Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Re-thinking Enterprise Security:
Challenges & Opportunities
of Employee-Owned Devices
Mary Rossell
Manager
Enterprise Information
Security Operations
2
Copyright © 2012, Intel Corporation. All rights reserved.
Legal Notices
This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark
and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the
results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of
that product when combined with other products.
For more complete information about performance and benchmark results, visit www.intel.com/benchmarks
BunnyPeople, Celeron, Celeron Inside, Centrino, Centrino Atom, Centrino Atom Inside, Centrino Inside, Centrino logo, Core Inside, FlashFile, i960, InstantIP, Intel,
Intel logo, Intel386, Intel486, IntelDX2, IntelDX4, IntelSX2, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside logo, Intel NetBurst, Intel NetMerge, Intel
NetStructure, Intel SingleDriver, Intel SpeedStep, Intel StrataFlash, Intel Viiv, Intel vPro, Intel XScale, Itanium, Itanium Inside, MCS, MMX, Oplus, OverDrive,
PDCharm, Pentium, Pentium Inside, skoool, Sound Mark, The Journey Inside, Viiv Inside, vPro Inside, VTune, Xeon, and Xeon Inside are trademarks of Intel
Corporation in the U.S. and other countries.
Copyright © 20112 Intel Corporation. All rights reserved.
3
Copyright © 2012, Intel Corporation. All rights reserved.
“I need IT to understand the way I work and the needs that I have and incorporate my needs into their solution.”
Consumerization… A Key Enterprise Trend
4
Copyright © 2012, Intel Corporation. All rights reserved.
Some Perspective….
• 1994 - Email has no place at work
• 1996 - Internet access has no place at work
• 1998 - eCommerce is too high risk for our company
• 2002 - Instant Messaging has no place at work
• 2004 - Mobility & Wireless has no place at work
• 2007 - Social Software has no place at work
• 2011 – Consumer devices have no place at work
Source: Adapted from Go Big Always
Keep Your Scary Devices, Software, Services Out of the Workplace!
5
Copyright © 2012, Intel Corporation. All rights reserved.
consumerization n. a stable neologism that describes the
trend for new information technology to emerge first in the
consumer market and then spread into business organizations,
resulting in the convergence of the IT and consumer
electronics industries…
Wikipedia, January 2012
Reality - Consumer Devices are Already at Work
6
Copyright © 2012, Intel Corporation. All rights reserved.
The Challenge
How Do We Balance?
Employee Productivity
& IT Cost Efficiencies
Risk in the
Enterprise
• Privacy
• E-discovery
• Data Protection
• Malware Risk
• HR and HR Legal concerns
• Geography differences
7
Copyright © 2012, Intel Corporation. All rights reserved.
It’s Not Only About Technology
• Need to reorient traditional corporate mindset – Who is responsible to define policy and enforce compliance ?
Legal? HR? IT? Security?
– Risk taking is not part of the culture in some of these groups
– Reluctance to characterize risk, especially where legal precedence does not exist … may be difficult to get anything in writing
• Traditional requirements need to be re-evaluated HR & Legal implications for anything “personal” confuse
the way we think about and design for the employee
• Privacy
• Legal Discovery
• Appropriate Use
• Ergonomics
• Compensation
• Taxation
• Software Licensing
• Liability
How Do We Enforce Policy in This New World?
8
Copyright © 2012, Intel Corporation. All rights reserved.
Client Environment at Intel
• Shift to laptops and mobility began in 1997
• Ubiquitous wireless access points started in 2002
• End point security critical – Clients traditionally have been expected to resist attack
• We have always allowed for reasonable personal use of devices on and off network
9
Copyright © 2012, Intel Corporation. All rights reserved.
The Opportunity
Manage risk while allowing personal devices
10
Copyright © 2012, Intel Corporation. All rights reserved.
Approach
• Involve the users in creating a policy
• Make the process open with blogs, forums and invitations to participants
• Get the employees thinking about what they would allow others to do.
