The document provides an overview of the challenging environment of secure access for mobile workers and privileged insiders. It discusses how traditional security solutions have limitations in balancing user needs for mobility with enterprise IT needs to meet security and compliance requirements. The Uni Systems secure access solution is presented as providing layered protection through fine-grained access control, application protection, command filtering, detailed auditing and other capabilities. The implementation approach involves assessing needs, designing customized infrastructure, and deploying in phases. Success stories from telecom and financial clients highlight how the solution provided controlled, auditable access for remote users while meeting security objectives.
Uni Systems participated in IDC IT Security & Datacenters Transormation Roadshow in Athens. Presentation of Uni|Cloud and emphasis on Data Center Security Solutions.
Uni Systems presentation in Cloud Computing Forum 2012 in Athens. Uni Systems presented the complete Uni|Cloud solutions portfolio, supported by Cisco Systems and EMC Corporation.
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
The Big Decision – What, when, and why?
Enterprises are aware that the Cloud is changing IT, but security and performance remain a concern. Each cloud model has potential risks: reliability, adaptability, application compatibility, efficiency, scaling, lock- in, security and compliance. Companies must select an enterprise cloud solution to suit a complex mix of applications; these decisions require great care. Uni Systems’ Uni|Cloud was built to be enterprise class. The essential reason that many businesses today are using Uni Systems Cloud for their enterprise IT, is because it offers the only enterprise-class cloud solution in the Greek market, designed for mission-critical applications, coupled with application performance SLAs and security built for the enterprise, combined with cloud efficiency and consumption-based pricing/chargeback.
Ensuring Business Continuity in the Cloud was the topic covered by Giorgos Gerogiannis, Uni Systems' Data Center & Cloud Solutions Manager, in the 1st Business Continuity Management Forum that took place in Athens, on February 18th, 2014.
End-user computing is not a trend, it's a transformational shiftUni Systems S.M.S.A.
In the new end-user computing environment, people want to stay connected and have access to the best networks and services as a seamless extension of their traditional desktop.
End-user computing is no longer about managing laptops and desktops. Today, we need to support user access to services, applications, and data on any device and in any location.
This revolution promises greater flexibility, productivity enhancements, staff morale improvements, and cost savings.
Your business can benefit from Virtual Desktop Computing.
Ship it 2015 UniSystems: Facilitating Document Management Compliance for the ...Uni Systems S.M.S.A.
Document management compliance responsibilities have become easier to cope with through the advent of more flexible technology. In fact, an effective document management system is capable of increasing business value, streamlining workflow and simplifying regulatory compliance. While a digital document management system cannot by itself make a business compliant, it can significantly assist in fulfilling stringent multi-regulatory rules and retention requirements. And, with the right technology, organizations can gain efficiency, improve profitability and increase productivity, all while reducing the cost of compliance.
In our presentation, we will discuss the main challenges regarding Document Management in the Maritime Industry, and we will show an Enterprise Content Management solution that sufficiently addresses these challenges via a combination of state-of-the-art technology and a document repository that supports a broad range of compliance-related regulations and standards.
Uni Systems participated in IDC IT Security & Datacenters Transormation Roadshow in Athens. Presentation of Uni|Cloud and emphasis on Data Center Security Solutions.
Uni Systems presentation in Cloud Computing Forum 2012 in Athens. Uni Systems presented the complete Uni|Cloud solutions portfolio, supported by Cisco Systems and EMC Corporation.
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
The Big Decision – What, when, and why?
Enterprises are aware that the Cloud is changing IT, but security and performance remain a concern. Each cloud model has potential risks: reliability, adaptability, application compatibility, efficiency, scaling, lock- in, security and compliance. Companies must select an enterprise cloud solution to suit a complex mix of applications; these decisions require great care. Uni Systems’ Uni|Cloud was built to be enterprise class. The essential reason that many businesses today are using Uni Systems Cloud for their enterprise IT, is because it offers the only enterprise-class cloud solution in the Greek market, designed for mission-critical applications, coupled with application performance SLAs and security built for the enterprise, combined with cloud efficiency and consumption-based pricing/chargeback.
Ensuring Business Continuity in the Cloud was the topic covered by Giorgos Gerogiannis, Uni Systems' Data Center & Cloud Solutions Manager, in the 1st Business Continuity Management Forum that took place in Athens, on February 18th, 2014.
