7.5 steps to overlaying byod & iot
Post on 10-Feb-2017
181 Views
Preview:
TRANSCRIPT
© 2015 InterWorks, Page 1
Caston Thomas
7½ Steps to “Bolt On”
Mobile/Cloud/BYoD/IoTto our
Existing Network & Security
$$$
cthomas@iworkstech.com 586.530.4981
© 2015 InterWorks, Page 2
What is BYOD?
Option 1:
BYoD refers to employees bringing their own computing devices – to
the workplace for use on the corporate network.
Option 2:
BYoD is a change in how we move the cost of computing from
corporate owned devices to personally owned devices.
Option 3:
BYoD is the fundamental change in how we view ownership of, not just
devices, but also data, applications, & network. It changes how we
approach our company’s security, responsibilities & culture.
© 2015 InterWorks, Page 3
The BYOD/IoT Phenomenon
“68% of devices used by information workers to access
business applications are ones they own themselves,
including laptops, smartphones & tablets.”
“IT organizations typically underestimate the number of
personal mobile devices on their networks by 50%.”
“By 2020, 70% of “4 Pillar” buyers will have the LOB as
their buyer.” 1
(4 Pillars = mobile, cloud, big data, social media)
1IDC Research, The Mobility Game Changer, June 2013
© 2015 InterWorks, Page 4
Fight or Embrace?
“The rise of “BYoD" is the single most radical shift in
the economics of client computing for business since
PCs invaded the workplace.” - Gartner1
“The rise of “BYoD" is the single most radical cultural shift in the
corporate workplace since the copy machine.”
- Caston Thomas
1Gartner “Bring Our Own Device: New Opportunities, New Challenges”, August 16, 2012
© 2015 InterWorks, Page 5
• Data Loss– Lost phone/tablet/laptop/device
– Unauthorized access
– Compromised device/backdoor
• APT/Malware– Threats inside the network
• Compliance– Unauthorized infrastructure
– Unauthorized apps (e.g., dropbox)
– Unauthorized data (e.g., drug interaction database)
The Risk in BYOD
For more detail, a good resource is still:
Gartner “Strategic Road Map for Network Access Control”, October 11, 2011
© 2015 InterWorks, Page 6
Fight or Embrace?
© 2015 InterWorks, Page 7
What is Our Framework?
• Govern & Comply• Educate & Manage• Control & Prevent• Monitor & Detect• Respond & Mitigate
© 2015 InterWorks, Page 8
What Are Our Options?
CHARACTERISTICSSOLUTION
Security
Access
Agility
© 2015 InterWorks, Page 9
What Are Our Options?
CHARACTERISTICSSOLUTION
Manage devices (MDM) • Good security at the device level
• Secures device user & content
• Separate management console
• Lacks protecting network resources,
network access & “data in motion”
© 2015 InterWorks, Page 10
What Are Our Options?
CHARACTERISTICSSOLUTION
Manage devices (MDM) • Good security at the device level
• Secures device user & content
• Separate management console
• Lacks protecting network resources,
network access & “data in motion”
Restrict data (VDI) • Strong data protection
• Poor user experience
• Not for the road warrior
© 2015 InterWorks, Page 11
What Are Our BYOD Options?
CHARACTERISTICSSOLUTION
Manage devices (MDM) • Good security at the device level
• Secures device user & content
• Separate management console
• Lacks protecting network resources,
network access & “data in motion”
Restrict data (VDI) • Strong data protection
• Poor user experience
• Not for the road warrior
Control applications (MAM, MAW) • Leading edge approach
• Must be used with other controls
© 2015 InterWorks, Page 12
What Are Our BYOD Options?
