The Dbriefs Technology Executive series presents: Securing Enterprise Social Media and Mobility Apps JR Reagan, Principal, Deloitte & Touche LLP Kieran Norton, Principal, Deloitte & Touche LLP August 4, 2011
Release for answers to polling questions Understand that any data or information provided by you as part of participating in this Dbriefs webcast ( webcast ) may be used by Deloitte in connection with this webcast, other studies, or analyses performed by Deloitte, publications, or in connection with services provided by Deloitte or otherwise. Understand that this webcast is the proprietary property of Deloitte. Understand that any such data or information may be disclosed by Deloitte to related entities or other third parties, including, without limitation, in publications, in connection with this webcast or such studies, analyses, or services, provided that such data or information does not contain any information that identifies you or associates you with the data or information that you have provided or are providing. Understand disclosure of such data or information could be required by law, in which case Deloitte will endeavor to notify you.
Agenda Social media trends, drivers and risks The interplay between social media and mobility Lessons from early adopters Summary Question & answer
Social media trends, drivers and risks
Social media Did you know? Of the Fortune Global 100, 65% have active Twitter accounts, 54% have facebook fan pages, 50% have YouTube video channels and 33% have corporate blogs 2010 Burson-Marsteller study 75% of Internet users worldwide visit social networks or blogs; 22% of the time spent on Internet usage is spent on social media activities Nielsen Corporation, April 2010 Facebook has more than 750 Million users, making it equivalent in population to the world s third largest country -- Facebook.com, WorldAtlas.com, July 2011 More than 250 million users access Facebook through mobile devices and are twice as active as non-mobile users -- Facebook.com
Poll question #1 Does your organization currently allow the use of social media applications in the workplace? Yes, employees are free to use social media tools for personal or organizational use Yes, employees are free to use social media tools on behalf of the organization Yes, but only designated individuals may use social media tools on behalf of the organization Yes, but social media tools are used only by an outside vendor on our behalf No usage of social medial tools is allowed Don t know/not Applicable
Social media on the rise Use of social media/networking tools while on the corporate LAN 2008 2010 35% 33% 30% 27% 25% 24% 24% 24% 20% 19% 20% 17% 15% 13% 14% 10% 5% 0% Total US UK Germany Japan Source: Trend Micro 2010 Corporate End User Study
Business drivers for social media The adoption of social media as a business tool is rapidly increasing and can bring tremendous value 1 Increase productivity and operational efficiencies through collaboration and communication 2 Foster creativity, innovation, and collaboration 3 Enhance customer and stakeholder relationships
Social media risk landscape Identity Theft Viruses/ Malware Impersonation Privacy Information Leakage Legal/ Regulatory Social Network Statistics 25% of companies surveyed investigated exposure of sensitive information via a blog or message board; 20% investigated exposure via a social networking site 1 Intellectual Property Theft Access Control Defamation Brand / Reputation Copyright/ Trademark Harassment A cybercriminal recently offered packages of 1,000 Facebook accounts with 10 or fewer friends for $25, and 1,000 accounts with 10 or more friends for $45 2 Some Twitter accounts being sold for $1,000+ 3 Opportunity Risk for Late Adopters 1 Proofpoint and Osterman Research, Outbound Email and Data Loss Prevention in Today s Enterprise, 2010 2 Verisign idefense, April 2010 3 Kaspersky Labs, February 2010
Damaging your own brand Classic Cases of Social Media Missteps Anonymous chat, blogs, Wikipedia edits Masquerading online as a customer Response to rogue or negative postings Addressing customer service issues through normal channels -- before the customers escalate online
Poll question #2 Based upon the risks and threats presented previously, what has your organization done to address social media risks? Developed and communicated social media security and privacy policy Established social media governance committee Implemented technology and/or monitoring controls More than one of the above None of the above Don t know/not Applicable
The interplay between social media and mobility
The social media/mobile relationship Social media and mobile security risks are closely linked given the majority of social media access is being driven through mobile platforms. Entertainment Review & opinion Virtual community Collaboration Multimedia Social Media Conversation 1 The State of the U.S. Mobile Advertising Industry and What Lies Ahead, comscore,june 2011
Poll question #3 Do you think your organization currently has unapproved or unauthorized mobile devices (smartphones, tablets, e- readers) connecting to your enterprise intranet, email server etc.? Yes, I believe there are unauthorized PDAs connecting to my intranet Yes, I believe there are unauthorized tablets connecting to my intranet Yes, I believe there are unauthorized PDAs and tablets connecting to my intranet No, all devices connecting to my intranet are authorized No, all devices connecting to my intranet are authorized and we actively monitor for rogue device connections Don t know/not Applicable
Mobility growth Is innovation or consumerization driving proliferation? Employees, including senior executives, are demanding greater choice, flexibility and capabilities as they rapidly adopt and extend the use of smart phones and tablets Employees and customers Increasingly leverage these devices in their day-to-day work and personal lives Application platforms can extend the desktop to handheld devices and deliver more powerful tools to employees, potentially increasing productivity and improving bottom line performance Companies are also looking to take advantage of mobile technologies to extend their current online business models
But Mobile devices present relatively easy, low-risk points of entry to attackers, who can compromise and remotely monitor them for passwords, account numbers, and personal identification data Mobile devices are especially vulnerable to theft and loss, potentially resulting in data leakage Mobile malware is increasing and mobile device security solutions are immature There are significant, natural conflicts when using the same device for corporate and personal use The proliferation of mobile apps complicates the enforcement of enterprise security standards The key: find a pragmatic balance between security and usability
Poll question #4 Based on the mobile security threats discussed during the previous slide and knowing your organization s risk profile, which risk area concerns you most when it comes to mobility? Operational risk Technology risk Infrastructure & device risk Legal & regulatory risk All of the above Don t know/not applicable
Lessons from early adopters
What are early adopters doing? Taking an organization-centric approach 1. Understand the specific mobility use cases 2. Understand key mobility risks that affect the organization 3. Incorporate key business drivers and objectives 4. Implement security controls through both policy and technology 5. Enable, not disable adoption of new innovations (it s not stopping here )
Poll question #5 To what degree does your organization have strategies, policies, procedures and technology controls in place to effectively enforce mobile security while also meeting mobility business objectives? Overarching mobile security program inclusive of governance, process, technology and training Only process controls in the form of high level policies and procedures Only technology controls such as mobile device management solutions (MDM) Some combination of technology & process controls None of the above Don t know/not applicable
Summary
Responding nimbly Managing growing pains Content Management Risk Monitoring Access Management Policies / Standards Virus Protection Data Leakage Prevention Activity Monitoring User Education Secure Coding Vigilant Culture
Question and Answer
Join us September 1 at 2 PM ET as our Technology Executives series presents: The Death of ERP: An Urban Legend Is Dispelled
CPE certificates are now available for immediate download. Click the Request CPE link in the lower right hand corner of the screen.
Contact info Mark White Principal Deloitte Consulting LLP mawhite@deloitte.com JR Reagan Principal Deloitte & Touche LLP jreagan@deloitte.com Kieran Norton Principal Deloitte & Touche LLP kinorton@deloitte.com
This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation.
About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.