End-user computing is not a trend, it's a transformational shiftUni Systems S.M.S.A.
In the new end-user computing environment, people want to stay connected and have access to the best networks and services as a seamless extension of their traditional desktop.
End-user computing is no longer about managing laptops and desktops. Today, we need to support user access to services, applications, and data on any device and in any location.
This revolution promises greater flexibility, productivity enhancements, staff morale improvements, and cost savings.
Your business can benefit from Virtual Desktop Computing.
Ship it 2015 UniSystems: Facilitating Document Management Compliance for the ...Uni Systems S.M.S.A.
Document management compliance responsibilities have become easier to cope with through the advent of more flexible technology. In fact, an effective document management system is capable of increasing business value, streamlining workflow and simplifying regulatory compliance. While a digital document management system cannot by itself make a business compliant, it can significantly assist in fulfilling stringent multi-regulatory rules and retention requirements. And, with the right technology, organizations can gain efficiency, improve profitability and increase productivity, all while reducing the cost of compliance.
In our presentation, we will discuss the main challenges regarding Document Management in the Maritime Industry, and we will show an Enterprise Content Management solution that sufficiently addresses these challenges via a combination of state-of-the-art technology and a document repository that supports a broad range of compliance-related regulations and standards.
Microsoft India - System Center Desktop Virtualization Strategy WhitepaperMicrosoft Private Cloud
Several forms of desktop virtualization can help organizations satisfy users’ needs for mobility and flexibility, while relieving pressure on information technology (IT) departments to manage cost, security, and compliance. Additionally, desktop virtualization can enable more dynamic centralized management by separating the elements of the traditional desktop computing stack. This white paper describes how to create a virtualization strategy that achieves these goals and introduces comprehensive desktop-irtualization solutions from Microsoft. Finally, it provides high-level guidance to help companies develop a desktop-virtualization strategy.
This presentation by Danny Allan, Desktone's Chief Solution Architect, is an overview of virtual desktop security: concerns, risks, challenges associated with traditional PCs and (VDI) Virtual Desktop Infrastructure, and the benefits of moving virtual desktops to a cloud hosted model to reduce and eliminate security risks associated with traditional desktop management strategies.
Communicating Virtualization to Non-IT AudiencesAkweli Parker
Virtualization brings numerous benefits including cost savings, reduced carbon footprint and potentially reduced IT workload. Implementing it successfully requires adaptation that some employees may find challenging. This paper explores those challenges and explains how to cultivate broad-based support for your virtualization project.
Virtual desktop infrastructure (VDI) represents the future of enterprise desktop computing and brings with it the detachment of OSs and applications from physical endpoints—a compelling trend that promises greater flexibility, scalability, cost savings and security benefits. The movement also represents radical, and possibly painful, changes in market dynamics for providers of endpoint hardware, software and services.
Yankee Group analysts Phil Hochmuth and Zeus Kerravala dissect the future of VDI and discuss what the technology has to offer enterprises today.
A presentation which informs small to medium-sized businesses the following:
-What cloud computing is, the costs/risks and what businesses are adopting it.
-The competitive advantages of cloud computing and why you never want your competitors to get there first.
-Answers to important questions about security, Internet connectivity, and where the data is stored.
-Critical facts every business should know before adopting a cloud based network.
Frontier is a single stop destination for every IT infrastructure solution in the datacenter or the cloud. We architect, implement, secure, monitor and manage every technology domain, and our solutions are end to end.
We have expertise in : Data center design and implementation, Uninterrupted power solutions, smart building solutions, End user computing, Unified Computing, Unified communications, Hyper converged infrastructure, Public, Private and Hybrid cloud.
Security is high on the list of concerns for many organizations as they evaluate their cloud computing options. This session will examine security in the context of the various forms of cloud computing. We'll consider technical and non-technical aspects of security, and discuss several strategies for cloud computing, from both the consumer and producer perspectives.
Microsoft India - System Center Desktop Virtualization Strategy WhitepaperMicrosoft Private Cloud
Several forms of desktop virtualization can help organizations satisfy users’ needs for mobility and flexibility, while relieving pressure on information technology (IT) departments to manage cost, security, and compliance. Additionally, desktop virtualization can enable more dynamic centralized management by separating the elements of the traditional desktop computing stack. This white paper describes how to create a virtualization strategy that achieves these goals and introduces comprehensive desktop-irtualization solutions from Microsoft. Finally, it provides high-level guidance to help companies develop a desktop-virtualization strategy.