CHARACTERISTICSSOLUTION
Control devices (MDM) • Good security at the device level
• Secures device user & content
• Separate management console
• Lacks protecting network resources,
network access & “data in motion”
Control data (VDI) • Strong data protection
• Poor user experience
• Not for the road warrior
Control applications (MAM, MAW) • Leading edge approach
• Must be used with other controls
Control the network (NAC) • Simple, fast, 100% coverage
• Protects data on the network, not on
the device
© 2015 InterWorks, Page 13
“No matter what BYOD strategy is selected, the
ability to detect when unmanaged devices are in
use for business purposes will be required — &
that requires NAC.”
Gartner Recommendations
Gartner, “NAC Strategies for Supporting BYOD Environments”,
22 December 2011, Lawrence Orans & John Pescatore
© 2015 InterWorks, Page 14
Multiple Security Choices
© 2015 InterWorks, Page 15
Multiple Security Choices
© 2015 InterWorks, Page 16
Multiple Security Choices
© 2015 InterWorks, Page 17
Multiple Security Choices
© 2015 InterWorks, Page 18
Multiple Security Choices
© 2015 InterWorks, Page 19
Blending These Multiple Security Choices
• MDM
• Policy & configuration management for mobile devices
• Solution for securing mobile users & content
• NAC
• Inspect & remediate devices when connecting to network
• Facilitate, monitor, & interdict access as appropriate
• Coordinate
• Reports, interfaces, alerts, & incident response
• Vendor cooperation? Critical
© 2015 InterWorks, Page 20
Network Access Policy
User Access Policy
Device Access Policy
“Points of Integration”
• Enterprise visibility
• Single policy
• Enterprise reporting
• Enrollment Automated
• On-access assessment
• Malicious activity
detected/enforced
© 2015 InterWorks, Page 21
The Enterprise Challenge: Balance Access Agility With Security
• Employees, Guests,
Contractors
• Personal devices
• Wireless, wired,
VPN, mobile
• Data loss
• Zero-day attacks
& malware
• Endpoint integrity
• Regulations &
compliance
Security
Access
Agility
Requires real-time,
comprehensive
visibility
Requires real-time,
automated controls
© 2015 InterWorks, Page 22
End-To-End Security Automation
See
Grant
Fix
Protect
© 2015 InterWorks, Page 23
( ( ( ( ( ( (
See Grant Fix Protect
• What type of device?
• Who owns it?
• Who is logged in?
• What applications?
© 2015 InterWorks, Page 24
See Grant Fix Protect
• Grant access
• Register guests
• Block access
• Restrict access
( ( ( ( ( ( (
© 2015 InterWorks, Page 25
See Grant Fix Protect
• Remediate OS
• Fix security agents
• Fix configuration
• Start/stop applications
• Disable peripheral
© 2015 InterWorks, Page 26
See Grant Fix Protect
• Detect unexpected behavior
• Address insider threats
• Stop worm propagation
• Block intrusions
© 2015 InterWorks, Page 27
See Grant Fix Protect
MOVE & DISABLERESTRICT ACCESSALERT & REMEDIATE
Deploy a Virtual Firewall around an infected
or non-compliant device
Reassign the device into a VLAN with
restricted access
Update access lists (ACLs) on switches,
firewalls & routers to restrict access
Automatically move device to a pre-
configured guest network
Open trouble ticket
Send email notification
SNMP Traps
Syslog & SIEMs & behavior monitors
HTTP browser hijack
Auditable end-user acknowledgement
Self-remediation
Integrate with SMS, WSUS, SCCM, BigFix,
Darktrace, Cylance, etc
Reassign devices from production to
quarantine VLANs
Block access with 802.1X, ACL’s & certs
Alter login credentials to block access
Block access with device authentication
Turn off ports (802.1X/SNMP/CLI)
Terminate unauthorized apps
Disable peripheral devices
© 2015 InterWorks, Page 28
• A variety of actions are
available to manage, remediate
& restrict mobile devices
• Multiple actions can be stacked
together to provide even more
control
Mobile Security Remediation
© 2015 InterWorks, Page 29
SANS Report: “Your Pad or Mine:
Enabling Secure Personal & Mobile Device
Use on Our Network”
IDC Report: “Architecting a Flexible
Strategy for Securing Enterprise Bring Our
Own Device (BYOD)”
Whitepapers
© 2015 InterWorks, Page 30
1. Assemble a team– Multiple IT departments
– Users across departments
10 Steps to BYOD Implementation
© 2015 InterWorks, Page 31
1. Assemble a team
2. Gather data– Devices in use?
– Ownership of devices?
