adults

Source: Pew Internet Project

Income

>$75K

72

4

15

9

Support for Non-Managed Devices Accessing Corporate Resources

Yes

Planning

Considering

Not Planning

February 27, 2012 Copyright 2012 Trusted Computing Group 5

Source: Good Technology

Pros

• Higher Productivity

• Convenience

• Ease of Use

• Better Morale

• Corporate Cost Reduction

Cons

• Security and Risk Concerns

• Regulatory and Policy Issues

• Support Costs

• Subsidy Costs

• Interoperability

February 27, 2012 Copyright 2012 Trusted Computing Group 6

• Uncontrolled Environment

• Higher Risk of Compromise

• Legal and Regulatory Issues

• Shared Equipment with Family

• Handling Equipment Loss

• Handling End of Employment

February 27, 2012 Copyright 2012 Trusted Computing Group 7

Control Access Based on Trust

February 27, 2012 Copyright 2012 Trusted Computing Group 8

Source: TCG Mobile Security Architect’s Guide

February 27, 2012 Copyright 2012 Trusted Computing Group 9

Users Corporate Data

Access

Corporate Data

Storage

Guests Any None None

Uncontrolled

BYOD Employee Only

(During Session)

Limited None

Controlled

BYOD Employee Only

(Permanent)

Broad But

Sandboxed

Limited With

Remote Wipe

Broad With Data Controlled

Corporate Employee Only

(Permanent)

Broad With Data

Leak Prevention Encryption

• Problem

• Support BYOD and mission-critical services on one network

• Tablets, laptops, PCs, wireless projectors, interactive whiteboards,

administrative applications, phones, physical security, etc.

• Solution

• TCG’s Trusted Network Connect architecture and standards

• Authenticate users, identify and assess devices

• Provide appropriate access based on all factors

• Separate mission-critical services

February 27, 2012 Copyright 2012 Trusted Computing Group 10

February 27, 2012 Copyright 2012 Trusted Computing Group 11

Source: TCG Mobile Security Architect’s Guide

• BYOD is here to stay!

• BYOD brings significant benefits and risks

• BYOD risks can be managed with proper tools and policies

• More Trust = More Access

• Sandboxing and Mobile Device Management for Device Security

• Trusted Network Connect (TNC) for Differentiated Access

• BYOD is an executive-level priority

February 27, 2012 Copyright 2012 Trusted Computing Group 12

• TCG Mobile Security Architect’s Guide

• Naperville School District Case Study

• TNC Operations Solutions Guides

• All Available from TCG Web Site

https://www.trustedcomputinggroup.org

February 27, 2012 Copyright 2012 Trusted Computing Group 13