SlideShare ist ein Scribd-Unternehmen logo

BYOD Security Challenges and Solutions Podcast

Dana Gardner
Dana Gardner

Transcript of a BriefingsDirect podcast on how Dell Software is helping to bring standardized and flexible approaches to making BYOD a positive new force to enterprise productivity.

TechnologieBusiness
1 von 14
Downloaden Sie, um offline zu lesen
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater Access While Protecting Networks Transcript of a BriefingsDirect podcast on how Dell Software is helping to bring standardized and flexible approaches to making BYOD a positive new force to enterprise productivity. Listen to the podcast. Find it on iTunes. Sponsor: Dell Software Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions and you're listening to BriefingsDirect. Today, we present a sponsored podcast discussion on bringing clarity to bring your own device (BYOD) support, management, and security. While so-called BYOD isn't necessarily new -- IT departments, after all, have been supporting mobile "road warriors" since the 1980s, the rising tide of end users seeking the use and support of their consumer devices is certainly something quite new. It’s so new that IT departments are grasping for any standard or proven approaches that make BYOD access of enterprise resources both secure and reliable. The task is dauntingly complex, and new and unforeseen consequences of BYOD are cropping up regularly, from deluged help desk to app performance snafus to new forms of security breaches. We're here now with a panel to explore some of the new and more-effective approaches for making BYOD both safe and controlled. Please join me in welcoming our guests. We're here today with Jonathan Sander. He is director of IAM product strategy at Dell Software. Welcome, Jonathan. Jonathan Sander: Hi, Dana. Thanks. Gardner: We're also here with Jane Wasson, the Senior Product Marketing Manager for Mobile Security at Dell Software. Welcome, Jane. Jane Wasson: Thanks, Dana. Gardner: It’s good to have you both with us. As I mentioned, road warriors have been looking to their IT department to help them in the field for decades, but there just doesn’t seem to be any standard operating procedures for supporting BYOD. You can't just buy it in a box. It’s not shrink wrapped in any way. I wonder why the means to make widespread BYOD perform well is so scattered and so uncooked. Jane, why are we at this point now? People really want a solution and they can’t get one.
Wasson: IT did a great job of supporting mobile workers with laptops and early mobile devices for quite some time, but much of that was with IT-controlled systems. IT chose the devices. They chose the software, the applications, that would run on those laptops. What we're seeing increasingly now is that mobile workers are using their personally purchased mobile devices -- cellphones, smart phones, and tablets -- to access their e-mail, calendar, corporate e-mail, corporate calendar, and IT has been able to support that securely and very successfully for them across a wide variety devices and operating systems. Ease and speed What we're seeing now that’s a little bit different is increasingly those mobile workers like the ease of use and the speed at which they can get to their email and their calendar apps with those mobile devices. They now want IT to extend that so that they can get the same access to enterprise apps and resources on mobile devices that they've enjoyed on their IT controlled laptops over the years. That creates a new challenge for IT. All of a sudden, rather than having a controlled set of devices and a controlled environment, that they can manage, they have a variety of devices that end users have purchased. IT had no control over that choice and what’s already loaded on those devices. They're trying to figure out, given that environment, how to securely enable access to enterprise apps and resources and give those end users that speed of access that they want and the ease of access that they want, but still maintain security. They don't want their back-end networks infected with malware. They don't want to have rogue users finding laptops or mobile devices and being able to access enterprise systems. It’s a huge challenge for IT support groups. Gardner: Do you have any sense of how big a wave this is? Are there numbers or data that indicate what portion of users are trying to go in the BYOD direction. Wasson: Industry analysts are now seeing that more than 50 percent of workers are using personal mobile devices in some capacity to access those networks. Increasingly, they're asking to access not just email and calendar, but also enterprise apps and resources. Gardner: Jonathan, as with many shifts in IT that didn’t originate with the IT department, it seems that there are some unintended consequences here. What’s happening now that we've got this tug, this pull, in the BYOD direction? What are IT folks who are tasked in making this viable finding?
Sander: There are a lot of consequences, and understanding all of them is still in process. That’s part of the problem. Of all the problems that people are going to have as a result of BYOD are TBD. One of the ones that's most apparent right away is security. The approaches that people have taken in the past to lock down anything that’s related to mobile have all centered on exactly what Jane pointed out. They were in charge of the device in some fashion. They had a foot in that door and they could use some kind of lock down. I was sitting with someone at one of the big financial firms in New York City the other day. We asked them about their BYOD strategy and he took a humorous approach to it. He said, "Yes, we have a really well defined BYOD strategy. As long as the device is the one we assign to you and uses the software that we approved and control all the policy on, you can bring it." I think that that’s not too uncommon. A lot of the firms that are very security sensitive have worked it out. On the other end of the scale, I've talked to people who say that BYOD is not something that is they are doing but rather is being inflicted on them. That’s the language they put it in. It relates back to that security problem, because when they're looking at trying to understand how their data is going to be present on these devices and what impact that will have on their risk standpoint, it's almost impossible to quantify. History of breaches If you look at the history of breaches, even with the controlled laptops that they had, you had laptops being stolen with tons of data on them. You know what happens the first time you get one of those breaches stemming from someone leaving their cellphone in the backseat of a taxi cab? These are things that are keeping people up at the night. Add to this that a lot of times the security approaches they have taken have all been leveraging the fact that there is a single vendor that is somehow responsible for a lot of what they do. Now, with the explosion of the variety of devices and the fact that they have no control over what their employee might purchase to bring in, that notion is simply gone. With it went any hope of a standard, at least anytime soon, to help secure and lock down the data on all these different devices. Gardner: Another aspect of this is the diversity of the variables. There is web access, native apps, a variety of different carriers, different types of networks within those carriers, and all these different plans. I suppose it’s difficult to have just a standard operating procedure. It seems like there have to be dozens of standard operating procedures. Is that what they're finding in the field, and how does any organization come to grips with such diversity?
Sander: You're absolutely right. Diversity, first and foremost, is the challenge. There are also a lot of other trends that are bringing more diversity into IT at the same time, and then BYOD just becomes one dimension of diversity. You mentioned web control. If you're assuming that this is a web application that they're rolling out on their own, that's one thing. If it’s a cloud app, what happens when you have somebody using a cloud app on a BYOD device? How do you insert any control into that scenario at all? It gets very complex, very quickly. Gardner: Let’s look at some specific types of starting points, putting in the blocking and tackling necessary to start to get a handle on this. Jane, what should companies be doing, in terms of setting up some building blocks, the means to tackle the reliability, security, and diversity? Wasson: The good news is that being able to support remote workers is not new, because most companies already have policies in place to manage remote workers. What’s new is that, rather than the devices that are accessing the enterprise apps and resources being IT controlled, those devices are no longer IT controlled. Very often, the policies are there. What they need to do is rethink those policies in light of a mobile worker, a mobile device, environment with so much of the same capability. You have to be able to know which devices are connecting to the network. Are those devices harboring malware that could infect your network? Are those devices locked down, so that authentication is necessary to get into your network? There are a number of best practices that IT organizations already have in place for their managed laptop devices. The question is how to take those policies and now apply those policies to a mobile worker who's bringing their own devices. Forced authorization You need to find technologies basically that allow you to force authentication on those mobile users before they can access your network. You need to find technologies that can help you interrogate those mobile devices to make sure that they're not going to infect your network with anything nasty. You need to find the technologies that allow you to look at that traffic, as it’s coming onto your network, and make sure that it's not carrying malware or other problems. Very often, IT departments have a good handle on what they need to do. It’s a question for their environment how best to integrate mobile device management technologies so that they can support these mobile workers to provide them the access they need and do it in a way that does not introduce a lot of risk to the enterprise. Gardner: I think I heard you say that those areas that you described would fall under this category of mobile device management. If that’s the case, without going to the buzz words too
deeply, what should people think of? How should they have a vision around what mobile device management should actually do? Wasson: What mobile device management needs to do for them is what laptop device management has done for them in the past. The key things to think about there are looking at when you're actually deploying those devices. Maybe you have end users that are purchasing personal units, and maybe you don't know initially. Maybe you don't have the same level of knowledge about that unit or ways to track it. What you can do is introduce technologies onto your network, so that when your users log into the network or authenticate onto the network, the device is queried, so that you are able to do some level of tracking of that device. You're able to potentially provide self-service portals, so that employees have the ability to download enterprise mobile applications onto that device. You have the ability to very simply load onto those devices agents that can automatically query devices and make sure that they're configured to meet your security requirements. There are technologies available to do mobile device management and provide that level of oversight, so that you can inventory devices. You can have a level of knowledge and management over configuration and software applications. And you do have the ability to control, at some level, the security settings on those devices. A mobile device management platform needs to do those functions for the IT support organization across mobile operating systems. Gardner: I should imagine, Jonathan, that an organization that’s had experience with managing laptops and full clients, as well as thin clients and zero clients, would have a leg up on moving into mobile device management. Is that the case? Sander: To Jane’s point, they should have policies in place that are going to apply here, so that in that sense they have a leg up. They definitely need the technology in place to deliver on it, and that’s on the device layer. On the application layer, the data layer, the place where all the intellectual property (IP) for an organization sits in most cases, those layers should be -- the word "should" is tricky -- pretty well secured already. The idea is that they have already been on there on laptops, trying to get in from the outside, for a while and there should be some level of lock-down there. Layered defense If you have a healthy layered defense in place so that you can get the access to people outside of your walls, then your mobile access people coming in with their own devices, in a lot of cases, are just going to look like a new client on that web application.
