Information Security, Cybercrime and technology futures allowing you to get a clear insight into the challenges and issues facing your businesses today - Insight Technology Show 2012
•Transferir como PPTX, PDF•
1 gostou•392 visualizações
Rik Ferguson and expert in Security Research & Communications discusses Cybercrime and how this can impact your business today.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a Information Security, Cybercrime and technology futures allowing you to get a clear insight into the challenges and issues facing your businesses today - Insight Technology Show 2012
Semelhante a Information Security, Cybercrime and technology futures allowing you to get a clear insight into the challenges and issues facing your businesses today - Insight Technology Show 2012 (20)
Último
Último (20)
Information Security, Cybercrime and technology futures allowing you to get a clear insight into the challenges and issues facing your businesses today - Insight Technology Show 2012
- 1. Power to the People? Rik Ferguson• Director Security Research & Communications
- 2. Consumerisation of IT “Consumerisation will be the most significant trend affecting IT during the next 10 years” Gartner • Popular new consumer technology spreads into business organizations • IT and consumer electronics converge as the same devices are used for work and play • Power shifts from corporate IT and enterprise vendors (IBM, HP) to end users and innovative consumer vendors (Apple, Google)
- 3. …Not just mobile devices Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Email Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Email Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi- File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Email Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-
- 4. The IT View: Current Pain Points iPad 4
- 5. What’s Really Happening • The current pain points are simply the leading edge of a bigger wave. • Tactical solutions will always remain reactive and be susceptible to disruption by the next wave. iPad iPhone Windows phone 5
- 7. The winners (for now)
- 9. Some recent iOS Vulnerabilities • CVE-2011-3246 – Malicious URLs disclose sensitive information • CVE–2011-3439 – Malicious font leads to arbitrary code execution • CVE-2011-3442 – Ability to bypass code- signing checks • CVE-2011-3255 – Apple ID & password could be intercepted by installed apps
- 10. Some recent Android Vulnerabilities • CVE-2011-3874 – Buffer Overflow allows code execution • CVE-2011-1823 – Local code execution and root privileges (Gingerbreak) • CVE-2011-1149 – Bypass sandbox and escalate privileges (KillingInTheNameOf) • A multitude of Adobe Flash vulnerabilities
- 11. Yes… It’s real. MOBILE MALWARE Classification 1
- 12. But Google told me you are all Charlatans!
- 13. Mobile Malware - Android is where the action is
- 14. Malicious Marketplace • March 2011 - 58 malicious apps (approx 250,000 victims) • May 2011 - 24 malicious apps (up to 120,000 victims) • December 2011 - 27 malicious apps (approx 14,000 victims). • February 2012 – 37 “Fan Apps” stealing handset information and aggressive advertising
- 15. It’s not only the vulnerabilities
- 16. And here’s how it works…
- 17. Consumerisation is Driving a Shift • The advent of consumerisation in the last few years is causing organizations to rethink the value of consumer-grade tools and services.