This presentation by Danny Allan, Desktone's Chief Solution Architect, is an overview of virtual desktop security: concerns, risks, challenges associated with traditional PCs and (VDI) Virtual Desktop Infrastructure, and the benefits of moving virtual desktops to a cloud hosted model to reduce and eliminate security risks associated with traditional desktop management strategies.
Communicating Virtualization to Non-IT AudiencesAkweli Parker
Virtualization brings numerous benefits including cost savings, reduced carbon footprint and potentially reduced IT workload. Implementing it successfully requires adaptation that some employees may find challenging. This paper explores those challenges and explains how to cultivate broad-based support for your virtualization project.
Virtual desktop infrastructure (VDI) represents the future of enterprise desktop computing and brings with it the detachment of OSs and applications from physical endpoints—a compelling trend that promises greater flexibility, scalability, cost savings and security benefits. The movement also represents radical, and possibly painful, changes in market dynamics for providers of endpoint hardware, software and services.
Yankee Group analysts Phil Hochmuth and Zeus Kerravala dissect the future of VDI and discuss what the technology has to offer enterprises today.
A presentation which informs small to medium-sized businesses the following:
-What cloud computing is, the costs/risks and what businesses are adopting it.
-The competitive advantages of cloud computing and why you never want your competitors to get there first.
-Answers to important questions about security, Internet connectivity, and where the data is stored.
-Critical facts every business should know before adopting a cloud based network.
Frontier is a single stop destination for every IT infrastructure solution in the datacenter or the cloud. We architect, implement, secure, monitor and manage every technology domain, and our solutions are end to end.
We have expertise in : Data center design and implementation, Uninterrupted power solutions, smart building solutions, End user computing, Unified Computing, Unified communications, Hyper converged infrastructure, Public, Private and Hybrid cloud.
Security is high on the list of concerns for many organizations as they evaluate their cloud computing options. This session will examine security in the context of the various forms of cloud computing. We'll consider technical and non-technical aspects of security, and discuss several strategies for cloud computing, from both the consumer and producer perspectives.
Giorgos Gerogiannis is Data Center & Cloud Solutions Manager at Uni Systems. He covered the topic of Business Continuity in the Cloud in the 1st Business Continuity Management Forum that took place in Athens, on February 18th, 2014
Agility in Retail Banking is no longer an option. It is a must considering that there are options that can reduce costs, there are systems that can bridge legacy and contemporary painlessly, that can modernize customer touch points and can efficiently manage large scale M&A.
The next Desktop Refresh is an opportunity.
Motor insurance: services telematics basedMatteo Carbone
The black box makes it possible for Insurers to enrich their motor insurance value proposition, de-commoditizing the car insurance policy and creating new sources of income
The Challenge:
Regulatory compliance with the Financial Modernization Act of 1999, also known as the “Gramm-Leach-Bliley Act,” has created significant challenges for financial institutions. The Safeguards Rule in the GLB (16-CFR-314), enforced by the Federal Trade Commission, requires financial institutions to have a security plan to protect the confidentiality and integrity of personal consumer information.
http://hitachi-id.com/
The HIPAA Challenge:
Regulatory compliance with the Health Insurance Portability and Accountability Act (HIPAA) has created significant challenges for healthcare providers and payers. While insurance portability is a uniquely American issue, HIPAA includes requirements for patient privacy protection. Privacy protection is also a requirement in most other, non US jurisdictions.
http://hitachi-id.com/
The SOX Challenge:
Regulatory compliance with the Sarbanes-Oxley Act (SOX) has created significant challenges for corporations listed on US stock exchanges. The Sarbanes-Oxley Act of 2002 was enacted in response to public accounting scandals at Enron, WorldCom, Tyco and elsewhere. It introduces new measures and amends existing ones to ensure that financial statements made by corporations are accurate, reliable and timely.
http://hitachi-id.com/
It's 2012 and My Network Got Hacked - Omar Santossantosomar
Many times security professionals, network engineers, and management ask "why did I spend all this money in network security equipment if I still got hacked?" For example, often questions like
these run through their minds: "Am I not buying the right security products? Am I not configuring or deploying them correctly? Do I have the right staff to run my network?" The security lifecycle requires measuring the current network state, creating a baseline and providing constant improvements. This presentation will cover several real-life case studies on how different network segments were compromised despite that state-of-the-art network security technologies and products were deployed. We will go over several security metrics that you should understand in order to better protect your network.