The trick comes when you have organizations that want to take it to the next level and supply some sort of experience that is different on the mobile device. That might mean the paranoid version, where I want to make sure that the user on the mobile device has a lot less access, and I want that to be governed by the fact that they are on the mobile device. I need to take that into account. But there is also the very proactive view that you don’t have to be paranoid about it, and you can embrace it. I worked with a large energy company that decided to embrace these devices. They decided that if they're going to use them well, they might as well squeeze some more productivity out of them. They were going to roll out apps that specifically deliver their data, but the challenge they faced then was that they then had to make sure the data were secure in those channels too. So they had to be very specific about that, and that involved new areas of policy but also having the technology be smart enough to answer those challenges, as well, because being proactive like that means taking on some new security context, and it’s a new risk. Gardner: Jane, I have also heard that you need to think about networks in a different way. With some relevance to the past, network containment has been something organizations have done for remote branches. They've used VPNs with the end devices, fat clients, if you will. How does network containment mature for BYOD support? Wasson: The good news is that IT departments have a lot of experience with managing networks and managing their network securely. What’s different here is that now you have a mobile device that is the conduit coming into the network. Whereas in the past, folks had been using primarily laptop VPN clients, that paradigm changes a little for the mobile world. Mobile users like the convenience and the ease of being able to use mobile applications. The challenge for IT departments is how to create a simple user experience for mobile device to access the back-end network and how to make sure that for the mobile user not only is it simple and easy, but they are authenticating to that network for security. Also because with that mobile user it’s a personal device and they control what mobile service they are using, IT groups need to care a lot about the networks from which the user is accessing the corporate environment. For example, you want to make sure that you're using an encrypted SSL VPN connection to go back into your corporate data centers. It needs to not only be encrypted as SSL VPN, but you also want to make sure that it's a very easy and simple experience for your mobile user. What IT groups need to be looking for is that very simple mobile worker experience that allows you to very quickly authenticate onto the network and establish encrypted SSL VPN into the networks, so that you don't have to worry about interception on a wi-fi network or interception on a mobile service network in a public place.
Access control The need for network access control, so that once you know that users are coming in securely, once you know they are authenticated onto the network, you can easily enable them to access the correct enterprise applications and resources that they should have privileges for. The challenge there for IT is that you want to make sure that it’s easy for IT to provision. You want a technology that recognizes that you have mobile users coming and allows you to very easily provision those users with the privileges you want them to have on your network and make sure that they are coming in over secure networks. There are lots of implications for networks, there but there are solutions to help address that. Gardner: Now another way to skin this cat, I suppose, and which also makes it different with mobile devices is there is not just an on-off switch in terms of access. If you want to make security adjust to the modern environment, you need to start having a granular approach. Jonathan, how does access control over your assets and resources, not a complete black-and- white or on-and-off, but at a more graduated or a granular level, help with BYOD and security? Sander: It goes back to that idea of trying to be either both paranoid or proactive about the whole BYOD sphere. When you're trying to figure out what data you want people to have access to, you're not just going to take into account some rigid set of rules based on who they are. At least most organizations are not going to do that, partially because coming up with those rules itself can be challenging, but also because a lot of times what counts most to these people are not the roles and the rules but rather context. Context is king in a lot of cases these days, when you are trying to figure out a good approach to security. What better context to be aware of then one person sitting at a desk behind all of corporate protection accessing a system versus the same person on their tablet in a Starbucks. These are clearly two different risk categories. If they want to get access to the same data, then you're probably going to do slightly different things to have things happen. At that Starbucks, like Jane said, you're going to have to make sure you have a very secure channel to communicate on. And you might want to ask them to do extra layers of authentication or perhaps go through an extra step of approval. Or maybe somebody on the inside needs to confirm that this person should have access to that data on the outside. What that’s going to mean, Dana, is that you are going to have lots of different layers of security but they all need to be very well connected to one another. They need to be able to share data, share that context, and in that sharing, be able to create the right circumstance to have a secure access to whatever data is going to make the efficiency for that person be maximized. Maybe they're in the Starbucks because they are on a road trip that is incredibly important to meeting the top-line goals for your company.
It may not just be a convenience. It often sounds, when you talk about these BYOD and mobile questions, as if we're enabling somebody to be lazy. All I can say is that when I find myself on business trips, working at Starbucks is not lazy. It’s a necessity. Not a luxury It’s not exactly comfortable sitting there and trying to work around noise, traffic, and everything else. Typically, I'm not doing it as a luxury and I don’t think anybody else that does it is doing it that way either, in most cases. So, finding ways to enable that is a big deal. Gardner: We could spend a whole other hour talking about the productivity benefits that come when BYOD is done correctly, but in listening to you both it occurs to me that there are positive, unintended consequences here. When you do go mobile first, with your network containment activities, with your connected security around access control, and when you've elevated management to mobile device management, you're probably an organization with better policies and with better means or security in total. Am I off-base here, or is there a more robust level within an IT organization when they embrace BYOD in mobile and mobile first becomes really a just better way of doing IT? Wasson: The key thing here is that end users are moving to mobile. Workers are moving to mobile because they like the speed and ease of use of the mobile environment. IT organizations that embrace that are going to be ahead of the game of being able to secure those networks, relative to organizations that don't embrace it and have mobile workers end- gaming them by using apps that are more likely to introduce malware onto the networks. IT support organizations that provide that easy, secure access into enterprise, not just the calendar and email apps, but into the enterprise apps and resources, are more likely to have happy end users that are using secure technologies, as opposed to end-gaming IT and using technologies that introduce more risk into IT environment. Sander: I agree that the worst consequence of not doing the mobile first is that you're going to have people end-gaming IT. You're going to have shadow IT spring up in lines of business. You're going to have smart end users simply figuring it out for themselves. Believe me, if you don’t proactively lock it down, there are lots of ways to get it as mobile devices. Those companies that do think mobile first are the ones that are going to innovate their way out of those problems. They're the ones who are going to have the right mentality at the outset, where they formulate policy with that in mind and where they adopt technology with that in mind. You can see that happening today.
I see companies that have taken advantage of a mobile platform and tried to make sure that it is going to boost productivity. But the very first thing that happens, when they do that, is they get a huge push back from security, from the risk people, and sometimes even from executive-level folks, who are a little more conservative in a lot of cases, and tend to think in terms of the impact first. Because they want to push into that mobility mindset, that pushback forces them to think their way through all the security impacts and get over those hurdles to get what they really want. The idea is that, if you do it well, doing good security for mobility and BYOD on the first try, getting that good security, becomes an enabler as more waves of it hit you, because you've already got it figured out. When the next line of business shows up and wants to do it seriously, you've got a good pattern there which completely discourages all of that shadow IT and other nonsense, because if you can give them good answers, and they want them. Be an enabler They don’t want to figure out ways around you. They want you to be an enabler. I was reading recently how security has to go from being the "department of no" to the "department of how," because a lot of times, that’s really what it boils down to. If you're simply going to say no, they're going to figure out a way around you. If you tell them how to do it in a secure fashion, they'll do that. That’s why they're asking in the first place. They want you to enable them. Gardner: Maybe we should move beyond theory and vision into some practicality. Do we have any examples or anecdotes of organizations that have taken this plunge, embraced BYOD, perhaps with some mobile first mentality thrown in, and what are the results? What did they get? Wasson: One potential example of this is educational institutions. Educational institutions are probably some of the earlier adopters for using mobile platforms to access their back-end systems, and yet educational institutions also are very often required by law not to make inappropriate sites and things available to students. We've seen educational institutions deploying mobile device management platforms, and in this case our KACE K3000 Mobile Management platform with our mobile security solutions, such as our Mobile Connect application on devices, and Secure Remote appliances, enabling secure SSL VPN connection. What we're seeing is that the IT organizations have the level of control over those devices that they need. They can still give the freedom to the end user to choose those devices, yet they have the ability to manage those devices, manage security settings on those devices, authenticate those devices before they connect to the educational institution data centers, and automatically establish encrypted secure SSL VPN. They're able to query the traffic to make sure that traffic isn’t coming from or going to inappropriate sites and making sure that there's no malware on the network. And they're able to
