Going_Mobile_101_IIMC_v5
Download as PPTX, PDF0 likes299 views
This document provides an overview of handling mobile devices in the public sector. It discusses the rise of mobile computing and BYOD programs. It provides guidance on developing mobile security policies and case studies on implementing mobile device management. The case study of Fairfax County Public Schools is presented, which implemented a BYOD program for 180k students and 23k staff using iOS, Android and Blackberry devices managed through an MDM solution. Lessons learned included choosing battles carefully, having policy in place first, and future plans for malware detection and app whitelisting.
Going_Mobile_101_IIMC_v5
- 1. Going Mobile: Handling Devices in the Public Sector Steven C. Markey,MSIS,PMP,CISSP,CIPP,CISM,CISA,STS-EV,CCSK Principal,nControl,LLC AdjunctProfessor
- 2. • Presentation Overview – Mobile Computing Overview • Mobile Device Overview • Security Guidance • Bring Your Own Device (BYOD) • Mobile Applications (Social Media, etc.) – Case Studies • Fairfax County Public School (FCPS) Going Mobile
- 3. • General Overview – Why should you care about mobile devices? Going Mobile
- 8. • What is Mobile Computing? – (Relatively) New Business Model • Taking remote computing (laptops) to the next level • Includes Smartphones & Tablets • OEMs, Content & (Connectivity) Service Providers – Causing the Blur of Business & Personal Use • Personal content / access on business device • Business content / access on personal device • Personal use has driven business use Going Mobile
- 9. • Mobile Computing – Pros • Enhanced Productivity • Enables Remote Work • Potential Cost Savings • Enhanced Worker / Customer Satisfaction – Cons • Security, Legal & Privacy Issues Abound • Blurred Ownership for BYOD • Immature Technology • Lack of Strategy, Tactics & Policies Going Mobile
- 10. • Security Guidance – To Go or Not To Go Mobile • Go – Customers Are Asking / Begging for It! – Budget & Executive Support • Do Not Go – To Be Cool / Bleeding Edge – Save Money » Mobile technology is usually an enhancement/added functionality – Without a Strategy, Tactics & Policies Going Mobile
- 11. Going Mobile • Data Breaches & Security Incidents – Average Cost: $7.2 million – http://www.networkworld.com/news/2011/030811- ponemon-data-breach.html – Leading Cause: Negligence, 41%; Hacks, 31% – http://www.networkworld.com/news/2011/030811- ponemon-data-breach.html – Responsible Party: Vendors, 39% – http://www.theiia.org/chapters/index.cfm/view.news_detail/ cid/197/newsid/13809 – Increased Frequency: 2010-2011, 58% – http://www.out-law.com/en/articles/2011/october/personal- data-breaches-on-the-increase-in-private-sector-reports-ico/
- 13. Going Mobile
- 14. • Security Guidance – Mobile Device Digital Forensics • Policy – City of Ontario, CA v. Quon • Vendor / Counsel Due Diligence – Physical Security • Screen Filters Going Mobile
- 15. Going Mobile Outdated Thinking: 75% of companies have not addressed smartphone security* (60% cite security as biggest mobility obstacle*) IT is Organizing: Ad hoc deployment giving way to centralized policies that include all endpoints (Server, PC, Laptop and Mobile) Mobile/wireless IT spending likely to exceed IT budget growth in many organizations: 12.5% avg. growth rate (Source: Gartner) Increasing Mobile Device Threats: Mobile virus variants have doubled every 6 months since 2004 (235 mobile virus variants in H1’06) (Source: Symantec Security Response) Enterprise Faith: 80% of companies are allowing corporate data on devices, yet continue to not secure the data* Fastest Growing Device Segment: Smartphone growth = 77% Other mobiles = 27% Mobiles out ship PC’s 5:1 in 2006 (Source: Canalys for H1’05 to H1’06, IDC & Gartner) Source: Symantec
- 16. • BYOD – Affects all with devices and access to your network • Employees / Contractors / Vendors – Strategy First, Policy Second, Technology Third • Deployment – Who can and who cannot use BYOD? – Devices & applications supported? – Data wipes? – Replace procured devices (BlackBerries)? – Reimbursements? – Functionality? • Acceptable Use – Jailbreaking? – Back-ups? – Indemnity? Going Mobile