Omar Santos is an Incident Manager at Cisco's Product Security Incident Response Team (PSIRT). Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Omar has delivered numerous technical presentations on several venues; as well as executive presentations to CEOs, CIOs, and CSOs of many organizations. He is also the author of 4 Cisco Press books and two more in the works.
IT infrastructure is changing and needs controls for mobile, cloud, and big data
Guardium is the leader in database and big data security
Heterogeneous support is a great asset to leverage across the infrastructure to reduce risk
Supports separation of duties
Integration with other security products
No additional training for multiple products
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
It's 2019 and we still don't know if we have a complete inventory of our assets. It is impossible to guarantee that they are all safe. The last penetration test resulted in a bloodbath. Every day we worry about whether today is the day they hack us. This cycle of stress and worry MAY break, but each stage of securing system has its complexities and challenges. We will analyze these challenges, these difficulties, and provide strategies to address them.
From asset discovery to system tightening to vulnerability management - this presentation will show you how to build lasting trust in the security we provide to our organizations.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Harnessing the power of AI to supercharge the Customer Experience. For the event: AI, Data, and CRM: Shaping Business through Unique Experiences. By George Aspiotis
A presentation on how to lead the AI era with Microsoft Cloud. For the event: AI, Data, and CRM: Shaping Business through Unique Experiences. By Silia Sideri
A dive into Microsoft Fabric/AI Solutions offering. For the event: AI, Data, and CRM: Shaping Business through Unique Experiences. By D. Koutsanastasis, Microsoft
Why is CRM a trend in today's evolving business landscape and how can it boost business operations. For the event: AI, Data, and CRM: Shaping Business through Unique Experiences
How businesses can align data initiatives with future goals. For the event: AI, Data, and CRM: Shaping Business through Unique Experiences. For the event: AI, Data, and CRM: Shaping Business through Unique Experiences
Overview of Microsoft solutions that can help any organization bring their data in the era of AI. For the event: AI, Data, and CRM: Shaping Business through Unique Experiences
Professor Ioannis Vlahavas' presentation on how AI will transform various operations in today's competitive landscape. For the event: AI, Data, and CRM: Shaping Business through Unique Experiences
In the era of the enormous loads of data coming from multiple sources and addressed to millions of users, data analytics and customer relation technologies, coupled with effective methodologies driven by Artificial Intelligence, pave the way for innovative approaches. Intro to the event AI, Data, and CRM: Shaping Business through Unique Experiences, Author Theodore Poulias, Uni Systems
Whoever understands the customer best, wins, said Mike Gospel! With Medallia's VoC solutions, the business gets the required feedback from its customers to drive growth.
Secure adn Contained Access for Everybody, at Anytime
1. Secure and Contained Access for
Everybody, at Anytime
Anastasios Moustakis, Senior Solution Architect
Uni Systems Copyright 2013 1
2. Agenda
• The Challenging Environment of Secure Access
• Security Trends, User & IT Requirements
• Uni Systems Secure Access Solution Overview
• Implementation Approach
• Success Stories
3. 1.3 Billion
Mobile workers by 2015
Mobile Worker Population – IDC, Jan 2012
4. C-Suite 42%
The top 3 groups driving support
for non-standard devices VPs &
Directors 43%
are in management
Managers 27%
Consumerization of IT Study. April 2011, IDC
5. “How many “How many days a
different computing devices week on average do you
do you use on a daily basis?” work outside the office?”
Family PC | Work PC | Personal Laptop | Tablet | Smartphone
42%
0 21%
34% 1-2 52%
16% 3-4 15%
6%
2% 5 12%
1 2 3 4
5+
Global BYOD Index - Survey of Corporate Employees February 2011, Citrix Systems
12. Who are “Privileged Insiders”
Well Controlled
Not So Much?
