Security and Risk in a Mobile World

Who am I?@bmkatz

Day job - Director at Sanofi, Head of End-User Experience and Innovation

Just a nutter with a blog – http://ascrewsloose.com

Host: @themobilecast podcast

3

BYOD is an ownership issue. Nothing more,

nothing less.

4

BYOD is dead! It's all just mobile!

5

Enterprise Security vs Employee Flexibility

6

What it really looks like

7

8

9

10

11

12

13

14

What do all these have in Common?

15

It’s 10am, Do you know where your data is?

16

17

18

19

How do we get started?

Let go of Legacy Thinking

21

Security has to learn to partner with the business

and the users

22

#FUN Principle

Focus on the User Needs!

23

24

25

26

27

Who Crafts the Policy?

• Security

• Legal

• IT

• Business

•Users

29

New Approach to End User Computing

30

31

32

Data

Apps

Device

Netw

ork

IAM

33

34

“Life…finds a way.”

“Users…find a way.”

35

Educate yourselves

36

37

Offer Better alternatives

38

Educate Everyone

39

Everyone is responsible for security…

40

41

Mobile phone users are at least 3x more likely to become victims of phishing

attacks than desktop users

42

There are more than 500 3rd party app stores containing malicious apps

43

Dos and Don’ts

44

M.D.M.

45

Best Practices

• When setting up Data wipe policies, lock phone first, then wipe (reporting skyrockets)

• Invest in IAM and mobile SSO

• Use your tools to figure out what your users are using…

• Involve your users

…….

Best Practices

• Shrink the Perimeter

• Avoid VPN

• Allow app ratings

• Embrace Shadow Innovation

BYOD

• It’s an ownership issue

• Still needs to be addressed in policy

• Who owns the data (international?)

• e-discovery

• People leave…

…….

49

The goal of any technology program is to enable your users to get work done to

achieve business goals

50

Enablement

51

Enablement