Securing Generation “Y” ..and the businesses they are now being hired by…

Andrew MoloneyMarketing Director, EMEA

CXO DialogueNovember 23rd 2010

Introducing Generation Y

Key Findings in our Research

Impact of Consumer Driven IT

How Security Must Change

Generation “Y”* are now joining the workforce

*…also known as

the Millennial Generation, Generation Next

or Net Generation

Introducing Generation Y

Key Findings in our Research

Impact of Consumer Driven IT

How Security Must Change

Our Generation Y Research

n=1,000, ages 18-24

• employed full-time 25%

• employed part-time 37%

• unemployed 37%

Currently looking for a job 38%

Not currently looking for a job, 39%but I expect to begin looking within the next year

Not currently looking for a job, 24%nor do I plan to look for a job within the next year

Security aware, but easily lead and Socially “Promiscuous”

76% say most of their contemporaries willingly take chances with security in return for lower prices.

91% of young adults who use social networks list friends they don't know well.

• 88% are “friends” with an acquaintance

• 44% with someone they’ve met online but not in person• 44% with someone they’ve met online but not in person

• 33% with someone they’ve never met online or in person

37% of social networkers admit that their profile info on their social network profile is viewable by people outside their friends’ list

34% of social networkers admit that their photos, videos, and blogs are viewable by people outside their friends’ list

Source: Generation Y Online Security Survey: TRU Research; sponsored by RSA

Insecure online banking practices..

81% say they bank online

66% feel very safe sharing financial information online

However….

• 42% conduct online banking transactions from a public computer

• 53% use public Wi-Fi spots• 53% use public Wi-Fi spots

• 55% Never check their credit reports

• 76% select PIN numbers that will be easy to remember

• 32% never change their passwords

Source: Generation Y Online Security Survey: TRU Research; sponsored by RSA

Convenience trumps Safety..

76% agree it’s very important to change your online passwords/PIN numbers regularly.

55% are concerned that someone will figure out their passwords on password‐protected sites.

• Yet, 32% never change their passwords on email, social network sites, or banking sites.

‐

sites, or banking sites.

87% say it’s very important to use different or complex passwords for online accounts.

• Yet, 52% usually use the same password for all accounts, and 44% usually use the same PIN.

26% store their passwords on their computer/PDA so they won’t forget them.

Source: Generation Y Online Security Survey: TRU Research; sponsored by RSA

Reputational Risk for Employers?

77% are currently searching for a job or are about to begin job hunting

However…of the 96% that visit social networking sites:

• 56% Used curse words in online posts

• 37% Posted photos, videos, or comments online that include cigarettes, alcohol, or drugs

•cigarettes, alcohol, or drugs

• 26% Posted online comments that are sexual in nature

• 25% Posted embarrassing or compromising photos, videos, or comments online that they would not want viewed by a parent or employer

• 20% Found photos online that were posted without their knowledge

• 18% Were a victim of someone hacking into their email or social networking account

Introducing Generation Y

Key Findings in our Research

Impact of Consumer Driven IT

How Security Must Change

With devices affordable and pervasive, “digital natives” are creating personal infrastructures that extend into the workplace

20

30

23.2

During an average workday, how many hours would you

estimate that you spend using …?

Gen Y spends

That the sum of

hours spent using

devices at work

totals almost a full

calendar day

implies significant

multi-tasking and

10

PersonalComputer

7.07.8

8.5

PDA,BlackBerryor smart phone

1.11.7

4.0

Mobile phone

1.62.5

4.9

All devicesin survey

10.5

14.0

Baby boomer

Gen X

Gen Y

Base = 700 white

collar professionals

Gen Y spends

significantly more time

using mobile devices at

work

multi-tasking and

the

interchangeability

of the devices

Source: LexisNexis / WorldOne Research

Media accessed via these devices are nearly at full penetration among Gen-Y-ers, and enterprises are adopting them too

80

100% 97% 95% 93% 92% 90% 88%

75% 73%

Gen-Y: Are you a member of an online social network?

