Mobile Device Security: What s Coming Next?

Size: px
Start display at page:

Download "Mobile Device Security: What s Coming Next?"

Transcription

1 Mobile Device Security: What s Coming Next? By James Lyne, Director of Technology Strategy The mobile device revolution is quite possibly the most significant change in computing since we shifted from the mainframe more than 20 years ago. These handheld devices offer connectivity almost anywhere for constant access to the Internet, and more computing power than the NASA control room for the first moon landing.

2 What s coming next, and what does it mean for security? Your mobile device knows where you are, where you are supposed to be and the details of your conversations and business or personal life. We can now instantly connect our real lives to digital information purchasing tickets, sharing business data or connecting with friends who happen to be nearby. Mobile devices and their rapid development are already helping busy professionals to conduct business and manage their personal lives on the move. But what key technologies are driving the mobile revolution, what happens next, and what are the security implications? New technology, new privacy and security issues It s inevitable that mobile devices will grow more powerful and become ever more integrated into our personal and work lives. We ve seen this in just a short space of time with the big changes in popular platforms like the iphone. Greater computing power and downsizing will make these devices an increasingly viable replacement for the conventional PC, rather than just a supplemental tool. We can also expect further diversification of form factors; the tablet PC has already had immense success but more challengers will follow, including Microsoft s entry in to the hardware market. These new device form factors will blur the boundary of the PC and the mobile until over time they are one. While many of us naturally worry about traditional attacks like malware and phishing on these new devices (and without doubt these issues do exist), new functionality breeds fresh opportunities for the bad guys. New features like augmented reality, facial recognition and integrated social media could leave users open to new kinds of abuse. Augmented reality, for example, connects location information with a user s social media friends, allowing them to identify digital contacts nearby. Many of us are far more scrupulous about real friends than our digital connections. This opens up new possibilities for social engineering, such as figuring out when you are away from your home for crime purposes (sites like PleaseRobMe.com do just this). Facial recognition technology and the tagging of users in photos on social media sites blur the work-home boundaries even more. For example, police officers have already come under attack after their identities were breached by social media and facial recognition technology. NFC (near field contact) technology is another interesting example of innovative technology that aims to deliver convenience for consumers. Some devices already have NFC active and there is a push to use NFC technology to make payments or pass on personal information with a simple swipe of a mobile device over a reader. However, it will introduce a new challenges for security professionals as mobile devices become a target to steal money. A Sophos Whitepaper October

3 The more data we make available on our mobile devices, the more ways bad guys have to create attacks designed to compromise our personal lives, businesses and finances. Equally, the more applications and new capabilities we use the more we increase the attack surface area for the bad guys. Security is not the only problem. Privacy will be challenged too. As we adopt more of these technologies for convenience, we can expect our lives to come under greater surveillance, with mobile devices becoming a combination of a passport, personal record store and social life. A change of attitude Alongside these radical technology changes, business expectations have also changed. Only a few years ago enterprises wanted to block social media sites and non-standard, unmanaged devices. Now we are all consciously trying to embrace these technologies. Organizations now employ teams of people entirely focused on using social media as a channel to market. The default answer to new technology is becoming yes rather than no. We need a new attitude toward information security: Embrace or die. This change of attitude also impacts the future of mobile security and applications. Information security presents us with the interesting challenge of managing risk of allowing devices that in some cases are less secure and more expensive to manage. Mobile applications, the browser and fat clients Mobile devices have been disruptive to the technology we use to produce applications. Over the past few years browser-based applications have challenged the traditional fat client. This is primarily due to their cross-platform capabilities and the fact that they can be accessed from anywhere (or any device). Local mobile applications are growing in number, spurred on by rapid application development frameworks. It s easy to write an app, which is why you can find an app for anything. These applications can also contain vulnerabilities. We ve seen evidence that app writers ignore even basic security best practices. For example, passwords or user data are often poorly encrypted (if at all). Fat clients and browser clients often provided secure APIs and services for these functions. Mobile operating systems increasingly do too, but developers are not consistently using them. Because these platforms lack visibility to back end configuration, these mistakes don t often come to light. Due to a lack of transparency, we don t know how comprehensive application quality checks like Apple s are. The so called walled garden claims to keep bad applications out. But numerous demonstrations of researchers uploading malicious applications show that this security is not a panacea. That said, the volume of malware for Android has far outstripped what we ve seen for Apple. We can expect more challenges at the application layer in the coming years. A Sophos Whitepaper October

