Graduating to Mobility through E-Learning (175336232)

7/27/2019 Graduating to Mobility through E-Learning (175336232)

http://slidepdf.com/reader/full/graduating-to-mobility-through-e-learning-175336232 1/36



Agenda

A Look at Mobility in Higher Education

Proliferation of Devices in the Classroom

Getting to “There” from “Here”

Getting Buy-in at Harvard SEAS

Steps to Graduate to Secure Mobility at Harvard SEAS

Harvard SEAS’s Current & Future Mobility Initiatives

Q & A

Graduating to Mobility through eLearning



Mobile Timeline for Higher Education



Mobile Timeline for Higher Education

1999 2005 2007 2010 2011 2013

Interactive WhiteboardsTraditional whiteboard was reinvented

using a touch or pen sensitive display,

projector and computer

ClickersStudent handheld clicker

allows professors to poll or

quiz students and receive

results in real-time

iPadsiPads enter the classroom

eTextbooksPublishers take advantage of popular

tablets, expanding their catalogues

and offering rental digital books that

expire after a semester or two

Digital LearningCommunitiesStudents in today’s classrooms can

create their own apps, web pages,

blogs and collaborate with a diverse

global community

1990sDesktop computers



Proliferation of Devices in the ClassroomTrends, Risks & Challenges



Trends: Personal Mobile Device Use

6



Mobile Devices in the Workplace

7



Risks & Challenges: How do we protect

data & identities?

8

Harvard is a high-

value target for

such threats



Risks and Challenges: An Evolving Landscape



Risks and Challenges: Consequences

of Inaction

Legal Repercussions: Penalties For Mass. Personal Information Law Violation - 201 CMR 17.00

Up to $50,000 per improper disposal

Maximum of $5,000 per violation

The Massachusetts Attorney General can come after you

Above penalties don't include lost business, dealing with irate customers,mailing out letters, and other associated costs

First Fine: $110,000

Impact to Reputation Rapidly growing population of devices: “It will only get

MORE complex”

http://www.alertboot.com/blog/blogs/endpoint_security/archive/2009/01/21/penalties-for-mass-personal-information-law-violation-201-cmr-17-00.aspx

http://blog.venyu.com/2011/04/13/someone-had-to-be-first-restaurant-chain-fined-under-mass-201-cmr-17/

http://blog.venyu.com/2011/04/13/someone-had-to-be-first-restaurant-chain-fined-under-mass-201-cmr-17/

http://www.alertboot.com/blog/blogs/endpoint_security/archive/2009/01/21/penalties-for-mass-personal-information-law-violation-201-cmr-17-00.aspx



Risks and Challenges: What are other schools

doing?

Some schools are using an MDM vendor, others areleveraging resources they already own AirWatch clients include Georgetown, Indiana University & UCLA

Stanford has developed their own solution

Yale also offers an MDM solution to their customers



Getting to “There” from “Here” What do we need to be doing?

How do we sell mobile security in higher education?



Identify WHY You are Doing This

“If you don’t have a

mobile strategy, you don’thave a future strategy.”

Eric Schmidt (Google)



Identify WHY you are doing this

Allowing mobile devices in your environment "becausefaculty want them" ISN'T enough of a reason

What do mobile devices bring to the table? How does the use of mobile devices ENABLE the pedagogy at

Harvard? These are no longer just status symbols...they are useful devices.

These are the functions that you want to embrace, enable, and foster

How could the use of mobile devices INHIBIT the pedagogy or evenHARM the school?



Security is the main reasons companies

hesitate to embrace mobile



Understand WHO you are doing this for?

People are not opposed to beingsecure… As long as they don’t have to take steps

they consider excessive

If a policy/control is inhibiting their ability

to work, they will find a way around it

Any monitoring should beappropriate for your organization

When does it help the user? When does it protect the organization?

When is it just intrusive?

"The Net interprets

censorship as damageand routes around it."

John Gilmore (EFF).



Understand WHO you are doing this for?

Universities have a high number of exceptions EMBRACE this fact and PLAN for it in your mobile strategy

Turn your Exceptions into Use Cases (IDENTIFY exceptions and planfor them)

Strategy should acknowledge an appropriate level of flexibility

Any tools you consider should include the ability securedevices with custom (and reusable) policies You should be able to manage a large percentage of your customers

with a small number of policies



Getting Buy-in at Harvard SEASWhere are the resistors?

How do we get past resistance?



Just treat them

the same way

we do laptops.

It’s a

violation of

my privacy!

Resistance

It’s my device,

not Harvard’s!

Lock

codes are

annoying!

I don’t want to

lock my

phone…what if I

forget the code?

MDMproducts are

EXPENSIVE!

I don’t want

Harvard to beable to track

my location!

Harvard Approved

Vendors don’tprovide these

services in the

way we want… We’re a school,

not a bank!

The faculty

will never

go for it

If I lock my

iPad down,

my kids can’t

use it!



How can you overcome resistance?