• Encourage constructive criticism
• Build a diverse team and don’t aim for unanimous agreement
11
Copyright © 2012, Intel Corporation. All rights reserved.
The Policy Team
Internal communications
Privacy Management
Legal
E Discovery
Investigations Finance HR
Co-Workers
The Employees
Employee Service Agreement
This agreement is between Intel Corporation and its employees using devices owned by Intel or employees choosing to use their own personal devices.
In either case…
Diverse Functions Working Together
12
Copyright © 2012, Intel Corporation. All rights reserved.
Software & Services
• Software License requirements, what's free for
personal use may not be for company use
• User paid for data storage - e.g. Google docs
• Collaboration tools like remote screen sharing
• GPS Map updates
• Location based services
• Voice services
13
Copyright © 2012, Intel Corporation. All rights reserved.
Five Tier Model to Get Value and Manage the Risk
Multiple Tiers Give Greatest ROI & Security
14
Copyright © 2012, Intel Corporation. All rights reserved.
Security model defined
Exceptions accepted
Technology Identified
Communications
Policy
Service Agreement
Training
Penetration test
Our solution never stops
evolving
15
Copyright © 2012, Intel Corporation. All rights reserved.
Emerging Cloud Managed Client-aware
• Cloud Computing • On demand computing • Elastic, ubiquitous • Virtual computing • Device independent mobility • N-screens • 3D Internet
Public Cloud Services
Private Cloud Services
Personal Cloud Services
Enterprise Client Evolution
Centrally Managed Virtual Client
• CHV (DVC) & SHV (VDI)
• Drive to centralized administration • Virtual workspaces • 1:many user/device • Compute, collaborate & communicate • Wireless broadband
Evolving Today
Device Managed Fixed & Mobile
Client
• Focus on TCO efficiency
• “One size fits all” • Monolithic image locked to device • Mainstream mobility • Internet Computing
Unmanaged Fixed Client
• Security Challenges • Unmanaged • Inefficient
operations • Client-server
Yesterday
Device Centric User Centric
16
Copyright © 2012, Intel Corporation. All rights reserved.
Allowing Personal Devices at Intel
• ~30,000 handhelds & tablets today
• Growing number & diversity; choice of service plans
• Service Agreement with manager approval
• Focused services – e.g. email, calendar, contacts, etc.
• Support 99% of the mobile OS market
• 640,000 emails via personal handhelds per qtr
• Avg. 57 minutes user productivity (time back per day)
• Fewer unauthorized devices on our network
Program Status Smart Phones & Handhelds
Tablets & Readers
Business Value
Improved Employee Productivity Through Work Flexibility
17
Copyright © 2012, Intel Corporation. All rights reserved.
Security Advantages
• Higher level of employees awareness
– Want to protect their device & data
– Choosing more secure devices
– Chasing IT for security fixes
• Quick refresh – oldest device 2 years
• Less data exposed - device compromise won’t give everything
• More control factors, users help with security settings
• Mobility improves availability risk by improving time to respond, time to contain, and time to recover from events
18
Copyright © 2012, Intel Corporation. All rights reserved.
Key Messages
• Consumerization works at Intel – greater security and
improved employee productivity
• Employees involvement & openness improves processes
and policy compliance
• Don’t forget about software and services
• ROI / Business Value – recognizable but difficult to quantify
• Doing nothing is not an option. Employees will work around
and unknowingly expose the enterprise
19
Copyright © 2012, Intel Corporation. All rights reserved.
Resources
To learn more visit: Intel.com/IT
Enabling Personal Handheld Devices in the Enterprise
Preparing the Enterprise for Impact of Alternative Form Factor Devices
Enabling Smart Phones in Intel’s Factory Environment
Planning for the Future of Enterprise Computing: the Compute Continuum
Applying Client-aware Technologies for Desktop Virtualization and Cloud Services