4 A different architecture for a different time Mobile devices are not just a smaller version of the traditional PC. The underlying operating systems, from Android to ios, are fundamentally different from PCs and manufacturers have introduced new concepts based on lessons learned from traditional operating systems. Modern mobile platforms tend to include capabilities like sandboxing technology which can isolate applications. The access control and permission systems have also undergone drastic reform from the conventional OS. Rather than a permissions system based on access to arbitrary items like registry keys, they instead focus on more human access permissions, such as whether an application needs to access your location data or SMS messages. These capabilities show great promise for producing a more secure, usable OS. But they are far from perfect. Many of these controls do not come with smart, secure defaults or rely on the user to edit the permissions of an application being installed. And we all recognize the tendency for users to just click OK. Sandboxes are also limited by the need for flexibility and functionality, so aren t complete solutions. However, security vendors can use them to bolster the security of the device by managing them. Mobile device makers are also starting to define their architectures based on modern working practices. BlackBerry, for example, has introduced a feature which provides two isolated working environments on the same device, allowing you to separate work and play data. This creates a trustworthy and secure business environment alongside the flexibility to play games or perform personal tasks. These features combined with security vendors offerings could make for very usable, more secure devices. Unfortunately, to date these solutions have been plagued by poor performance, user experience and battery issues. Malware, hacking and phishing Malware attacks against mobile devices don t come close to the number of attacks against the conventional PC, but they do exist. Android, in particular, has suffered attacks due to its more open application market. But even those with a strong security reputation like BlackBerry have been victims too. Mobile malware we ve seen to date includes fake Internet banking applications which steal your credentials and your money, and in some cases your authentication token code sent by a bank via SMS. Some have been predicting disaster in the mobile security space for many years, and mostly it s been little more than hype. But over the past 12 months we have seen a significant volume of malicious code for Android and other platforms. That said, the threats are still relatively simple and easy to avoid compared to prolific PC malware. This is definitely an area that enterprises need to keep their eye on as the threats evolve. A Sophos Whitepaper October

5 Regulators, compliance and mobile devices Compliance standards continue to evolve, increasing the powers of regulators and enhancing compliance requirements to include full-disk encryption. These standards focus on the PC as the main source of data loss. However, these standards and laws can be equally applied to mobile devices. The form factor of the technology is not an excuse for data loss. Be aware that mobile devices lacking basic compliance controls pose just as much risk to your data compliance as a PC. As more data breaches occur via mobile devices, we are bound to see more sanctions and specific regulation for them. Of course, the requirement for controls and policy may be the same for mobile devices as PCs. But the technical implementation on mobile devices will differ significantly. Pace of development and innovation Perhaps the most significant challenge to mobile device security is the pace of innovation and development on mobile platforms. Where traditional computers might evolve on an month cycle, mobile platforms are changing on a quarter-to-quarter basis, or even more frequently. This velocity of change means users will adopt new applications and ways of sharing data before the security community has a chance to understand the privacy and security implications. As security practitioners we will need to keep re-evaluating these devices and applications to identify new evolving risks. Security solutions will need to be agile and updated faster than before as new issues come to light. Security becomes even more of a service, with constant updates. Although applications and services on the device may update automatically, OS updates for devices often depend on user interaction. This poses the risk that devices missing these updates can be open to vulnerabilities. Jailbreaking of iphones is an excellent example of user desired malware which uses security holes. Jailbreaking allows users to customize their device more than Apple allows and run pirated applications. It s a fairly widespread practice, but it leaves the devices open to malware attacks. The infrastructure for updating and patching security vulnerabilities in mobile devices is far less evolved than the traditional computer industry. Perhaps we should take a look at the lessons Microsoft has had to learn over the years. A Sophos Whitepaper October