- 19. T is Losing Control This shift of control away from corporate IT has three main results 1 2 3 Loss of visibility and “De-standardization” Unpredictability of where control as these “BYOD” increases the cost and data will be consumed by devices and modes of difficulty of managing end-users increases communicating proliferate and delivering data to challenge of data protection in business IT an increasingly environments heterogeneous endpoint landscape Tactical solutions will not address this fundamental change
- 20. Unlock Opportunity • Business agility • Virtual work style • Move at the customer speed • Increase end-user productivity • Attract and retain talent
- 21. “Embrace” Is the Optimal Approach 1 2 3 Say Yes… but not Deploy an Strategy: to everything for enterprise-grade Create a plan everyone infrastructure
- 22. Key Features for Mobile Security • Reduce costs, improve business agility, empower employees. • Regain visibility and control, share and protect data in a heterogeneous environment • “Embrace consumerization, unlock opportunity!” Regain visibility Deploy with Measure & control confidence effectiveness Enrollment Policy Enforcement Monitor Management Anti malware Report Provisioning Encryption React Tracking Remote Lock/Wipe Integrate …whatever the device, wherever the user
Notas do Editor
- The IT landscape is changing drastically. We live in a far more tech savvy world than ever before, and now that “consumerization” is becoming recognized throughout the industry and enterprise employees are opting to use their own devices, applications and data plans it’s clear that this is not just a passing trend, and enterprise must quickly transform how they conduct business as well as how they protect their endpoints and secure data.The fact is, consumerization is blurring lines between corporate and personal IT, as social networking applications such as Facebook, YouTube and Twitter are now part of everyone’s everyday lives. Think about it: We are now living among a generation of people who have never known a world without the Internet…or a world without immediate connectivity and access. And businesses are going to have to make some real adjustments to lure this new wave of talent, and that’s going to require offering them more choices than the traditional standard-issue laptop on which to work. This new wave of tech-savvy user now read their email – both private and business – on smart phones and mobile devices that access the corporate CRM on tablets, and store corporate data on their non-PC laptops. In fact, in a recent survey conducted by Trend Micro, almost 45% of the surveyed consumers responded they expect to be using their private smart phone for work too.As Gartner puts it, consumerization will be “the single most influential trend affecting the technology sector for the next ten years”. If there’s any doubt that the consumerization trend is real, consider this: Sales studies show that in the fourth quarter of 2010, for the first time ever, smart phones have outsold traditional computers and this trend is projected to only increase through 2011. These estimates also show that while a record-breaking 92 million computers were shipped in the fourth quarter of 2010, Smart phones achieved nearly 101 million shipments over that same period of time.
- Presenter: It’s too easy to see the IT threat of consumerization as simply being the rampant use of smart phones in the workplace, but it’s much more than that. In fact, a key driver in the acceleration of consumerization is the recent flood of consumer apps and social networking sites like Facebook, LinkedIn and Twitter. Consumerization also includes Web Apps (Amazon, eBay, AOL), Wi-Fi Services like Linsys and Netgear, Voice-Over IP like Skype and TruPhone as well as –the obvious – smart phones.The bottom line is: Things are changing quickly!New technologies - and those who use them - behave differently today than they did just a few years ago. As a result of incredibly simple to use consumer devices and apps, like iPod, iPad, Facebook - even children are tech-savvy now! Here are just a few of the companies /apps having an enormous impact on consumerization through social media, and how they impact the enterprise:About Facebook:Clearly the leader in the social media arena, Facebook has redefined business presence on the Web. As Facebook’s user-base grows, so must business presence in the Facebook community. A true example of how enterprise must move at customer-speed, a business simply must have a Facebook page in order to drive clients and potential customers to their latest developments. Founded in February 2004, Facebook is a social utility that helps people communicate more efficiently with their friends, family and coworkers. The company develops technologies that facilitate the sharing of information through the social graph, the digital mapping of people's real-world social connections. Anyone can sign up for Facebook and interact with the people they know in a trusted environment. Facebook is a part of millions of people’s lives all around the world. Facebook is a privately-held company and is headquartered in Palo Alto, Calif.http://www.facebook.com/press.php About Twitter:Redefining “real time” business communications, Twitter allows the instantaneous exchange of data, information or simple updates and trivia to millions of followers with just a few simple key strokes. This technology has forever changed how businesses release and exchange information. Twitter is a real-time information network that connects you to the latest information about what you find interesting. Simply find the public streams you find most compelling and follow the conversations.At the heart of Twitter are small bursts of information called Tweets. Each Tweet is 140 characters in length, but don’t let the small size fool you—you can share a lot with a little space. Connected to each Tweet is a rich pane of details that provides additional information, deeper context and embedded media. You can tell your story within your Tweet, or you can think of a Tweet as the headline, and use the details pane to tell the rest with photos, videos and other media