SlideShare uma empresa Scribd logo

Bring your own-computer_to work

Transferir como PPTX, PDF
NetIQ
NetIQ

At RSA Europe 2010, Ron Lapedis and Michael F. Angelo did a presentation on Consumerization, titled: "Bring Your Own Computer to Work – What Now?". The presentation covered Consumerization issues as embodied with the use of non-corporate owned computers in the corporate environment. With this in mind, they discussed the potential bleed out of intellectual property and mitigation techniques. You can read Michael's blogs on the subject here: http://bit.ly/11BhzC

Tecnologia
1 de 37
Bring Your Own Computer To Work - What Now? Ron LaPedis, CISSP-ISSAP, ISSMP, MBCP, MBCI SPYRUS, Inc Michael F. Angelo, CSA NetIQ Corporation
Bring your own computer 2
Bring your own computer 3
BYOC isConsumerization of IT 4
What Is Consumerization? Changing the Face of Work Consumer-based Social Media for advertising Consumer-based Financial Services for accounts receivable Use of consumer or Free Software for sustaining corporate infrastructure And… What we are going to focus on: Use of personal equipment in the corporate environment 5
Consumerization of IT Use of employee owned resources for company work 6
HOW WIDESPREAD IS consumerization? Source:In-Stat 7
How It Happens 8
How It Happens Don’t want to use your Pentium III with 256mb RAM & 60gb HD Don’t want to use your OS Don’t want to use IE6 Don’t want to use your software tools Don’t want to be locked down 9
What is your policy? Secretive Ignored Unofficially Supported Officially Supported Subsidized 10
Benefit and Impact 11
Benefits and drawbacks Companies save 9-40% on equipment purchase cost* Exit the hardware business Employee satisfaction Higher productivity Longer work hours ,[object Object]
Knowledge
Loaner
Hardware
Capability
Configuration
Maintenance / warranty
Upgrades
Software
Interoperability
Upgrades / updates
Vulnerabilities12 *Source: Gartner
Organizational impact - ownership Logins Personal login information on corporate machine Social Networks / Professional Associations Corporate login information on personal machine VPN Configuration User IDs and passwords stored in browsers Software Ownership Personal software Restricted use licenses Corporate software on home equipment 13
Organizational impact - legal Issues Legislated Privacy EU data protection act USA HIPAA, SOX, GLBA Country, state/province, local (e.g. CA SB 1386) More laws pending Cross contamination Corporate backup includes personal information Personal backup includes corporate information 14
Organizational impact - Security Information Leakage Family & friends Device Loss Virus Personal email – Spear Fishing Increased Exposure to Threats Surfing at Home <> Surfing at Work Torrents 15
Organizational impact - Non Obvious Issues Acceptable use policies How to apply to personal machines? Out processing of individuals How do you know organizational data is removed from the employee machine? Software PST files Passwords / wireless / VPN Access Residual data Employee / corporate backups 16
Action To Take 17
Action to take today Is it already there? Run, don’t walk to your legal staff Decide if you will allow Consumerization Don’t wait for it to happen and then rush to formulate policy and procedures Decision must explicitly include all possible components Decision must be extended as new technology becomes available 18
Action today - Define policies Balance: Corporate vs Employee vs Customer Corporate: Must comply with laws Must maintain fiduciary responsibility Must not expose corporate assets At a minimum should address Employee responsibility Acceptable use Protection of assets 19
Action today - Incident response plan Even with Policies & Procedures accidents can happen… Need incident response plan 20
Technical Solutions 21
Action today Security 101: Keep secret stuff separate from non–secret stuff Keep corporate stuff separate from personal stuff Separate personal and corporate identities Compartmentalize the environments to reduce the risk of accidents. 22
Action today - Compartmentalization Application isolation Separate user accounts Virtual Desktop Infrastructure (VDI) Hypervisor on PC OS or Hypervisor on USB drive Windows-on-a-stick PC-in-my-pocket 23
Action today - Separate user accounts Work and Personal Mac, PC, or Linux Fast user switching Separate Context Subject to worms and viruses Can share information via common file system App App App App User 1 User 2 Host OS Computer Separate Users 24
Action today- VDI Virtual Desktop Infrastructure (VDI) 25
Action today - Type 2 hypervisor Aka Hosted Hypervisor Still subject to worms and viruses Harder to accidentally share informationbut cross-contamination still possible Apps HostedOS Hypervisor Apps Host OS Computer Type 2 Hypervisor 26