6 The user perception issue We ve all been using smartphones for some time now and are accustomed to buying applications or banking online. However, end users of mobile devices seem to feel immune from the risks they acknowledge when they use a PC. We suspect this feeling of invulnerability comes from users having experienced scams or malware on their PC but not on their mobile device. The problem is that users may view these devices as eminently secure, when in reality they are not. When the tide turns and cybercriminals more closely target mobile devices, it may take time for users to understand the threats. Many enterprises have an acceptable use policy and security training for employees on how to protect data and avoid compromise. But some businesses ignore mobile devices as part of their security training. Make sure you modernize your awareness training and get users thinking about mobile device security now, before the security risks become too great. Applying security lessons we ve learned As an industry we ve learned a great number of lessons about producing secure software and enabling security vendors to produce solutions. Vendors and businesses enjoy a relatively supportive relationship with the traditional OS vendors, enabling them to deliver the required security controls. It s far from perfect, but we ve made progress. With these new devices, we are now moving to a new vendor ecosystem. New vendors, including Google and Apple, have different processes, attitudes and levels of expertise. Mobile security has been held back by an absence of APIs. And vendors have in some cases made the same mistakes as the PC industry in the areas of credential security, encryption and privacy. It s critical that these vendors apply the lessons of the traditional PC, rather than starting over. We all need to make sure we apply appropriate pressure on vendors to deliver smart, secure defaults. And we should institute good security capabilities as minimum requirements for mobile devices. Future security tools Future mobile security solutions will need to integrate device, OS and vendor capabilities. Some capabilities will be provided by the device in hardware (e.g., full volume encryption) or the OS (e.g., sandboxing) but will be managed and reported on by security vendors. Anti-malware capabilities will be increasingly required, although they will not be the same as their PC counterpart. Sophos Mobile Security for Android, for example, takes a fundamentally different cloud-based approach to dealing with the malware problem. As mobile devices begin to replace the PC, the delivery model for security will need to evolve. The traditional inspection points for DLP or IPS, for example, will need to work wherever you A Sophos Whitepaper October

7 may be, across many platforms. Tips for planning your mobile security strategy Overall, the mobile security market today is relatively immature and there is a lot of work to do to develop the right security controls on mobile devices. It may be tempting to start with the concept of a comprehensive security offering for mobile devices including antivirus, DLP, HIPS, encryption, app control (and so on). But in reality these capabilities are not yet broadly available or in many cases possible to deliver. Priority one for your mobile security strategy is to get the basics under control. Most data breaches occur due to basic configuration failure: poor passwords, lack of encryption, poor patching or social engineering. Over time mobile threats and the available security controls will evolve. In the meantime, we recommend that you start planning now for the long term. Follow these tips to start planning your mobile security strategy. 1. Continue to evolve. Perhaps the most critical aspect of your long-term strategy is updating and revising it. Mobile devices and technology are going to evolve at an incredible rate, and a conventional three-to-five-year IT strategy is unwise. You should define a six-month strategy and constantly re-evaluate new risks. It is likely user demands and business requirements will change as fast as the market. 2. Keep an eye on compliance. Plan for mobile devices to be more explicitly included in your compliance and regulation requirements, not just the traditional PC. 3. Mind your platforms. Any technology solutions you adopt (such as device management) should be applicable to devices of any type and OS. Popular devices will change quickly and you need to future proof your security controls as much as possible. There is a risk that as you adopt more device types you increase the cost and complexity of managing them. Challenge vendors to solve this issue for you with broad platform support. 4. Manage personal device use. Carefully look at the combination of work and personal data on mobile devices. These devices are often the extreme scenario, blending work and personal contacts, and data into one UI with little differentiation for the end user. Deploy policies and practices to help users avoid making silly mistakes which lead to compromising themselves and your business. You should also carefully review the employee contracts and legal rights that change with a blended device versus the traditional work-only platform. 5. Invest in user awareness. Your users need to understand that their mobile devices are not completely secure. Help your users to appreciate the value of the information (both personal and business) on their devices. Security is a combination of people, process and technology. Make sure your users stay aware of threats as they evolve. A Sophos Whitepaper October

8 6. Go broad. Don t be overly clinical with your definition of mobile devices. Different form factors are evolving every day and your strategy needs to encompass tablets, smartphones and other potential embedded devices. That said, it would be wise to authorize a specific list of devices. Many enterprises allow specific versions of an OS which include minimum required security capabilities like full-disk encryption. As the devices mature, your list will grow longer. 7. Embrace or die. Entirely resisting new devices and technologies is not a tenable position for most organizations. Allowing certain devices like the ipad at an appropriate level of security in your organization will give you points with employees. That good will allows you to ban more risky technologies, and helps you avoid insecure adoption under the radar. 8. Get the basics right. Patching, good passwords and proper configuration of inbuilt security controls can go a very long way. Yet many enterprises still put themselves at risk by introducing these devices without enabling these controls. 9. Watch this space. At Sophos, we re releasing new mobile security controls as the platforms and problems evolve. Customers running our mobile security capabilities are linking in to a journey as the issues evolve, rather than a final mobile security capability. Sophos EndUser Protection Try it now for free United Kingdom Sales: Tel: +44 (0) North American Sales: Toll Free: Australia & New Zealand Sales: Tel: Boston, USA Oxford, UK Copyright Sophos Ltd. All rights reserved. All trademarks are the property of their respective owners. A Sophos Whitepaper 10.12v1.dNA