- 23. • BYOD – Strategy First, Policy Second, Technology Third • Technical Details – Mobile Device Management (MDM) – Mobile Application Management (MAM) – Enterprise App Stores – Data-boxing / Sandboxing Going Mobile
- 24. Source: CIO
- 25. Source: Dell
- 26. Source: Airwatch
- 27. Source: Airwatch
- 28. Source: Airwatch
- 29. Source: Nokia
- 30. • BYOD – Money • Additional Staff (IT Support, Accounting) • 100 Devices Cost $170,000 / Year – $172 / Month / User for VMware • What is reimbursable? What is not? – Batteries – Screen Covers – Docking Stations – Carrier Service Plans – Apps – Chargers Going Mobile Source: CIO
- 31. • BYOD – Productivity • Mobile Device Users Work More Hours – 240+ Hours Year • Classify Workers – Executives – (Non) Customer Facing – (Non) Exempt – FTEs / Contractors Going Mobile Source: WatchGuard
- 33. • Mobile Applications – Strategy First, Technology Second • Strategy – Centralized / De-centralized Departmental Deployments – End-User: Internal, External or Both – Development: Internal, External or Both – Mobile Device Platform(s) – Administration & Management • Technologies – Social Media – Custom Apps – Commercial Off the Shelf (COTS) Apps – Modified Apps Going Mobile
- 34. Going Mobile
- 35. Going Mobile
- 40. Seven Mobile App Development Tips • Keep it simple — Don’t overdo it. The app should mean one thing when you publicize it. Multiple functions may require a separate app or system. • Be open to ideas — Engage other departments in the design and functionality of the app. • Know your audience — The Internet is accessed more frequently via mobile solutions by people below the poverty line (due to the low initial price point). You’re involving a new group and need to plan your outreach accordingly. • Make it relevant — Know what functions and issues are of concern to the community and make your app more than just a problem reporting program. • Location, location, location — If your app doesn’t have a spatial component to it and you don’t have an ability to extract GIS information from the app, you’re more than missing the boat — you don’t know where the water is. • Data integration — Make sure the mobile app can feed into your existing work order or dispatch systems. You don’t want to waste staff time trying to bridge systems. • Cross-platform support — Don’t leave two-thirds of your public unable to interact with their local government easily because you decide to only develop Going Mobile Source: GovTech
- 41. Going Mobile • Mobile AppDev Vendor Due Diligence – Certifications, Attestations & Best Practices • SAS 70 Type II / SSAE 16 SOC I-II-III / ISAE 3402 • ISO 27001 / 2 • ISO 27036 • ISO 9000 • Capability Maturity Model Integration, CMMi • Building Security In Maturity Model, BSIMM
- 42. • Case Study: FCPS – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned – Next Steps Going Mobile
- 43. • Case Study: FCPS – Background –Push BYOD to 180k Students, 23k Staff – Drivers –Cost – Technologies –iOS, Android, BlackBerry Devices –WiFi via WPA2-Enterprise –XpressConnect WLAN Going Mobile
- 44. • Case Study: FCPS – Limitations –COPPA-based Regulations –Limited Staff & Budget – Risks –Lost Devices –Malware Infestations –COPPA Violations Going Mobile
- 45. • Case Study: FCPS – Lessons Learned –(Assumed) Choose Your Battles –(Assumed) Policy First – Nest Steps –(Assumed) Malware Detection –(Assumed) White Listing of Apps Going Mobile
- 46. Going Mobile • Presentation Take Aways – Mobile is here to stay. –With New Bells & Whistles (Big Data, etc.) – Paradigm Shift Towards Empowerment – Strategy & Due Diligence Are VERY Important –Must Consider the Ecosystem –Probably Not Cost Effective, Yet Productive
- 47. • Questions? • Contact – Email: steve@ncontrol-llc.com – Twitter: @markes1 – LI: http://www.linkedin.com/in/smarkey