gain control and security of the mobile students, while still enabling those students to use their personal devices and the tools of their choice. Gardner: Jonathan, any other examples from your perspective on when you do this well, how it can work? Sander: The first one that comes to mind is a healthcare system we were working with. They were in a unique position in that they actually had a high percentage of doctor ownership. What I mean by that is that a lot of people who had an executive stake in the healthcare system were themselves doctors. The doctors clearly wanted to use mobile devices as much as possible. They wanted to enable themselves to work on the run. They were running between hospitals. They were doing lots of different things where it's not a luxury to be on the tablet, but more of a necessity. So they challenged their IT folks to enable that. Just as with this situation in other places, the first push back was from security. We worked with them, and the results were very similar to what Jane describes from a technology standpoint. Dell was able to supply them with mobile-device management and network controls. They had a really good single sign-on platform as well. So the doctors weren’t constantly logging in again and again and again, even though they switched context and switched devices. Productivity gain What they gained from that was a huge amount of productivity from the doctors. In this case, coincidentally, they gained big in the executive team’s eyes for IT, because as I mentioned, a lot of them happened to be doctors. That was a good feedback loop. As they made that constituency very happy, that also fed directly into their executive team. In this particular case they got a double benefit, not just happy users, but happy executives. I guess it’s one of those, "I'm not just a president, but also user" type of things, where they were able to benefit twice from the same work. Gardner: I don't think we can, in any way, expect this BYOD trend to be a flash in the pan. I think it’s going to be here for quite some time, here to stay really. But as we look to the future, are there some developments that we should expect that would reward organizations for being proactive with the way they go at BYOD, more from a systemic and strategic and well thought-out approach rather than knee-jerk or reactive? I'm thinking about security and malware, whether that might be something that’s going to change in anyway? Any thoughts Jane on where the security equation might shift in the future?
Wasson: Today much of the malware is targeting PCs and laptops, but now, as smartphones have become more prevalent in the marketplace, increasingly hackers and cyber terrorists are recognizing that that’s a great new platform to go after. We're seeing an increase development of malware to go after mobile devices as a conduit to get into back-end networks. We should absolutely expect that that’s going to continue. We're seeing a trend towards more targeted attacks. As technologies to protect are developed, it’s going to be very important to find those technologies that specifically protect from targeted attacks. The thing that’s becoming increasingly important is to make sure that your security technologies aren't just looking at the reputation of who is trying to get into the network and protocols, but is actually looking at the actual traffic packets themselves. It's important to be able to identify those targeted attacks, advanced persistent threats, or malware that’s hidden within your traffic, because in the network at large, the presence of malware is only growing. For mobile platforms, historically it wasn’t as big a problem. Now that we see more of them out there, they're becoming a more important target. So it’s very important for IT support organizations to get ahead of this. They need to recognize that where they had previously focused mostly on what’s happening with PC laptop traffic, they really need to focus a lot more on making sure that they have good strategies and good policies in place also to address that mobile traffic. Broadening reach Gardner: We've been talking, of course, about how BYOD impacts employees and users within the enterprise. I suppose we should also broaden this out to consider that mobile commerce is going to impact supply chain, partners, and end users. Consumers will be going through mobile applications increasingly to do business with various organizations. This, again, goes beyond just the device for the employee to the devices for all the points that connect enterprises and customers. Any thoughts on how that might evolve in the future, Jonathan? Sander: Most everything we've talked about has been taking patterns and scripts that people are pretty familiar with from an IT security standpoint, changing a couple of the players, and running them the way that they have. It’s either your applications, as you have had them, and you are going to run the security play with mobile device as the endpoint, and you try to figure that out. But there are also trends where we have our user base and now we are going to move our applications out into the cloud. How do we do that? One of the things that we can look to for the future of BYOD is that we need to figure out what does it mean to have BYOD devices, cloud- based applications, and almost no touch points for us to get in there.
All of the patterns that we are used to, all of the scripts that we follow from a security standpoint, assume at least half the conversation is a heavy touch point for us. We're going to have the ability to get in there and put the shim in, or do whatever it is that’s necessary to understand it. But if that lies mostly outside of our hands, what does that mean? How do I really get a handle on that? A lot of organizations, thankfully for them, are not there yet, but they really need to be thinking about that. We talk about thinking mobile first. People who are thinking mobile first with their end-user community, when they are in their private planning meetings trying to figure out the next phase, need to figure out what this looks like, whether it’s a world that has IT almost completely out of the equation, but still somehow responsible for it. Gardner: I suppose we should be thinking about mobile and cloud first from now on. Sander: That’s where it’s going to go. Gardner: We're running close to our time, but let’s get a little bit more on Dell’s vision, given this future track, what we're seeing in the current landscape for BYOD, and the acquisitions and the strategic move from Dell Software. Let’s hear what you have in mind in terms of how one should go about, as an IT organization, getting a better handle on this. Let’s start with you, Jonathan. Sander: Our overall vision for security and we would definitely apply this to the BYOD sphere as well, is approaching it from a connected viewpoint. The word "connected" has a very specific context here. You often hear talk from Dell and others about converged solutions, where essentially you bring a whole bunch of technologies into one solution, usually a box of some kind, and you deliver it as such. Moving parts Security is never going to look like that. Security is always going to have a lot of different moving parts, and that’s because essentially security needs to map itself to the needs of the infrastructure that you've built. That’s going to be dictated by organic growth, M&A and everything in between. We think about it as being a connected set of solutions. The focus of that is to make sure that we can deliver on all these different points that are necessary to build up the right context and the right controls, to make security meaningful in a context like BYOD, but not do it in a way that makes too many demands of the infrastructure. The way you get benefit from that is by having these connected pieces attached at the right points. You then get both the protection of going inside-out and outside-in.
Inside-out is the way you normally think about security in a lot of cases, where you build the controls for the things you are in charge of. You make sure that, as they go out into the world, they're heavily secured using all the themes you have at your disposal. Outside-in is the traditional bad guys trying to get into your little world scenario. We want to make sure that the connected security solutions that we deliver can do both of these things, not only protect you from any insider threats and all of the things that can crop up from the way you build your technology that you are going to use to propel the business, but also protect you from the threats from the outside as well. Gardner: Last word to you, Jane. What would you add to what Jonathan said in terms of Dell Software’s vision for making BYOD secure? Wasson: The good news is that our vision basically supports IT in helping to enable the mobile worker to get that simple, secure, fast access to enterprise apps and resources. The way that we are doing this is by providing mobile-friendly technologies, IT friendly technologies, that give both the ease of use and simplicity that mobile users need. For example, our Mobile Connect App acts both as a VPN client and also a policy-enforced network access control app client, so that you have that simple one click access into the corporate data center that is secured by encrypted SSL VPN, with our Secure Remote Access appliances. You also have the support for IT to reduce complexity, because we make it very easy to create those policies, automatically enforce those policies, and implement network access control and security throughout the network. Gardner: Well, great. I'm afraid we'll have to leave it there. You've been listening to a sponsored BriefingsDirect podcast discussion on bringing clarity to BYOD support, management, and security. And we have seen how IT departments are grasping for any proven or standardized approach that makes BYOD access of resources secure and reliable. And we've learned how Dell Software is helping to bring standardized and flexible approaches to making BYOD and perhaps mobile first a positive new force to enterprise productivity. So thanks to our guests for joining. We've been here with Jonathan Sander, the Director of IAM Product Strategy at Dell Software. Thanks so much, Jonathan. Sander: Thank you, Dana. Gardner: And thank you also to Jane Wasson, the Senior Product Marketing Manager for Mobile Security at Dell Software. Thanks, Jane. Wasson: Thanks, Dana.
Gardner: This is Dana Gardner, Principal Analyst at Interarbor Solutions. Thanks also to our audience for joining us, and don’t forget to come back next time. Listen to the podcast. Find it on iTunes. Sponsor: Dell Software Transcript of a BriefingsDirect podcast on how Dell Software is helping to bring standardized and flexible approaches to making BYOD a positive new force to enterprise productivity. Copyright Interarbor Solutions, LLC, 2005-2013. All rights reserved. You may also be interested in: • Want a Data-Driven Culture? Start Sorting Out the BI and Big Data Myths Now • Data complexity forces need for agnostic tool chain approach for information management, says Dell Software executive • Dell's Foglight for Virtualization update extends visibility and management control across more infrastructure • For Dell's Quest Software, BYOD Puts Users First and with IT's Blessing • Dell survey highlights importance of putting users before devices when developing BYOD strategies • New Levels of Automation and Precision Needed to Optimize Backup and Recovery in Virtualized Environments