HTML5 and security on the new web

HTML5 and security on the new web HTML5 and security on the new web By James Lyne, Director of Technology Strategy There are lots of changes happening to the key technologies that power the web. The new version of HTML, the dominant web

More information

Protecting Your Data On The Network, Cloud And Virtual Servers

Protecting Your Data On The Network, Cloud And Virtual Servers Protecting Your Data On The Network, Cloud And Virtual Servers How SafeGuard Encryption can secure your files everywhere The workplace is never static. Developments include the widespread use of public

More information

Managing BitLocker With SafeGuard Enterprise

Managing BitLocker With SafeGuard Enterprise Managing BitLocker With SafeGuard Enterprise How Sophos provides one unified solution to manage device encryption, compliance and Microsoft BitLocker By Robert Zeh, Product Manager Full-disk encryption

More information

Mobile Device Management Buyers Guide

Mobile Device Management Buyers Guide Mobile Device Management Buyers Guide IT departments should be perceived as the lubricant in the machine that powers an organization. BYOD is a great opportunity to make life easier for your users. But

More information

Keeping Data Safe When Using Mobile Devices

Keeping Data Safe When Using Mobile Devices Keeping Data Safe When Using Mobile Devices Saying yes to people who want to use smartphones and tablets, safe in the knowledge you can keep them secure By Ollie Hart, Head of Public Sector, UK&I Data,

More information

Protecting Your Roaming Workforce With Cloud-Based Security

Protecting Your Roaming Workforce With Cloud-Based Security Protecting Your Roaming Workforce With Cloud-Based Security How to use the cloud to secure endpoints beyond your perimeter By Tsailing Merrem, Senior Product Marketing Manager Remote and roaming workers

More information

IT Resource Management vs. User Empowerment

IT Resource Management vs. User Empowerment Mobile Device Management Buyers Guide IT Resource Management vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity leading to rising mobile

More information

Five Tips to Reduce Risk From Modern Web Threats

Five Tips to Reduce Risk From Modern Web Threats Five Tips to Reduce Risk From Modern Web Threats By Chris McCormack, Senior Product Marketing Manager and Chester Wisniewski, Senior Security Advisor Modern web threats can infect your network, subvert

More information

Sample Mobile Device Security Policy

Sample Mobile Device Security Policy Sample Mobile Device Security Policy Using this policy One of the challenges facing IT departments today is securing both privately owned and corporate mobile devices, such as smartphones and tablet computers.

More information

IT Resource Management & Mobile Data Protection vs. User Empowerment

IT Resource Management & Mobile Data Protection vs. User Empowerment Enterprise Mobility Management Buyers Guide IT Resource Management & Mobile Data Protection vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity

More information

Mobile Madness or BYOD Security?

Mobile Madness or BYOD Security? Mobile Madness or BYOD Security? How to take control of your mobile devices By Barbara Hudson, Senior Product Marketing Manager The Bring Your Own Device paradigm has rapidly moved from novelty to near

More information

The Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them

The Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them The Increasing Threat of Malware for Android Devices 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them INTRODUCTION If you own a smartphone running the Android operating system, like the

More information

Social media in the enterprise: Great opportunities, great security risks

Social media in the enterprise: Great opportunities, great security risks Social media in the enterprise: Great opportunities, great security risks Just as consumerization drove the iphone s rapid growth from a consumer device to an enterprise business tool, social media, too,

More information

Your Company Data, Their Personal Device What Could Go Wrong?

