Running With Scissors:
Risk Management in Consumerized IT
@ Data Connectors - Houston
by Tim A. Martin, Senior Systems Engineer
Today’s Agenda
Consumerization of IT
Solution “3 Legged Stool”
•
User Perspective
•
CIO/CISO Perspective
•
IT Admin Perspective
Risk Management Use Cases
•
Regulatory Compliance
•
Threat Management
•
E-Discovery
•
Encryption
2
INSIDE THE DATACENTER
OUTSIDE THE DATACENTER
• Central control & visibility
• Various user roles & requirements
• Fixed & predictable
• Unpredictable usage patterns
• Easy to manage
• Variety of devices & networks
• Easy to protect
• High data growth without central control
• Secure
• Potential for data leaks and loss
• Shadow IT
Information shift creates opportunities &
CONTENT
challenges…
“Mission-critical data resides on devices.”
•
Unstructured data will account for 90% of all data created in the next decade
•
75% of this data is created by individuals
MOBILITY
“Work happens outside of the office.”
•
52% of workers use 3 or more devices daily
•
Tablets will reach 905 million by 2017
CONVERGENCE
“Work and personal data is not separate.”
•
60% of workers have used a personal device for work
•
41% of workers used an unsanctioned cloud service in the past 6 months
Consumerization of IT?
“Information workers make technology decisions for themselves"
- Doug Dineley, InfoWorld
End-user adoption of information technologies, without the help, consent,
or even awareness of corporate IT department.
5
User Perspective
What the User Wants
• Make full use of the power of the tools available
• Wants to know they are protected WITHOUT any impact on device performance
• Doesn’t want to have to modify workflow - i.e. remember to save critical data on home
directory, move data to sync folder to sync
• Self-service
7
CIO/CISO Perspective
What the CIO/CISO Wants
• Data availability
• Data security
• Compliance
• Audit controls
8
IT Perspective
If we get a vote…
Manageability
Ease of use
Self-Service
Compliance
Security
9
Use Case - Regulatory Compliance
At least we can agree that today’s regulations are better written, clearly stated and
easy to comply with, right?
Proof
Every law clearly states how big the fine can be
How long you can spend in jail
If you don’t comply with it’s nebulous set of “guidelines”
That’s nice!
10
Use Case - Regulatory Compliance
Key to Regulatory Compliance is the Flexibility of the Solution
Good Question
1. Is your solution compliant with the laws of countries A,B and C?
Right Question
2. How flexible is your solution if I start doing business with Country D AND Country B
changes their data privacy laws?
11
Use Case - Threat Management
When under attack, how do I know what data was exposed?
•
Several Fortune 100 companies now have policies to reformat any system infected in
30 minutes or less
•
What data was exposed?
12
Use Case - E-Discovery
13
Use Case - E-Discovery
How does your solution make my e-Discovery easier
•
•
•
Manual Collection
Collect-to-Preserve
Preserve-in-Place
Beware of solutions that try to do too much...
• A well designed, free API with a collaborative community may offer better resources then
a badly designed “legal” add-on module
14
Use Case - Encryption
How does your solution use encryption?
Good Question
Do you encrypt my data?
Good Answer
Your data is encrypted in transit and at rest
Right Question
When and where do you encrypt my data, how does the agent authenticate to the server
AND the server to the agent, and what does the end-to-end communications stream look
like?
Right Answer
I’ll be happy to show you that AND provide you with documentation!
15
Turn a challenge into your advantage
Security Control
Productivity
Visibility
CIO/CIS
O
INFORMATION
WORKERS
IT ADMIN
Security, control and
Protect data at the
visibility
source
of the entire workforce
Invisible managed
through data policies and
productivity with
governance
end user-approved apps
Q&A?
Grant Gowery
832.349.2773
Grant.Gowery@code42.com
Tim A. Martin
832.628.0850
Tim.Martin@code42.com