Empfohlen

7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing InvestmentsCaston Thomas
 
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...mkeane
 
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing Are my Devices Spying on Me? Living in a World of Ubiquitous Computing
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing Jason Hong
 
FinalResearch_95752_oliver
FinalResearch_95752_oliverFinalResearch_95752_oliver
FinalResearch_95752_oliverMadison Oliver
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with PrivacyJason Hong
 
Privacy for Mobile Sensing Systems
Privacy for Mobile Sensing SystemsPrivacy for Mobile Sensing Systems
Privacy for Mobile Sensing SystemsJason Hong
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...Dana Gardner
 

Empfohlen

7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing InvestmentsCaston Thomas
 
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...mkeane
 
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing Are my Devices Spying on Me? Living in a World of Ubiquitous Computing
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing Jason Hong
 
FinalResearch_95752_oliver
FinalResearch_95752_oliverFinalResearch_95752_oliver
FinalResearch_95752_oliverMadison Oliver
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with PrivacyJason Hong
 
Privacy for Mobile Sensing Systems
Privacy for Mobile Sensing SystemsPrivacy for Mobile Sensing Systems
Privacy for Mobile Sensing SystemsJason Hong
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...Dana Gardner
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010thaiantivirus
 
CIO Mobility Playbook
CIO Mobility PlaybookCIO Mobility Playbook
CIO Mobility PlaybookJuniper Networks
 
Privacy and Security for the Emerging Internet of Things
Privacy and Security for the Emerging Internet of ThingsPrivacy and Security for the Emerging Internet of Things
Privacy and Security for the Emerging Internet of ThingsJason Hong
 
IOT - Design Principles of Connected Devices
IOT - Design Principles of Connected DevicesIOT - Design Principles of Connected Devices
IOT - Design Principles of Connected DevicesDevyani Vasistha
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanShuja Ahmad
 
IoT.ppt
IoT.pptIoT.ppt
IoT.pptKundan Kumar
 
Networking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersNetworking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersEric Wong
 
Future opportunities in social communications
Future opportunities in social communicationsFuture opportunities in social communications
Future opportunities in social communicationsPawan Gupta
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Mobile Workplace Risks
Mobile Workplace RisksMobile Workplace Risks
Mobile Workplace RisksParag Deodhar
 
Internet of things enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)Internet of things enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)Davor Dokonal
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaJim Kaplan CIA CFE
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...Dana Gardner
 
20090906 On Future Internet, Cloud Computing, and Semantics – You name it
20090906 On Future Internet, Cloud Computing, and Semantics – You name it20090906 On Future Internet, Cloud Computing, and Semantics – You name it
20090906 On Future Internet, Cloud Computing, and Semantics – You name itArian Zwegers
 
Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Huntsman Security
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityТранслируем.бел
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD Worldmkeane
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devicesiSSAL
 
Estatísticas do Security Leaders 2010
Estatísticas do Security Leaders 2010Estatísticas do Security Leaders 2010
Estatísticas do Security Leaders 2010Gabriela Makhoul
 
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss ComplianceBen Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss ComplianceBen Rothke
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010thaiantivirus
 
Privacy and Security for the Emerging Internet of Things
Privacy and Security for the Emerging Internet of ThingsPrivacy and Security for the Emerging Internet of Things
Privacy and Security for the Emerging Internet of ThingsJason Hong
 
IOT - Design Principles of Connected Devices
IOT - Design Principles of Connected DevicesIOT - Design Principles of Connected Devices
IOT - Design Principles of Connected DevicesDevyani Vasistha
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanShuja Ahmad
 
Networking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersNetworking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersEric Wong
 
Future opportunities in social communications
Future opportunities in social communicationsFuture opportunities in social communications
Future opportunities in social communicationsPawan Gupta
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Mobile Workplace Risks
Mobile Workplace RisksMobile Workplace Risks
Mobile Workplace RisksParag Deodhar
 
Internet of things enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)Internet of things enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)Davor Dokonal
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaJim Kaplan CIA CFE
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...Dana Gardner
 
20090906 On Future Internet, Cloud Computing, and Semantics – You name it
20090906 On Future Internet, Cloud Computing, and Semantics – You name it20090906 On Future Internet, Cloud Computing, and Semantics – You name it
20090906 On Future Internet, Cloud Computing, and Semantics – You name itArian Zwegers
 
Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Huntsman Security
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityТранслируем.бел
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD Worldmkeane
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devicesiSSAL
 

Was ist angesagt? (20)

Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010
 
CIO Mobility Playbook
CIO Mobility PlaybookCIO Mobility Playbook
CIO Mobility Playbook
 
Privacy and Security for the Emerging Internet of Things
Privacy and Security for the Emerging Internet of ThingsPrivacy and Security for the Emerging Internet of Things
Privacy and Security for the Emerging Internet of Things
 
IOT - Design Principles of Connected Devices
IOT - Design Principles of Connected DevicesIOT - Design Principles of Connected Devices
IOT - Design Principles of Connected Devices
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in Pakistan
 
IoT.ppt
IoT.pptIoT.ppt
IoT.ppt
 
Networking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile WorkersNetworking Plus December 2014: Connecting Mobile Workers
Networking Plus December 2014: Connecting Mobile Workers
 
Future opportunities in social communications
Future opportunities in social communicationsFuture opportunities in social communications
Future opportunities in social communications
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
 
Mobile Workplace Risks
Mobile Workplace RisksMobile Workplace Risks
Mobile Workplace Risks
 
Internet of things enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)Internet of things enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
 
20090906 On Future Internet, Cloud Computing, and Semantics – You name it
20090906 On Future Internet, Cloud Computing, and Semantics – You name it20090906 On Future Internet, Cloud Computing, and Semantics – You name it
20090906 On Future Internet, Cloud Computing, and Semantics – You name it
 
Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise Security
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic Workforce
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD World
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devices
 

Andere mochten auch

Estatísticas do Security Leaders 2010
Estatísticas do Security Leaders 2010Estatísticas do Security Leaders 2010
Estatísticas do Security Leaders 2010Gabriela Makhoul
 
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss ComplianceBen Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss ComplianceBen Rothke
 
Grid connected pv system using 9 level flying capacitor multilevel inverter
Grid connected pv system using 9 level flying capacitor multilevel inverterGrid connected pv system using 9 level flying capacitor multilevel inverter
Grid connected pv system using 9 level flying capacitor multilevel inverterIAEME Publication
 
Dekho security overview
Dekho security overviewDekho security overview
Dekho security overviewjpradeep1982
 
This Is It
This Is ItThis Is It
This Is ItJon
 
The Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsThe Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsBarry Feldman
 
The Outcome Economy
The Outcome EconomyThe Outcome Economy
The Outcome EconomyHelge Tennø
 

Andere mochten auch (7)