Your Company Data, Their Personal Device What Could Go Wrong? Your Company Data, Their Personal Device What Could Go Wrong? Top 5 Myths about Mobile Security By Barbara Hudson, Senior Product Marketing Manager Employee use of smartphones and tablets to access corporate

More information

Healthcare Buyers Guide: Mobile Device Management

Healthcare Buyers Guide: Mobile Device Management Healthcare Buyers Guide: Mobile Device Management Physicians and other healthcare providers see value in using mobile devices on the job. BYOD is a great opportunity to provide better and more efficient

More information

Encryption Buyers Guide

Encryption Buyers Guide Encryption Buyers Guide Today your organization faces the dual challenges of keeping data safe without affecting user productivity. Encryption is one of the most effective ways to protect information from

More information

10 Quick Tips to Mobile Security

10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22

More information

4 Steps to Effective Mobile Application Security

4 Steps to Effective Mobile Application Security Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional

More information

Botnets: The dark side of cloud computing

Botnets: The dark side of cloud computing Botnets: The dark side of cloud computing By Angelo Comazzetto, Senior Product Manager Botnets pose a serious threat to your network, your business, your partners and customers. Botnets rival the power

More information

SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE

SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE Michael CLICK TO Albek EDIT MASTER - SecureDevice SUBTITLE STYLE 2011 Driven by changing trends and increasing globalization, the needs of

More information

Building a Next-Gen Managed Security Practice

Building a Next-Gen Managed Security Practice Building a Next-Gen Managed Security Practice IT Security MSPs: In the beginning We all remember the old days of Managed Service Providers (MSP). By acting as an IT security expert for companies who did

More information

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing Driving Productivity Without Compromising Protection Brian Duckering Mobile Trend Marketing Mobile Device Explosion Paves Way for BYOD 39% 69% 340% 2,170% 2010 177M corp PCs 2015 246M corp PCs 2010 173

More information

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them? Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices

More information

Strengthen Microsoft Office 365 with Sophos Cloud and Reflexion

Strengthen Microsoft Office 365 with Sophos Cloud and Reflexion Strengthen Microsoft Office 365 with Sophos Cloud and Reflexion Many organizations are embracing cloud technology and moving from complex, rigid on-premise infrastructure and software to the simplicity

More information

Chris Boykin VP of Professional Services

Chris Boykin VP of Professional Services 5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing

More information

Plugging the Holes in Mobile Security: The Rising Threat Jennifer M. Pigg, VP of Research, Yankee Group Nick Wade, Group Product Manager, Symantec

Plugging the Holes in Mobile Security: The Rising Threat Jennifer M. Pigg, VP of Research, Yankee Group Nick Wade, Group Product Manager, Symantec Plugging the Holes in Mobile Security: The Rising Threat Jennifer M. Pigg, VP of Research, Yankee Group Nick Wade, Group Product Manager, Symantec June 2011 Copyright 2011. Yankee Group Research, Inc.

More information

Sample Data Security Policies

Sample Data Security Policies This document provides three example data security policies that cover key areas of concern. They should not be considered an exhaustive list but rather each organization should identify any additional

More information

Securing the future of mobile services. SIMalliance Open Mobile API. An Introduction v2.0. Security, Identity, Mobility

Securing the future of mobile services. SIMalliance Open Mobile API. An Introduction v2.0. Security, Identity, Mobility 1 An Introduction v2.0 September 2015 Document History 2 Version Date Editor Remarks 1.0 06/04/2011 OMAPI Working Group Public release 2.0 27/09/2015 OMAPI Working Group Public release Copyright 2015 SIMalliance

More information

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering! guyton.thorne@kaspersky.com

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering! guyton.thorne@kaspersky.com Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS! Guyton Thorne! Sr. Manager System Engineering! guyton.thorne@kaspersky.com 1 Business drivers and their impact on IT AGILITY! Move fast, be nimble

More information

The State of Encryption

The State of Encryption The State of Encryption Today Results of an independent survey of 1700 IT managers The way in which people work today has changed significantly since businesses started using encryption products to secure

More information

Protecting personally identifiable information: What data is at risk and what you can do about it

Protecting personally identifiable information: What data is at risk and what you can do about it Protecting personally identifiable information: What data is at risk and what you can do about it Virtually every organization acquires, uses and stores personally identifiable information (PII). Most

More information

The Sophos Security Heartbeat:

The Sophos Security Heartbeat: The Sophos Security Heartbeat: Enabling Synchronized Security Today organizations deploy multiple layers of security to provide what they perceive as best protection ; a defense-in-depth approach that

More information

Vision on Mobile Security and BYOD BYOD Seminar

Vision on Mobile Security and BYOD BYOD Seminar Vision on Mobile Security and BYOD BYOD Seminar Brussel, 25 september 2012 Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl +31 610 999 199 1

