Upload
educause
View
216
Download
0
Embed Size (px)
Citation preview
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 1/36
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 2/36
Agenda
A Look at Mobility in Higher Education
Proliferation of Devices in the Classroom
Getting to “There” from “Here”
Getting Buy-in at Harvard SEAS
Steps to Graduate to Secure Mobility at Harvard SEAS
Harvard SEAS’s Current & Future Mobility Initiatives
Q & A
Graduating to Mobility through eLearning
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 3/36
Mobile Timeline for Higher Education
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 4/36
Mobile Timeline for Higher Education
1999 2005 2007 2010 2011 2013
Interactive WhiteboardsTraditional whiteboard was reinvented
using a touch or pen sensitive display,
projector and computer
ClickersStudent handheld clicker
allows professors to poll or
quiz students and receive
results in real-time
iPadsiPads enter the classroom
eTextbooksPublishers take advantage of popular
tablets, expanding their catalogues
and offering rental digital books that
expire after a semester or two
Digital LearningCommunitiesStudents in today’s classrooms can
create their own apps, web pages,
blogs and collaborate with a diverse
global community
1990sDesktop computers
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 5/36
Proliferation of Devices in the ClassroomTrends, Risks & Challenges
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 6/36
Trends: Personal Mobile Device Use
6
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 7/36
Mobile Devices in the Workplace
7
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 8/36
Risks & Challenges: How do we protect
data & identities?
8
Harvard is a high-
value target for
such threats
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 9/36
Risks and Challenges: An Evolving Landscape
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 10/36
Risks and Challenges: Consequences
of Inaction
Legal Repercussions: Penalties For Mass. Personal Information Law Violation - 201 CMR 17.00
Up to $50,000 per improper disposal
Maximum of $5,000 per violation
The Massachusetts Attorney General can come after you
Above penalties don't include lost business, dealing with irate customers,mailing out letters, and other associated costs
First Fine: $110,000
Impact to Reputation Rapidly growing population of devices: “It will only get
MORE complex”
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 11/36
Risks and Challenges: What are other schools
doing?
Some schools are using an MDM vendor, others areleveraging resources they already own AirWatch clients include Georgetown, Indiana University & UCLA
Stanford has developed their own solution
Yale also offers an MDM solution to their customers
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 12/36
Getting to “There” from “Here” What do we need to be doing?
How do we sell mobile security in higher education?
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 13/36
Identify WHY You are Doing This
“If you don’t have a
mobile strategy, you don’thave a future strategy.”
Eric Schmidt (Google)
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 14/36
Identify WHY you are doing this
Allowing mobile devices in your environment "becausefaculty want them" ISN'T enough of a reason
What do mobile devices bring to the table? How does the use of mobile devices ENABLE the pedagogy at
Harvard? These are no longer just status symbols...they are useful devices.
These are the functions that you want to embrace, enable, and foster
How could the use of mobile devices INHIBIT the pedagogy or evenHARM the school?
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 15/36
Security is the main reasons companies
hesitate to embrace mobile
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 16/36
Understand WHO you are doing this for?
People are not opposed to beingsecure… As long as they don’t have to take steps
they consider excessive
If a policy/control is inhibiting their ability
to work, they will find a way around it
Any monitoring should beappropriate for your organization
When does it help the user? When does it protect the organization?
When is it just intrusive?
"The Net interprets
censorship as damageand routes around it."
John Gilmore (EFF).
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 17/36
Understand WHO you are doing this for?
Universities have a high number of exceptions EMBRACE this fact and PLAN for it in your mobile strategy
Turn your Exceptions into Use Cases (IDENTIFY exceptions and planfor them)
Strategy should acknowledge an appropriate level of flexibility
Any tools you consider should include the ability securedevices with custom (and reusable) policies You should be able to manage a large percentage of your customers
with a small number of policies
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 18/36
Getting Buy-in at Harvard SEASWhere are the resistors?
How do we get past resistance?
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 19/36
Just treat them
the same way
we do laptops.
It’s a
violation of
my privacy!
Resistance
It’s my device,
not Harvard’s!
Lock
codes are
annoying!
I don’t want to
lock my
phone…what if I
forget the code?
MDMproducts are
EXPENSIVE!
I don’t want
Harvard to beable to track
my location!
Harvard Approved
Vendors don’tprovide these
services in the
way we want… We’re a school,
not a bank!
The faculty
will never
go for it
If I lock my
iPad down,
my kids can’t
use it!
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 20/36
How can you overcome resistance?
Find champions
Make it more
than just a
security tool
Start with groups which alreadyhave an interest in protecting data
Make it personal
People are more likely to change
bad habits to protect their own data
Only consider tools which add
functionality
Make it an app that people will
actually want to install
Finance and HR offices
Faculty member whose
phone was stolen
Build success stories
Many tools can maintain a
library of useful documents
and links
(Campus map, academic
calendar, shuttle schedule
& cafeteria menu)
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 21/36
Steps to Graduate toSecure Mobility at Harvard SEAS
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 22/36
Harvard SEAS’s Mobility Initiatives
Today’s devices need a solution to monitor, control and
protect the enterprise – across devices, apps, data andthe network
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 23/36
Mobile Device Security Requirements
Monitor Control ProtectAudit and report on devices by
ownership type – BYO or corporate
issued
Deploy policies in a similar manner
across diverse device platforms
and OSs
Enable self-service for lost or
stolen devices
Report on device details (type, OS,
version, device integrity, etc.)