Mobile/Any
device
Highly Trusted Business Highly Trusted IT Users:
Users Systems, Database, Network Administrators
13. The Changing Security Landscape
• Redefining the Perimeter
• New Trust Model Needed
• Spearfishing Attacks Targeting Privileged Users
• Increasingly Stringent Compliance
and Audit Requirements
“The biggest issue facing information
security professionals is that our traditional
trust model is broken.” Forrester Research
14. Frequency & Cost of Insider Breaches
30 % of large enterprise customers experienced a malicious insider
breach
Average days to resolve
Source: Second Annual Cost of Cyber Crime Study Benchmark Study of U.S. Companies (Ponemon Institute, 2011)
14
15. Challenges for Secure Access
• Increasing Compliance, Audit Requirements and Security Mandates
• Changing Trust Model
• 3rd Party and Employees - No differentiation
• Remote or Internal and Mobility- Disappearing perimeter – “Remote” an obsolete
term
• User and Asset / System Policy - Policy does not intersect
• Movement to Centralized Computing
• Operational Efficiency and Reduced Cost
• Virtualized Servers/Desktops, Cloud - Landscape Change
16. Traditional Solutions have Limitations
Issues
NW focus, not user/app level access
Firewalls
control
VPNs + Jump Box Hard to audit, difficult to manage
Complicated ACLs, NW Layer Only
Routers
End-user focused
Active Directory
No inside access control, containment
NAC
Risks are amplified
Virtual Desktop
SIEM/Log Mgmt Reactive, lacks data for privileged
“insider”
17. Uni Systems answer: “Zero Trust” via Layered Protection
Attributed Use of Shared Privileged
Account
Leapfrog Prevention
Session Monitoring/Recording
Command Filtering
Whitelist/Blacklist
White List/
Least Privilege Access
Positively ID
The User
Vault
Server A:
Tamper-proof ID: abc123
Log PW: xyz$21
Server B:
Complete Activity Logging ID: cde234
Policy Violation Logging with DVR-Like Playback and Skip PW:eie10$
18. Solution Scope
• Provision of a System that will offer:
• Configurable,
• Secure,
• Recordable, and
• Fully Controllable
• Secure Local & Remote or Mobile Access for:
• Privileged Users, (internal or 3rd party)
• Employees and
• Business Partners
18
19. Solution Essential Capabilities (1/2)
• Enforce fine-grained Access Control on different type of users
• Configurable multi-level authentication with time-based access rights
• Protect applications and expose only the presentation layer
• Contain privileged users to authorized resources and prevent leapfrogging
19
20. Solution Essential Capabilities (2/2)
• Protect data and prevent leakage
• Generate a detailed Audit Trail for proof of compliance and investigations
• Record access sessions – video & CLI recording
• Protect privileged user and application passwords
• Eliminate the use of shared passwords for administrative accounts
20
21. Solution Architecture
User Zone Secure Access Component Zone Trusted and Protected Zone
Internal/External/Mobile SSO, Password and 7 Internal Protected
User Device
10 Shared Account Password Systems 1
Management Vault
Any
Device 8
Gateway Application / 3
Access Session and
ICA Client User, Session-
Control Desktop 2 based access
USB Boot Desktop (SSL, Proxy Access control & DLP
USB Secure Web (ICA)) 4
Browser Portal Web Video-like and CLI 5 Leapfrog
prevention
Interface Logging and
Sandboxed Apps Sessions
Recording
Certificate
Token
Endpoint Token
User Report &
11
Management Infrastructure Repository Workflow
Desktop, Thin
(MDM, USB (Hard, SMS) (A.D.) 6 db
Server, Storage, Network, S
Boot, Isolated
client, Laptop, Mobile
Browser) Workflow & Report Engine 9 ecurity Devices,
Device, Smartphone
21
22. Vendors
Internal/External/Mobile SSO, Password and Internal Protected
User Device Shared Account Password Systems
Management Vault
Any
Device Gateway Application /
Access Session and
ICA Client User, Session-
Control (SSL, Desktop based access
USB Boot Desktop Proxy (ICA)) Access control & DLP
Token
Portal Web Video-like and CLI Leapfrog
USB Secure Web Interface Logging and prevention
Browser Sessions
Recording
Certificate
Sandboxed Apps
Endpoint Token
User Report &
Management Infrastructure Repository Workflow
(MDM, USB (Hard, SMS) (A.D.) db
Desktop, Thin Boot, Isolated Server, Storage, Network,
client, Laptop, Mobile
Browser) Workflow & Report Engine Security Devices,
Device, Smartphone
22
23. Implementation Approach (1/2)
• Systems Integration Project
• Modular Architecture
• Based on:
• Type of users – 3rd party privileged users, Business partners, Internal
Administrators
• Type and Number of internal protected systems
• Type and Number of Services required (Applications, Desktops, Resources)
• Type and Number of Endpoint Device usage
• Integration points with existing systems (Workflow, Helpdesk, etc)
24. Implementation Approach (2/2)
• Specific Methodology:
• Analysis Phase:
• Infrastructure Assessment and Readiness Evaluation
• Proof of Concept
• User Requirements – Application, Services, Resources, Policies
• Design Phase: Infrastructure Design, Policies
• Build & Test Phase