More information

Simple Security Is Better Security

Simple Security Is Better Security Simple Security Is Better Security How small and medium-sized businesses can benefit from cloud-based security By Tsailing Merrem, Senior Product Marketing Manager Most vendors seem to assume that small

More information

Buyers Guide to Web Protection

Buyers Guide to Web Protection Buyers Guide to Web Protection The web is the number one source for malware distribution today. While many organizations have replaced first-generation URL filters with secure web gateways, even these

More information

Guideline on Safe BYOD Management

Guideline on Safe BYOD Management CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version

More information

Simplifying the Challenges of Mobile Device Security

Simplifying the Challenges of Mobile Device Security WHITE PAPER Three Steps to Reduce Mobile Device Security Risks Table of Contents Executive Overview 3 Mobile Device Security: 3 Just as Critical as Security for Desktops, Servers, and Networks 3 Find the

More information

Kaspersky Security for Mobile

Kaspersky Security for Mobile Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months

More information

Securing Corporate Email on Personal Mobile Devices

Securing Corporate Email on Personal Mobile Devices Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...

More information

Enterprise mobility trends 2015 and beyond

Enterprise mobility trends 2015 and beyond Sponsored by >> Whitepaper Enterprise mobility trends 2015 and beyond How to best manage mobile in the workplace and deal with challenges from current and emerging technologies FEBRUARY 2015 resources

More information

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks Smartphones and tablets are invading the workplace along with the security risks they bring with them. Every day these devices go unchecked by standard vulnerability management processes, even as malware

More information

BYOD File Sharing Go Private Cloud to Mitigate Data Risks

BYOD File Sharing Go Private Cloud to Mitigate Data Risks AN ACCELLION WHITE PAPER BYOD File Sharing Go Private Cloud to Mitigate Data Risks Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite 200 www.accellion.com Palo Alto, CA

More information

of firms with remote users say Web-borne attacks impacted company financials.

of firms with remote users say Web-borne attacks impacted company financials. Introduction As the number of users working from outside of the enterprise perimeter increases, the need for more efficient methods of securing the corporate network grows exponentially. In Part 1 of this

More information

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape IDENTITY & ACCESS BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape Introduction How does your enterprise view the BYOD (Bring Your Own Device) trend opportunity

More information

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program Mobile Application Security Helping Organizations Develop a Secure and Effective Mobile Application Security Program by James Fox fox_james@bah.com Shahzad Zafar zafar_shahzad@bah.com Mobile applications

More information

Strategies for Protecting Virtual Servers and Desktops

Strategies for Protecting Virtual Servers and Desktops Strategies for Protecting Virtual Servers and Desktops by Jonathan Tait, Product Marketing Manager Virtualization Today Over the past few years, virtualization technology has transformed the data center.

More information

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for White Paper What the ideal cloud-based web security service should provide A White Paper by Bloor Research Author : Fran Howarth Publish date : February 2010 The components required of an effective web

More information

Three simple steps to better patch security

Three simple steps to better patch security Three simple steps to better patch security By John Metzger, Senior Product Marketing Manager and Sean Newman, Senior Product Manager It s estimated that 90% of successful attacks against software vulnerabilities

More information

Cybersecurity in 2015

Cybersecurity in 2015 Cybersecurity in 2015 Cybersecurity is experiencing enormous growth, as an industry and as a theme in the daily lives of people and businesses using technology. And because our technology keeps changing

More information

Top five strategies for combating modern threats Is anti-virus dead?

Top five strategies for combating modern threats Is anti-virus dead? Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the

More information

Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise

Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise Jan Wiewiora White Paper Introduction Users are increasingly relying on smartphones and tablets for work. Recent

More information

Five Steps to Android Readiness

Five Steps to Android Readiness Five Steps to Android Readiness Android State of the Union Ready or not, Android is coming to the enterprise. The rise of Google s Android operating system has ushered a new wave of mobile devices and

More information

Securing Endpoints without a Security Expert

Securing Endpoints without a Security Expert How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series

More information

PARTNER LOGO. The. C s. Mobile Device Management

PARTNER LOGO. The. C s. Mobile Device Management PARTNER LOGO The AB C s of Mobile Device Management Hundreds of models, multiple carriers, OSs from Gingerbread to Jelly Bean Android fragmentation is scary for IT, but it s far from a problem with Mobile

More information

Feature BYOD - MOBILITY GOES VIRAL

Feature BYOD - MOBILITY GOES VIRAL Feature BYOD - MOBILITY GOES VIRAL 68 Quarter One 2012 A year ago it was the development no employer wanted to know about; now, it s the movement every employer has to deal with. Bringyour-own-device (BYOD)