Recomendados

The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemEnterprise Technology Management (ETM)
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Tony Richardson CISSP
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Ben Rothke
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy Dguest34b014
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MISAmirul Shafiq Ahmad Zuperi
 
IP-guard Catalog
IP-guard CatalogIP-guard Catalog
IP-guard CatalogIP-guard Sys Help Solutions
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsBen Rothke
 

Recomendados

The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemEnterprise Technology Management (ETM)
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Tony Richardson CISSP
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Ben Rothke
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy Dguest34b014
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MISAmirul Shafiq Ahmad Zuperi
 
IP-guard Catalog
IP-guard CatalogIP-guard Catalog
IP-guard CatalogIP-guard Sys Help Solutions
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsBen Rothke
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Perimeter Security is Failing
Perimeter Security is FailingPerimeter Security is Failing
Perimeter Security is FailingUL Transaction Security
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...Jisc
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MISAmirul Shafiq Ahmad Zuperi
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeBen Rothke
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
Comprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationComprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationJoe Hessmiller
 
NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3David Sweigert
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policyeverestsky66
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productGFI Software
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerJoe Hessmiller
 
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityNIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityDavid Sweigert
 
Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc
 
Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyChristoanSmit
 
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxCompensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxbartholomeocoombs
 

Mais conteúdo relacionado

Mais procurados

Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...Jisc
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeBen Rothke
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
Comprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationComprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationJoe Hessmiller
 
NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3David Sweigert
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policyeverestsky66
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productGFI Software
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerJoe Hessmiller
 
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityNIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityDavid Sweigert
 
Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc
 

Mais procurados (20)

Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Perimeter Security is Failing
Perimeter Security is FailingPerimeter Security is Failing
Perimeter Security is Failing
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MIS
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryption
 
Comprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationComprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organization
 
NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policy
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
 
Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe Hessmiller
 
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityNIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
 
Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014
 

Semelhante a Bring your own-computer_to work

Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyChristoanSmit
 
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxCompensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxbartholomeocoombs
 
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxCompensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxannette228280
 
Security and Audit for Big Data
Security and Audit for Big DataSecurity and Audit for Big Data
Security and Audit for Big DataNicolas Morales
 
Business ethics ppt
Business ethics pptBusiness ethics ppt
Business ethics pptWulax37
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Corona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementCorona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementRedZone Technologies
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소GE코리아
 
Infowatch endpoint security
Infowatch endpoint securityInfowatch endpoint security
Infowatch endpoint securityhassan latifi
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutionsabe8512000
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10jpmccormack
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesJerry Harding
 
Experiences in Mainframe-to-Splunk Big Data Access
Experiences in Mainframe-to-Splunk Big Data AccessExperiences in Mainframe-to-Splunk Big Data Access
Experiences in Mainframe-to-Splunk Big Data AccessPrecisely
 
امتحان المديول الأول ICT من كورس ICDL v5
امتحان المديول الأول ICT من كورس ICDL v5امتحان المديول الأول ICT من كورس ICDL v5
امتحان المديول الأول ICT من كورس ICDL v5um_adeveloper
 
Information Security
Information SecurityInformation Security
Information Securityvadapav123
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeemu Tiainen
 

Semelhante a Bring your own-computer_to work (20)

Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made Easy
 
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxCompensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
 
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxCompensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
 
Security and Audit for Big Data
Security and Audit for Big DataSecurity and Audit for Big Data
Security and Audit for Big Data
 
Business ethics ppt
Business ethics pptBusiness ethics ppt
Business ethics ppt
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Corona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementCorona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat Management
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
 
Infowatch endpoint security
Infowatch endpoint securityInfowatch endpoint security
Infowatch endpoint security
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutions
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security Practices
 
