1. The Smart Mobile Device Environment 2. Rising Risks and Concerns with Smart Devices 3. Managing Mobile Devices In The Enterprise 4.
|
|
- Vincent Owen
- 8 years ago
- Views:
Transcription
1 Questions 1) How many people have at least one smart mobile device that you use for business? 2) How many people have Android? 3) How many ios devices? 4) How many people have jailbroken devices? 1
2 1. The Smart Mobile Device Environment 2. Rising Risks and Concerns with Smart Devices 3. Managing Mobile Devices In The Enterprise 4. Other Issues and Concerns 2
3 3
4 They are everywhere At the end of 2011, there were 6 billion mobile subscriptions, worldwide That is equivalent to 80 percent of the world population In the US mobile cellular subscriptions 100% of population In Europe around 120% Other areas ranging from 74% to over 150% 4
5 In terms of geographic distribution smart Mobile devices are everywhere Developing nations might be currently lagging behind in total numbers and per capita use However developing nations also among the fastest growing smart mobile user base Partly because there is very little terrestrial infrastructure for other forms of connectivity like fixed wire line telephone or broadband service Its cheaper and easier to build a cellular infrastructure than a wired one And that infrastructure is less likely to be washed out by a flood or damaged by an earthquake 5
6 When it comes to Internet connectivity, mobile broadband usage eclipses fixed wire-line broadband services Vastly more people have a mobile broadband connection than a fixed broadband connection This is true even in the United States, where there are almost double the number of mobile broadband vs. fixed broadband 6
7 1. Smart mobile devices have had a phenomenal adoption rate The ipad has the fastest adoption rate of any technology, ever, possibly eclipsing even the wheel, or fire if you believe Apple 2011 numbers are a huge increase from 5.4 billion in 2010 and 4.7 billion mobile subscriptions in 2009 up over 50% in some areas Market growth is being driven by demand in the developing world, led by rapid mobile adoption in China, Africa and India Mobile subscriptions outnumber fixed lines 5:1 (more so in developing nations); Mobile broadband outnumbers fixed broadband 2:1. Total smartphone sales in 2011 were almost 500 million units up over 60 percent from This makes smartphones about 32 percent of all handsets shipped. 7
8 Looking at smartphone growth, In terms of the major players in the market, I don t think there is a lot of surprise here When it comes to hardware sales, the top five smart phone vendors worldwide in 2011 were Samsung, Apple, Nokia, RIM, HTC Of those Nokia sales declined 23% and RIM s sales were almost stagnant at 5% growth Samsung, Apple, and HTC had a 310%, 96%, and 100% growth rate respectively Growth by operating system reflects the hardware sales Android had almost 250% year on year growth 2011 vs 2010 ios had almost 100% growth in the same period Interesting newcomer Bada from Samsung aimed at being a low end smartphone OS for not so smart hardware platforms small market share but huge growth worth keeping an eye on Nobody else in the market even comes close Symbian and Windows phone had negative growth 8
9 What are the driving factors for integrating smart mobile devices into the enterprise? One that is often talked about is cost reduction That is, off setting the cost of corporate provided or corporate subsidized handsets by allowing employees to to use their own devices Quite frankly, I have never seen any numbers to support the cost reduction argument, MDM vendors are also backing away from it Another factor that is often discussed in the media is increased productivity Again, I have yet to see any numbers supporting this claim I do believe there is a significant potential value, as new and imaginative ways of leveraging smart mobile devices arrive, there may be some other arguments to support enterprise mobile device integration And as we will see, there are some significant concerns that need to be considered 9
10 Considerations What are the goals for allowing mobile devices into your enterprise? How can you measure how well you achieve these goals? What data will and will not be allowed on mobile devices? Which employees and contractors will be allowed to connect? 10
11 11
12 Based on some recent surveys, there is at least C level recognition of the risks associated with mobile devices in the enterprise Given this level of concern, and in light of the amount of customer data stored on mobile devices, it is definitely worth taking a hard look at the risks and potential mitigating factors when considering mobile devices in the enterprise 12
13 So what are the security concerns with smart mobile devices? Well, obviously given that there is customer data stored on half of the devices used for business, physical security of the device is a huge concern Stored data, including access credentials, is at risk anytime a devices is lost, stolen, an employee leaves the company, the device is recycled, or sold on ebay How can the enterprise be sure that sensitive data, or network access, does not into the wrong hands? Encryption of locally stored data is available in ios since about ios 4.3, as long as a passcode is configured ipad2 and iphone4 and later have hardware based encryption Android is a different story, no device encryption until 4.0 aka Ice Cream Sandwich, and then it depends on vendor support Even more troubling however, is the official stance by both Android and Apple that ultimately the security of the device rests with the end user Obviously a disturbing position for those with responsibility for securing corporate data 13