Push corporate security and
regulatory compliance policies
(e.g., passwords) to every device
Locate, lock and wipe devices
upon loss or theft
Inventory installed apps Block network access for any
device that is out of compliance
Wipe or selectively wipe devices
once users leave the organization
Determine a device’s compliance
status (e.g., jailbroken, blacklisted
app)
Audit devices at pre- configured
intervals to ensure that no IT-
mandated policies have been
disabled
View device location (and take actionif a user has removed the device from
a pre-defined geo-fence)
Set security policies to preventemployees from accessing device
resources or apps
Ascertain device usage
(e.g., the device is roaming)
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 24/36
Mobile App Security Requirements
Monitor Control Protect
Get an inventory of mobile apps
installed on devices
Make any app – mobile, web, SaaS,
Windows, or datacenter – available
to any device via an unified app store
Provide secure app and intranet
connectivity without a full-bore
VPN
Ensure – and report for
compliance purposes – that users’
app access privileges are fully
revoked when they depart the
organization
Secure custom or third- party apps
centrally, and apply granular policy
controls during or after development
Protect user privacy by enabling
access to corporate email,
intranets or apps without
managing the whole device
Provide stunning, yet sandboxed
alternatives to killer productivity
apps
Protect sensitive corporate data
with consistent in-app data
controls
Control user access to apps with SSO
across all app types
Prevent users from accessing apps
and data after they depart the
organization
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 25/36
Mobile Network Security Requirements
Monitor Control Protect
Analyze mobile endpoints
for compliance status
Control enterprise access
with direct integration with
VPN and WiFi solutions
Protect the corporate
network from mobile
threats such as malware
Integrate mobile data with
SIEM and log managementtools for better security
visibility and compliance
reporting
Control access at all times
with direct integration withenterprise directories
Protect privacy by keeping
user data behind thefirewall
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 26/36
Mobile Data Security Requirements
Monitor Control Protect
Monitor and alert user
access to data.
Enable mobile users to
securely sync and share data
to and from mobile devices
Protect Mobile data by
encrypting it at rest and in
transit
Set granular data control
policies
Protect data by wiping the
container upon userdeparture
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 27/36
Importance of Enterprise Mobility Management in Higher Ed
Access to HU
Services
• Are we ensuring that
customers have access to
the RIGHT set of
services?
Deviceprotection
and
compliance
• Can we help our customers
follow Harvard’s policies for
how sensitive information is
handled?
Device
Usability
• Can we do these things WITHOUT inhibiting the customer’s use of the
device?
Same
goals
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 28/36
Key Enablers for EMM at Harvard SEAS
Enable us to help our customers follow Harvard’s
policies and standards
Phased approach to implementation: PIN/password,encryption, locate, lock, and wipe
Lock your device with aPIN/passcode
Ensure your device
is encrypted
Ensure your device gets
wiped if lost or stolen
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 29/36
Harvard SEAS’s Current & Future Mobility
Initiatives with AirWatch
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 30/36
Security Solutions
End-to-End Security
AirWatch provides solutions to meet almost all of theabove requirements
Harvard SEAS started AirWatch pilot project in February2013 – options and initial results in end-to-end mobilesecurity management
User Security
Authenticate users via basic or directory-basedauthentication via AD/LDAP, SAML, smart-card or tokens
Require two-factor user authentication
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 31/36
Device Security
Monitor : Corporate, employee-owned or shared devices
Configure device security policies based on device ownership
Control: Set up enrollment restrictions to block users or devicesbased on platform, version, etc.
Require acceptance of Terms of Use before granting access
Require device passcode with configurable complexity and length
Enforce restrictions on device features, apps and web browsing
Detect compromised devices and perform automated actions
Recover a lost or stolen device through GPS location tracking
Protect: Perform a remote device lock or wipe (full/enterprise)
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 32/36
Application Security
Monitor: Provide inventory of mobile apps installed ondevices
Authenticate users and verify device security before grantingaccess to the Enterprise App Catalog
Control: Restrict native apps on a device, including
YouTube, Siri and Camera Enforce application compliance policies and monitor status
Disable access to corporate apps if the device iscompromised, non-compliant or user has left the company
Protect: Whitelist or blacklist publicly available apps
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 33/36
Data Security
Monitor: Track mobile user access to data
Control: Control access and share of data acrossapplications
Protect: Encrypt data at rest on device and SD card and intransit according to industry standards
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 34/36
Network Security
Monitor: View all devices enrolled in your enterprise viainteractive dashboard
Control: Configure certificate-based access to corporate Email,VPN and Wi-Fi networks
Integrate with F5, Cisco, Juniper, etc. for ultimate VPN network
security Protect: Block unknown devices from connecting to corporate
networks
Use AirWatch APIs to allow MDM policies and compliance into
your network control lists
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 35/36
Questions?
Preston Winn, Director of Business Developmentfor Education Solutions, AirWatch
Indir Avdagic, Director of Information Security and
Risk Management, Harvard University
7/27/2019 Graduating to Mobility through E-Learning (175336232)
http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 36/36