• Roll-out Phase
25. Secure Access Solution with Uni Systems
The proven expertise and practical guidance needed for success
Assess Design Deploy
Devices Documented solution design Training
Apps - Services Hardware and infrastructure Independent analysis/
verification
Mobility - BYOD Operations and support
Pilot
Security Test and QA
26. Success Stories : TOP Telecom Provider
Problem: Answer:
• Consolidate & grant secure access to • Centralize access control across critical
3rd Party Administrators users with distinct missions
• Different method of access • Ensure contained and auditable access
• Points of Vulnerability • Meet federal compliance requirements
• Absence of uniform management • Workflow driven operation
Results:
• Control over privileged users and critical infrastructure and assets
• Tight control over who gets access to what, when and for how long
• Contain users to authorized systems only
• Audit quality logging for compliance
“With the Uni Systems Secure Remote Access Solution we have an all-in-one solution for these higher
risk users which gives us the peace of mind that we are meeting our objectives to safeguard our
network and the sensitive information it contains.” Security Expert at Telecom Provider
26
27. Success Stories : Top Financial Institute
Problem: Provide secure access to hundreds of remote developers, administrators and auditors
– no containment of users to authorized resources
– IT resource intensive, cumbersome and ineffective access controls
– no audit trail or ability to match controls to specific users
Results: A unified, easy to manage solution
– hundreds of business critical 3rd parties now granted secure, controlled access
– increased operational efficiency with a single solution
– provided an audit trail for internal security requirements and external compliance mandates
“What is so special about you --- ‘containment, containment, containment.’”
VP Security officer, Top Financial Institution
28. Uni Systems empowering Secure Access of the future
With the mobility and agility users need today
Intro: They are part of what could be referred to as the mobile workforce revolution, and that revolution is occurring as we speak.. Key Points:IDC has noted expectations that we’ll see 1.3 billion mobile workers by 2015, accounting for close to 40% of the entire global workforce. (37.2% of the workforce.) (Are there data points more specific to executive adoption/use—numbers, growth rates?)Transition:So why execs? Because they are the ones driving this revolution
Intro: Research proves that executives are the force of change. Key Points:Execs and managers are the ones driving organizations to adopt non-standard devices, because they are seeing the value in their own lives now. Illustration/Anecdotes/Proof: We’ve seen this at Citrix. Our own CEO Mark Templeton has pushed for this type of mobility because he is on the go all the time and he needs to stay productive.Transition: While supporting all mobile workers is important for the business, our view is that you need to make the requirements of your highest impact employees an immediate priority. Here’s why..
Intro: Here are some data points that demonstrate how quickly things are moving. Key Points:First, the sheer number of devices that employees use is exploding. Nearly two-thirds of workers use 3 or more separate devices every day, and the number keeps growing. And the device types employees are demanding are changing rapidly as well, from the old expectation of work PCs, to the demand for access from home computers, to today’s reality of more workers wanting to work more effectively using their mobile devices and tablets.Then there is the shift of work time away from the office. Increasingly, the borders of “work time” and “work place” are disappearing. Employees want and need the ability to do their work at the times and places of their choosing. Today, almost 80% of the workforce must work outside of the office at least 1 day or more per week.Illustration/Anecdotes/Proof: (Prompt a discussion of examples of different user groups that can be more productive and efficient when they have the devices they need and they can work from wherever… sales teams, executives, doctors, attorneys, etc.)Transition: But we at Citrix recognize that adapting to these fundamental shifts is truly challenging for a CIO and an IT department.
First and foremost, let’s take a look at the current state of mobile from the end users perspective. I don’t care if you’re in engineering, IT, sales, or finance, I think most people can relate to this picture. Don’t get me wrong, we’ve come a long way from being dependent on a desktop or laptop for every task, but at times it feels like you need a decision tree or decoder ring to know exactly which device you’ll need to have in order to accomplish a specific tasks. The truth is that only the thrill seekers are going to take the chance of bringing just their tablet along for a business trip. Most of us are still going to haul the laptop along just in case.