content. http://twitter.com/about About LinkedIn:The leading network site of choice for businesses and professionals, LinkedIn has made an enormous impact on the HR practices for medium to large companies. While also an effective method for referral and job sharing, LinkedIn is the now the standard for professional networking and hiring. The site officially launched on May 5, 2003. At the end of the first month of operation, LinkedIn had a total of 4,500 members in the network.Today, roughly one million new members join LinkedIn every week, at a rate equivalent to a professional joining the site faster than one member per second.The company is publicly held and has a diversified business model with revenues coming from user subscriptions, advertising sales and hiring solutions.LinkedIn operates the world’s largest professional network on the Internet with more than 100 million members in over 200 countries and territories.More than half of LinkedIn members are currently located outside of the United States.There were nearly two billion people searches on LinkedIn in 2010.Headquartered in Mountain View, Calif., LinkedIn also has U.S. offices in San Francisco, Chicago, New York and Omaha, Neb. International LinkedIn offices are located in Amsterdam, Dublin, London, Paris, Sydney, Toronto and Mumbai, India.The company’s management team is comprised of seasoned executives from companies like Yahoo!, Google, Microsoft, TiVo, PayPal and Electronic Arts. The CEO of LinkedIn is Jeff Weiner.LinkedIn is currently available in six languages: English, French, German, Italian, Portuguese and Spanish.LinkedIn started off 2011 with about 1,000 full-time employees located all around the globe, up from around 500 at the beginning of 2010.http://press.linkedin.com/about/About DropBox:By simplifying the exchange of large files and data, DropBox has unleashed the employee from the office and gave them the tools to share and access all the data they require from the smart phone, laptop, or pad of their choosing. DropBox, a free service that lets people bring their documents, photos and videos anywhere and share them easily, today announced that more than 25 million people have joined DropBox and are using it to save more than 200 million files every day. These files are available from any computer, smartphone or iPad. The company also announced the immediate availability of the DropBox service in Spanish, French, German and Japanese. People around the world are using DropBox to share pictures with family, write papers for school, tackle projects with teammates and even coordinate disaster relief. DropBox has paying customers in more than 175 countries and more than half of DropBox users live outside the U.S. With this first set of translations, millions more will to be able to enjoy DropBox in their native language and share with family and friends.http://www.dropbox.com/press About Skype:Skype is a perfect example of “Bring your own IT”, as it enables employees to decline phone service-provided roaming fees, and simply expense any fees they accrue via Skype…which at its “premium” is currently only about $20.00 per month. See info on website here: http://www.skype.com/intl/en-us/features/?intcmp=CS-Upsell-FA335-10
- Enterprise IT decision-makers rarely say, “I have a consumerization problem.” The problem is almost always defined around a particular technology, as in: “I have an iPad problem,” or “a DropBox problem,” et cetera.
- Each of these technologies is the tip of a much larger spear#5 - ConsumerizationAlready well covered in the general sessions, but you really cannot understate how much pain this is creating for IT decision-makers Social media is close behind it devices:30 billion pieces of content are shared on Facebook every month 78% of social media users think their privacy settings are sufficient Social engineering is giving way to social media engineering MDM in downward phase of Hype Cycle, but managing devices still primary concern for customers, so having a solution is a great way to get on their radar MDM still preferred approach in regulated environments - doctors coats now being made with pockets big enough to hold iPad, need to take a stronger centrally managed approach to management and access Not just about smartphones and tablets and apps - also about data sharing and even supporting Mac laptops SF customer who is heading towards 50% of their environment (6000 clients) being Macs.As of early 2011, 30 billion pieces of content (links, photos, notes, etc) are shared on Facebook every month (source: Royal Pingdom, “Internet 2010 in Numbers,” 12 January 2011), and 50 percent of active users log into Facebook every day (source: eConsultancy.com). A Harris Interactive poll found that 65 percent of U.S. adults use social media and say that they have received a positive benefit as a result (source: Harris Interactive, “The Pros, Cons and Learning Curve of Social Media,” 18 January 2011), and that 78 percent of social media users felt that their privacy settings were sufficient to prevent potentially negative social media experiences, even as the number of malicious applications and frequency of social media-related data breaches were increasing.The consumerization of IT is already happening, and it is about more than smartphones and tabletsMobile devices have overtaken PCs as the predominant means of connecting to the cloudData must be accessible to employees and partners from many locations outside the traditional networkSocial media and cloud-based services are essential components of any business’ growth strategyThe Consumerization of IT also carries many potential risks and costsIncreased operational costs due to managing a de-standardized, heterogeneous environmentIncreased capital costs to port applications, scale data centers and deliver corporate data to a heterogeneous endpoint environmentIncreased risk of data loss and business disruption in a difficult-to-secure IT environmentTrend Micro has seen the advent of this new world of end user and have designed a portfolio of solutions to help businesses embrace consumerization, unlocking its opportunities while containing its costs
- Emphasize shift of control away from IT.