Estatísticas do Security Leaders 2010
Estatísticas do Security Leaders 2010Estatísticas do Security Leaders 2010
Estatísticas do Security Leaders 2010
 
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss ComplianceBen Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
 
Grid connected pv system using 9 level flying capacitor multilevel inverter
Grid connected pv system using 9 level flying capacitor multilevel inverterGrid connected pv system using 9 level flying capacitor multilevel inverter
Grid connected pv system using 9 level flying capacitor multilevel inverter
 
Dekho security overview
Dekho security overviewDekho security overview
Dekho security overview
 
This Is It
This Is ItThis Is It
This Is It
 
The Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsThe Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post Formats
 
The Outcome Economy
The Outcome EconomyThe Outcome Economy
The Outcome Economy
 

Ähnlich wie BYOD Security Challenges and Solutions Podcast

For Dell’s Quest Software, BYOD Puts Users First with IT’s Blessing
For Dell’s Quest Software, BYOD Puts Users First with IT’s BlessingFor Dell’s Quest Software, BYOD Puts Users First with IT’s Blessing
For Dell’s Quest Software, BYOD Puts Users First with IT’s BlessingDana Gardner
 
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...Dana Gardner
 
How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...
How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...
How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...Dana Gardner
 
Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...
Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...
Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...Dana Gardner
 
BYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of ItBYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of ItArlette Measures
 
Enterprise Mobile and Client Management Demands a Rethinking of Work, Play an...
Enterprise Mobile and Client Management Demands a Rethinking of Work, Play an...Enterprise Mobile and Client Management Demands a Rethinking of Work, Play an...
Enterprise Mobile and Client Management Demands a Rethinking of Work, Play an...Dana Gardner
 
iPads on your network? Take Control with Unified Policy and Management
iPads on your network? Take Control with Unified Policy and ManagementiPads on your network? Take Control with Unified Policy and Management
iPads on your network? Take Control with Unified Policy and ManagementCisco Mobility
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Dana Gardner
 
OC CIO Roundtable BYOD
OC CIO Roundtable BYODOC CIO Roundtable BYOD
OC CIO Roundtable BYODJim Sutter
 
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Dana Gardner
 
Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014Spiceworks Ziff Davis
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksSocialKwan
 
Malware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatMalware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatChris Ross
 
The State of Mobile Security and How Identity Advancement Plays an Essential ...
The State of Mobile Security and How Identity Advancement Plays an Essential ...The State of Mobile Security and How Identity Advancement Plays an Essential ...
The State of Mobile Security and How Identity Advancement Plays an Essential ...Dana Gardner
 
Good for who? Understanding the challenges of implementing good design
Good for who? Understanding the challenges of implementing good designGood for who? Understanding the challenges of implementing good design
Good for who? Understanding the challenges of implementing good designAlexandra Deschamps-Sonsino
 
1 p 14-0714 wearable technology part 2 blue paper
1 p 14-0714 wearable technology part 2 blue paper1 p 14-0714 wearable technology part 2 blue paper
1 p 14-0714 wearable technology part 2 blue paper4imprint
 
The Unconventional Guide to Cyber Threat Intelligence - Ahad.pdf
The Unconventional Guide to Cyber Threat Intelligence - Ahad.pdfThe Unconventional Guide to Cyber Threat Intelligence - Ahad.pdf
The Unconventional Guide to Cyber Threat Intelligence - Ahad.pdfAhad
 
Cyber threat Intelligence Dubai - Ahad.pptx
Cyber threat Intelligence Dubai - Ahad.pptxCyber threat Intelligence Dubai - Ahad.pptx
Cyber threat Intelligence Dubai - Ahad.pptxAhad
 
As Cloud Trends Drive User Expectations Higher, Networks Must Now Deliver App...
As Cloud Trends Drive User Expectations Higher, Networks Must Now Deliver App...As Cloud Trends Drive User Expectations Higher, Networks Must Now Deliver App...
As Cloud Trends Drive User Expectations Higher, Networks Must Now Deliver App...Dana Gardner
 

Ähnlich wie BYOD Security Challenges and Solutions Podcast (20)

For Dell’s Quest Software, BYOD Puts Users First with IT’s Blessing
For Dell’s Quest Software, BYOD Puts Users First with IT’s BlessingFor Dell’s Quest Software, BYOD Puts Users First with IT’s Blessing
For Dell’s Quest Software, BYOD Puts Users First with IT’s Blessing
 
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
 
How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...
How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...
How a Minnesota Law Firm Brings Mission Critical Security To Myriad Mobile De...
 
Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...
Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...
Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...
 
BYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of ItBYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of It
 
Enterprise Mobile and Client Management Demands a Rethinking of Work, Play an...
Enterprise Mobile and Client Management Demands a Rethinking of Work, Play an...Enterprise Mobile and Client Management Demands a Rethinking of Work, Play an...
Enterprise Mobile and Client Management Demands a Rethinking of Work, Play an...
 
iPads on your network? Take Control with Unified Policy and Management
iPads on your network? Take Control with Unified Policy and ManagementiPads on your network? Take Control with Unified Policy and Management
iPads on your network? Take Control with Unified Policy and Management
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
 
OC CIO Roundtable BYOD
OC CIO Roundtable BYODOC CIO Roundtable BYOD
OC CIO Roundtable BYOD
 
OC CIO BYOD
OC CIO BYODOC CIO BYOD
OC CIO BYOD
 
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
 
Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaks
 
Malware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatMalware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest Threat
 
The State of Mobile Security and How Identity Advancement Plays an Essential ...
The State of Mobile Security and How Identity Advancement Plays an Essential ...The State of Mobile Security and How Identity Advancement Plays an Essential ...
The State of Mobile Security and How Identity Advancement Plays an Essential ...
 
Good for who? Understanding the challenges of implementing good design
Good for who? Understanding the challenges of implementing good designGood for who? Understanding the challenges of implementing good design
Good for who? Understanding the challenges of implementing good design
 
1 p 14-0714 wearable technology part 2 blue paper
1 p 14-0714 wearable technology part 2 blue paper1 p 14-0714 wearable technology part 2 blue paper
1 p 14-0714 wearable technology part 2 blue paper
 
The Unconventional Guide to Cyber Threat Intelligence - Ahad.pdf
The Unconventional Guide to Cyber Threat Intelligence - Ahad.pdfThe Unconventional Guide to Cyber Threat Intelligence - Ahad.pdf
The Unconventional Guide to Cyber Threat Intelligence - Ahad.pdf
 
Cyber threat Intelligence Dubai - Ahad.pptx
Cyber threat Intelligence Dubai - Ahad.pptxCyber threat Intelligence Dubai - Ahad.pptx
Cyber threat Intelligence Dubai - Ahad.pptx
 
As Cloud Trends Drive User Expectations Higher, Networks Must Now Deliver App...
As Cloud Trends Drive User Expectations Higher, Networks Must Now Deliver App...As Cloud Trends Drive User Expectations Higher, Networks Must Now Deliver App...
As Cloud Trends Drive User Expectations Higher, Networks Must Now Deliver App...
 

Kürzlich hochgeladen

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Kürzlich hochgeladen (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