14 Second to the physical security issue, but rapidly gaining ground, is the mobile malware risk Mobile malware is becoming more and more sophisticated Mirroring malware in the desktop world, but evolving at a much greater pace 2011 saw an incredible growth in mobile malware over 1,500% as compared to 2009, almost 370% over 2010 Amost a 2,000% increase in December vs January 2012 is on track to be the year of mobile malware Mobile malware is borrowing technology from the desktop world adapting to not only the mobile technology, but the mobile usage patterns In particular leveraging social networking and social engineering approaches By far the greatest growth in malware is in Androids Last week the first Android Bootkit DKFBootKit was discovered raising the ante again DKFBootKit piggybacks on legitimate applications to infect the device, then replaces key daemons to compromise the device at boot time before the Android framework is fully loaded 14
15 Mobile malware exhibits all the same types of behavior we re used to in other environments In addition mobile malware can monetize the infection directly by sending SMS messages to premium rate numbers Further, device features like cameras, microphones, and GPS receivers can all be controlled and accessed remotely This is a real concern when executives are traveling with devices, bringing them into sensitive meetings etc. There is some evidence malware authors leveraging this information to gain advantage in stock trades 15
16 The Android mobile platform is considered to introduce the greatest security risks from mobile malware almost 11 million infected Android devices world wide 472% increase in Android malware July through November last year China leads the infection rate India, Russia, and the US roughly equal with a little over 10% of total infections each 16
17 Several reasons exist for this, one of the most significant is simply market share Malware written for Android has the potential to infect many more devices than any other mobile OS 49% of smart phones run some version of Android 19% run Apple ios 16% run Nokia s Symbian However, Nokia is ceasing support for Symbian and moving to Windows Mobile Symbian malware s decline mirrors the growth of Android malware, perhaps the malware authors are switching platforms Only 10% of devices run RIM s Blackberry OS RIM is rapidly losing ground to the others Windows Mobile OS only accounts for 1.4% - and is expected to grow slowly 17
18 1. However market is not the whole story to really understand the issue we need to take a closer look at the almost 50% of the market that Android owns 1. While ios is only available from Apple, and only on Apple devices 2. The Android market is split between Samsung (35%), HTC (24%), LG (11%), Motorola (9%), Sanyo, Sony, and a myriad of smaller players (21%) 3. Each device, and each carrier s version of that device, has their own slightly different version of Android 4. Each one is tweaked to support different hardware, different software bundles, and other offerings and carrier requirements 5. This presents some significant concerns with respect to platform security, and security of carrier-bundled software 18
19 Its when we start looking at the relative update history of the devices that the real story comes out and its not a pretty one for Android Just like in the desktop and server world Keeping operating systems updated and properly patched is a central tenet to maintaining information systems security The next three slides show the update history of every smart mobile phones released in the US between 2009 and 2011 Green indicates that updates were available to keep the device on the current major version Yellow 1 major version behind, orange two versions behind, red three versions The X s indicate when the device was being actively sold Updates and patches were available for all ios based phones sold since day one Apple updates ios regularly and they updates are published by Apple direct to device owners Since ios 5 updates are pushed OTA, and don t require computer connectivity 19
20 Android updates on the other hand go from Google/Android, to the hardware vendors, to the carriers, and thence to the device users Or more often don t. Android updating, or lack thereof, is a major security problem Of the 18 Android phones shipped in the US between 2009 and 2011, 7 of them never ran a current version of the OS. 12 of 18 only ran a current version of the OS for a matter of weeks or less. 10 of 18 were at least two major versions behind well within their two-year contract period. 11 of 18 stopped getting any support updates less than a year after release. 20
21 13 of 18 stopped getting any support updates before they even stopped selling the device or very shortly thereafter. 15 of 18 don t run Gingerbread, v2.3, which shipped in December When 4.0, or Ice Cream Sandwich, came out in November, every device on this list was another major version behind. At least 16 of 18 will almost certainly never get Ice Cream Sandwich. 21
22 There are three primary ways that malware infects a mobile device The most significant is piggy backing off a legitimate application Generally the malware author will download a popular legitimate application from an app store, disassemble it, compile in the malware then reupload it to the app store as a different version Angry Birds, one of the most popular applications, had at least one version infected in this fashion Sometimes the malware isn t included, just some code to download the malware as an in app upgrade once the program is started Malware can also be loaded by tricking users to go to malicious web sites that then attack via browser vulnerabilities just like in the desktop world 22
23 The single biggest source of malware for mobile devices are the various app stores Neither Apple nor Google do much to vet software for security issues Although Apple seems to do a slightly better job Google is starting to make changes it remains to be seen how well they will do In addition to the official Android Market, Android devices can also side load applications and download applications from unofficial app stores As you might expect, the unofficial Android stores contain significantly more malware To make matters words, with Android in particular, the security model depends on the end user to make a determination regarding the specific permissions granted to the application Most users just blindly accept whatever the application asks for 23
