You Got Chocolate On My iPad! Barry Caplin Chief Information Security Officer MN Department of Human...
42
You Got Chocolate On My iPad! Barry Caplin Chief Information Security Officer MN Department of Human Services MN Gov’t. IT Symposium Session 100: Thurs. Dec. 8, 2011 [email protected] [email protected], @bcaplin, +barry caplin (Toys in the Office)
-
Upload
conrad-simpson -
Category
Documents
-
view
212 -
download
0
Transcript of You Got Chocolate On My iPad! Barry Caplin Chief Information Security Officer MN Department of Human...
You Got Chocolate On My iPad!
Barry Caplin
Chief Information Security Officer
MN Department of Human Services
MN Gov’t. IT Symposium
Session 100: Thurs. Dec. 8, 2011
[email protected], @bcaplin, +barry caplin
(Toys in the Office)
http://about.me/barrycaplin
Apr. 3, 2010
300K ipads1M apps250K ebooks… day 1!
http://www.bbspot.com/News/2010/03/should-i-buy-
an-ipad.html
Don't Touch!
Pharmaceuticalcoating
• 17% have > 1 in their household• 37% - their partner uses it• 14% bought cause their kid has one• 19% considering purchasing another
http://today.yougov.co.uk/sites/today.yougov.co.uk/files/Tablet_ownership_in_households.pdf
Of iPad owners...
Our Story Begins...
PEDs
Computers
Device Convergence
Example
• The “PED” policy• Personal Electronic Device
• Acceptable use• Connections• Data storage
1 Day
5 Stages of Tablet Grief
• Surprise• Fear• Concern• Understanding• Evangelism
Considerations
What needs to change for “local” remote access?
BYO
BYO
BYOC or BYOD
Security Concerns
Data Leakage
Unauthorized Access
“Authorized” Access
Risk v Hype
How can we do BYOC?
Method 1 - Sync
• Direct or Net ConnectIssues:• Need Controls – a/v, app install control,
filtering, encryption, remote detonation• Authentication – 2-factor?• Leakage!• Support
Method 2 – ssl vpn• Citrix or similarPros:• Leakage – no remnants; disable screen
scrape, local save, print• Reduced support needed• Web filtering coveredIssues:• Unauthorized access still an issue; User
experience; Support
Method 3 – data/app segregation• Encrypted sandbox• Separate work and home• Many productsPros:• Better user experience• Central management/policy• Many products – local/cloud• Leakage – config separation, encryptionIssues: access ; support; cloud issues
DHS view
• Policy• Supervisor
approval• Citrix only• No Gov't records
on POE (unencrypted)
• 3G or wired
• Guest wireless• 802.1x• FAQs for
users/sups• Metrics
Other Issues
• Notes or manually entered data• Enterprise email/OWA• Discovery• Voicemail/video
The Future
• More tablets/phones/small devices• More “slim” OS's – chrome, android,
ios, etc• Cost savings/stipend?• Cloud• User Experience – Citrix GoldenGate,
Divide, Good• BES Fusion
Capabilities to Consider
• Device encryption• Transport encryption• Complex PWs/policy• VPN support• Disable camera• Restrict/block apps• Anti-malware InfoWorld March 2011 MDM Deep
Dive
• Restrict/block networks
• Remote lockout• Remote/selected wipe• Policy enforcement• OTA management• 2-factor/OTP