BYOD Security Challenges and Solutions Podcast

  • 1. Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater Access While Protecting Networks Transcript of a BriefingsDirect podcast on how Dell Software is helping to bring standardized and flexible approaches to making BYOD a positive new force to enterprise productivity. Listen to the podcast. Find it on iTunes. Sponsor: Dell Software Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions and you're listening to BriefingsDirect. Today, we present a sponsored podcast discussion on bringing clarity to bring your own device (BYOD) support, management, and security. While so-called BYOD isn't necessarily new -- IT departments, after all, have been supporting mobile "road warriors" since the 1980s, the rising tide of end users seeking the use and support of their consumer devices is certainly something quite new. It’s so new that IT departments are grasping for any standard or proven approaches that make BYOD access of enterprise resources both secure and reliable. The task is dauntingly complex, and new and unforeseen consequences of BYOD are cropping up regularly, from deluged help desk to app performance snafus to new forms of security breaches. We're here now with a panel to explore some of the new and more-effective approaches for making BYOD both safe and controlled. Please join me in welcoming our guests. We're here today with Jonathan Sander. He is director of IAM product strategy at Dell Software. Welcome, Jonathan. Jonathan Sander: Hi, Dana. Thanks. Gardner: We're also here with Jane Wasson, the Senior Product Marketing Manager for Mobile Security at Dell Software. Welcome, Jane. Jane Wasson: Thanks, Dana. Gardner: It’s good to have you both with us. As I mentioned, road warriors have been looking to their IT department to help them in the field for decades, but there just doesn’t seem to be any standard operating procedures for supporting BYOD. You can't just buy it in a box. It’s not shrink wrapped in any way. I wonder why the means to make widespread BYOD perform well is so scattered and so uncooked. Jane, why are we at this point now? People really want a solution and they can’t get one.
  • 2. Wasson: IT did a great job of supporting mobile workers with laptops and early mobile devices for quite some time, but much of that was with IT-controlled systems. IT chose the devices. They chose the software, the applications, that would run on those laptops. What we're seeing increasingly now is that mobile workers are using their personally purchased mobile devices -- cellphones, smart phones, and tablets -- to access their e-mail, calendar, corporate e-mail, corporate calendar, and IT has been able to support that securely and very successfully for them across a wide variety devices and operating systems. Ease and speed What we're seeing now that’s a little bit different is increasingly those mobile workers like the ease of use and the speed at which they can get to their email and their calendar apps with those mobile devices. They now want IT to extend that so that they can get the same access to enterprise apps and resources on mobile devices that they've enjoyed on their IT controlled laptops over the years. That creates a new challenge for IT. All of a sudden, rather than having a controlled set of devices and a controlled environment, that they can manage, they have a variety of devices that end users have purchased. IT had no control over that choice and what’s already loaded on those devices. They're trying to figure out, given that environment, how to securely enable access to enterprise apps and resources and give those end users that speed of access that they want and the ease of access that they want, but still maintain security. They don't want their back-end networks infected with malware. They don't want to have rogue users finding laptops or mobile devices and being able to access enterprise systems. It’s a huge challenge for IT support groups. Gardner: Do you have any sense of how big a wave this is? Are there numbers or data that indicate what portion of users are trying to go in the BYOD direction. Wasson: Industry analysts are now seeing that more than 50 percent of workers are using personal mobile devices in some capacity to access those networks. Increasingly, they're asking to access not just email and calendar, but also enterprise apps and resources. Gardner: Jonathan, as with many shifts in IT that didn’t originate with the IT department, it seems that there are some unintended consequences here. What’s happening now that we've got this tug, this pull, in the BYOD direction? What are IT folks who are tasked in making this viable finding?
  • 3. Sander: There are a lot of consequences, and understanding all of them is still in process. That’s part of the problem. Of all the problems that people are going to have as a result of BYOD are TBD. One of the ones that's most apparent right away is security. The approaches that people have taken in the past to lock down anything that’s related to mobile have all centered on exactly what Jane pointed out. They were in charge of the device in some fashion. They had a foot in that door and they could use some kind of lock down. I was sitting with someone at one of the big financial firms in New York City the other day. We asked them about their BYOD strategy and he took a humorous approach to it. He said, "Yes, we have a really well defined BYOD strategy. As long as the device is the one we assign to you and uses the software that we approved and control all the policy on, you can bring it." I think that that’s not too uncommon. A lot of the firms that are very security sensitive have worked it out. On the other end of the scale, I've talked to people who say that BYOD is not something that is they are doing but rather is being inflicted on them. That’s the language they put it in. It relates back to that security problem, because when they're looking at trying to understand how their data is going to be present on these devices and what impact that will have on their risk standpoint, it's almost impossible to quantify. History of breaches If you look at the history of breaches, even with the controlled laptops that they had, you had laptops being stolen with tons of data on them. You know what happens the first time you get one of those breaches stemming from someone leaving their cellphone in the backseat of a taxi cab? These are things that are keeping people up at the night. Add to this that a lot of times the security approaches they have taken have all been leveraging the fact that there is a single vendor that is somehow responsible for a lot of what they do. Now, with the explosion of the variety of devices and the fact that they have no control over what their employee might purchase to bring in, that notion is simply gone. With it went any hope of a standard, at least anytime soon, to help secure and lock down the data on all these different devices. Gardner: Another aspect of this is the diversity of the variables. There is web access, native apps, a variety of different carriers, different types of networks within those carriers, and all these different plans. I suppose it’s difficult to have just a standard operating procedure. It seems like there have to be dozens of standard operating procedures. Is that what they're finding in the field, and how does any organization come to grips with such diversity?
  • 4. Sander: You're absolutely right. Diversity, first and foremost, is the challenge. There are also a lot of other trends that are bringing more diversity into IT at the same time, and then BYOD just becomes one dimension of diversity. You mentioned web control. If you're assuming that this is a web application that they're rolling out on their own, that's one thing. If it’s a cloud app, what happens when you have somebody using a cloud app on a BYOD device? How do you insert any control into that scenario at all? It gets very complex, very quickly. Gardner: Let’s look at some specific types of starting points, putting in the blocking and tackling necessary to start to get a handle on this. Jane, what should companies be doing, in terms of setting up some building blocks, the means to tackle the reliability, security, and diversity? Wasson: The good news is that being able to support remote workers is not new, because most companies already have policies in place to manage remote workers. What’s new is that, rather than the devices that are accessing the enterprise apps and resources being IT controlled, those devices are no longer IT controlled. Very often, the policies are there. What they need to do is rethink those policies in light of a mobile worker, a mobile device, environment with so much of the same capability. You have to be able to know which devices are connecting to the network. Are those devices harboring malware that could infect your network? Are those devices locked down, so that authentication is necessary to get into your network? There are a number of best practices that IT organizations already have in place for their managed laptop devices. The question is how to take those policies and now apply those policies to a mobile worker who's bringing their own devices. Forced authorization You need to find technologies basically that allow you to force authentication on those mobile users before they can access your network. You need to find technologies that can help you interrogate those mobile devices to make sure that they're not going to infect your network with anything nasty. You need to find the technologies that allow you to look at that traffic, as it’s coming onto your network, and make sure that it's not carrying malware or other problems. Very often, IT departments have a good handle on what they need to do. It’s a question for their environment how best to integrate mobile device management technologies so that they can support these mobile workers to provide them the access they need and do it in a way that does not introduce a lot of risk to the enterprise. Gardner: I think I heard you say that those areas that you described would fall under this category of mobile device management. If that’s the case, without going to the buzz words too
  • 5. deeply, what should people think of? How should they have a vision around what mobile device management should actually do? Wasson: What mobile device management needs to do for them is what laptop device management has done for them in the past. The key things to think about there are looking at when you're actually deploying those devices. Maybe you have end users that are purchasing personal units, and maybe you don't know initially. Maybe you don't have the same level of knowledge about that unit or ways to track it. What you can do is introduce technologies onto your network, so that when your users log into the network or authenticate onto the network, the device is queried, so that you are able to do some level of tracking of that device. You're able to potentially provide self-service portals, so that employees have the ability to download enterprise mobile applications onto that device. You have the ability to very simply load onto those devices agents that can automatically query devices and make sure that they're configured to meet your security requirements. There are technologies available to do mobile device management and provide that level of oversight, so that you can inventory devices. You can have a level of knowledge and management over configuration and software applications. And you do have the ability to control, at some level, the security settings on those devices. A mobile device management platform needs to do those functions for the IT support organization across mobile operating systems. Gardner: I should imagine, Jonathan, that an organization that’s had experience with managing laptops and full clients, as well as thin clients and zero clients, would have a leg up on moving into mobile device management. Is that the case? Sander: To Jane’s point, they should have policies in place that are going to apply here, so that in that sense they have a leg up. They definitely need the technology in place to deliver on it, and that’s on the device layer. On the application layer, the data layer, the place where all the intellectual property (IP) for an organization sits in most cases, those layers should be -- the word "should" is tricky -- pretty well secured already. The idea is that they have already been on there on laptops, trying to get in from the outside, for a while and there should be some level of lock-down there. Layered defense If you have a healthy layered defense in place so that you can get the access to people outside of your walls, then your mobile access people coming in with their own devices, in a lot of cases, are just going to look like a new client on that web application.
