1 / 14

Bring Your Own Device (BYOD) Security

Bring Your Own Device (BYOD) Security. By Josh Bennett & Travis Miller. Today's Agenda. Introduction of BYOD systems Benefits of BYOD systems BYOD Risks - Reduced Security Case Studies Malware: IOS_IKEE Worm Exploit Corporate Data Exfiltration: TTB No-Data Clients

erin-love
Download Presentation

Bring Your Own Device (BYOD) Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bring Your Own Device (BYOD) Security By Josh Bennett & Travis Miller

  2. Today's Agenda • Introduction of BYOD systems • Benefits of BYOD systems • BYOD Risks - Reduced Security • Case Studies • Malware: IOS_IKEE Worm Exploit • Corporate Data Exfiltration: TTB No-Data Clients • Approved Applications: EEOC BYOD Pilot • 10-Step Secure Implementation Process • BYOD Security Policies • Closing Thoughts • Questions

  3. Benefit of BYOD Systems -Improved mobility -Avoiding carrying / maintaining multiple devices -Employee benefit -Reduced costs

  4. Diminished Regard for Security Driving Risks -Lack of awareness -Increased workload -Technical support prioritization -Mobile OS updating difficulty -Impulsive MDM solution purchases -Informal adoption

  5. Case Study: iOS Malicious Worm Issue: Presence of Malware Security Approach: Maintain Original OS & Patches Example: IOS_IKEE worm; exploits jailbroken Apple mobile devices

  6. Case Study: Alcohol and Tobacco Tax and Trade Bureau (TTB) Issue: Corporate Data Exfiltration Security Approach: Virtual Desktop & No-Data Thin Clients VMware servers => RSA encrypted => WinLogon Read-Only permissions

  7. Case Study: U.S. Equal Employment Opportunity Commission (EEOC) BYOD Pilot Issue: Approved Application Downloads/Agreement Security Approach: Required Third-Party Apps - Novell GroupWise Notifylink MDM cloud provider was required GroupWise apps to connect

  8. Bradford Network's 10-Step Secure Implementation Process

  9. 10-Step Secure Implementation Process • Determine the Mobile Devices That Are Allowed (Acceptable, Safe Devices) • Determine the OS Versions That Are Allowed (Secure OS Versions) • Determine the Apps That Are Mandatory/Required (Configuration) • Define the Devices Allowed By Group/Employees (Device Policies by Users) • Define Network Access (Who, What, Where, When)

  10. 10-Step Secure Implementation Process • Educate Your Employees (Communicate Policies) • Inventory Authorized & Unauthorized Devices (Trusted vs. Untrusted Devices) • Inventory Authorized & Unauthorized Users (Trusted vs. Untrusted Users) • Controlled Network Access Based on Risk Posture (Provision Network Access) • Continuous Vulnerability Assessment & Remediation (Enhance Other Solutions)

  11. BYOD Security Policies • Prohibit download/transfer of sensitive business data • Required password(s) on personal device(s) • Agreement to maintain original OS with appropriate patches/updates • Device will not be shared with others • Remote wipe after X password attempts or device is reported lost • Agreement to encryption connection policies (ex. Federal Information Processing Standard (FIPS) 140-2)

  12. Closing Thoughts -BYOD is already common -Risks and rewards BYOD Organizations should: -Educate themselves on nature and variety of risks -Research organizational impacts -Develop implementation process based on best practices -Establish and enforce sound security policies

  13. Questions?

  14. Bibliography • http://www.whitehouse.gov/digitalgov/bring-your-own-device#_ftnref4 • http://www.slideshare.net/BradfordNetworks/the-10-steps-to-a-secure-byod-strategy#btnNext • http://www.letsunlockiphone.com/ios-viruses-iphone-ikee-b-worm/ • http://blogs.unisys.com.disruptiveittrends/2011/07/12/one-year-on-too-many-it-groups-still-struggle-with-consumerization/ • http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_decisive-analytics-consumerization-surveys.pdf • http://www.trendmicro.com/cloud-content/us/pdfs/business/reports/rpt_implementing_byod_plans.pdf

More Related