And so users are still on the quest for the freedom to access all their apps and data from any of their devices. They want to feel confident that they can experience work and life their way.
Now, things change a bit if you’re in IT. For as much as they’d like to deliver on this promise, mobile presents some big challenges. Multiple mobile operating systems, multiple platforms along with a whole new universe of applications to understand and contend with. And that’s just part of it…
IT is still beholden to the same security and compliance requirements that they had before all of these new devices and apps were introduces. The reality is that mobile just makes things harder. For starters, it’s just easier to lose or get these devices stolen. In fact, 70 million smartphones were lost or stolen in 2011 alone and only 7% of those devices were recovered*. And if just one of those devices leads to a data breach, you’re looking at an average of $7.2 million in recovery costs**. From a compliance perspective, IT now has to consider device ownership and privacy laws in different countries, not to mention the regulatory requirements that get introduced in certain vertical markets.*February 10, 2012, Tabtimes.com, Doug Drinkwater** Morgan Stanley Market Trends
Now if just one of these perspectives were pertinent we wouldn’t really be having this discussion, would we? No. We must balance the needs of security and compliance along while giving users the freedom they need to experience work and life in harmony.
All users are not created equal. Some of your users are granted significantly more trust.
There are basically two classes of “Privileged Users” – Privileged Business Users and Privileged IT UsersHistorically, businesses have implemented a set of policy, process and application level controls to mitigate the risk posed by trusted business users. For example there are policies for background checks, and requirement for two signatures financial transactions over a certain threshold amount, etc.Unfortunately in many cases the Privileged IT users have not received the attention they deserve – especially since they often have unfettered and even anonymous access to network devices holding your critical data assets.
Redefining the PerimeterThe old school M&M security model (hard on the outside and soft in the center) is dead. The classic security perimeter concept is dying as “anywhere network access” and mobile device access becomes the new norm. Enterprises are implementing a defense in depth strategy.New Trust Model NeededDefense in depth is fine but new business realities requires enterprises to revise their trust models.WikiLeaks made it abundantly clear that organizations must pay attention to the trust and associated access granted to “privileged insiders”. In addition to employees, there are many new “privileged insiders”. New business models have introduced “trusted” third parties while changes in IT support models have introduced contractors, consultants, vendors, outsourcers and managed service providers to the list of “privilege insiders”.Spearfishing Attacks Targeting Privileged UsersHackers are specifically targeting employees with privileged account access – spearfishing attacks are often aimed at uncovering administrative passwords that allow attackers to gain a significant foothold in the network, avoid detection and cover their tracksIncreasingly Stringent Compliance and Audit RequirementsAs a result of WikiLeaks and other notable insider breeches, regulators and auditors are paying attention and requiring: Proactive controls be required for privileged accounts and passwordsThat privileged user activities are connected to individuals (not shared admin account passwords)Continuous monitoring for users who access critical infrastructure and/or sensitive/regulated dataThe ability to easily prove compliance with these requirements is of paramount importance to resource strapped IT security organizations
Insider threat remains a clear and present danger while the ramifications of an insider breach are expensive.In a 2011 Study or large enterprises by the Ponemon Institute, 30% of the organizations experienced an attack from a “Malicious Insider”While the “Malicious Insider” breaches were not the most common attack these organizations experienced they were the most costly and time consuming breaches to resolve – bottom chart – taking on average over 45 days to remedy. This only accounts for the very direct cost of investigating/cleaning up for a breach. It does not include direct financial loss or fines associated with the breach. It also does not factor in other soft costs such as the cost of a tarnished brand and loss of reputation.
There are alternatives Do It Yourself methods organizations have used to address privileged user threat. The chart lists technologies that some of our customers have tried to leverage alone or in conjunction with one another. None of provides the full set of essential capabilities required to mitigate this threat. These are all partial solutions. Even when knit together it is not a comprehensive solution and it become a very expensive method of controlling privileged user access and providing the proof to auditors that you are protecting key data from “privileged insiders” threat.We have multiple examples of this, but one large financial services customer – as noted in the quote – made a real attempt to cobble together multiple technologies to address this risk but it was expensive, unmanageable and did not cover everything they needed.