More information

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0 White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative

More information

Seven Keys to Securing Your Growing Business

Seven Keys to Securing Your Growing Business Seven Keys to Securing Your Growing Business Common-sense guidelines for simplifying your security By Tsailing Merrem, Senior Product Marketing Manager The economy is picking up and business is growing

More information

Patrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS

Patrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS Patrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS I want you to take home four points Understand Educate Collaborate Prepare It s a great

More information

The Maximum Security Marriage:

The Maximum Security Marriage: The Maximum Security Marriage: Mobile File Management is Necessary and Complementary to Mobile Device Management The bring your own device (BYOD) trend in the workplace is at an all-time high, and according

More information

"Secure insight, anytime, anywhere."

Secure insight, anytime, anywhere. "Secure insight, anytime, anywhere." THE MOBILE PARADIGM Mobile technology is revolutionizing the way information is accessed, distributed and consumed. This 5th way of computing will dwarf all others

More information

Security challenges for internet technologies on mobile devices

Security challenges for internet technologies on mobile devices Security challenges for internet technologies on mobile devices - Geir Olsen [geiro@microsoft.com], Senior Program Manager for Security Windows Mobile, Microsoft Corp. - Anil Dhawan [anild@microsoft.com],

More information

Hands on, field experiences with BYOD. BYOD Seminar

Hands on, field experiences with BYOD. BYOD Seminar Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl

More information

5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet

5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet 5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet Sr. Sales Engineer 1 What we ll talk about What is BYOD? Mobile Revolution, the Post PC era? BYOD: What to consider 1. Users 2. Devices

More information

The Truth About Enterprise Mobile Security Products

The Truth About Enterprise Mobile Security Products The Truth About Enterprise Mobile Security Products Presented by Jack Madden at TechTarget Information Security Decisions 2013 Welcome to my enterprise mobile security product session! Instead of printing

More information

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions Your home is your business and your farm is your network. But who has access to it? Can you protect

More information

The. C s. of Mobile Device. Management

The. C s. of Mobile Device. Management The AB C s of Mobile Device Management Hundreds of models, multiple carriers, OSs from Gingerbread to Jelly Bean Android fragmentation is scary for IT, but it s far from a problem with Mobile Device Management

More information

Feature List for Kaspersky Security for Mobile

Feature List for Kaspersky Security for Mobile Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance

More information

Mobile Security: Controlling Growing Threats with Mobile Device Management

Mobile Security: Controlling Growing Threats with Mobile Device Management Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work

More information

Security Threats to Business, the Digital Lifestyle, and the Cloud. Trend Micro Predictions for 2013 and Beyond

Security Threats to Business, the Digital Lifestyle, and the Cloud. Trend Micro Predictions for 2013 and Beyond Security Threats to Business, the Digital Lifestyle, and the Cloud Trend Micro Predictions for 2013 and Beyond In 2013, managing the security of devices, small business systems, and large enterprise networks

More information

BYOD File Sharing - Go Private Cloud to Mitigate Data Risks. Whitepaper BYOD File Sharing Go Private Cloud to Mitigate Data Risks

BYOD File Sharing - Go Private Cloud to Mitigate Data Risks. Whitepaper BYOD File Sharing Go Private Cloud to Mitigate Data Risks BYOD File Sharing - Go Private Cloud to Mitigate Data Risks An Accellion Whitepaper BYOD File Sharing Go Private Cloud to Mitigate Data Risks Executive Summary The consumerization of IT and the popularity

More information

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync McAfee Enterprise Mobility Management Versus Microsoft Secure, easy, and scalable mobile device management Table of Contents What Can Do? 3 The smartphone revolution is sweeping the enterprise 3 Can enterprises

More information

Webroot Security Intelligence for Mobile Suite. Cloud-based security solutions for mobile management providers

Webroot Security Intelligence for Mobile Suite. Cloud-based security solutions for mobile management providers Webroot Security Intelligence for Mobile Suite Cloud-based security solutions for mobile management providers TABLE OF CONTENTS INTRODUCTION 3 WEBROOT INTELLIGENCE NETWORK 4 MOBILE SECURITY INTELLIGENCE

