how to make your security ‘aware’ in a byod world - fortinet · 2012-11-13 · 3 fortinet...

1 Fortinet Confidential

How to Make your Security

‘Aware’ in a BYOD World Graeme Nash

Director Strategic Solutions, Fortinet


Security Challenges in a BYOD world 1

What Security is Required? 2

Focus Points

Fortinet Answers Critical BYOD Questions 3

The 4 ‘Must-Have’ BYOD Security Features 4

Why Trust Fortinet? 5


What Our Customers Say About BYOD

“Users want to bring in their iPads, iPhones and Galaxy S3s … but

we’re not sure how to support them”

“My CFO heard we can save money through BYOD”

“We have to allow patients and guests on our guest network – but how

do we keep the doctor’s data safe?”

“What do I do about the devices not supported by my MDM ie.ROAD?”

“How do I embrace all the potential mobile collaboration productivity and

innovation benefits whilst securing my corporate assets?”

And the most common response…


What Customers Say About BYOD


BYOD Challenges: Just the Tip of the Iceberg…

• Device proliferation

• Web connectivity expansion

» Gaming consoles

» Media devices (e.g. TVs)

» Next-generation devices

» “The Internet of Things”

Printers Laptops Tablets Smartphones Scanners

Web-Connected

Media

Video Game

Systems

Specialty Application

Devices

Appliances Web-Connected Toys

Who Knows…

Health & Fitness

• Many web-enabled devices

do not allow installation of

software / agents

• Security features vary from

device to device


Fortinet Survey (EMEA results):

Gen-Y Workers’ Dependence/Control on Personal Devices

• 73% of respondents in EMEA are already regularly engaging in BYOD

practice

• What statement best sums up Gen-Y attitudes to device usage?

– 52% consider BYOD a right

– 48% consider BYOD a privilege

• What functions couldn’t they live without for more than a day ?

– Private calls – 42%

– SMS – 39%

– Private email – 38%

– Social Media – 23%

• Who is responsible for your device security?

– The user – 74%

– The company – 14%


Fortinet Survey:

Gen-Y workers attitude towards BYOD corporate policy

Worldwide EMEA APAC US

Yes 36% 27% 47% 29%

No 64% 73% 53% 71%

1-in-3 of respondents would contravene company

policy banning the use of personal device for work purposes

If your employer has/had a policy which prohibits the use of personal

devices in the work environment or for work purposes, have you

/would you ever use a personal device in contravention of this policy?




Focus Points





Through Corporate Policy

• Complete Denial – Difficult to Enforce

• By Specifying Corporate assets only

(RIM, Citrix, VMWare)

• Endpoint Clients

• Network-based – By behavior on the

network


Through Mobile Device Management

Gartner MDM Magic Quadrant MDM consists of: *

• Software Mgt.

• Config, backup, updates…

• Network Service Mgt.

• Location, usage…

• Hardware Mgt.

• Provisioning, activation…

• Security Mgt.

• Remote wipe, secure config…

* Gartner Group Magic Quadrant

For Mobile Device Management

Software May, 2012

BUT …..

• Managing the sprawl == $$

• 3 times as many employees consider device

security to be their own responsibility **

** Fortinet Gen-Y BYOD Survey

June, 2012


It’s All About Mobile Device Connectivity and its Traffic

No Client VPN VPN & 2

Factor

Virtual Desktop (incl VPN

& 2 Factor)

Employee Devices With Mobile Device Management

Corporate Owned Devices

Uncontrolled

Devices

MDM

Client • Mobile Clients

• 2-Factor Authentication

MDM

Client

• Most organizations require a spectrum of solutions

• No perfect solution for all environments

• Trade-offs for each solution

Network Security


The Network Is The Common Denominator

• The network is THE core element in any approach you take

• The network handles all the traffic, secures it, logs it and reports upon it

• Regardless of what’s on the device

Network (LAN & WAN)

Enterprise Mobile Apps

Mobile Device

Management

Unmanaged Endpoint/

Device

Consumer Mobile Apps


BYOD Enablement through Network Security

Emily, a customer, needs guest access to

Skype on her iPad while visiting your

headquarters

Bill’s device is infected with malware and he

brings it on the corporate network

Jill is at Starbucks and needs to communicate

and be protected as if she was at HQ.

WiFi Guest Access

Bandwidth

Management

2-Factor Authentication

VPN Tunneling

Antivirus


BYOD Enablement through Network Security (Cont.)

Sue is in corporate marketing and should

have access to post non-sensitive

information to Facebook, but she should not

be playing Farmville

Joe started streaming movies while at work

through his tablet – this is against corporate

policy

Application Control

Data Leakage

Prevention

Application Control

Ed unintentionally shared a sensitive

company presentation via his personal

Gmail account on his Android Phone.

