You Got Chocolate On My iPad!
Barry Caplin
Chief Information Security Officer
MN Department of Human Services
MN Gov’t. IT Symposium
Session 100: Thurs. Dec. 8, 2011
[email protected], @bcaplin, +barry caplin
(Toys in the Office)
http://about.me/barrycaplin
Apr. 3, 2010
300K ipads1M apps250K ebooks… day 1!
http://www.bbspot.com/News/2010/03/should-i-buy-
an-ipad.html
Don't Touch!
Pharmaceuticalcoating
• 17% have > 1 in their household• 37% - their partner uses it• 14% bought cause their kid has one• 19% considering purchasing another
http://today.yougov.co.uk/sites/today.yougov.co.uk/files/Tablet_ownership_in_households.pdf
Of iPad owners...
Our Story Begins...
PEDs
Computers
Device Convergence
Example
• The “PED” policy• Personal Electronic Device
• Acceptable use• Connections• Data storage
1 Day
5 Stages of Tablet Grief
• Surprise• Fear• Concern• Understanding• Evangelism
Considerations
What needs to change for “local” remote access?
BYO
BYO
BYOC or BYOD
Security Concerns
Data Leakage
Unauthorized Access
“Authorized” Access
Risk v Hype
How can we do BYOC?
Method 1 - Sync
• Direct or Net ConnectIssues:• Need Controls – a/v, app install control,
filtering, encryption, remote detonation• Authentication – 2-factor?• Leakage!• Support
Method 2 – ssl vpn• Citrix or similarPros:• Leakage – no remnants; disable screen
scrape, local save, print• Reduced support needed• Web filtering coveredIssues:• Unauthorized access still an issue; User
experience; Support
Method 3 – data/app segregation• Encrypted sandbox• Separate work and home• Many productsPros:• Better user experience• Central management/policy• Many products – local/cloud• Leakage – config separation, encryptionIssues: access ; support; cloud issues
DHS view
• Policy• Supervisor
approval• Citrix only• No Gov't records
on POE (unencrypted)
• 3G or wired
• Guest wireless• 802.1x• FAQs for
users/sups• Metrics
Other Issues
• Notes or manually entered data• Enterprise email/OWA• Discovery• Voicemail/video
The Future
• More tablets/phones/small devices• More “slim” OS's – chrome, android,
ios, etc• Cost savings/stipend?• Cloud• User Experience – Citrix GoldenGate,
Divide, Good• BES Fusion
Capabilities to Consider
• Device encryption• Transport encryption• Complex PWs/policy• VPN support• Disable camera• Restrict/block apps• Anti-malware InfoWorld March 2011 MDM Deep
Dive
• Restrict/block networks
• Remote lockout• Remote/selected wipe• Policy enforcement• OTA management• 2-factor/OTP