Beruflich Dokumente
Kultur Dokumente
Agenda
What is BYOC?
What is BYOC?
BYOC = Bring your own Computer a.k.a. BYOPC, BYOL Three models: 1. Employer provides a stipend for the employee to purchase their laptop of choice, which will then be owned by the employee. 2. Employee chooses laptop from a list of pre-approved machines. 3. Employee is given instructions on how to connect to corporate resources, but can use any machine.
Why BYOC?
User demand Choice computing Executive bling Extension of smartphones New generation millennials Business demand Reduce hardware assets Part-time workers, contractors Enable work from anywhere Happy employees = productive employees Bottom line: Users are doing it, with or without IT
What you can apply from this session At the end of this session, you will be able to:
Understand the predominant models for BYOC and their relative strengths and weaknesses Evaluate the security of a BYOC solution Avoid common pitfalls in BYOC Plan a successful BYOC deployment
Users vs IT
How to deliver services? Technique 1: Provide essential services via web applications Technique 2: Provide a remote desktop (VDI or TS) session Technique 3: Provide virtualized applications that run locally Technique 4: Provide managed corporate virtual machine to run locally
Good: Access from any device Bad: Takes a long time to rewrite all your apps, no offline access
10
11
12
Good: Secure, personalized, offline access, crossplatform, local execution, easy recovery Bad: Minimum HW requirement
13
Threat Models
Malicious employees Malware infections Screen scrapers or keyloggers Generic viruses/worms Targeted malware Lost or stolen laptops, borrowed machines Targeted attacks and espionage
15
16
7 Layers of Security
Anti-virus scan of host PC Full virtual machine encapsulation AES-256 encryption Tamper resistance and copy protection AD and two-factor authentication Granular security policies Remote kill
17
Anti-virus scan of host PC Protects against most known attacks/malware Policy enforcement:
Maximum age of signature file Periodic scan frequency Automatic keyboard/screen lock until scan completes
18
19
20
Tamper resistance and copy protection Protect against copying data to another device Tie the virtual machine to physical hardware identifiers and/or TPM HMAC of all data to detect tampering
21
AD and two-factor authentication Use RSA SecurID or other second-factor authentication Protects against lost password, lost device; limits exposure window
22
23
Remote kill Can mark a device as lost or stolen Device receives a kill pill, securely zeroes all data and sends back confirmation Mitigates risk from a lost device or rogue employee/contractor
24
25
26
Legal Challenges
Who owns the hardware? Who owns the software? Who owns the data? Mixing corporate and personal on the same device Liability concerns Software licensing What to do when someone is terminated or leaves the company? Not much different than BYO Smartphone, work-from-home One solution: Put corporate environment on separate USB or SD card Need a way to reclaim licenses, erase corporate data (poison pill)
27
28
Results
Significant proportion choose Macs Increased machine usage More work on weekends and after hours Fewer support calls Users more tolerant and responsible, willing to learn Fewer lost devices Take better care because they are invested in it
29
Key Takeaways
1. Focus on securing the data, not the device 2. Good security practices are essential, with or without BYOC 3. BYOC can save money, reduce support calls, and lead to happier users
30