This simplified use case example details the essential controls Unisystems Secure Remote Access Delivery Services provides to mitigate the threat privileged insiders pose.In this scenario an IT employee requires access to the server to perform some maintenance.Explain each control:Vault Passwords – The first step is to change and vault critical passwords (so they don’t show up in spreadsheets) and so privileged users no longer have direct and uncontrolled access to devicesPositively ID User – Employee logs onto Unisystems Secure Remote Access forcing a positive user identification – Our solution supports integration with directories, single-sign-on and two factor ID systemsWhite List/Least Privileged Access – the employee is presented a list of ONLY the servers and network devices they are explicitly authorized to accessCommand Filtering – the commands the employee is enabled to perform can be constrained as requiredSession Monitoring/Recording – all activities are logged and the policy can be set to record the full sessionLeapfrog Prevention – prevent the user from jumping from the authorized device to unauthorized devices.Attributed Use of Shared Privileged Account – even thought the user may be logged in as “root” our solution knows which user was logged in.Complete Activity Logging - all of this activity is logged in a tamper proof log database – Session recordings can be viewed liked a DVR like skip ahead to policy violations.
These are the essential capabilities a solution to effectively protect your organization from the threat privilege insiders pose.
These are the essential capabilities a solution to effectively protect your organization from the threat privilege insiders pose.
These are the essential capabilities a solution to effectively protect your organization from the threat privilege insiders pose.
These are the essential capabilities a solution to effectively protect your organization from the threat privilege insiders pose.
These are the essential capabilities a solution to effectively protect your organization from the threat privilege insiders pose.
Intro: Citrix has the proven expertise and best practices to help you work through these considerations.Key Points:Citrix has the proven expertise and best practices to help you work through these considerations.And we can help you assess, design and deploy an exec mobility solution that will meet the requirements of your most challenging users, helping you think through:Assess: We’ll help you as you to do an assessment thedevices,apps, mobility and security requirements of your mobile execs. With this, we can help define a technology roadmap.Design:Citrix can also help put together a well-documented design that allows you to install, configure and build a solution that leverages your organization’s infrastructure. To do this, you need to be thinking about what hardware and infrastructure is required and what can you leverage, etc, what’s the operations and support design, such as SLAs, Staff required, support agreements required, etc.. And we can design for Test & QA, making sure that Scalability,Performance,Security,Functionality,Usability and Interoperability are covered.Deploy: And lastly, we can help you build, test and rollout a solution in an effectivemanner to ensure that back-end systems and processes are there. This includes User Training / Education / How To guidance, independent analysis & verification of the design implementation, a pilot, and a phased rollout. Transition: We also built the content to help you go through your executive mobility journey…
Intro: The way Citrix looks at executive mobility is this…Key Points:Mobility helps high-value professionals to put their skills and creativity to work more effectively, in more ways, to achieve the best results for the business. Citrix executive mobility solutions empower executives of the future with the mobility they need today with:Wherever, whenever productivityThe best device in any scenarioFace-to-face contact across the globe andHealthier work-life balanceWrap-Up the Presentation: Establish clear next steps and objective of the next meeting.Who is in the room and who is not in the room? Who can serve as a sponsor or be the influencers? Who is it that is most interested?Would they be interested in an assessment – come in to understand their requirements in more detail (devices, users, apps, etc)Technical presentation – other people not there who need to delve into the details of any of the products?POC?Meeting – higher-level group – maybe do a demo in the technologyBring this brochure back to them and see if we can get into another meeting to show them the technology in action.
Intro: The way Citrix looks at executive mobility is this…Key Points:Mobility helps high-value professionals to put their skills and creativity to work more effectively, in more ways, to achieve the best results for the business. Citrix executive mobility solutions empower executives of the future with the mobility they need today with:Wherever, whenever productivityThe best device in any scenarioFace-to-face contact across the globe andHealthier work-life balanceWrap-Up the Presentation: Establish clear next steps and objective of the next meeting.Who is in the room and who is not in the room? Who can serve as a sponsor or be the influencers? Who is it that is most interested?Would they be interested in an assessment – come in to understand their requirements in more detail (devices, users, apps, etc)Technical presentation – other people not there who need to delve into the details of any of the products?POC?Meeting – higher-level group – maybe do a demo in the technologyBring this brochure back to them and see if we can get into another meeting to show them the technology in action.