(Facebook, Bebo, MySpace, etc.)

Selected Countries

Penetration of Corporate Social

Networking

Social networking is part ofour business and operations

strategy30%

Our CEO is on Facebook 31%

20

40

60

Hon

gKon

gNet

herla

nds

Fran

ce

USA

Turk

ey

Chi

le

Braz

ilRus

sia

Sou

thAfri

ca

61%

Arg

entin

a

58%

Source: PricewaterhouseCoopers, Deloitte

We post corporate videoson YouTube

13%

Our CEO has a Twitterprofile

14%

We use social networkingfor recruiting purposes

23%

We utilize social networkingas a tool to manage and

build our brand29%

strategy

Consumerisation of IT, will shift power from the company to the individual – security strategy must evolve accordingly

Employees bring personal

technology to the workplace

–Companies are forced to embrace consumer technology, and find scalable ways to manage the

multiplicity of devices (BYOC, desktop virtualization, etc.)

–Companies are forced to develop policies and approaches for managing online risk pertaining to

confidential information, brand, etc.

Employees manage

reputation, personal brand,

job searches etc. online –

often via virtual identities

Source: Gartner, Forrester, Economist Intelligence Unit, EMC analysis

–Business takes ownership of online processes, end user devices and associated risk, with IT

providing guidance and tools

Businesses increasingly

leverage consumer

technologies for corporate

purposes

•• IT / CISO are no longer allIT / CISO are no longer all--knowing authoritiesknowing authorities

•• Some security vulnerabilities move from “forbidden” to “manageable”Some security vulnerabilities move from “forbidden” to “manageable”

•• Business takes responsibility for actions of employeesBusiness takes responsibility for actions of employees

Introducing Generation Y

Key Findings in our Research

Impact of Consumer Driven IT

How Security Must Change

Managing Risk and Threats

No clear visibility to

threats and exposures

Inability to adequately

address exposures Slow to respond

15

threats and exposures address exposures Slow to respond

The CSO’s Challenge: Can they answer?

Am I secure?

Am I compliant?

Where do I have gaps?

How do I prioritize?

Managing Security with Accelerating Threats, Evolving Technologies, New Business Models …

… is not easy

• Information growth

• Mobility, virtualization & cloud

• Evolving threat landscape

• Collaboration / Exchange

Agency Staff Privileged Users

Apps/DB StorageFS/CMSNetworkEndpointRemote Employees

Channels

VPN

Privileged Users Privileged Users Privileged Users

-BusinessAnalytics

-ElectronicHealth Records

-Replica

-BackupDisk

-Backup Tape

-SharePointRoom, etc.

-File Server

-DiskArrays

-ProductionDatabase

-Physicians

-Clinical

Users

Endpoint

theft/loss

Network Leak

Email-IM-HTTP-

FTP-etc.

Privileged

User Breach

Inappropriate

Access

Tapes lost or

stolen

Data LeakPublic

Infrastructure

Access Hack

Unintentional

Distribution

(Semi)

Trusted User

Misuse

Discarded

disk exploited

-Patients

Partner Entry Points

Partners

Channels

Customers

Channels

Partner Entry Points

Point ToolPolicy

Team

Traditional Approach

Point ToolPolicy

Team

Point ToolPolicy

Team

Network Endpoint Applications

Fragmented Inflexible Inconsistent Costly

Security Trends -The World Has Changed

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Perimeter

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Static

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Transactional

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Dynamic

History(Outside–In)

Today / Future(Outside–In + Inside-Out)

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Point Products

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Bolt On

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Intrusion Detection

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Visible

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Ecosystem Solutions

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Embedded

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Content Oriented

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Seamless / Transparent

Summary

As Generation Y join the workforce, the means by which we secure, not only them, but our enterprises must adapt accordingly

Static, perimeter centric controls will be insufficient in a socially connected, consumer driven, virtualised, cloud based environmentbased environment

Security must evolve to be;

• Risk based

• Information Centric

• Adaptive

• Intelligent

amoloney@rsa.com

Twitter: @AJMoloney

Thank you!