How to Make Your Security Aware in a BYOD World Symposium Barcelona Spain

8/12/2019 How to Make Your Security Aware in a BYOD World Symposium Barcelona Spain

1/31

1 Fortinet Confidential

How to Make your Security

Aware in a BYOD WorldGraeme NashDirector Strategic Solutions, Fortinet


2/31


Security Challenges in a BYOD world1

What Security is Required?2

Focus Points

Fortinet Answers Critical BYOD Questions3

The 4 Must-Have BYOD Security Features4

Why Trust Fortinet?5


3/31


What Our Customers Say About BYOD

Users want to bring in their iPads, iPhones and Galaxy S3s butwere not sure how to support them

My CFO heard we can save money through BYOD

We have to allow patients and guests on our guest network but howdo we keep the doctors data safe?

What do I do about the devices not supported by my MDM ie.ROAD?

How do I embrace all the potential mobile collaboration productivity and

innovation benefits whilst securing my corporate assets?

And the most common response


4/31


What Customers Say About BYOD


5/31


BYOD Challenges: Just the Tip of the Iceberg

Device proliferation Web connectivity expansion

Gaming consoles

Media devices (e.g. TVs)

Next-generation devices

The Internet of Things

PrintersLaptops Tablets Smartphones Scanners

Web-ConnectedMedia

Video GameSystems

Specialty ApplicationDevices

Appliances Web-Connected Toys

Who Knows

Health & Fitness

Many web-enabled devicesdo not allow installation ofsoftware / agents

Security features vary fromdevice to device


6/31


Fortinet Survey (EMEA results):Gen-Y Workers Dependence/Control on Personal Devices

73% of respondents in EMEA are already regularly engaging in BYODpractice

What statement best sums up Gen-Y attitudes to device usage?

52% consider BYOD a right

48% consider BYOD a privilege

What functions couldnt they live without for more than a day ?

Private calls42%

SMS39%

Private email38%

Social Media23% Who is responsible for your device security?

The user74%

The company14%


7/31


Fortinet Survey:Gen-Y workers attitude towards BYOD corporate policy

Worldwide EMEA APAC US

Yes 36% 27% 47% 29%

No 64% 73% 53% 71%

1-in-3 of respondents would contravene companypolicy banning the use of personal device for work purposes

If your employer has/had a policy which prohibits the use of personaldevices in the work environment or for work purposes, have you/would you ever use a personal device in contravention of this policy?


8/31




Focus Points





9/31


Through Corporate Policy

Complete DenialDifficult to Enforce

By Specifying Corporate assets only(RIM, Citrix, VMWare)

Endpoint Clients

Network-basedBy behavior on thenetwork


10/31


Through Mobile Device Management

Gartner MDM Magic QuadrantMDM consists of: * Software Mgt.

Config, backup, updates

Network Service Mgt.

Location, usage

Hardware Mgt.

Provisioning, activation

Security Mgt.

Remote wipe, secure config

* Gartner Group Magic QuadrantFor Mobile Device ManagementSoftware May, 2012

BUT ..

Managing the sprawl == $$

3 times as many employees consider device

security to be their own responsibility **

** Fortinet Gen-Y BYOD SurveyJune, 2012


11/31


Its All About Mobile Device Connectivity and its Traffic

No Client VPNVPN& 2

Factor

VirtualDesktop(incl VPN

& 2 Factor)

EmployeeDevices WithMobile DeviceManagement

CorporateOwned Devices

Uncontrolled

Devices

MDM

Client

Mobile Clients

2-Factor Authentication

MDM

Client

Most organizations require a spectrum of solutionsNo perfect solution for all environmentsTrade-offs for each solution

Network Security


12/31


The Network Is The Common Denominator

The network is THE core element in any approach you take

The network handles all the traffic, secures it, logs it and reports upon it

Regardless of whats on the device

Network(LAN & WAN)

Enterprise

MobileApps

MobileDevice

Management

UnmanagedEndpoint/

Device

Consumer

MobileApps


13/31


BYOD Enablement through Network Security

Emily, a customer, needs guest access toSkype on her iPad while visiting yourheadquarters

Bills device is infected with malware and he

brings it on the corporate network

Jill is at Starbucks and needs to communicate

and be protected as if she was at HQ.

WiFi Guest AccessBandwidth

Management

2-Factor Authentication

VPN Tunneling

Antivirus


14/31


BYOD Enablement through Network Security (Cont.)

Sue is in corporate marketing and shouldhave access to post non-sensitiveinformation to Facebook, but she should notbe playing Farmville

Joe started streaming movies while at workthrough his tabletthis is against corporatepolicy

Application ControlData Leakage

Prevention

Application Control

Ed unintentionally shared a sensitivecompany presentation via his personalGmail account on his Android Phone.

Data LeakagePrevention


15/31




Focus Points





16/31


Enabling BYOD: The 3 Critical Questions To Ask

1. Whoare you?

2. Wheredo you want to go?

3. Whatdata do you need?


17/31


User ID + Device ID

Identity PoliciesSig./MAC Address ID

Device Identification Access Control Security Application

Security Profiles

Awareness

WhoAre You? : Device Identity


18/31


WhoAre You?

