BYOD Security Maintaining a Secure Infrastructure Friday 15 th March 2013.

Slides:

Advertisements

Similar presentations

©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Best Practices to Secure the Mobile Enterprise Macy Torrey

Advertisements

Security for Mobile Devices

Bring Your Own Device (BYOD) Security By Josh Bennett & Travis Miller.

Managing Outsourced Service Providers By: Philip Romero, CISSP, CISA.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.

Jisc Legal. John X Kelly - Mobile Devices - BYOD.

URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.

The IT Manager’s Nightmare... “Good morning, the board decided last night that we need to have iPads in order to do our work properly. Can you please.

The Natural way for Secure Mobile v.1.4

Secure Lync mobile Authentication

Secure SharePoint mobile connectivity

Meraki Mobile Device Management

BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Copyright JNT Association 2006 The JANET Roaming Service.

Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

SAM for Mobile Device Management Presenter Name. of employees spend at least some portion of their time working outside their office. Mobility is the.

Netop Remote Control Trusted. Secure. Experienced.

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Shared Security Services GOETEC Event 16 th February 2012.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Managing Client Access

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

AARNet Copyright 2010 Network Operations The eduroam project group

Microsoft Windows 8.1 Enterprise: A brief overview of Microsoft Windows 8 Enhancements. Welcome!

Securing Microsoft® Exchange Server 2010

Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.

HOW-TO guide This tutorial has sound.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Network Access Technology: Secure Remote Access S Prasanna Bhaskaran.

A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.

Module 11: Remote Access Fundamentals

SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows

Ed Tech Audit Case Study Pete Reilly. Process Meetings with the Superintendent Extended meetings with the technology coordinator Meeting with each administrator.

User and Device Management

Windows Small Business Server 2003 R2 Powering Small Businesses.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.

Technical and organisational measures for protecting data and ensuring data security Simon Rice Group Manager (Technology) 29 May 2014.

Moving to BYOD Gary Audin 1.

Welcome to the ICT Department Unit 3_5 Security Policies.

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

BYOD Security Risks Presentation by Ravi Namboori Visit

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.

Hot Topics:Mobility in the Cloud

Welcome to our parent information session!

Paul Woods Chair, MITIGATION: Ensuring we procure cloud services taking into account of the risks involved Paul Woods Chair, ISNorthEast.

CIS 349 Competitive Success/snaptutorial.com

CIS 349 Education for Service/snaptutorial.com

CIS 349 Teaching Effectively-- snaptutorial.com

Risks & Reality Cyber Security Risks & Reality

County HIPAA Review All Rights Reserved 2002.

Enterprise Data Solution Running on the Azure Cloud Platform Protects, Preserves Critical Data “Druva takes a proactive approach to help customers address.

Microsoft Virtual Academy

Presentation transcript:

BYOD Security Maintaining a Secure Infrastructure Friday 15 th March 2013

Paul Whitton ▶ Senior IT Security Specialist within ESISS ▶ TigerScheme and Crest accredited. ▶ Been working at Loughborough University since 2001 in variety of teams. ▶ Labs ▶ Staff Desktop ▶ Systems Services ▶ Networks and Security ▶ Now ESISS

About ESISS ▶ ESISS is the Education Shared Information Security Service. ▶ A collaboration with the eight universities within the East Midlands region. ▶ A genuine requirement for shared security service was identified. ▶ HEFCE pump primed for first year. ▶ Launched in August 2009, now used by over 50 UK institutions and growing

About the ESISS team ▶ Contract awarded to Loughborough University. ▶ Dedicated team providing the services. ▶ Information Security Assurance: CISSP, Tiger Scheme QSTM, CCNP, CCSP, Crest Registered Tester, etc. ▶ Trusted Introducer Accredited procedures

BYOD Challenges ▶ Technical Challenges ▶ Security Considerations ▶ Legal Issues

Technical Challenges ▶ Which device types/operating systems are allowed ▶ What apps may be installed and used ▶ What IT systems maybe accessed ▶ How data is stored on the device ▶ How data is transferred to/from the device ▶ Blurring of business and personal use

Security considerations ▶ Data privacy - personal and corporate data on the same device. This works both ways. ▶ Data privacy/remote wipe for lost/stolen devices ▶ What to do if the person who owns the device leaves the company. ▶ Copyright Infringement from the device.

How to address these issues What the Data Protection Act 1998 says: ▶ Appropriate technical and organisational measures shall be taken against accidental loss or destruction of, or damage to, personal data. ▶ All of the previous mentioned issues can be mitigated to some extent with a suitable/effective BYOD policy.

Designing a BYOD Policy Must meet the needs of both IT and employees E.g.: ▶ Secure corporate data ▶ Minimise cost to implement and enforce ▶ Preserve user experience ▶ Keep up with user technology and preferences.

What to consider ▶ JANET AUP already covers a fair amount of the responsibilities ▶ Maybe a need to create a social media policy ▶ Regular checks for compliance.

Device settings Best practise indicated by Gartner and elsewhere suggests devices supported should be able to support: ▶ Device Lock code ▶ Automatic device lock on idle ▶ Remote device wipe function ▶ Device data encryption

Mobile Device Management ▶ Investigate remote locate and wipe facilities ▶ Appropriate process to remove rights to lost/stolen devices. ▶ Approved devices only ▶ Educate users about untrusted apps and data protection ▶ Segregation of corporate and personal data (Mobile Application Management)

Exchange ActiveSync Policy ▶ Exchange allows admins to define a policy for any clients connecting. ▶ This can include remote wipe, enforce encryption, etc.

Virtual Desktop/Thin Client ▶ Some places are implementing virtual desktop infrastructure. ▶ This allows BYOD clients to access a normal corporate desktop by running an application ▶ Segregates corporate data from the BYOD

Type of Network Access ▶ Clients are typically wireless devices. ▶ Expect to be able to just turn wireless on and it works with minimal or no configuration

Wireless Access and Auditing ▶ eduroam ▶ Captive portal style wireless networks. ▶ Consideration for BYOD network access to main network.

eduroam ▶ Based on 802.1X standard and a hierarchy of RADIUS proxy servers. ▶ Role of the RADIUS hierarchy is to forward the users' credentials to the users' home institution, where they can be verified and validated. ▶ Can allow visitors from a participating sites to use your wireless/wired networks, but segregate them from your main network and vice versa.

eduroam

Pros: Secure wireless configuration. Device only needs to be configured once for all sites Supports wireless and wired. Internationally available. Cons: Maybe complicated to setup/configure/maintain for small FE sites with small numbers of network staff.

Typical open guest network

Open guest network Pros: Easy to setup/maintain. Cons: Users can see other peoples traffic. (Mitigated to an extent by forcing the use of SSL web proxy). Requires user to configure their wireless settings for each site they visit.

Further Information ▶ ▶ /documents/library/Data_Protection/Practical_ap plication/ico_bring_your_own_device_byod_guid ance.ashx /documents/library/Data_Protection/Practical_ap plication/ico_bring_your_own_device_byod_guid ance.ashx

Any Questions? Thank you for listening