BYOD/MDM Workshop Luncheon Sponsored by Ciscoand Zenprise Rev2

BYOD/MDM Workshop Luncheon @ RockBottom Denver

Hosted by Greg HanchinGlobal Technology Resources, Inc. / Trusted Security Advisor

©2012 Global Technology Resources, Inc., All Rights Reserved.Contents herin contain confidential information not to be copiedSeptember 19, 2012

© 2012 GTRI2

Agenda

Welcome Mobility Cisco ISE / BYOD ZenPrise / MDM Questions Breakout

© 2012 GTRI3

Who is GTRI?

•$200M Systems Integrator•14 years old•214 People•Profitable•Scratch built•Denver - HQ•$15 Million a Year in Professional Services•$70M in Commercial / $130M in Federal

Profitable Relationships

Customers

Employees

Projects

© 2012 GTRI4

GTRI InfoSec Quilt

© 2012 GTRI5

Recent GTRI Security Projects

© 2012 GTRI6

© 2012 GTRI7

iPad Sales – Just iPads

© 2012 GTRI8

Mobility

Monty Petrich SA - Wireless

GTRI

© 2012 GTRI9

Simple Secure Scalable

ANY USER

ANYWHERE

ANY DEVICE

ANYTIME

Mobility Changes Everything

© 2012 GTRI10

Where is Wireless Going

Future Technologies 802.11ac 802.11ad

Wi-Fi Offload and DAS What the carriers are doing 802.11u

AnyConnect How to prepare customers

BYOD and Dynamic VLANs

© 2012 GTRI11

© 2012 GTRI12

© 2012 GTRI13

© 2012 GTRI14

Bring Your Own Device

Micah MontgomerySE-Information Security

GTRI

© 2012 GTRI15

MDM vs BYOD/NACMDM BYOD /NAC

Managing Device on 3g/ 4g

Manage Files

Manage APPS / Email

JailBreak Control

Remote Wipe

Device Encryption

GEO Fencing

Device Recovery- LoJack

Managing device WLAN/ Wired Access

Role Based Access Control (RBAC) Concept of Device Stacking on

Corp Identity Posture / Profile / Quarantine Hoteling DLP – Lite on critical Files Authentication/Authorization/

Accounting -AAA

© 2012 GTRI16

Bridging the GAP

© 2012 GTRI17

Sample ISE Deployment

© 2012 GTRI18

The User to Device Ratio Has Changed

© 2012 GTRI19

Identity Services Engine

ACS

NAC Profiler

NAC Guest

NAC Manager

NAC Server

Identity Services Engine

• Centralized Policy

• RADIUS Server

• Posture Assessment

• Guest Access Services

• Device Profiling

• Monitoring

• Troubleshooting

• Reporting

© 2012 GTRI20

BYOD Deployment Scenario's

Figure 5 BYOD Adoption Scenarios

© 2012 GTRI21

ISE Node Types

© 2012 GTRI22

ISE Platforms

© 2012 GTRI23

Gradual Deployment

Monitor Mode

• Authentication Without Access Control

Low Impact Mode

• Minimal Impact to Network and Users

High Security Mode

• Logical Isolation of User Groups / Device Types

© 2012 GTRI24

What Device?

© 2012 GTRI25

ISE Profiler: 3 Steps

© 2012 GTRI26

Guest Self Service

© 2012 GTRI27

Guest User Experience

© 2012 GTRI28

Certificate Location by DeviceDevice Certificate Storage Location Access Method iPhone/iPad Standard certificate store Settings > General > Profile

Android Encrypted certificate store Invisible to end users. Note Certificates can be removed using Settings > Location & Security > Clear Storage.

Windows Standard certificate store Launch mmc.exe from /cmd prompt, or view in certificate snap-in.

Mac Standard certificate store Application > Utilities > Keychain Access

© 2012 GTRI29

What about Accounting?

Provides additional information about the session

Marks end of a session (Removes endpoint from licensing count)

Provides IP address Profile IOS probe

© 2012 GTRI30

MDM vs BYOD/NACMDM BYOD /NAC

Managing Device on 3g/ 4g

Manage Files

Manage APPS / Email

JailBreak Control

Remote Wipe

Device Encryption

GEO Fencing

Device Recovery- LoJack

Managing device WLAN/ Wired Access

Role Based Access Control (RBAC) Concept of Device Stacking on

Corp Identity Posture / Profile / Quarantine Hoteling DLP – Lite on critical Files Authentication/Authorization/

Accounting -AAA

© 2012 GTRI31

Mobile Device Management

David DeCesareSE – Denver Region

© 2012 GTRI32

ZenPrise MDM Slides See - http://slidesha.re/N2lTWL

© 2012 GTRI33

Questions?

BYOD/MDM Workshop Luncheon

©2012 Global Technology Resources, Inc., All Rights Reserved.Contents herin contain confidential information not to be copiedJuly 26, 2012

Thank You!