– Applications in use?
– Entry paths?
10 Steps to BYOD Implementation
© 2015 InterWorks, Page 32
1. Assemble a team
2. Gather data
3. Identify use cases– Which applications?
– Which users? Role?
– Offline use?
– Sensitivity of data?
10 Steps to BYOD Implementation
© 2015 InterWorks, Page 33
1. Assemble a team
2. Gather data
3. Identify use cases
4. Create an economic model– Device costs (capital)
– Data connectivity costs (expense)
– Employee stipends (expense)
– Software license costs (capital)
– Employee productivity gains
– Infrastructure costs (security, bandwidth, data protection)
10 Steps to BYOD Implementation
© 2015 InterWorks, Page 34
1. Assemble a team
2. Gather data
3. Identify use cases
4. Create an economic model
5. Formulate policies– Which devices will we support?
– Which corporate applications?
– Which users?
– How will data be secured?
– Acceptable use?
– What if the device is lost or stolen?
– How will the endpoint be updated?
10 Steps to BYOD Implementation
© 2015 InterWorks, Page 35
1. Assemble a team
2. Gather data
3. Identify use cases
4. Create an economic model
5. Formulate policies
6. Decide how to protect our network– Manual or automated ?
– Types of compliance checks?
– Multiple wireless networks or one network?
10 Steps to BYOD Implementation
© 2015 InterWorks, Page 36
1. Assemble a team
2. Gather data
3. Identify use cases
4. Create an economic model
5. Formulate policies
6. Decide how to protect our network
7. Decide how to protect data– Containerization on the mobile device?
– Hosted Virtual Desktop?
10 Steps to BYOD Implementation
© 2015 InterWorks, Page 37
1. Assemble a team
2. Gather data
3. Identify use cases
4. Create an economic model
5. Formulate policies
6. Decide how to protect our network
7. Decide how to protect data
8. Build a project plan – Remote device management?
– Cloud storage?
– Wipe devices when employees are terminated?
10 Steps to BYOD Implementation
© 2015 InterWorks, Page 38
1. Assemble a team
2. Gather data
3. Identify use cases
4. Create an economic model
5. Formulate policies
6. Decide how to protect our network
7. Decide how to protect data
8. Build a project plan
9. Evaluate solutions– Ease of implementation?
– Cost?
– Security?
– Usability?
10 Steps to BYOD Implementation
© 2015 InterWorks, Page 39
1. Assemble a team
2. Gather data
3. Identify use cases
4. Create an economic model
5. Formulate policies
6. Decide how to protect our network
7. Decide how to protect data
8. Build a project plan
9. Evaluate solutions
10.Implement solutions – Phased approach
– Monitor, then pilot, then full deployment
10 Steps to BYOD Implementation
© 2015 InterWorks, Page 40
1. Assemble a team
2. Gather data
3. Identify use cases
4. Create an economic model
5. Formulate policies
6. Decide how to protect our network
7. Decide how to protect data
8. Build a project plan
9. Evaluate solutions
10.Implement solutions
10 Steps to BYOD Implementation
© 2015 InterWorks, Page 41
1. Assemble a team
2. Gather data
3. Identify use cases
4. Create an economic model
5. Formulate policies
6. Decide how to protect our network
7. Decide how to protect data
8. Build a project plan
9. Evaluate solutions
10.Implement solutions
10 Steps to BYOD Implementation
top related