Protecting Sensitive Data in the Post-PC World · Protecting Sensitive Data in the Post-PC World...
Transcript of Protecting Sensitive Data in the Post-PC World · Protecting Sensitive Data in the Post-PC World...
Protecting Sensitive Data in the Post-PC World
March 8, 2013
Tim Choi | Sr. Director of Products
What We Will Discuss Today
• How are the ways we work changing and
why?
• What are the compliance impacts to our
world?
• What technologies are available and what are
the trade-offs?
THE DEVICE
The Work Devices We Use Are Changing
2012 KPCB Internet Trends Year-End Update,
Mary Meeker
Who Are Some Users Driving the Adoption of Post-PC
Devices?
41% Percentage of CEOs who
use an iPad for work
2012 CEO & Senior Business
Executive Survey, Gartner Research
Welcome to the Age of BYOD
Okay – Not that BYOD… Let’s try again…
• BYOD (Bring Your Own Device)
–Trend is driven by popularity of
iOS and Android devices
–“Freedom of choice” for
employees to work on their
preferred device
–Cost reduction by shifting
purchase of devices to employees
–Employee satisfaction through
freedom of choice
The Trend is Towards BYOD
76%
13%
6% 5%
Percent of Enterprises that Support BYOD
Currently supported
Planning to support, next 12 mos
Considering, but no specific timeframe
Not planning to support
Good Technology’s 2012 BYOD Report
What Are the Potential Risk Factors of BYOD?
• 65% of organizations feel that accessing documents via mobile devices and tablets create a significant security risk1
• The “Absent-Minded” Employee
– Losing personal work devices
– Loss of sensitive data (Personal Identifiable or Intellectual Property)
– Compliance considerations (HIPAA, GLBA, PCI, etc.)
• The “Disgruntled” Employee
– Malicious distribution of work content to competitors
– Walk out of company with Intellectual Property
– Business loss considerations
Source: 1Ponemon Institute 2012 Confidential Documents at Risk Study
Market Solutions Available for Device Management
• Mobile Device Management
– Centralized control of the mobile device tier
– Features:
• OTA (Over the Air) provisioning of device
– Turn On/Off device functionality
– Remote wipe
• Telcom expense management
– Points of consideration
• Applicable only to employee devices architecture
requires that the whole device is registered and
managed by the company
• How does one manage devices of business partners?
Especially important if they are BYOD devices that
have access to your information?
THE APPS
There’s an App for Everything; Consumerization of IT
The Convenience of Apps
• There are lots of Apps available to choose from
– 775,000 iOS Apps available1
– 625,000 Android Apps available2
• Apps are more affordable3
– Average price per iOS app: $1.58/app
– Average price per Android app: $3.74/app
• Apps are easier to download
– 1 (okay, 2 if you need to input your password)
1 Apple, Jan 2013 2 AppBrain, Feb 2013 3 Canalys, Feb 23, 2012
Where is Your Enterprise Data Going?
Market Solutions Available for App Management
• Mobile Application Management
– Centralized control of the application tier
– Features:
• Provision apps to employee devices
• Remote wipe of apps
• Control of interactions between apps (e.g. “Open In”)
– Points of consideration
• Applicable only to employees
• How does one manage the distribution of apps to
business partners?
THE DATA
It’s All About the Data…
Source: Ponemon Institute 2012 Confidential Documents at Risk Study
What Data is Most at Risk?