24 As it stands right now, there are only very limited anti-malware protections available There are some tools to scan attachments, but this is really focused on preventing forwarding on malware rather than preventing local device infection Ironically, it s the architecture of the device operating systems that keep each application in its own segregated application space that also prevents anti-malware software similar to what we see on the desktop Desktop like anti-malware would require a jail break Jailbreaking devices, popular on both ios and Android, breaks the security model of each application in its own space Jail broken devices are much, much more likely to be infected with malware By the jailbreak itself By other malware that takes advantage of the removal of security by the jailbreak Best option currently user training and education, blacklisting known malware, not allowing jailbroken devices 24
25 Considerations What devices will be allowed to connect to the enterprise? Apple? Android? Will devices be required to be up to date/patched? If so, how will this impact Android use? Will jailbroken devices be allowed? How will these requirements be monitored and enforced? How will you detect or prevent malware? 25
26 26
27 Managing Mobile Devices APIs built into the mobile operating systems allow management of the devices Each OS has its own specifics, there is no standardization Currently Apple s MDM API is by far the most capable and flexible Allows restrictions on device passcode length, complexity, expiration, re-use history, # failed attempts before wipe Deny or allow use of various applications, restricts some application settings to administrator proscribed settings, allow or deny cloud backups, and force various browser and application settings, lock device, and clear passcode Apple MDM APIs can provision accounts including username and password Allows either a corporate wipe or a full wipe 27
28 Android MDM APIs much weaker than ios, though slightly better in 3.0 Android API s provide much less control essentially a limited subset of password controls One of the most significant problems with the Android API is the lack of an enterprise wipe it s a Nuke from high orbit only Lack of enterprise wipe is a significant problem, especially in BYOD environments no way to avoid deleting personal data Additionally, our testing shows that sometimes the device does not even restore to the configuration and software that came from the carrier 28
29 Samsung SAFE devices custom APIs to allow much greater control of security on a limited subset of new Samsung Android devices It is possible that LG might be coming out with additional MDM APIs of their own also 29
30 Considerations What are the specific security controls that you would like to enforce? Which devices support those controls? How will you protect the enterprise from liability of wiping personal data? What controls (technology or policy) can you put in place around Android devices? Are you willing to support older/weaker versions of Android that have limited security controls? 30
31 Two Primary Architectures for Mobile Device Management API Based and VPN and Proxy API based installs restrictive profiles on device, generally use some additional agent Once the profiles are installed, all communication between device and network services is direct MDM plays no part in the communication Agent does on-device monitoring and compliance checking reports back to the MDM service periodically Can verify compliance with required security settings as well as detect jailbreaks and installation of blacklisted software There is another component, eliminated from this drawing for simplicity Both Google and Apple have a mechanism for store and forward asynchronous messaging between the MDM provider and the device These allow MDM to send a message to the device, and for that message to be held until the phone is online When it comes online if can then respond to the message by checking in with the MDM service Apple s is called the Apple Push Notification Service, or APNS 31
32 The other primary architecture is the VPN and Proxy method VPN and Proxy - Forces all traffic back to enterprise proxy via IPSEC VPN Proxy may be in the enterprise data center, cloud, or vendor site(s) Again, there is usually an agent that does on-device monitoring and compliance checking May allow browser content filtering and URL black listing May provide filtering on cloud /personal Architecture could allow for network-based DLP Architecture could allow for IDS/IPS and other network-based malware detection/protection On ios forces an automatic VPN configuration 32
33 In general, the VPN-based architecture will provide a higher level of control and security However, as always it comes at a price Requires all traffic to come back to the proxy eliminates many of the advantages of cloud based enterprise services e.g. Depending on enterprise architecture, may increase bandwidth requirements and costs particularly if proxy in the cloud, could double or quadruple bandwidth costs Possible reduction in fault tolerance issues with data center may take all mobile devices offline For global companies, and/or those with highly distributed mobile work force, VPN and Proxy might require building out a global infrastructure to support them However, one of the biggest issues with VPN and proxy, there is no IPSEC VPN possible on Android 2.x devices Android 2.x is by a long way the majority of Android devices in the field today The only way to support it on Android 2.x is a custom ROM essentially your own jail break This raises huge device management issues for a remote work force, help desk 33
34 Considerations Is the potential for increased security in the VPN and Proxy model worth the costs, complexities, reduced flexibility? If so, and if Android will be supported? Will you use a custom ROM/custom jailbreak? How will you manage devices in the field? How does this impact your BYOD stance? 34
35 35
