Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bring Your Own Device (BYOD) Security By Josh Bennett & Travis Miller.

Published byMadilyn Trewin Modified over 10 years ago

Similar presentations

Presentation on theme: "Bring Your Own Device (BYOD) Security By Josh Bennett & Travis Miller."— Presentation transcript:

1 Bring Your Own Device (BYOD) Security By Josh Bennett & Travis Miller

2 Today's Agenda Introduction of BYOD systems Benefits of BYOD systems BYOD Risks - Reduced Security Case Studies o Malware: IOS_IKEE Worm Exploit o Corporate Data Exfiltration: TTB No-Data Clients o Approved Applications: EEOC BYOD Pilot 10-Step Secure Implementation Process BYOD Security Policies Closing Thoughts Questions

3 Benefit of BYOD Systems -Improved mobility -Avoiding carrying / maintaining multiple devices -Employee benefit -Reduced costs

4 Diminished Regard for Security Driving Risks -Lack of awareness -Increased workload -Technical support prioritization -Mobile OS updating difficulty -Impulsive MDM solution purchases -Informal adoption

5 Case Study: iOS Malicious Worm Issue: Presence of Malware Security Approach: Maintain Original OS & Patches Example: IOS_IKEE worm; exploits jailbroken Apple mobile devices

6 Case Study: Alcohol and Tobacco Tax and Trade Bureau (TTB) Issue: Corporate Data Exfiltration Security Approach: Virtual Desktop & No-Data Thin Clients VMware servers => RSA encrypted => WinLogon Read-Only permissions

7 Case Study: U.S. Equal Employment Opportunity Commission (EEOC) BYOD Pilot Issue: Approved Application Downloads/Agreement Security Approach: Required Third-Party Apps - Novell GroupWise Notifylink MDM cloud provider was required GroupWise apps to connect

8 Bradford Network's 10-Step Secure Implementation Process

9 1.Determine the Mobile Devices That Are Allowed (Acceptable, Safe Devices) 2.Determine the OS Versions That Are Allowed (Secure OS Versions) 3.Determine the Apps That Are Mandatory/Required (Configuration) 4.Define the Devices Allowed By Group/Employees (Device Policies by Users) 5.Define Network Access (Who, What, Where, When)

10 10-Step Secure Implementation Process 6.Educate Your Employees (Communicate Policies) 7.Inventory Authorized & Unauthorized Devices (Trusted vs. Untrusted Devices) 8.Inventory Authorized & Unauthorized Users (Trusted vs. Untrusted Users) 9.Controlled Network Access Based on Risk Posture (Provision Network Access) 10.Continuous Vulnerability Assessment & Remediation (Enhance Other Solutions)

11 BYOD Security Policies 1.Prohibit download/transfer of sensitive business data 2.Required password(s) on personal device(s) 3.Agreement to maintain original OS with appropriate patches/updates 4.Device will not be shared with others 5.Remote wipe after X password attempts or device is reported lost 6.Agreement to encryption connection policies (ex. Federal Information Processing Standard (FIPS) 140-2)

12 Closing Thoughts -BYOD is already common -Risks and rewards BYOD Organizations should: -Educate themselves on nature and variety of risks -Research organizational impacts -Develop implementation process based on best practices -Establish and enforce sound security policies

13 Questions?

14 Bibliography http://www.whitehouse.gov/digitalgov/bring-your-own-device#_ftnref4 http://www.slideshare.net/BradfordNetworks/the-10-steps-to-a-secure- byod-strategy#btnNext http://www.letsunlockiphone.com/ios-viruses-iphone-ikee-b-worm/ http://blogs.unisys.com.disruptiveittrends/2011/07/12/one-year-on-too- many-it-groups-still-struggle-with-consumerization/ http://www.trendmicro.com/cloud-content/us/pdfs/business/white- papers/wp_decisive-analytics-consumerization-surveys.pdf http://www.trendmicro.com/cloud- content/us/pdfs/business/reports/rpt_implementing_byod_plans.pdf

Download ppt "Bring Your Own Device (BYOD) Security By Josh Bennett & Travis Miller."

Similar presentations

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 © 2010 Cisco and/or its affiliates. All rights reserved. 1 BYOD: Security, Policy.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 © 2010 Cisco and/or its affiliates. All rights reserved. 1 BYOD: Security, Policy.
Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.

Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
MANAGING AND SECURING BYOD Legal ITs Next Great Challenge.

MANAGING AND SECURING BYOD Legal ITs Next Great Challenge.
Enable Bring Your Own Device with SCCM 2012 David Caddick Solutions Architect, Quest Software WCL315.

Enable Bring Your Own Device with SCCM 2012 David Caddick Solutions Architect, Quest Software WCL315.
Www.numaracloud.com Mobile Device Management: Do You Know Whos Accessing Your Network? Umesh Shah, Dir. Channel Marketing.

Mobile Device Management: Do You Know Whos Accessing Your Network? Umesh Shah, Dir. Channel Marketing.
Security for Mobile Devices

Security for Mobile Devices
November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.

November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.
Securely connecting users and applications from anywhere to anywhere in todays global economy. www.arraynetworks.com 1-866-MY-ARRAY DesktopDirect Bring.

Securely connecting users and applications from anywhere to anywhere in todays global economy MY-ARRAY DesktopDirect Bring.
Identify risks with mobile devices: Portable data storage Wireless connections 3 rd party applications Data integrity Data availability 2.

Identify risks with mobile devices: Portable data storage Wireless connections 3 rd party applications Data integrity Data availability 2.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
1 Confidential Lessons Learned from the First Generation of Mobile Apps Sean Ginevan, Product Management MobileIron - Confidential1.

1 Confidential Lessons Learned from the First Generation of Mobile Apps Sean Ginevan, Product Management MobileIron - Confidential1.
Mobile Access: BYOD Trends SCOTT DUMORE - DIRECTOR, TECHNOLOGY, CHANNELS & ALLIANCES AUTONOMY, HP SOFTWARE.

Mobile Access: BYOD Trends SCOTT DUMORE - DIRECTOR, TECHNOLOGY, CHANNELS & ALLIANCES AUTONOMY, HP SOFTWARE.
MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.

MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.
5 Possible Device Selection Models. Bring Your Own 'x' (BYOx) is a term used to describe a digital device ownership model where students and/or staff.

5 Possible Device Selection Models. Bring Your Own 'x' (BYOx) is a term used to describe a digital device ownership model where students and/or staff.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
SANS Technology Institute - Candidate for Master of Science Degree Design Phase 1 of an iPhone Rollout Mark Baggett, Jim Horwath June 2010.

SANS Technology Institute - Candidate for Master of Science Degree Design Phase 1 of an iPhone Rollout Mark Baggett, Jim Horwath June 2010.
Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.

Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.
6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,

6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,
Week 9, Network Communication Software, Dept of Informatics, Faculty of Business.

Week 9, Network Communication Software, Dept of Informatics, Faculty of Business.

Similar presentations

Ads by Google