how to make your security ‘aware’ in a byod world - fortinet · 2012-11-13 · 3 fortinet...
TRANSCRIPT
1 Fortinet Confidential
How to Make your Security
‘Aware’ in a BYOD World Graeme Nash
Director Strategic Solutions, Fortinet
2 Fortinet Confidential
Security Challenges in a BYOD world 1
What Security is Required? 2
Focus Points
Fortinet Answers Critical BYOD Questions 3
The 4 ‘Must-Have’ BYOD Security Features 4
Why Trust Fortinet? 5
3 Fortinet Confidential
What Our Customers Say About BYOD
“Users want to bring in their iPads, iPhones and Galaxy S3s … but
we’re not sure how to support them”
“My CFO heard we can save money through BYOD”
“We have to allow patients and guests on our guest network – but how
do we keep the doctor’s data safe?”
“What do I do about the devices not supported by my MDM ie.ROAD?”
“How do I embrace all the potential mobile collaboration productivity and
innovation benefits whilst securing my corporate assets?”
And the most common response…
4 Fortinet Confidential
What Customers Say About BYOD
5 Fortinet Confidential
BYOD Challenges: Just the Tip of the Iceberg…
• Device proliferation
• Web connectivity expansion
» Gaming consoles
» Media devices (e.g. TVs)
» Next-generation devices
» “The Internet of Things”
Printers Laptops Tablets Smartphones Scanners
Web-Connected
Media
Video Game
Systems
Specialty Application
Devices
Appliances Web-Connected Toys
Who Knows…
Health & Fitness
• Many web-enabled devices
do not allow installation of
software / agents
• Security features vary from
device to device
6 Fortinet Confidential
Fortinet Survey (EMEA results):
Gen-Y Workers’ Dependence/Control on Personal Devices
• 73% of respondents in EMEA are already regularly engaging in BYOD
practice
• What statement best sums up Gen-Y attitudes to device usage?
– 52% consider BYOD a right
– 48% consider BYOD a privilege
• What functions couldn’t they live without for more than a day ?
– Private calls – 42%
– SMS – 39%
– Private email – 38%
– Social Media – 23%
• Who is responsible for your device security?
– The user – 74%
– The company – 14%
7 Fortinet Confidential
Fortinet Survey:
Gen-Y workers attitude towards BYOD corporate policy
Worldwide EMEA APAC US
Yes 36% 27% 47% 29%
No 64% 73% 53% 71%
1-in-3 of respondents would contravene company
policy banning the use of personal device for work purposes
If your employer has/had a policy which prohibits the use of personal
devices in the work environment or for work purposes, have you
/would you ever use a personal device in contravention of this policy?
8 Fortinet Confidential
Security Challenges in a BYOD world 1
What Security is Required? 2
Focus Points
Fortinet Answers Critical BYOD Questions 3
The 4 ‘Must-Have’ BYOD Security Features 4
Why Trust Fortinet? 5
9 Fortinet Confidential
Through Corporate Policy
• Complete Denial – Difficult to Enforce
• By Specifying Corporate assets only
(RIM, Citrix, VMWare)
• Endpoint Clients
• Network-based – By behavior on the
network
10 Fortinet Confidential
Through Mobile Device Management
Gartner MDM Magic Quadrant MDM consists of: *
• Software Mgt.
• Config, backup, updates…
• Network Service Mgt.
• Location, usage…
• Hardware Mgt.
• Provisioning, activation…
• Security Mgt.
• Remote wipe, secure config…
* Gartner Group Magic Quadrant
For Mobile Device Management
Software May, 2012
BUT …..
• Managing the sprawl == $$
• 3 times as many employees consider device
security to be their own responsibility **
** Fortinet Gen-Y BYOD Survey
June, 2012
11 Fortinet Confidential
It’s All About Mobile Device Connectivity and its Traffic
No Client VPN VPN & 2
Factor
Virtual Desktop (incl VPN
& 2 Factor)
Employee Devices With Mobile Device Management
Corporate Owned Devices
Uncontrolled
Devices
MDM
Client • Mobile Clients
• 2-Factor Authentication
MDM
Client
• Most organizations require a spectrum of solutions
• No perfect solution for all environments
• Trade-offs for each solution
Network Security
12 Fortinet Confidential
The Network Is The Common Denominator
• The network is THE core element in any approach you take
• The network handles all the traffic, secures it, logs it and reports upon it
• Regardless of what’s on the device
Network (LAN & WAN)
Enterprise Mobile Apps
Mobile Device
Management
Unmanaged Endpoint/
Device
Consumer Mobile Apps
13 Fortinet Confidential
BYOD Enablement through Network Security
Emily, a customer, needs guest access to
Skype on her iPad while visiting your
headquarters
Bill’s device is infected with malware and he
brings it on the corporate network
Jill is at Starbucks and needs to communicate
and be protected as if she was at HQ.
WiFi Guest Access
Bandwidth
Management
2-Factor Authentication
VPN Tunneling
Antivirus
14 Fortinet Confidential
BYOD Enablement through Network Security (Cont.)
Sue is in corporate marketing and should
have access to post non-sensitive
information to Facebook, but she should not
be playing Farmville
Joe started streaming movies while at work
through his tablet – this is against corporate
policy
Application Control
Data Leakage
Prevention
Application Control
Ed unintentionally shared a sensitive
company presentation via his personal
Gmail account on his Android Phone.