- It’s like playing the game “Whac-a-Mole”: There are different devices popping up all over and you’re always chasing them; you can’t predict where the next one will appears; and even if you manage to hit one you still have the same problem.The ProblemConsumerization is inexorable and unavoidable: “Consumerization will be the most significant trend affecting IT during the next ten years.” (Gartner)“Bring your own device” (BYOD) is transforming enterprise ITThe PC has lost its dominance and centrality as mobile devices eclipse PCs and the primary end-user device: In the last quarter of 2010, smartphones outsold PCs for the first time, almost 18 months earlier than expectedSoon there will be 1 trillion devices connected to Internet – PCs are a shrinking fraction of theseEnd-users want and need to be able to access corporate data from whatever device they are using at the moment: Cloud-based sharing and collaboration tools are circumventing existing IT controls for the circulation of corporate dataSocial media is critical to business agility: Businesses are increasingly dependent upon social media to connect with customers, communicate messaging, and respond more rapidly to market changesThe cloud is replacing the network: Constant pressure to increase scalability and data access across devices are driving the rapid growth of virtualization and cloud-based services… and creating new approaches to securityThe Consumerization of IT represents the intersection of three central challenges faced by every medium and large businessLoss of visibility and control as these “BYOD” devices and modes of communicating proliferate in business IT environmentsLack of standardization increases the cost and difficulty of managing an increasingly heterogeneous endpoint landscape Impossibility of knowing in advance where data will be consumed by end-users
- It’s like playing the game “Whac-a-Mole”: There are different devices popping up all over and you’re always chasing them; you can’t predict where the next one will appears; and even if you manage to hit one you still have the same problem.The ProblemConsumerization is inexorable and unavoidable: “Consumerization will be the most significant trend affecting IT during the next ten years.” (Gartner)“Bring your own device” (BYOD) is transforming enterprise ITThe PC has lost its dominance and centrality as mobile devices eclipse PCs and the primary end-user device: In the last quarter of 2010, smartphones outsold PCs for the first time, almost 18 months earlier than expectedSoon there will be 1 trillion devices connected to Internet – PCs are a shrinking fraction of theseEnd-users want and need to be able to access corporate data from whatever device they are using at the moment: Cloud-based sharing and collaboration tools are circumventing existing IT controls for the circulation of corporate dataSocial media is critical to business agility: Businesses are increasingly dependent upon social media to connect with customers, communicate messaging, and respond more rapidly to market changesThe cloud is replacing the network: Constant pressure to increase scalability and data access across devices are driving the rapid growth of virtualization and cloud-based services… and creating new approaches to securityThe Consumerization of IT represents the intersection of three central challenges faced by every medium and large businessLoss of visibility and control as these “BYOD” devices and modes of communicating proliferate in business IT environmentsLack of standardization increases the cost and difficulty of managing an increasingly heterogeneous endpoint landscape Impossibility of knowing in advance where data will be consumed by end-users
- In light of all these risks, why would any organization even consider saying ‘yes’ to consumerization? Because The executives recognize them, and they are usually the early adopters of these technologies and often the ones to introduce them to the corporate IT environment. There are numerous benefits to embracing consumerization: Saying "no" to end users’ demands for consumer products is a lost cause, because the best business innovations are likely to originate from consumer technology and services. So, by embracing consumerization, we find that it unlocks business opportunities, by allowing us to manage a workforce without limits:Business Agility: It’s all about agility in business today. Consumerization allows you to move at customer-speed. By embracing consumerization and putting a good strategy in place for implementing the changes, businesses are able to effectively “manage a workforce without limits.”Talent Acquisition and Retention: The freedoms that consumerization provides workers through a virtual work style help businesses