  • 6. The trick comes when you have organizations that want to take it to the next level and supply some sort of experience that is different on the mobile device. That might mean the paranoid version, where I want to make sure that the user on the mobile device has a lot less access, and I want that to be governed by the fact that they are on the mobile device. I need to take that into account. But there is also the very proactive view that you don’t have to be paranoid about it, and you can embrace it. I worked with a large energy company that decided to embrace these devices. They decided that if they're going to use them well, they might as well squeeze some more productivity out of them. They were going to roll out apps that specifically deliver their data, but the challenge they faced then was that they then had to make sure the data were secure in those channels too. So they had to be very specific about that, and that involved new areas of policy but also having the technology be smart enough to answer those challenges, as well, because being proactive like that means taking on some new security context, and it’s a new risk. Gardner: Jane, I have also heard that you need to think about networks in a different way. With some relevance to the past, network containment has been something organizations have done for remote branches. They've used VPNs with the end devices, fat clients, if you will. How does network containment mature for BYOD support? Wasson: The good news is that IT departments have a lot of experience with managing networks and managing their network securely. What’s different here is that now you have a mobile device that is the conduit coming into the network. Whereas in the past, folks had been using primarily laptop VPN clients, that paradigm changes a little for the mobile world. Mobile users like the convenience and the ease of being able to use mobile applications. The challenge for IT departments is how to create a simple user experience for mobile device to access the back-end network and how to make sure that for the mobile user not only is it simple and easy, but they are authenticating to that network for security. Also because with that mobile user it’s a personal device and they control what mobile service they are using, IT groups need to care a lot about the networks from which the user is accessing the corporate environment. For example, you want to make sure that you're using an encrypted SSL VPN connection to go back into your corporate data centers. It needs to not only be encrypted as SSL VPN, but you also want to make sure that it's a very easy and simple experience for your mobile user. What IT groups need to be looking for is that very simple mobile worker experience that allows you to very quickly authenticate onto the network and establish encrypted SSL VPN into the networks, so that you don't have to worry about interception on a wi-fi network or interception on a mobile service network in a public place.
  • 7. Access control The need for network access control, so that once you know that users are coming in securely, once you know they are authenticated onto the network, you can easily enable them to access the correct enterprise applications and resources that they should have privileges for. The challenge there for IT is that you want to make sure that it’s easy for IT to provision. You want a technology that recognizes that you have mobile users coming and allows you to very easily provision those users with the privileges you want them to have on your network and make sure that they are coming in over secure networks. There are lots of implications for networks, there but there are solutions to help address that. Gardner: Now another way to skin this cat, I suppose, and which also makes it different with mobile devices is there is not just an on-off switch in terms of access. If you want to make security adjust to the modern environment, you need to start having a granular approach. Jonathan, how does access control over your assets and resources, not a complete black-and- white or on-and-off, but at a more graduated or a granular level, help with BYOD and security? Sander: It goes back to that idea of trying to be either both paranoid or proactive about the whole BYOD sphere. When you're trying to figure out what data you want people to have access to, you're not just going to take into account some rigid set of rules based on who they are. At least most organizations are not going to do that, partially because coming up with those rules itself can be challenging, but also because a lot of times what counts most to these people are not the roles and the rules but rather context. Context is king in a lot of cases these days, when you are trying to figure out a good approach to security. What better context to be aware of then one person sitting at a desk behind all of corporate protection accessing a system versus the same person on their tablet in a Starbucks. These are clearly two different risk categories. If they want to get access to the same data, then you're probably going to do slightly different things to have things happen. At that Starbucks, like Jane said, you're going to have to make sure you have a very secure channel to communicate on. And you might want to ask them to do extra layers of authentication or perhaps go through an extra step of approval. Or maybe somebody on the inside needs to confirm that this person should have access to that data on the outside. What that’s going to mean, Dana, is that you are going to have lots of different layers of security but they all need to be very well connected to one another. They need to be able to share data, share that context, and in that sharing, be able to create the right circumstance to have a secure access to whatever data is going to make the efficiency for that person be maximized. Maybe they're in the Starbucks because they are on a road trip that is incredibly important to meeting the top-line goals for your company.
  • 8. It may not just be a convenience. It often sounds, when you talk about these BYOD and mobile questions, as if we're enabling somebody to be lazy. All I can say is that when I find myself on business trips, working at Starbucks is not lazy. It’s a necessity. Not a luxury It’s not exactly comfortable sitting there and trying to work around noise, traffic, and everything else. Typically, I'm not doing it as a luxury and I don’t think anybody else that does it is doing it that way either, in most cases. So, finding ways to enable that is a big deal. Gardner: We could spend a whole other hour talking about the productivity benefits that come when BYOD is done correctly, but in listening to you both it occurs to me that there are positive, unintended consequences here. When you do go mobile first, with your network containment activities, with your connected security around access control, and when you've elevated management to mobile device management, you're probably an organization with better policies and with better means or security in total. Am I off-base here, or is there a more robust level within an IT organization when they embrace BYOD in mobile and mobile first becomes really a just better way of doing IT? Wasson: The key thing here is that end users are moving to mobile. Workers are moving to mobile because they like the speed and ease of use of the mobile environment. IT organizations that embrace that are going to be ahead of the game of being able to secure those networks, relative to organizations that don't embrace it and have mobile workers end- gaming them by using apps that are more likely to introduce malware onto the networks. IT support organizations that provide that easy, secure access into enterprise, not just the calendar and email apps, but into the enterprise apps and resources, are more likely to have happy end users that are using secure technologies, as opposed to end-gaming IT and using technologies that introduce more risk into IT environment. Sander: I agree that the worst consequence of not doing the mobile first is that you're going to have people end-gaming IT. You're going to have shadow IT spring up in lines of business. You're going to have smart end users simply figuring it out for themselves. Believe me, if you don’t proactively lock it down, there are lots of ways to get it as mobile devices. Those companies that do think mobile first are the ones that are going to innovate their way out of those problems. They're the ones who are going to have the right mentality at the outset, where they formulate policy with that in mind and where they adopt technology with that in mind. You can see that happening today.
  • 9. I see companies that have taken advantage of a mobile platform and tried to make sure that it is going to boost productivity. But the very first thing that happens, when they do that, is they get a huge push back from security, from the risk people, and sometimes even from executive-level folks, who are a little more conservative in a lot of cases, and tend to think in terms of the impact first. Because they want to push into that mobility mindset, that pushback forces them to think their way through all the security impacts and get over those hurdles to get what they really want. The idea is that, if you do it well, doing good security for mobility and BYOD on the first try, getting that good security, becomes an enabler as more waves of it hit you, because you've already got it figured out. When the next line of business shows up and wants to do it seriously, you've got a good pattern there which completely discourages all of that shadow IT and other nonsense, because if you can give them good answers, and they want them. Be an enabler They don’t want to figure out ways around you. They want you to be an enabler. I was reading recently how security has to go from being the "department of no" to the "department of how," because a lot of times, that’s really what it boils down to. If you're simply going to say no, they're going to figure out a way around you. If you tell them how to do it in a secure fashion, they'll do that. That’s why they're asking in the first place. They want you to enable them. Gardner: Maybe we should move beyond theory and vision into some practicality. Do we have any examples or anecdotes of organizations that have taken this plunge, embraced BYOD, perhaps with some mobile first mentality thrown in, and what are the results? What did they get? Wasson: One potential example of this is educational institutions. Educational institutions are probably some of the earlier adopters for using mobile platforms to access their back-end systems, and yet educational institutions also are very often required by law not to make inappropriate sites and things available to students. We've seen educational institutions deploying mobile device management platforms, and in this case our KACE K3000 Mobile Management platform with our mobile security solutions, such as our Mobile Connect application on devices, and Secure Remote appliances, enabling secure SSL VPN connection. What we're seeing is that the IT organizations have the level of control over those devices that they need. They can still give the freedom to the end user to choose those devices, yet they have the ability to manage those devices, manage security settings on those devices, authenticate those devices before they connect to the educational institution data centers, and automatically establish encrypted secure SSL VPN. They're able to query the traffic to make sure that traffic isn’t coming from or going to inappropriate sites and making sure that there's no malware on the network. And they're able to
