Bring your own device byod security
Download
1 / 14

Bring Your Own Device (BYOD) Security - PowerPoint PPT Presentation


  • 119 Views
  • Uploaded on

Bring Your Own Device (BYOD) Security. By Josh Bennett & Travis Miller. Today's Agenda. Introduction of BYOD systems Benefits of BYOD systems BYOD Risks - Reduced Security Case Studies Malware: IOS_IKEE Worm Exploit Corporate Data Exfiltration: TTB No-Data Clients

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Bring Your Own Device (BYOD) Security' - erin-love


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Bring your own device byod security

Bring Your Own Device (BYOD) Security

By Josh Bennett & Travis Miller


Today s agenda
Today's Agenda

  • Introduction of BYOD systems

  • Benefits of BYOD systems

  • BYOD Risks - Reduced Security

  • Case Studies

    • Malware: IOS_IKEE Worm Exploit

    • Corporate Data Exfiltration: TTB No-Data Clients

    • Approved Applications: EEOC BYOD Pilot

  • 10-Step Secure Implementation Process

  • BYOD Security Policies

  • Closing Thoughts

  • Questions


Benefit of byod systems
Benefit of BYOD Systems

-Improved mobility

-Avoiding carrying / maintaining multiple devices

-Employee benefit

-Reduced costs


Diminished regard for security driving risks
Diminished Regard for Security Driving Risks

-Lack of awareness

-Increased workload

-Technical support prioritization

-Mobile OS updating difficulty

-Impulsive MDM solution purchases

-Informal adoption


Case study ios malicious worm
Case Study: iOS Malicious Worm

Issue: Presence of Malware

Security Approach: Maintain Original OS & Patches

Example: IOS_IKEE worm; exploits jailbroken Apple mobile devices


Case study alcohol and tobacco tax and trade bureau ttb
Case Study: Alcohol and Tobacco Tax and Trade Bureau (TTB)

Issue: Corporate Data Exfiltration

Security Approach: Virtual Desktop & No-Data Thin Clients

VMware servers => RSA encrypted => WinLogon

Read-Only permissions


Case study u s equal employment opportunity commission eeoc byod pilot
Case Study: U.S. Equal Employment Opportunity Commission (EEOC) BYOD Pilot

Issue: Approved Application Downloads/Agreement

Security Approach: Required Third-Party Apps - Novell GroupWise

Notifylink MDM cloud provider was required GroupWise apps to connect


Bradford network s 10 step secure implementation process
Bradford Network's (EEOC) BYOD Pilot 10-Step Secure Implementation Process


10 step secure implementation process
10-Step Secure Implementation Process (EEOC) BYOD Pilot

  • Determine the Mobile Devices That Are Allowed (Acceptable, Safe Devices)

  • Determine the OS Versions That Are Allowed (Secure OS Versions)

  • Determine the Apps That Are Mandatory/Required (Configuration)

  • Define the Devices Allowed By Group/Employees (Device Policies by Users)

  • Define Network Access (Who, What, Where, When)


10 step secure implementation process1
10-Step Secure Implementation Process (EEOC) BYOD Pilot

  • Educate Your Employees (Communicate Policies)

  • Inventory Authorized & Unauthorized Devices (Trusted vs. Untrusted Devices)

  • Inventory Authorized & Unauthorized Users (Trusted vs. Untrusted Users)

  • Controlled Network Access Based on Risk Posture (Provision Network Access)

  • Continuous Vulnerability Assessment & Remediation (Enhance Other Solutions)


Byod security policies
BYOD Security Policies (EEOC) BYOD Pilot

  • Prohibit download/transfer of sensitive business data

  • Required password(s) on personal device(s)

  • Agreement to maintain original OS with appropriate patches/updates

  • Device will not be shared with others

  • Remote wipe after X password attempts or device is reported lost

  • Agreement to encryption connection policies (ex. Federal Information Processing Standard (FIPS) 140-2)


Closing thoughts
Closing Thoughts (EEOC) BYOD Pilot

-BYOD is already common

-Risks and rewards

BYOD Organizations should:

-Educate themselves on nature and variety of risks

-Research organizational impacts

-Develop implementation process based on best practices

-Establish and enforce sound security policies


Questions
Questions? (EEOC) BYOD Pilot


Bibliography (EEOC) BYOD Pilot

  • http://www.whitehouse.gov/digitalgov/bring-your-own-device#_ftnref4

  • http://www.slideshare.net/BradfordNetworks/the-10-steps-to-a-secure-byod-strategy#btnNext

  • http://www.letsunlockiphone.com/ios-viruses-iphone-ikee-b-worm/

  • http://blogs.unisys.com.disruptiveittrends/2011/07/12/one-year-on-too-many-it-groups-still-struggle-with-consumerization/

  • http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_decisive-analytics-consumerization-surveys.pdf

  • http://www.trendmicro.com/cloud-content/us/pdfs/business/reports/rpt_implementing_byod_plans.pdf


ad