Presentation on theme: "Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?"— Presentation transcript:
Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?
The way we were Hardware, software, and not much more. 2
Change began in 2007 Business risk increased significantly Social Media encouraged sharing of confidential information The way we are Mobile technology and social media have changed everything. 3
4 The love affair employees have with mobile devices assures that they are here to stay. Blurring of the lines Work anytime, anywhere.
40% of devices are consumer owned 80% of professionals will use 2 or more devices Corporate systems and data are more accessible than ever Do the benefits of BYOD outweigh the risks? More security challenges and less control
The benefits of adopting a BYOD strategy Do the pluses outweigh the minuses? Mobile devices are less expensive than old-school IT assets Less provisioning and managing means less cost Increased productivity 6
BYOD Challenges !
You cant protect what you dont know Understanding and managing risks associated with BYOD. ! 8
9 ! Risking data loss The consequences can be extreme. One office data breach can incur – legal fees – disclosure expenses – consulting fees – remediation expenses One retail data breach can incur – credit monitoring expenses – legal settlements – information control audits
Risky viruses & malware Mobile devices offer little protection. 10 !
Uninvited guests Enter workplace via consumer devices Access to other devices and data Potential for company-wide infections The risk from hackers and intrusions. 11 !
12 ! The arrival of browser zombies Trouble at every turn. Man-in-the-Browser (MitB) attacks will escalate Traditional malware runs every time a computing device is turned on Browser malware only takes control of the web browser
13 ! Policy enforcement IT is challenged by a BYOD workplace. Creating device-specific policies is difficult Weve given up some direct control Solutions for these mobile platforms are immature
Challenges to productivity Adopting & enforcing a BYOD strategy. Younger employees collaborate in new ways Employees want freedom to use mobile devices at work Secure access solutions are necessary for empowering employees to work anywhere 14 !
BYOD Missteps 15
Failure to know what employees are doing on the network prevents successful planning 1. Not knowing what devices and applications are being used. BYOD missteps 16
Employees accessing social networks and social applications are not always wasting time 2. Not knowing how your social media strategy works with your BYOD policies. BYOD missteps 17
passwor User-generated passwords are often weak and can compromise IT systems 3. Weak password management. BYOD missteps 18
Determine which devices are allowed to access the network Determine which devices you will support Focusing on policy is the first step. Policy = Simplicity 20
Separate work from fun Make sure employees understand the rules and the risks. Work life and personal life should be kept separate To get network access, employees must agree to acceptable use policies IT should monitor activity 21
Enforce minimal access controls Access only for approved devices, applications, and users One size doesnt fit all What is acceptable use? Clear security policies 22
Protect corporate data For high-level protection, limit access to devices that support VPN connectivity and require a secure connection Limit access using VPN. 23
Application control strategies make BYOD policies more secure Decide which applications are acceptable, and which are not Segment networks for additional protection Applications should not be ignored. Controls that go beyond mobile devices 24
Consider additional risks Are you subject to controls such as HIPAA or PCI DSS? If a device is lost, can you wipe the data? Do employees know what rights they give up when using a mobile device? Best practices and policy enforcement are essential 25
BYOD & WatchGuard
Manage BYOD with WatchGuard WatchGuard makes managing BYOD easy by designing all products with easy-to-use policy tools. Administrators can enforce policies for small businesses or large enterprises Easy-to-use security services for IT administrators. 27
Control the network and the applications Easily and quickly set up network segments Maintain compliance and high-security Monitor over 1,800 types of applications WatchGuard products give you control over how devices are used. 28
Protect all connected devices from mobile malware. WatchGuard utilizes a best-in-class approach, ensuring network connected devices are shielded with an antivirus umbrella. The network perimeter is the first line of defense. 29 d
Safe surfing solution Resides at the gateway Device agnostic Easy for IT to set up WatchGuards WebBlocker protects users in hostile environments. 30
Protect corporate data For high-level protection, limit access to devices that support VPN connectivity and require a secure connection Limit access using VPN. 31
Whats connected? Whats being used? Logging and reporting are one of the most valuable resources that IT can leverage for a BYOD strategy. This insight helps protect resources and address areas of concern WatchGuard illuminates trouble spots and potential 32
34 A major trend that is changing IT. BYOD is here to stay Will grow in size and scope Presents new challenges and opportunities A BYOD strategy is critical for data security