  • 10. gain control and security of the mobile students, while still enabling those students to use their personal devices and the tools of their choice. Gardner: Jonathan, any other examples from your perspective on when you do this well, how it can work? Sander: The first one that comes to mind is a healthcare system we were working with. They were in a unique position in that they actually had a high percentage of doctor ownership. What I mean by that is that a lot of people who had an executive stake in the healthcare system were themselves doctors. The doctors clearly wanted to use mobile devices as much as possible. They wanted to enable themselves to work on the run. They were running between hospitals. They were doing lots of different things where it's not a luxury to be on the tablet, but more of a necessity. So they challenged their IT folks to enable that. Just as with this situation in other places, the first push back was from security. We worked with them, and the results were very similar to what Jane describes from a technology standpoint. Dell was able to supply them with mobile-device management and network controls. They had a really good single sign-on platform as well. So the doctors weren’t constantly logging in again and again and again, even though they switched context and switched devices. Productivity gain What they gained from that was a huge amount of productivity from the doctors. In this case, coincidentally, they gained big in the executive team’s eyes for IT, because as I mentioned, a lot of them happened to be doctors. That was a good feedback loop. As they made that constituency very happy, that also fed directly into their executive team. In this particular case they got a double benefit, not just happy users, but happy executives. I guess it’s one of those, "I'm not just a president, but also user" type of things, where they were able to benefit twice from the same work. Gardner: I don't think we can, in any way, expect this BYOD trend to be a flash in the pan. I think it’s going to be here for quite some time, here to stay really. But as we look to the future, are there some developments that we should expect that would reward organizations for being proactive with the way they go at BYOD, more from a systemic and strategic and well thought-out approach rather than knee-jerk or reactive? I'm thinking about security and malware, whether that might be something that’s going to change in anyway? Any thoughts Jane on where the security equation might shift in the future?
  • 11. Wasson: Today much of the malware is targeting PCs and laptops, but now, as smartphones have become more prevalent in the marketplace, increasingly hackers and cyber terrorists are recognizing that that’s a great new platform to go after. We're seeing an increase development of malware to go after mobile devices as a conduit to get into back-end networks. We should absolutely expect that that’s going to continue. We're seeing a trend towards more targeted attacks. As technologies to protect are developed, it’s going to be very important to find those technologies that specifically protect from targeted attacks. The thing that’s becoming increasingly important is to make sure that your security technologies aren't just looking at the reputation of who is trying to get into the network and protocols, but is actually looking at the actual traffic packets themselves. It's important to be able to identify those targeted attacks, advanced persistent threats, or malware that’s hidden within your traffic, because in the network at large, the presence of malware is only growing. For mobile platforms, historically it wasn’t as big a problem. Now that we see more of them out there, they're becoming a more important target. So it’s very important for IT support organizations to get ahead of this. They need to recognize that where they had previously focused mostly on what’s happening with PC laptop traffic, they really need to focus a lot more on making sure that they have good strategies and good policies in place also to address that mobile traffic. Broadening reach Gardner: We've been talking, of course, about how BYOD impacts employees and users within the enterprise. I suppose we should also broaden this out to consider that mobile commerce is going to impact supply chain, partners, and end users. Consumers will be going through mobile applications increasingly to do business with various organizations. This, again, goes beyond just the device for the employee to the devices for all the points that connect enterprises and customers. Any thoughts on how that might evolve in the future, Jonathan? Sander: Most everything we've talked about has been taking patterns and scripts that people are pretty familiar with from an IT security standpoint, changing a couple of the players, and running them the way that they have. It’s either your applications, as you have had them, and you are going to run the security play with mobile device as the endpoint, and you try to figure that out. But there are also trends where we have our user base and now we are going to move our applications out into the cloud. How do we do that? One of the things that we can look to for the future of BYOD is that we need to figure out what does it mean to have BYOD devices, cloud- based applications, and almost no touch points for us to get in there.
  • 12. All of the patterns that we are used to, all of the scripts that we follow from a security standpoint, assume at least half the conversation is a heavy touch point for us. We're going to have the ability to get in there and put the shim in, or do whatever it is that’s necessary to understand it. But if that lies mostly outside of our hands, what does that mean? How do I really get a handle on that? A lot of organizations, thankfully for them, are not there yet, but they really need to be thinking about that. We talk about thinking mobile first. People who are thinking mobile first with their end-user community, when they are in their private planning meetings trying to figure out the next phase, need to figure out what this looks like, whether it’s a world that has IT almost completely out of the equation, but still somehow responsible for it. Gardner: I suppose we should be thinking about mobile and cloud first from now on. Sander: That’s where it’s going to go. Gardner: We're running close to our time, but let’s get a little bit more on Dell’s vision, given this future track, what we're seeing in the current landscape for BYOD, and the acquisitions and the strategic move from Dell Software. Let’s hear what you have in mind in terms of how one should go about, as an IT organization, getting a better handle on this. Let’s start with you, Jonathan. Sander: Our overall vision for security and we would definitely apply this to the BYOD sphere as well, is approaching it from a connected viewpoint. The word "connected" has a very specific context here. You often hear talk from Dell and others about converged solutions, where essentially you bring a whole bunch of technologies into one solution, usually a box of some kind, and you deliver it as such. Moving parts Security is never going to look like that. Security is always going to have a lot of different moving parts, and that’s because essentially security needs to map itself to the needs of the infrastructure that you've built. That’s going to be dictated by organic growth, M&A and everything in between. We think about it as being a connected set of solutions. The focus of that is to make sure that we can deliver on all these different points that are necessary to build up the right context and the right controls, to make security meaningful in a context like BYOD, but not do it in a way that makes too many demands of the infrastructure. The way you get benefit from that is by having these connected pieces attached at the right points. You then get both the protection of going inside-out and outside-in.
  • 13. Inside-out is the way you normally think about security in a lot of cases, where you build the controls for the things you are in charge of. You make sure that, as they go out into the world, they're heavily secured using all the themes you have at your disposal. Outside-in is the traditional bad guys trying to get into your little world scenario. We want to make sure that the connected security solutions that we deliver can do both of these things, not only protect you from any insider threats and all of the things that can crop up from the way you build your technology that you are going to use to propel the business, but also protect you from the threats from the outside as well. Gardner: Last word to you, Jane. What would you add to what Jonathan said in terms of Dell Software’s vision for making BYOD secure? Wasson: The good news is that our vision basically supports IT in helping to enable the mobile worker to get that simple, secure, fast access to enterprise apps and resources. The way that we are doing this is by providing mobile-friendly technologies, IT friendly technologies, that give both the ease of use and simplicity that mobile users need. For example, our Mobile Connect App acts both as a VPN client and also a policy-enforced network access control app client, so that you have that simple one click access into the corporate data center that is secured by encrypted SSL VPN, with our Secure Remote Access appliances. You also have the support for IT to reduce complexity, because we make it very easy to create those policies, automatically enforce those policies, and implement network access control and security throughout the network. Gardner: Well, great. I'm afraid we'll have to leave it there. You've been listening to a sponsored BriefingsDirect podcast discussion on bringing clarity to BYOD support, management, and security. And we have seen how IT departments are grasping for any proven or standardized approach that makes BYOD access of resources secure and reliable. And we've learned how Dell Software is helping to bring standardized and flexible approaches to making BYOD and perhaps mobile first a positive new force to enterprise productivity. So thanks to our guests for joining. We've been here with Jonathan Sander, the Director of IAM Product Strategy at Dell Software. Thanks so much, Jonathan. Sander: Thank you, Dana. Gardner: And thank you also to Jane Wasson, the Senior Product Marketing Manager for Mobile Security at Dell Software. Thanks, Jane. Wasson: Thanks, Dana.
  • 14. Gardner: This is Dana Gardner, Principal Analyst at Interarbor Solutions. Thanks also to our audience for joining us, and don’t forget to come back next time. Listen to the podcast. Find it on iTunes. Sponsor: Dell Software Transcript of a BriefingsDirect podcast on how Dell Software is helping to bring standardized and flexible approaches to making BYOD a positive new force to enterprise productivity. Copyright Interarbor Solutions, LLC, 2005-2013. All rights reserved. You may also be interested in: • Want a Data-Driven Culture? Start Sorting Out the BI and Big Data Myths Now • Data complexity forces need for agnostic tool chain approach for information management, says Dell Software executive • Dell's Foglight for Virtualization update extends visibility and management control across more infrastructure • For Dell's Quest Software, BYOD Puts Users First and with IT's Blessing • Dell survey highlights importance of putting users before devices when developing BYOD strategies • New Levels of Automation and Precision Needed to Optimize Backup and Recovery in Virtualized Environments