attract a new tech-savvy workforce…a workforce that expects to used consumer products and services in the workplace. Talented, tech-savvy new-hires will demand the use of their own devices – which not only provides them with the familiar tools and enables them to be more productive while working remotely. Interestingly, recent studies tell us that nearly half of the U.S. workforce is already mobile. These same people are now working outside of their primary workplace more than 20% of their work-week - and the number of mobile workers is on the rise.This tells us that mobile devices help workers to balance their work with day-to-day life. But it also suggests that they are more productive – this is due, in part, to their familiarity and comfort with their own device – they are also working more creatively, and actually working more during the week. This behavior can lead to increased customer/employee satisfaction and improved employee retention. For example, you might check your email on your smart phone along with your morning coffee. And send a tweet to your kid to remember to go to practice and then text your co-worker about project you are working on that day. It’s so convenient for me to get a handle on my work, that I find myself doing so throughout my daily life. We find this is very common in the consumerized workplace. In fact, in a recent Yankee Group survey of workers, they claimed that the ability to “work from home” is the single most important factor in boosting their productivity.The line between personal and business communications is blurring, and a new generation of “Millenials” is entering the workforce expecting businesses to offer more choices than the traditional standard-issue laptop. Don’t forget, this emerging workforce didn’t have to learn “tech-life”…they were born into it and are used to living with technology. In fact, in a recent survey conducted by Trend Micro, almost 45% of the surveyed consumers said that they expect to be using their personal smart phone for work also.Increased End-User Productivity: This ties in with Virtual Work-Style…if a user has steady access to his personal device, that use will likely maintain longer actual “working hours” during the week. And more satisfaction with the freedom of a virtual work style.Improved Customer Satisfaction: Basically, more user access means better productivity, which means higher quality service or attention to customer, which results in greater customer satisfaction.
- So, what can enterprises do to actually benefit from Consumerization and make it work to their advantage? Well, the first thing Trend suggests is to accept the fact that consumerization is happening. It can’t be stopped - and it doesn’t make sense to try. You can embrace Consumerization in order to unlock its full business potential.So how do you go about it?Trend Micro recommends a three-step approach to embrace consumerization: 1--Have a plan. Take a strategic approach to Consumerization. IT cannot do this in a vacuum: engage your lines of business owners (marketing, sales, HR, product development), involve your early adopters in the company, ask them what they use, what they like, and what they find most useful to support their work activities. Pull from their consumer experience rather than push your IT perspective onto them.2--Say yes…but not to everything…and not to everyone. Develop a set of policies that clearly define which technologies are fully supported vesus tolerated or prohibited. Profile your internal users based on their role, line of business and location. Then map technologies to user profiles and define an Service Level Agreement (SLA) for each intersection. 3--Put the right infrastructure into place. Deploy enterprise-grade tools and infrastructure specifically designed to secure and manage consumer technology in the enterprise. No single vendor can provide one solution that covers all functional requirements across all platforms. And several vendors from adjacent product segments offer overlapping core functionality. For a start, you will probably have to look at security vendors for Internet content security, mobile anti-malware and mobile data protection. And look to Mobile Device Management vendors for system provisioning and application management. And to Telecom Expense Management solutions for procurement, support and cost control of voice and data services.Additional resources:Go to Trend Micro Global Sales Toolkit (GST) for access to the internal-only Gartner reports on mobile data protection and mobile device management: http://sales.trendmicro.com/pr/tm/en-us/assets/view-document.aspx?rid=139894Trend Micro Mobile Security (TMMS) assets on GST:http://sales.trendmicro.com/pr/tm/en-us/assets/home.aspx?s21574=20::25189