Friday, March 15, 2013

Five Simple Tips for BYOD

Check out this interesting 12 minute video where Lisa Phifer gives 5 common sense steps for approaching enterprise BYOD. I think she does a good job of giving advice on how to start down this road.

As she says, just banning personal devices won't work as we continue to accelerate down the consumerization of IT path that we all seem to be on. I think we will very quickly see consumers, and especially Millennials, who are quite able and desire to do all their work on mobile devices. Combine that with more enterprises moving to cloud services, and you see that traditional thinking won't serve us anymore. Between device-centric (MDM), network-centric (segmentation) and data-centric (sandboxed apps and VDI) approaches, there is something for everyone. You need to determine what works for your enterprise, and even if it isn't a perfect solution, take a Risk Management approach and start with the greatest risk.

Thursday, March 14, 2013

IQPC IT Security Exchange, March 10-12, 2013


I wanted to wrap up the IQPC IT Security Exchange that I attended this week in St. Pete, Florida. This was a good solid conference, covering trends and technologies. There were about three dozen security executives from all industries, and most of the talks were given by CISOs, regarding the topics that we are all concerned about: Big Data, BYOD, Cloud, CoIT, Breaches, Threat Intelligence... There were about 6-10 vendors sponsoring the event, and most of them were ones I had not been aware of. This is the kind of event where costs are kept low and you spend 2 days of discussing security with peers, over three days.

I gave my talk, Big Data: Big Brother or Big Deal? on Sunday. Find links below to the presentation.

SlideShare presentation:

You can also download the presentation as (PDF) or with notes (PDF).

Here are some of the interesting topics that I found useful:
  • Communicating Risk to the Board
  • Risk Management
  • Security Awareness (and metrics!)
  • BYOD and moving IT to the cloud
  • Maturing the Security Program