“What types of data were potentially compromised or breached in the past 12
months?” (select all that apply)
1%
3%
4%
7%
10%
10%
13%
14%
15%
19%
20%
Other
Payment/credit card data
Account numbers
Website defacement
Don't know
Corporate financial data
Authentication credentials (user IDs and passwords, …
Other sensitive corporate data (e.g., marketing/strategy …
Other personal data (e.g., customer service data)
Personally identifiable Information (name, address, …
Intellectual property
Source: Forrester Research Forrsights Security Survey, Q2, 2012
The Need for Security in Documents
If you believe that the security of browser-based file sharing tools will become “more important,” why do you feel this way? (More than one choice permitted)
3%
39%
43%
48%
56%
61%
63%
68%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Other
Cost of non-compliance will increase
More privacy and data security regulations to comply with
Increase in cyber criminal attacks
Increase in the need to share documents for purposes of collaboration
Managing user access at the document level will become more complex
Increase in the volume of documents
Increase in the access requirements for users because of mobility
Source: Ponemon Institute 2012 Confidential Documents at Risk Study
What Defines Document-Centric Security?
Following are features of a document-centric security solution
(Very important and important response presented)
31%
32%
35%
39%
43%
36%
38%
41%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Easily and effectively access, share and control all important documents across the extended and mobile enterprise on any
device
Enables users to easily and safely send files and collaborate with business partners or other outside parties. Shared files
remain protected even as business partners use their own corporate or personal mobile devices
Allows employees to access their corporate documents on PC and mobile devices with an intuitive interface that displays
documents on any screen
Enterprises have full control over every protected document. The platform provides granular capabilities such as controlling
printing, copying and forwarding, as well as the ability to watermark or wipe the document
Very important Important
Source: Ponemon Institute 2012 Confidential Documents at Risk Study
WHAT’S MOST IMPORTANT AND
WHAT’S THE SOLUTION?
Emergence of Shadow IT
Creates Compliance Exposure on Enterprise Data
• Storing Data in the App
– Is the content encrypted and protected?
– Can one easily forward the content to competitors?
• Storing Data in the Public Cloud
– Is the content encrypted and protected?
– Who has ownership of the content?
• Sharing To Outside Parties
– Who outside my company has access to this data?
– What kind of devices are being used?
1 Palo Alto Networks 2 Ponemon Institute 2012 Confidential Documents at Risk Study
Three Steps to Address Application Shadow IT
Step 1: Visibility Into What’s Going On In Your Company
(Example: Is there use of Dropbox in my company?)
Track sessions to Dropbox
Track data Track users/hosts
Palo Alto Networks PA-500 Check Point Gateway WebSense Triton
Blue Coat ProxySG
Cisco ASA
Juniper Networks SRX
Three Steps to Address Application Shadow IT
WHAT USERS WANT
Sync:
Mobile / Tablet /
Desktop / Web /
BYOD
Collaborate:
Share / Annotate /
Manage
Just Works:
Picture Perfect
Documents, Fast,
Elegant, Interface
Data Security
and Control
Tracking and
Compliance
Cloud or On Premise
Deployment
WHAT ENTERPRISE IT NEEDS
Integration to
Enterprise Portals,
Systems and Workflow
Step 2: Find the Balance In the Enterprise App
Three Steps to Address Application Shadow IT
Step 3: Track Adoption – “Germs Don’t Grow Under Sunlight”
Week
1
3
5
7
9
11
13
15
17
19
21
23
Inte
rna
l U
se
rs
Week
Inte
rna
l U
se
rs
1
5
9
13
17
21
25
29
33
Week
Ex
tern
al U
se
rs
1
9
17
25
33
41
Week
Global Private Equity Firm Global Sporting Goods Manufacturer
TYING IT ALL TOGETHER
How Each Technology Approach is Different
Lost Device
Accidental Sharing
Insider
Lost Device
Accidental Sharing
External Attack
Insider Etc
MDM
MAM Consumer Apps
Source: Forrester Research 9/2012
Document-centric Security
Three Things to Remember…
• It’s all about the data; secure the data to remove the
burden of other issues
• Have visibility into what’s going on… Shadow IT
exists because it’s in the dark
• Consumerization of IT doesn’t mean that one should
compromise on Enterprise needs find the
balance in the correct Enterprise App!
Do Not Fear the Shadow IT… It’s Just a Bunny…