Data Leakage
Prevention
15 Fortinet Confidential
Security Challenges in a BYOD world 1
What Security is Required? 2
Focus Points
Fortinet Answers Critical BYOD Questions 3
The 4 ‘Must-Have’ BYOD Security Features 4
Why Trust Fortinet? 5
16 Fortinet Confidential
Enabling BYOD: The 3 Critical Questions To Ask
1. Who are you?
2. Where do you want to go?
3. What data do you need?
17 Fortinet Confidential
User ID + Device ID
Identity Policies Sig./MAC Address ID
Device Identification Access Control Security Application
Security Profiles
Awareness
Who Are You? : Device Identity
18 Fortinet Confidential
Who Are You?
Fortinet provides the answer:
»Connection to corporate LDAP and Radius servers
»Two Factor Authentication (hard and soft tokens) + Client Certificates
»SMS and email based two factor authentication
»Guest provisioning
»Supports range of end user platforms (iPhone, iPad, Android)
19 Fortinet Confidential
Where Do You Want to Go?
Security on the LAN: • Control of wireless access and
security policies enforcement
• All data flowing to and from
the network is inspected,
logged, and managed through
FortiGate
Retail
Store Home
Coffee Shop
School
Security on the WAN: • Supports 3G, 4G, LTE, Cable
DSL, WiMax
• Connect via VPN & 2-Factor
Authentication agents
(FortiClient & FortiToken)
• All data flowing to and from the
network is inspected, logged,
and managed through FortiGate
20 Fortinet Confidential
Fortinet Solution Solves BYOD challenge
Data Loss Prevention Prevent mobile users from sending sensitive
data outside the network
Application Control Prevent mobile users from accessing non-
corporate approved applications
AntiMalware Prevent propagation from infected devices
Spam Filtering Protect email regardless of receiving device
Web Filtering Protect mobile users against malicious sites
Traffic Shaping Limit mobile applications to preserve
bandwidth
What Data Do You Need?
21 Fortinet Confidential
Security Challenges in a BYOD world 1
What Security is Required? 2
Focus Points
Fortinet Answers Critical BYOD Questions 3
The 4 ‘Must-Have’ BYOD Security Features 4
Why Trust Fortinet? 5
22 Fortinet Confidential
Critical Technology No.1:
Integrating the Wireless Controller into the UTM Gateway
23 Fortinet Confidential
Critical Technology No.2:
Stronger, BYOD Specific Technical Controls
• Define security controls by:
» Traditional IP address
» Self-learning device identity
» User identity
• Allow (deny) by device type,
username, IP or MAC address
» What you use dictates where you go
• Take your device home
24 Fortinet Confidential
Critical Technology No.3:
Client Reputation Management
• Find the Bad Guy, avoid the Bad Server
• Reputation built by activity
»What you do, Where you go,
How you get there
»Hosted content
• Drill down report for those with the
worst reputations
»What did they do, Where did they go
»What applications did they run
»Administrator defined thresholds
25 Fortinet Confidential
Enterprise Authentication Server Identity Management and User Access Control
Critical Technology No.4:
Enterprise Authentication Server
LDAP
User Database
Issuing CA
FortiToken
FortiAuthenticator
Authentication and Authorization
RADIUS, LDAP, 802.1X, EAP-TLS
Two Factor Authentication
FortiToken
Tokenless, via SMS and email
Certificate Management
X.509 Certificate Signing, Certificate Revocation,
SCEP
Remote Device / Unattended Authentication
Fortinet Single Sign on
Active Directory Polling
RADIUS Integration
26 Fortinet Confidential
Pulling it Together … BYOD’s Core Moving Parts
CLIENT
Wired &
Wireless
Devices
MANAGEMENT &
REPORTING
All data flowing to and from
the network is inspected,
logged, and managed
through the UTM
WIRELESS CONTROL
SECURITY SERVICES
UTM : Unified Threat
Management
ACCESS
POINT
Wired &
Wireless
AUTHENTICATION
SERVICES
Infrastructure-wide
2-Factor Tokens
Token-less
27 Fortinet Confidential
Summary & Action Plan
Today:
Receive your ‘Yes to BYOD’ and Gen-Y Survey whitepapers at
stand S5 in the ITExpo!
Back at the office:
Validate your BYOD drivers and (fully) quantify benefit!
Review your security infrastructure’s ‘BYOD Core Moving Parts’
Longer Term:
Enhance your BYOD project ‘bang-for-buck’ by securing network
traffic from all sources/clients
Deliver the required granularity of security controls for BYOD
28 Fortinet Confidential
Security Challenges in a BYOD world 1
What Security is Required? 2
Focus Points
Fortinet Answers Critical BYOD Questions 3
The 4 ‘Must-Have’ BYOD Security Features 4
Why Trust Fortinet? 5
29 Fortinet Confidential
Fortinet – A Strong Security Player
$434
$39
$80
$123
$155
$212
$252
$325
FORTINET REVENUE ($M)
55% CAGR
Q2’12 Revenue $129 M 25% Y/Y Growth
$13
‘03 ‘04 ‘05 ‘06 ‘07 ‘08 ‘09 ‘10 ‘11
Market Leader
Advanced technology and products • 100+ patents; 110+ pending
Strong global footprint • 1,600+ employees; 30 offices worldwide
Blue chip customer base • 125,000 customers
(including majority of Global 100)
Exceptional financial model • FY11 revenues: $434 M
- 34% YoY growth
• Strong balance sheet: $500M+ in cash
- No debt
30 Fortinet Confidential
Fortinet – A Security Label
Major Certifications Other Recognitions
31 Fortinet Confidential
Thank You
www.fortinet.com