OwnYIT CSAT + SIEM
OwnYIT CSAT + SIEMOwnYIT CSAT + SIEM
OwnYIT CSAT + SIEM
 
Experiences in Mainframe-to-Splunk Big Data Access
Experiences in Mainframe-to-Splunk Big Data AccessExperiences in Mainframe-to-Splunk Big Data Access
Experiences in Mainframe-to-Splunk Big Data Access
 
امتحان المديول الأول ICT من كورس ICDL v5
امتحان المديول الأول ICT من كورس ICDL v5امتحان المديول الأول ICT من كورس ICDL v5
امتحان المديول الأول ICT من كورس ICDL v5
 
Information Security
Information SecurityInformation Security
Information Security
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 

Mais de NetIQ

Open Enterprise Server With Windows
Open Enterprise Server With Windows Open Enterprise Server With Windows
Open Enterprise Server With Windows NetIQ
 
Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility NetIQ
 
Mobile Apps in Your Business
Mobile Apps in Your BusinessMobile Apps in Your Business
Mobile Apps in Your BusinessNetIQ
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
BrainShare 2014
BrainShare 2014 BrainShare 2014
BrainShare 2014 NetIQ
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.NetIQ
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerNetIQ
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...NetIQ
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessNetIQ
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQNetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerNetIQ
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNetIQ
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bankNetIQ
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...NetIQ
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQNetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQNetIQ
 

Mais de NetIQ (20)

Open Enterprise Server With Windows
Open Enterprise Server With Windows Open Enterprise Server With Windows
Open Enterprise Server With Windows
 
Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility Big Payoffs With BYOD and Mobility
Big Payoffs With BYOD and Mobility
 
Mobile Apps in Your Business
Mobile Apps in Your BusinessMobile Apps in Your Business
Mobile Apps in Your Business
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
BrainShare 2014
BrainShare 2014 BrainShare 2014
BrainShare 2014
 
Paraca Inc.
Paraca Inc.Paraca Inc.
Paraca Inc.
 
The University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity ManagerThe University of Westminster Saves Time and Money with Identity Manager
The University of Westminster Saves Time and Money with Identity Manager
 
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...
 
Swisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User AccessSwisscard Saves Time and Effort in Managing User Access
Swisscard Saves Time and Effort in Managing User Access
 
Vodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQVodacom Tightens Security with Identity Manager from NetIQ
Vodacom Tightens Security with Identity Manager from NetIQ
 
University of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log ManagerUniversity of Dayton Ensures Compliance with Sentinel Log Manager
University of Dayton Ensures Compliance with Sentinel Log Manager
 
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNippon Light Metal Forges a Disaster Recovery Solution with NetIQ
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQ
 
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNexus Differentiates Itself and Grows Its Capabilities with Operations Center
Nexus Differentiates Itself and Grows Its Capabilities with Operations Center
 
Netiq css huntington_bank
Netiq css huntington_bankNetiq css huntington_bank
Netiq css huntington_bank
 
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...Professional Services Company Boosts Security, Facilitates Compliance, Automa...
Professional Services Company Boosts Security, Facilitates Compliance, Automa...
 
NetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ Identity Manager Unites Hanshan Normal University
NetIQ Identity Manager Unites Hanshan Normal University
 
Handelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQHandelsbanken Takes Control of Identity Management with NetIQ
Handelsbanken Takes Control of Identity Management with NetIQ
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQ
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 

