Aware in a BYOD World Graeme Nash Director Strategic Solutions, Fortinet 2 Fortinet Confidential Security Challenges in a BYOD world 1 What Security is Required? 2 Focus Points Fortinet Answers Critical BYOD Questions 3 The 4 Must-Have BYOD Security Features 4 Why Trust Fortinet? 5 3 Fortinet Confidential What Our Customers Say About BYOD Users want to bring in their iPads, iPhones and Galaxy S3s but were not sure how to support them
My CFO heard we can save money through BYOD
We have to allow patients and guests on our guest network but how do we keep the doctors data safe?
What do I do about the devices not supported by my MDM ie.ROAD?
How do I embrace all the potential mobile collaboration productivity and innovation benefits whilst securing my corporate assets? And the most common response 4 Fortinet Confidential What Customers Say About BYOD 5 Fortinet Confidential BYOD Challenges: Just the Tip of the Iceberg Device proliferation Web connectivity expansion Gaming consoles Media devices (e.g. TVs) Next-generation devices The Internet of Things Printers Laptops Tablets Smartphones Scanners Web-Connected Media Video Game Systems Specialty Application Devices Appliances Web-Connected Toys Who Knows Health & Fitness
Many web-enabled devices do not allow installation of software / agents Security features vary from device to device 6 Fortinet Confidential Fortinet Survey (EMEA results): Gen-Y Workers Dependence/Control on Personal Devices
73% of respondents in EMEA are already regularly engaging in BYOD practice What statement best sums up Gen-Y attitudes to device usage? 52% consider BYOD a right 48% consider BYOD a privilege What functions couldnt they live without for more than a day ? Private calls 42% SMS 39% Private email 38% Social Media 23% Who is responsible for your device security? The user 74% The company 14%
7 Fortinet Confidential Fortinet Survey: Gen-Y workers attitude towards BYOD corporate policy Worldwide EMEA APAC US Yes 36% 27% 47% 29% No 64% 73% 53% 71% 1-in-3 of respondents would contravene company policy banning the use of personal device for work purposes If your employer has/had a policy which prohibits the use of personal devices in the work environment or for work purposes, have you /would you ever use a personal device in contravention of this policy? 8 Fortinet Confidential Security Challenges in a BYOD world 1 What Security is Required? 2 Focus Points Fortinet Answers Critical BYOD Questions 3 The 4 Must-Have BYOD Security Features 4 Why Trust Fortinet? 5 9 Fortinet Confidential Through Corporate Policy Complete Denial Difficult to Enforce
By Specifying Corporate assets only (RIM, Citrix, VMWare)
Endpoint Clients
Network-based By behavior on the network
10 Fortinet Confidential Through Mobile Device Management Gartner MDM Magic Quadrant MDM consists of: * Software Mgt. Config, backup, updates Network Service Mgt. Location, usage Hardware Mgt. Provisioning, activation Security Mgt. Remote wipe, secure config * Gartner Group Magic Quadrant For Mobile Device Management Software May, 2012 BUT .. Managing the sprawl == $$ 3 times as many employees consider device security to be their own responsibility ** ** Fortinet Gen-Y BYOD Survey June, 2012 11 Fortinet Confidential Its All About Mobile Device Connectivity and its Traffic No Client VPN VPN & 2 Factor Virtual Desktop (incl VPN & 2 Factor) Employee Devices With Mobile Device Management Corporate Owned Devices Uncontrolled Devices MDM Client Mobile Clients 2-Factor Authentication MDM Client Most organizations require a spectrum of solutions No perfect solution for all environments Trade-offs for each solution Network Security 12 Fortinet Confidential The Network Is The Common Denominator
The network is THE core element in any approach you take The network handles all the traffic, secures it, logs it and reports upon it Regardless of whats on the device Network (LAN & WAN) Enterprise Mobile Apps Mobile Device Management Unmanaged Endpoint/ Device Consumer Mobile Apps 13 Fortinet Confidential BYOD Enablement through Network Security Emily, a customer, needs guest access to Skype on her iPad while visiting your headquarters
Bills device is infected with malware and he brings it on the corporate network Jill is at Starbucks and needs to communicate and be protected as if she was at HQ. WiFi Guest Access Bandwidth Management 2-Factor Authentication VPN Tunneling Antivirus 14 Fortinet Confidential BYOD Enablement through Network Security (Cont.) Sue is in corporate marketing and should have access to post non-sensitive information to Facebook, but she should not be playing Farmville
Joe started streaming movies while at work through his tablet this is against corporate policy Application Control Data Leakage Prevention Application Control Ed unintentionally shared a sensitive company presentation via his personal Gmail account on his Android Phone.
Data Leakage Prevention 15 Fortinet Confidential Security Challenges in a BYOD world 1 What Security is Required? 2 Focus Points Fortinet Answers Critical BYOD Questions 3 The 4 Must-Have BYOD Security Features 4 Why Trust Fortinet? 5 16 Fortinet Confidential Enabling BYOD: The 3 Critical Questions To Ask 1. Who are you?