Find champions

Make it more

than just a

security tool

Start with groups which alreadyhave an interest in protecting data

Make it personal

People are more likely to change

bad habits to protect their own data

Only consider tools which add

functionality

Make it an app that people will

actually want to install

Finance and HR offices

Faculty member whose

phone was stolen

Build success stories

Many tools can maintain a

library of useful documents

and links

(Campus map, academic

calendar, shuttle schedule

& cafeteria menu)



Steps to Graduate toSecure Mobility at Harvard SEAS



Harvard SEAS’s Mobility Initiatives

Today’s devices need a solution to monitor, control and

protect the enterprise – across devices, apps, data andthe network



Mobile Device Security Requirements

Monitor Control ProtectAudit and report on devices by

ownership type – BYO or corporate

issued

Deploy policies in a similar manner

across diverse device platforms

and OSs

Enable self-service for lost or

stolen devices

Report on device details (type, OS,

version, device integrity, etc.)

Push corporate security and

regulatory compliance policies

(e.g., passwords) to every device

Locate, lock and wipe devices

upon loss or theft

Inventory installed apps Block network access for any

device that is out of compliance

Wipe or selectively wipe devices

once users leave the organization

Determine a device’s compliance

status (e.g., jailbroken, blacklisted

app)

Audit devices at pre- configured

intervals to ensure that no IT-

mandated policies have been

disabled

View device location (and take actionif a user has removed the device from

a pre-defined geo-fence)

Set security policies to preventemployees from accessing device

resources or apps

Ascertain device usage

(e.g., the device is roaming)



Mobile App Security Requirements

Monitor Control Protect

Get an inventory of mobile apps

installed on devices

Make any app – mobile, web, SaaS,

Windows, or datacenter – available

to any device via an unified app store

Provide secure app and intranet

connectivity without a full-bore

VPN

Ensure – and report for

compliance purposes – that users’

app access privileges are fully

revoked when they depart the

organization

Secure custom or third- party apps

centrally, and apply granular policy

controls during or after development

Protect user privacy by enabling

access to corporate email,

intranets or apps without

managing the whole device

Provide stunning, yet sandboxed

alternatives to killer productivity

apps

Protect sensitive corporate data

with consistent in-app data

controls

Control user access to apps with SSO

across all app types

Prevent users from accessing apps

and data after they depart the

organization



Mobile Network Security Requirements


Analyze mobile endpoints

for compliance status

Control enterprise access

with direct integration with

VPN and WiFi solutions

Protect the corporate

network from mobile

threats such as malware

Integrate mobile data with

SIEM and log managementtools for better security

visibility and compliance

reporting

Control access at all times

with direct integration withenterprise directories

Protect privacy by keeping

user data behind thefirewall



Mobile Data Security Requirements


Monitor and alert user

access to data.

Enable mobile users to

securely sync and share data

to and from mobile devices

Protect Mobile data by

encrypting it at rest and in

transit

Set granular data control

policies

Protect data by wiping the

container upon userdeparture



Importance of Enterprise Mobility Management in Higher Ed

Access to HU

Services

• Are we ensuring that

customers have access to

the RIGHT set of

services?

Deviceprotection

and

compliance

• Can we help our customers

follow Harvard’s policies for

how sensitive information is

handled?

Device

Usability

• Can we do these things WITHOUT inhibiting the customer’s use of the

device?

Same

goals

http://www.security.harvard.edu/enterprise-security-policy



Key Enablers for EMM at Harvard SEAS

Enable us to help our customers follow Harvard’s

policies and standards

Phased approach to implementation: PIN/password,encryption, locate, lock, and wipe

Lock your device with aPIN/passcode

Ensure your device

is encrypted

Ensure your device gets

wiped if lost or stolen



Harvard SEAS’s Current & Future Mobility

Initiatives with AirWatch



Security Solutions

End-to-End Security

AirWatch provides solutions to meet almost all of theabove requirements

Harvard SEAS started AirWatch pilot project in February2013 – options and initial results in end-to-end mobilesecurity management

User Security

Authenticate users via basic or directory-basedauthentication via AD/LDAP, SAML, smart-card or tokens

Require two-factor user authentication



Device Security

Monitor : Corporate, employee-owned or shared devices

Configure device security policies based on device ownership

Control: Set up enrollment restrictions to block users or devicesbased on platform, version, etc.

Require acceptance of Terms of Use before granting access

Require device passcode with configurable complexity and length

Enforce restrictions on device features, apps and web browsing

Detect compromised devices and perform automated actions

Recover a lost or stolen device through GPS location tracking

Protect: Perform a remote device lock or wipe (full/enterprise)



Application Security

Monitor: Provide inventory of mobile apps installed ondevices

Authenticate users and verify device security before grantingaccess to the Enterprise App Catalog

Control: Restrict native apps on a device, including

YouTube, Siri and Camera Enforce application compliance policies and monitor status

Disable access to corporate apps if the device iscompromised, non-compliant or user has left the company

Protect: Whitelist or blacklist publicly available apps



Data Security

Monitor: Track mobile user access to data

Control: Control access and share of data acrossapplications

Protect: Encrypt data at rest on device and SD card and intransit according to industry standards



Network Security

Monitor: View all devices enrolled in your enterprise viainteractive dashboard

Control: Configure certificate-based access to corporate Email,VPN and Wi-Fi networks

Integrate with F5, Cisco, Juniper, etc. for ultimate VPN network

security Protect: Block unknown devices from connecting to corporate

networks

Use AirWatch APIs to allow MDM policies and compliance into

your network control lists



Questions?

Preston Winn, Director of Business Developmentfor Education Solutions, AirWatch

Indir Avdagic, Director of Information Security and

Risk Management, Harvard University



Documents

Graduating to Mobility through E-Learning (175336232)