More information

The smartphone revolution

The smartphone revolution Mobile Applications Security Eugene Schultz, Ph.D., CISSP, CISM, GSLC Chief Technology Officer Emagined Security EugeneSchultz@emagined.com ISSA-Los Angeles Los Angeles, California January 19, 2011 Emagined

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey

More information

Perception and knowledge of IT threats: the consumer s point of view

Perception and knowledge of IT threats: the consumer s point of view Perception and knowledge of IT threats: the consumer s point of view It s hard to imagine life without digital devices, be it a large desktop computer or a smartphone. Modern users are storing some of

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

SANS Mobility/BYOD Security Survey

SANS Mobility/BYOD Security Survey Sponsored by Bradford Networks, MobileIron, and HP Enterprise Security Products SANS Mobility/BYOD Security Survey March 2012 A SANS Whitepaper Written by: Kevin Johnson Advisor: Barbara L. Filkins Survey

More information

Network Security for Mobile Users

Network Security for Mobile Users Network Security for Mobile Users Establishing a Logical Perimeter October 2014 Table of Contents Executive Summary 3 The Enterprise Standard of Security 4 Many Ways to Leave the Network 4 A Requiem for

More information

IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE. Part I: Reducing Employee and Application Risks

IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE. Part I: Reducing Employee and Application Risks IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part I: Reducing Employee and Application Risks As corporate networks increase in complexity, keeping them secure is more challenging. With employees

More information

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential Best Practices for Smartphone Apps A smartphone is basically a computer that you can carry in the palm of your hand. Like computers, smartphones have operating systems that are often called platforms.

More information

Enterprise Apps: Bypassing the Gatekeeper

Enterprise Apps: Bypassing the Gatekeeper Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that

More information

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Table of Contents How TrustDefender Mobile Works 4 Unique Capabilities and Technologies 5 Host Application Integrity

More information

Statement of Direction

Statement of Direction Mobile First: Taking Mobile CRM to the Next Level 1 January 2013 Mobile First: Taking Mobile CRM to the Next Level Whitepaper Mobile First: Taking Mobile CRM to the Next Level 2 Table of Contents Notes...

More information

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

Protect Yourself. Who is asking? What information are they asking for? Why do they need it? Protect Yourself Your home computer serves many purposes: email, shopping, social networking and more. As you surf the Internet, you should be aware of the various ways to protect yourself. Of primary

More information

Symantec Mobile Management for Configuration Manager 7.2

Symantec Mobile Management for Configuration Manager 7.2 Symantec Mobile Management for Configuration Manager 7.2 Scalable, Secure, and Integrated Device Management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices

More information

The Bring Your Own Device Era:

The Bring Your Own Device Era: The Bring Your Own Device Era: Benefits Clearly Justify BYOD, but Businesses Must Mitigate Security, Compliance and Application Performance Risks Executive Overview The Bring-Your-Own-Device (BYOD) era

More information

BEST PRACTICES IN BYOD

BEST PRACTICES IN BYOD 1 BEST PRACTICES IN BYOD Addressing BYOD Challenges in the Enterprise Whitepaper 2 Best Practices in BYOD Bring Your Own Device (BYOD) offers many potential advantages: enhanced productivity, increased

More information

What to Consider Before You Tell Users They Can BYOD

What to Consider Before You Tell Users They Can BYOD page 2 Consumers soon found that the devices they used in their personal lives could also be used in their professional lives. They could access not only the internet, but their business network as well.

More information

MOBILE DEVICE SECURITY FOR ENTERPRISES

MOBILE DEVICE SECURITY FOR ENTERPRISES MOBILE DEVICE SECURITY FOR ENTERPRISES Working Draft, Not for Distribution May 8, 2014 mobile-nccoe@nist.gov Certain commercial entities, equipment, or materials may be identified in this document in order

More information

BYOD Guidance: BlackBerry Secure Work Space

BYOD Guidance: BlackBerry Secure Work Space GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.

More information

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies

More information

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security A World of Constant Threat We live in a world on constant threat. Every hour of every day in every country around the globe hackers

More information

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM) 10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM) CONTENT INTRODUCTION 2 SCOPE OF BEST PRACTICES 2 1. HAVE A POLICY THAT IS REALISTIC 3 2. TAKE STOCK USING A MULTIPLATFORM REPORTING AND INVENTORY TOOL...3

More information

Symantec Mobile Management 7.1

Symantec Mobile Management 7.1 Scalable, secure, and integrated device management for healthcare Data Sheet: Industry Perspectives Healthcare Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any

More information