Fortinet provides the answer: Connection to corporate LDAP and Radius servers

Two Factor Authentication (hard and soft tokens) + Client Certificates

SMS and email based two factor authentication

Guest provisioning

Supports range of end user platforms (iPhone, iPad, Android)


19/31


WhereDo You Want to Go?

Security on the LAN: Control of wireless access and

security policies enforcement All data flowing to and from

the network is inspected,logged, and managed through

FortiGate

RetailStoreHome

Coffee Shop

School

Security on the WAN: Supports 3G, 4G, LTE, Cable

DSL, WiMax Connect via VPN & 2-Factor

Authentication agents(FortiClient & FortiToken)

All data flowing to and from thenetwork is inspected, logged,and managed through FortiGate


20/31


Fortinet Solution Solves BYOD challenge

Data Loss PreventionPrevent mobile users from sending sensitivedata outside the network

Application ControlPrevent mobile users from accessing non-corporate approved applications

AntiMalware Prevent propagation from infected devices

Spam Filtering Protect email regardless of receiving deviceWeb Filtering Protect mobile users against malicious sitesTraffic Shaping

Limit mobile applications to preservebandwidth

WhatData Do You Need?


21/31




Focus Points





22/31


Critical Technology No.1:Integrating the Wireless Controller into the UTM Gateway


23/31


Critical Technology No.2:Stronger, BYOD Specific Technical Controls

Define security controls by:Traditional IP address

Self-learning device identity

User identity

Allow (deny) by device type,username, IP or MAC address

What you use dictates where you go

Take your device home


24/31


Critical Technology No.3:Client Reputation Management

Find the Bad Guy, avoid the Bad Server Reputation built by activity

What you do, Where you go,

How you get there

Hosted content

Drill down report for those with theworst reputations

What did they do, Where did they go

What applications did they run

Administrator defined thresholds


25/31


Enterprise Authentication ServerIdentity Management and User Access Control

Critical Technology No.4:Enterprise Authentication Server

LDAPUser Database

Issuing CA

FortiToken

FortiAuthenticator

Authentication and Authorization RADIUS, LDAP, 802.1X, EAP-TLS

Two Factor Authentication FortiToken

Tokenless, via SMS and email

Certificate Management X.509 Certificate Signing, Certificate Revocation,

SCEP Remote Device / Unattended Authentication

Fortinet Single Sign on Active Directory Polling

RADIUS Integration


26/31


Pulling it Together BYODs Core Moving Parts

CLIENTWired &

Wireless

Devices

MANAGEMENT &REPORTING

All data flowing to and from

the network is inspected,

logged, and managed

through the UTM

WIRELESS CONTROLSECURITY SERVICES

UTM : Unified Threat

Management

ACCESSPOINT

Wired &

Wireless

AUTHENTICATIONSERVICES

Infrastructure-wide

2-Factor Tokens

Token-less


27/31


Summary & Action Plan

Today: Receiveyour Yes to BYOD and Gen-Y Survey whitepapers at

stand S5in the ITExpo!

Back at the office:

Validate your BYOD drivers and (fully) quantify benefit!

Review your security infrastructures BYOD Core Moving Parts

Longer Term:

Enhance your BYOD project bang-for-buck by securing networktraffic from allsources/clients

Deliver the required granularity of security controls for BYOD


28/31




Focus Points





29/31


FortinetA Strong Security Player

$434

$39

$80

$123

$155

$212

$252

$325

FORTINET REVENUE ($M)55% CAGR

Q212 Revenue $129 M25% Y/Y Growth

$13

03 04 05 06 07 08 09 10 11

Market Leader

Advanced technology and products 100+ patents; 110+ pending

Strong global footprint 1,600+ employees; 30 offices worldwide

Blue chip customer base 125,000 customers

(including majority of Global 100)

Exceptional financial model

FY11 revenues: $434 M- 34% YoY growth

Strong balance sheet: $500M+ in cash

- No debt


30/31


FortinetA Security Label

Major Certifications Other Recognitions
http://images.google.com/imgres?imgurl=http://www.sher.be/images/section/en/logo_iso.gif&imgrefurl=http://www.sher.be/en/others/iso.asp&usg=__4rZAkZD0DbKhHCyou9WSwm0whIw=&h=1046&w=1046&sz=29&hl=en&start=8&um=1&tbnid=kZDY8b2G-awMSM:&tbnh=150&tbnw=150&prev=/images?q=ISO+9001+logo&hl=en&rlz=1T4SKPB_enUS304US304&sa=X&um=1http://images.google.com/imgres?imgurl=http://www.sher.be/images/section/en/logo_iso.gif&imgrefurl=http://www.sher.be/en/others/iso.asp&usg=__4rZAkZD0DbKhHCyou9WSwm0whIw=&h=1046&w=1046&sz=29&hl=en&start=8&um=1&tbnid=kZDY8b2G-awMSM:&tbnh=150&tbnw=150&prev=/images?q=ISO+9001+logo&hl=en&rlz=1T4SKPB_enUS304US304&sa=X&um=1


31/31


Thank Youwww.fortinet.com

How to Make Your Security Aware in a BYOD World Symposium Barcelona Spain

Documents

Transcript of How to Make Your Security Aware in a BYOD World Symposium Barcelona Spain