2. Where do you want to go?
3. What data do you need?
17 Fortinet Confidential User ID + Device ID
Identity Policies Sig./MAC Address ID Device Identification Access Control Security Application Security Profiles Awareness Who Are You? : Device Identity 18 Fortinet Confidential Who Are You?
Fortinet provides the answer: Connection to corporate LDAP and Radius servers Two Factor Authentication (hard and soft tokens) + Client Certificates SMS and email based two factor authentication Guest provisioning Supports range of end user platforms (iPhone, iPad, Android)
19 Fortinet Confidential Where Do You Want to Go? Security on the LAN: Control of wireless access and security policies enforcement All data flowing to and from the network is inspected, logged, and managed through FortiGate Retail Store Home Coffee Shop School Security on the WAN: Supports 3G, 4G, LTE, Cable DSL, WiMax Connect via VPN & 2-Factor Authentication agents (FortiClient & FortiToken) All data flowing to and from the network is inspected, logged, and managed through FortiGate
20 Fortinet Confidential Fortinet Solution Solves BYOD challenge Data Loss Prevention Prevent mobile users from sending sensitive data outside the network Application Control Prevent mobile users from accessing non- corporate approved applications AntiMalware Prevent propagation from infected devices Spam Filtering Protect email regardless of receiving device Web Filtering Protect mobile users against malicious sites Traffic Shaping Limit mobile applications to preserve bandwidth What Data Do You Need? 21 Fortinet Confidential Security Challenges in a BYOD world 1 What Security is Required? 2 Focus Points Fortinet Answers Critical BYOD Questions 3 The 4 Must-Have BYOD Security Features 4 Why Trust Fortinet? 5 22 Fortinet Confidential Critical Technology No.1: Integrating the Wireless Controller into the UTM Gateway 23 Fortinet Confidential Critical Technology No.2: Stronger, BYOD Specific Technical Controls Define security controls by: Traditional IP address Self-learning device identity User identity
Allow (deny) by device type, username, IP or MAC address What you use dictates where you go
Take your device home
24 Fortinet Confidential Critical Technology No.3: Client Reputation Management Find the Bad Guy, avoid the Bad Server Reputation built by activity What you do, Where you go, How you get there Hosted content
Drill down report for those with the worst reputations What did they do, Where did they go What applications did they run Administrator defined thresholds
25 Fortinet Confidential Enterprise Authentication Server Identity Management and User Access Control Critical Technology No.4: Enterprise Authentication Server LDAP User Database Issuing CA FortiToken FortiAuthenticator Authentication and Authorization RADIUS, LDAP, 802.1X, EAP-TLS Two Factor Authentication FortiToken Tokenless, via SMS and email Certificate Management X.509 Certificate Signing, Certificate Revocation, SCEP Remote Device / Unattended Authentication Fortinet Single Sign on Active Directory Polling RADIUS Integration
26 Fortinet Confidential Pulling it Together BYODs Core Moving Parts CLIENT Wired & Wireless Devices MANAGEMENT & REPORTING All data flowing to and from the network is inspected, logged, and managed through the UTM WIRELESS CONTROL SECURITY SERVICES UTM : Unified Threat Management ACCESS POINT Wired & Wireless AUTHENTICATION SERVICES Infrastructure-wide 2-Factor Tokens Token-less 27 Fortinet Confidential Summary & Action Plan Today: Receive your Yes to BYOD and Gen-Y Survey whitepapers at stand S5 in the ITExpo! Back at the office: Validate your BYOD drivers and (fully) quantify benefit! Review your security infrastructures BYOD Core Moving Parts Longer Term: Enhance your BYOD project bang-for-buck by securing network traffic from all sources/clients Deliver the required granularity of security controls for BYOD 28 Fortinet Confidential Security Challenges in a BYOD world 1 What Security is Required? 2 Focus Points Fortinet Answers Critical BYOD Questions 3 The 4 Must-Have BYOD Security Features 4 Why Trust Fortinet? 5 29 Fortinet Confidential Fortinet A Strong Security Player $434 $39 $80 $123 $155 $212 $252 $325 FORTINET REVENUE ($M) 55% CAGR
Q212 Revenue $129 M 25% Y/Y Growth $13 03 04 05 06 07 08 09 10 11 Market Leader Advanced technology and products 100+ patents; 110+ pending Strong global footprint 1,600+ employees; 30 offices worldwide Blue chip customer base 125,000 customers (including majority of Global 100) Exceptional financial model FY11 revenues: $434 M - 34% YoY growth Strong balance sheet: $500M+ in cash - No debt 30 Fortinet Confidential Fortinet A Security Label Major Certifications Other Recognitions 31 Fortinet Confidential Thank You