Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT Christopher P. Buse Assistant Commissioner and CISO State of Minnesota Mobile Device Management Assessing.

Similar presentations


Presentation on theme: "INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT Christopher P. Buse Assistant Commissioner and CISO State of Minnesota Mobile Device Management Assessing."— Presentation transcript:

1 INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT Christopher P. Buse Assistant Commissioner and CISO State of Minnesota Mobile Device Management Assessing the Benefits and Risks

2 About Me  Developed IT audit function  First CISO  Now Assistant Commissioner and CISO, overseeing “leadership” services

3 Agenda Value Proposition Risks Minnesota’s Strategy Q&A

4 Value Proposition Understanding the Drive to Go Mobile

5 Key Business Drivers  Productivity: Need to access data anytime from anywhere  Dissatisfaction with “work only” devices  Fueled by consumerization of mobile devices  Portability: Business process and applications going mobile  Health professionals  Transportation workers  Location-based applications Mobile devices and applications allow workers to be more satisfied, productive, and effective

6 Lingering Questions  Can I support the litany vendor products?  How do I address the legal issues?  BYOD : government data  BYOD: remote wipe  Work hour provisions  How does mobility impact our security posture?  What will it cost?

7 Infrastructure Executive Council, Information Technology Practice © 2011 The Corporate Executive Board Company. All Rights Reserved. 7 Enterprise technology roadmaps reflect substantial, cross- industry investment in mobile applications and support for employees’ mobile devices. By end-2011, a majority IT organizations had introduced some mobile applications and support for mobile device video. By mid-2012, a majority of IT organizations anticipate that they will support a “bring your own” program for employees’ mobile devices. Investments in desktop and application virtualization may enable additional access and support for mobile platforms. The Mobile Enterprise is Coming A majority of IT organizations had introduced video for mobile devices and mobile enterprise applications by end-2011, in some cases enabled through virtualization By mid-2012, a majority of IT organizations anticipate supporting a “bring your own” program for mobile devices End-User Computing Roadmap, For more in-depth information on the enterprise value, deployment risk and adoption timelines associated with emerging technologies, please check out the Infrastructure Executive Council’s Emerging Technology Roadmap.

8

9 Percentage of Employees Engaging in Risky Behaviors More Often than "Rarely"

10 Mobile Security Risks Pulling Back the Curtain

11 A Good News Story  Out of the box, mobile devices are more secure than PCs  Architected with security in mind  Not been the next security nightmare  But…..  The increased risk of loss must be addressed  The security model can be broken

12 Malware?  Not a significant issue  Dynamic code won’t run  Code can only come from application stores  Code is digitally signed  Applications run in a sandbox  Things to worry about  Rogue applications in the app stores  Apps installed from outside the app stores (Android specific issue)  “Jailbroken” phones

13 Lost or Stolen Devices  Biggest risk: Devices very susceptible to loss or theft  Without proper controls  Direct access to critical government business systems  Ability to harvest data housed on the device  Things to worry about  End users push for ease of use over controls  Example: No pins or screen timeouts

14 Remote Data Storage  Synchronizing data between devices and applications is an issue  No shared file system  Answer: Dropbox, Box, etc.  Things to worry about  Services have a history of security problems  Incomplete understanding of their security model  Click through contractual terms that are vendor centric

15 Caveats  Very few active exploits today in the mobile space  Why?  The mobile security model is solid  PCs and Macs are easy to hack  Predictions  PC and Mac security will continue to get better  Hackers will focus more attention on mobile devices  Cracks in the mobile security model will appear

16 Minnesota’s Strategy Staying in Front of the Curve

17 A Secure Foundation  Enterprise Security Portable Computing Device Standard (adopted June 2011)  Controls for both state and personally owned mobile devices  Key provisions  Authorize all devices  Pin and timeout requirements  Device encryption  Remote wipe  No jailbroken devices

18 Implementation of Security Controls  Requirements in standard enforced through technical controls  Goal: Devices that cannot comply cannot connect  Technical limitations  Controls applied at the “person” level  Exceptions for one device automatically create a low bar for others

19 Why MDM?  Project now underway  Offers additional security and management features  Key features  More granular security policies  Advanced tracking and management of devices  State app store  Data storage repository

20 Final Thoughts  Proliferation of mobile devices will continue  Risks can be appropriately managed  Laying out a comprehensive service strategy is vital Strategy Risks Value

21


Download ppt "INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT Christopher P. Buse Assistant Commissioner and CISO State of Minnesota Mobile Device Management Assessing."

Similar presentations


Ads by Google