1 / 8

BYOD:

BYOD:. An IT Security Perspective. What is BYOD?.

earl
Télécharger la présentation

BYOD:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BYOD: An IT Security Perspective

  2. What is BYOD? • Bring your own device - refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and use those devices to access privileged company information and applications. • Source: http://en.wikipedia.org/wiki/Bring_your_own_device • Bring your own device is an alternative strategy allowing employees, business partners and other users to utilize a personally selected and purchased client device to execute enterprise applications and access data. Typically, it spans smart phones and tablets, but the strategy may also be used for PCs. • Source: http://www.gartner.com/it-glossary/bring-your-own-device-byod

  3. What is BYOD to Security Professionals? RISK

  4. TheProblem • Loss of control over your data • Lost or Stolen Devices • Exposing your internal network to unmanaged devices • Difficulty in Reporting Vulnerability Status • Compliance Concerns eg PCI • Increasing Number of Viruses Targeting Mobile Devices

  5. The Solution • Mobile Device Policy • Balancing act • Password Protection • Encryption of Company Data • Remote Wiping of Devices • Define a standard • Must support the business • Security Awareness Training • Explain the risks

  6. The Solution • Deploy a Mobile Device Management Tool • Ability to provision and de-provision apps and profiles • It should support granular remote wipe and have the ability to track lost or stolen devices • Deploy an Application Aware IPS • You need to understand what applications are running across your network as you no longer control the endpoint • Deploy a Content Aware Network based DLP System • Without a dedicated DLP system you will have no visibility of data that is leaving your organization • Use a Security Operations Center to monitor everything • Continuous 24/7 monitoring and alerting

  7. Take Away Points • BYOD is here to stay • You need to be prepared to implement the infrastructure to secure data on employee owned devices • You need to be able to effectively monitor devices for compliance to the Mobile Device Policy • You need to maintain and be able to demonstrate that you comply with legislation

  8. Thank You Greg Fagan Security Architect Greg.Fagan@gsoc.co.za 082 800 5342

More Related