Data Leakage

Prevention




Focus Points





Enabling BYOD: The 3 Critical Questions To Ask

1. Who are you?

2. Where do you want to go?

3. What data do you need?


User ID + Device ID

Identity Policies Sig./MAC Address ID

Device Identification Access Control Security Application

Security Profiles

Awareness

Who Are You? : Device Identity


Who Are You?

Fortinet provides the answer:

»Connection to corporate LDAP and Radius servers

»Two Factor Authentication (hard and soft tokens) + Client Certificates

»SMS and email based two factor authentication

»Guest provisioning

»Supports range of end user platforms (iPhone, iPad, Android)


Where Do You Want to Go?

Security on the LAN: • Control of wireless access and

security policies enforcement

• All data flowing to and from

the network is inspected,

logged, and managed through

FortiGate

Retail

Store Home

Coffee Shop

School

Security on the WAN: • Supports 3G, 4G, LTE, Cable

DSL, WiMax

• Connect via VPN & 2-Factor

Authentication agents

(FortiClient & FortiToken)

• All data flowing to and from the

network is inspected, logged,

and managed through FortiGate


Fortinet Solution Solves BYOD challenge

Data Loss Prevention Prevent mobile users from sending sensitive

data outside the network

Application Control Prevent mobile users from accessing non-

corporate approved applications

AntiMalware Prevent propagation from infected devices

Spam Filtering Protect email regardless of receiving device

Web Filtering Protect mobile users against malicious sites

Traffic Shaping Limit mobile applications to preserve

bandwidth

What Data Do You Need?




Focus Points





Critical Technology No.1:

Integrating the Wireless Controller into the UTM Gateway



Stronger, BYOD Specific Technical Controls

• Define security controls by:

» Traditional IP address

» Self-learning device identity

» User identity

• Allow (deny) by device type,

username, IP or MAC address

» What you use dictates where you go

• Take your device home



Client Reputation Management

• Find the Bad Guy, avoid the Bad Server

• Reputation built by activity

»What you do, Where you go,

How you get there

»Hosted content

• Drill down report for those with the

worst reputations

»What did they do, Where did they go

»What applications did they run

»Administrator defined thresholds


Enterprise Authentication Server Identity Management and User Access Control


Enterprise Authentication Server

LDAP

User Database

Issuing CA

FortiToken

FortiAuthenticator

Authentication and Authorization

RADIUS, LDAP, 802.1X, EAP-TLS

Two Factor Authentication

FortiToken

Tokenless, via SMS and email

Certificate Management

X.509 Certificate Signing, Certificate Revocation,

SCEP

Remote Device / Unattended Authentication

Fortinet Single Sign on

Active Directory Polling

RADIUS Integration


Pulling it Together … BYOD’s Core Moving Parts

CLIENT

Wired &

Wireless

Devices

MANAGEMENT &

REPORTING

All data flowing to and from

the network is inspected,

logged, and managed

through the UTM

WIRELESS CONTROL

SECURITY SERVICES

UTM : Unified Threat

Management

ACCESS

POINT

Wired &

Wireless

AUTHENTICATION

SERVICES

Infrastructure-wide

2-Factor Tokens

Token-less


Summary & Action Plan

Today:

Receive your ‘Yes to BYOD’ and Gen-Y Survey whitepapers at

stand S5 in the ITExpo!

Back at the office:

Validate your BYOD drivers and (fully) quantify benefit!

Review your security infrastructure’s ‘BYOD Core Moving Parts’

Longer Term:

Enhance your BYOD project ‘bang-for-buck’ by securing network

traffic from all sources/clients

Deliver the required granularity of security controls for BYOD




Focus Points





Fortinet – A Strong Security Player

$434

$39

$80

$123

$155

$212

$252

$325

FORTINET REVENUE ($M)

55% CAGR

Q2’12 Revenue $129 M 25% Y/Y Growth

$13

‘03 ‘04 ‘05 ‘06 ‘07 ‘08 ‘09 ‘10 ‘11

Market Leader

Advanced technology and products • 100+ patents; 110+ pending

Strong global footprint • 1,600+ employees; 30 offices worldwide

Blue chip customer base • 125,000 customers

(including majority of Global 100)

Exceptional financial model • FY11 revenues: $434 M

- 34% YoY growth

• Strong balance sheet: $500M+ in cash

- No debt


Fortinet – A Security Label

Major Certifications Other Recognitions

http://images.google.com/imgres?imgurl=http://www.sher.be/images/section/en/logo_iso.gif&imgrefurl=http://www.sher.be/en/others/iso.asp&usg=__4rZAkZD0DbKhHCyou9WSwm0whIw=&h=1046&w=1046&sz=29&hl=en&start=8&um=1&tbnid=kZDY8b2G-awMSM:&tbnh=150&tbnw=150&prev=/images?q=ISO+9001+logo&hl=en&rlz=1T4SKPB_enUS304US304&sa=X&um=1


Thank You

www.fortinet.com

how to make your security ‘aware’ in a byod world - fortinet · 2012-11-13 · 3 fortinet...

Documents