Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bring Your Own Device (BYOD) Security By Josh Bennett & Travis Miller.

Similar presentations


Presentation on theme: "Bring Your Own Device (BYOD) Security By Josh Bennett & Travis Miller."— Presentation transcript:

1 Bring Your Own Device (BYOD) Security By Josh Bennett & Travis Miller

2 Today's Agenda Introduction of BYOD systems Benefits of BYOD systems BYOD Risks - Reduced Security Case Studies o Malware: IOS_IKEE Worm Exploit o Corporate Data Exfiltration: TTB No-Data Clients o Approved Applications: EEOC BYOD Pilot 10-Step Secure Implementation Process BYOD Security Policies Closing Thoughts Questions

3 Benefit of BYOD Systems -Improved mobility -Avoiding carrying / maintaining multiple devices -Employee benefit -Reduced costs

4 Diminished Regard for Security Driving Risks -Lack of awareness -Increased workload -Technical support prioritization -Mobile OS updating difficulty -Impulsive MDM solution purchases -Informal adoption

5 Case Study: iOS Malicious Worm Issue: Presence of Malware Security Approach: Maintain Original OS & Patches Example: IOS_IKEE worm; exploits jailbroken Apple mobile devices

6 Case Study: Alcohol and Tobacco Tax and Trade Bureau (TTB) Issue: Corporate Data Exfiltration Security Approach: Virtual Desktop & No-Data Thin Clients VMware servers => RSA encrypted => WinLogon Read-Only permissions

7 Case Study: U.S. Equal Employment Opportunity Commission (EEOC) BYOD Pilot Issue: Approved Application Downloads/Agreement Security Approach: Required Third-Party Apps - Novell GroupWise Notifylink MDM cloud provider was required GroupWise apps to connect

8 Bradford Network's 10-Step Secure Implementation Process

9 1.Determine the Mobile Devices That Are Allowed (Acceptable, Safe Devices) 2.Determine the OS Versions That Are Allowed (Secure OS Versions) 3.Determine the Apps That Are Mandatory/Required (Configuration) 4.Define the Devices Allowed By Group/Employees (Device Policies by Users) 5.Define Network Access (Who, What, Where, When)

10 10-Step Secure Implementation Process 6.Educate Your Employees (Communicate Policies) 7.Inventory Authorized & Unauthorized Devices (Trusted vs. Untrusted Devices) 8.Inventory Authorized & Unauthorized Users (Trusted vs. Untrusted Users) 9.Controlled Network Access Based on Risk Posture (Provision Network Access) 10.Continuous Vulnerability Assessment & Remediation (Enhance Other Solutions)

11 BYOD Security Policies 1.Prohibit download/transfer of sensitive business data 2.Required password(s) on personal device(s) 3.Agreement to maintain original OS with appropriate patches/updates 4.Device will not be shared with others 5.Remote wipe after X password attempts or device is reported lost 6.Agreement to encryption connection policies (ex. Federal Information Processing Standard (FIPS) 140-2)

12 Closing Thoughts -BYOD is already common -Risks and rewards BYOD Organizations should: -Educate themselves on nature and variety of risks -Research organizational impacts -Develop implementation process based on best practices -Establish and enforce sound security policies

13 Questions?

14 Bibliography byod-strategy#btnNext many-it-groups-still-struggle-with-consumerization/ papers/wp_decisive-analytics-consumerization-surveys.pdf content/us/pdfs/business/reports/rpt_implementing_byod_plans.pdf


Download ppt "Bring Your Own Device (BYOD) Security By Josh Bennett & Travis Miller."

Similar presentations


Ads by Google