Último (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

Bring your own-computer_to work

  • 1. Bring Your Own Computer To Work - What Now? Ron LaPedis, CISSP-ISSAP, ISSMP, MBCP, MBCI SPYRUS, Inc Michael F. Angelo, CSA NetIQ Corporation
  • 2. Bring your own computer 2
  • 3. Bring your own computer 3
  • 5. What Is Consumerization? Changing the Face of Work Consumer-based Social Media for advertising Consumer-based Financial Services for accounts receivable Use of consumer or Free Software for sustaining corporate infrastructure And… What we are going to focus on: Use of personal equipment in the corporate environment 5
  • 6. Consumerization of IT Use of employee owned resources for company work 6
  • 7. HOW WIDESPREAD IS consumerization? Source:In-Stat 7
  • 9. How It Happens Don’t want to use your Pentium III with 256mb RAM & 60gb HD Don’t want to use your OS Don’t want to use IE6 Don’t want to use your software tools Don’t want to be locked down 9
  • 10. What is your policy? Secretive Ignored Unofficially Supported Officially Supported Subsidized 10
  • 12.
  • 24. Organizational impact - ownership Logins Personal login information on corporate machine Social Networks / Professional Associations Corporate login information on personal machine VPN Configuration User IDs and passwords stored in browsers Software Ownership Personal software Restricted use licenses Corporate software on home equipment 13
  • 25. Organizational impact - legal Issues Legislated Privacy EU data protection act USA HIPAA, SOX, GLBA Country, state/province, local (e.g. CA SB 1386) More laws pending Cross contamination Corporate backup includes personal information Personal backup includes corporate information 14
  • 26. Organizational impact - Security Information Leakage Family & friends Device Loss Virus Personal email – Spear Fishing Increased Exposure to Threats Surfing at Home <> Surfing at Work Torrents 15
  • 27. Organizational impact - Non Obvious Issues Acceptable use policies How to apply to personal machines? Out processing of individuals How do you know organizational data is removed from the employee machine? Software PST files Passwords / wireless / VPN Access Residual data Employee / corporate backups 16
  • 29. Action to take today Is it already there? Run, don’t walk to your legal staff Decide if you will allow Consumerization Don’t wait for it to happen and then rush to formulate policy and procedures Decision must explicitly include all possible components Decision must be extended as new technology becomes available 18
  • 30. Action today - Define policies Balance: Corporate vs Employee vs Customer Corporate: Must comply with laws Must maintain fiduciary responsibility Must not expose corporate assets At a minimum should address Employee responsibility Acceptable use Protection of assets 19
  • 31. Action today - Incident response plan Even with Policies & Procedures accidents can happen… Need incident response plan 20
  • 33. Action today Security 101: Keep secret stuff separate from non–secret stuff Keep corporate stuff separate from personal stuff Separate personal and corporate identities Compartmentalize the environments to reduce the risk of accidents. 22
  • 34. Action today - Compartmentalization Application isolation Separate user accounts Virtual Desktop Infrastructure (VDI) Hypervisor on PC OS or Hypervisor on USB drive Windows-on-a-stick PC-in-my-pocket 23
  • 35. Action today - Separate user accounts Work and Personal Mac, PC, or Linux Fast user switching Separate Context Subject to worms and viruses Can share information via common file system App App App App User 1 User 2 Host OS Computer Separate Users 24
  • 36. Action today- VDI Virtual Desktop Infrastructure (VDI) 25
  • 37. Action today - Type 2 hypervisor Aka Hosted Hypervisor Still subject to worms and viruses Harder to accidentally share informationbut cross-contamination still possible Apps HostedOS Hypervisor Apps Host OS Computer Type 2 Hypervisor 26
  • 38. Action not-quite-today - Type 1 hypervisor Aka Native Hypervisor Almost impossible to share information Only common attack is hypervisor itself Each OS can be attacked separately App App App App OS 1 OS 2 Hypervisor Computer Type 1 Hypervisor 27
  • 39. Action Today - Type 2 portable hypervisor App App App File File File Hosted (Type 2) VM Running PC loads hypervisor from device OS from device and OS from host HD completely separated Does not prevent attack via ‘host’ OS Does not protect the information if device is lost Does not stop access after employment OS Partition Operating System Hypervisor User Settings 28
  • 40. Action today - Virtualized OS-on-a-stick Encrypted OS Partition Operating System User Settings App App App File File File On-board cryptography authenticates and protects Boots OS from device, loads hypervisor, then loads hosted OS Host provides mouse, keyboard, RAM Encryption can protect information if device is lost Limited to OS on device Management system can block device when employee leaves Boot Partition OS + Virtual Machine 29
  • 41. Action today - Native OS-on-a-stick Encrypted OS Partition Operating System User Settings App App App File File File On-board cryptography authenticates and protects Boots OS directly from device Host provides mouse, keyboard, RAM Encryption can protect information if device is lost Limited to OS on device Management system can block device when employee leaves Boot Partition Boot Loader 30
  • 42. Native versus hypervisor Applications Hypervisor Applications PC Hardware PC Hardware Virtualized OS Native OS Note the additional overhead and larger attack surface of a hypervisor-based approach since two operating systems are required. It will be noticeably slower and possibly less secure. 31
  • 43. Action tomorrow - Native OS-on-a-stick + TPM Encrypted OS Partition Operating System User Settings App App App File File File Provides a mechanism to generate and measure system characteristics upon which a security decision can be made. In almost all commercial grade computers For more info see: the Trusted Computing Group www.trustedcomputinggroup.org Boot Partition Secure Boot Loader 32
  • 44. Action tomorrow: Native OS-on-a-stick + TPM Can also be used to ‘seal’ information to a snapshot A snapshot consists of information relevant to defining an identity or entity Information can not be ‘unsealed’ if any element used to ‘seal’ is not an exact match or available. 33
  • 46. Summary Immediately Consult with legal dept Review current information ownership / protection policies and make appropriate changes Put Consumerization policies in place Separate user accounts 35
  • 47. Summary Longer Term Legal policies and procedures Enforce them! Technical policies and procedures Apply, rinse, repeat Technical Tools Isolate applications, virtualization 36
  • 48. Thank You Michael F. Angelo NetIQ Corporation 1233 West Loop South, Ste 810 Houston, TX 77027 angelom@netiq.com Ron LaPedis SPYRUS, Inc. 1860 Hartog Dr. San Jose, CA 95131 rlapedis@spyrus.com

Notas do Editor

  1. WinMo and Blackberry not listed because they are considered to be corporate devices.Why?At the office, you&apos;ve got a sluggish computer running aging software, and the email system routinely badgers you to delete messages after you blow through the storage limits set by your IT department.Searching your company&apos;s internal Web site feels like being teleported back to the pre-Google era of irrelevant search results.At home, though, you zip into the 21st century. You&apos;ve got a slick, late-model computer and an email account with seemingly inexhaustible storage space.And while Web search engines don&apos;t always figure out exactly what you&apos;re looking for, they&apos;re practically clairvoyant compared with your company intranetWinMo and Blackberry not listed because they are considered to be corporate devices.Why?At the office, you&apos;ve got a sluggish computer running aging software, and the email system routinely badgers you to delete messages after you blow through the storage limits set by your IT department.Searching your company&apos;s internal Web site feels like being teleported back to the pre-Google era of irrelevant search results.At home, though, you zip into the 21st century. You&apos;ve got a slick, late-model computer and an email account with seemingly inexhaustible storage space.And while Web search engines don&apos;t always figure out exactly what you&apos;re looking for, they&apos;re practically clairvoyant compared with your company intranet
  2. Gartner says 10% are primary system
  3. After waiting 30 minutes for a ten year old work Pentium PC to boot Windows 98 we can see how the concept of a shiny new notebook you can call your own would be appealing
  4. 68% of SMB IT managers say their departments provide technical support for personal devices, including smartphones and computers.
  5. ConfigurationBIOSDocuments &amp; SettingsFirewall / Anti-Virus / Anti-malwareWireless networksVPN
  6. Why?At the office, you&apos;ve got a sluggish computer running aging software, and the email system routinely badgers you to delete messages after you blow through the storage limits set by your IT department.Searching your company&apos;s internal Web site feels like being teleported back to the pre-Google era of irrelevant search results.At home, though, you zip into the 21st century. You&apos;ve got a slick, late-model computer and an email account with seemingly inexhaustible storage space.And while Web search engines don&apos;t always figure out exactly what you&apos;re looking for, they&apos;re practically clairvoyant compared with your company intranet
  7. Things that you might do at home might get you in trouble when you put your corporate information at risk by doing them …
  8. Various laws protect customer dataEmployee must protect assets whether physical or informational. Protect devices, encrypt HD, remove HD if needed.
  9. Paging file could be a leakage point. Keylogger
  10. Virus on hosted OS can only take out the hosted OS, but virus on host OS can take out both.
  11. Virus on hosted OS can only take out the hosted OS, but virus on host OS can take out both.
  12. BIOS protections…
  13. So VM can be modified while running through rogue / compromised environment.
  14. So VM can be modified while running through rogue / compromised environment.
  15. So VM can be modified while running through rogue / compromised environment.