36 There are other, non-technical issues that any enterprise considering smart mobile device integration should consider Especially if the enterprise will be providing help desk service for mobile devices Consider that the current crop of devices are consumer devices Also, If the enterprise is using, or intends to use, cloud services for / contacts/calendars such as Google Apps which we see a lot and which is often associated with a mobile initiative Realize that many of these services are consumer focused services as well Additionally, the mobile device vendors and the cloud service provides aren t talking as often as they should Also, Mobile Device Management software is still early stage technology Take a look at the Gartner Magic Quadrant for MDM, they are all almost all in the lower left Niche Player/Start up Quadrant When you try to combine two consumer items, the mobile device and the cloud service, and manage it with an early stage technology, You will not get enterprise grade service levels its simply not possible 36
37 Also, especially in large enterprises, properly integrating mobile devices into the enterprise is likely to require some organizational reshuffling We all know how smoothly that is likely to be It is imperative to realize, the latest crop of smart mobile devices are not just phones They are generally as powerful as a 3-4 year old laptop They should not be considered a telephone, they should not be managed like a telephone When coupled with always-online technology, and some of the other concerns I've discussed, It should be clear that smart mobile devices should be managed through IT/technology channels And that security policies and procedures must be reviewed and properly applied to the devices and the business processes In particular, HR processes around separation are critical for enterprise data protection Timely recovery and/or erasure of enterprise data 37
38 Integrating smart mobile devices into the enterprise also brings additional liability risks This is particularly true if you are allowing BYOD There is a potential for wiping an employees personal data from their device if the enterprise is managing it Either accidentally, or deliberately particularly at separation What happens if this is the employee s only picture of his dead Granny? - Actual case! What happens if the employee then goes to work for another company, and your HR processes don t get around to wiping his or her device until a few days later Now you are wiping some other companies data off their employee s device Remember There is no such thing as a selective wipe in Android it s a nuke from high orbit 38
39 Also, consider that smart mobile devices aren t for everyone Consider making only certain job functions or payroll bands eligible Also, consider the costs/impacts of rising help desk calls with these devices It might also be worth reviewing employment terms for non-exempt employees and hourly contractors. If they are receiving enterprise on their phone at night, is there an expectation that they respond and has that been communicated clearly? If so, how does that impact hours worked or billing? Can the bill for that time? What about the intervening time between the end of the day and the 2am ? What if the employee is on vacation? Can he or she now claim that is not a vacation day? Another critical issue to consider for enterprises that utilize cloud services for or customer management for example If you do not integrate provisioning of these services and mobile devices with some sort of central Identity Management mechanism, and mobile device users have a password rather than using SAML or OAUTH, the enterprise has very little visibility into and control over the data It is impossible to ensure that data is erased as it could have been synched anywhere 39
40 A final consideration must be given to enterprises statutory and regulatory obligations when it comes to data on mobile devices Consider PCI, GLBA, HIPAA, FTC Red Flags If a device is lost, and there is a possibility for regulated data on it, it may trigger obligations for reporting and breach notification For global companies, it is likely that EU Data Protection laws may impact the monitoring and management of devices in those regions In which case your US based data center must comply with the Safe Harbor principles Also consider the use of these devices by your executives and board members It is worth determining if they need additional protections And what the legal and other implications of a potential breach of security on one of their mobile devices 40
41 How will HR policies and processes change to support secure use of smart mobile devices throughout an employee s tenure, especially at separation? Are there any local or national employment laws or collective bargaining agreements that should be considered? Will only corporate liable devices be allowed, or will you allow BYOD? If BYOD is considered, what are the constraints? 41
42 Mobile devices are ubiquitous The power and connectedness of mobile devices is increasing rapidly IT departments under increasing pressure to integrate them into the environment There are significant technical and non-technical risks to using mobile devices in the enterprise Particularly if BYOD is considered IT, InfoSec, HR, and Legal at a minimum need to been involved in the decision making process 42
43 43
Chris Boykin VP of Professional Services
5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing
More informationMobile Security: Controlling Growing Threats with Mobile Device Management
Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationKaspersky Security for Mobile
Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months
More informationMobile Device Management and Security Glossary
Mobile Device Management and Security Glossary February, 2011 MOBILE OS ActiveSync Exchange ActiveSync (EAS) is a Microsoft technology that allows mobile users to access their Microsoft Exchange mailboxes
More informationAuditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014
Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Auditing the Security and Management of Smart Devices ISACA Dallas Meeting
More informationHow To Protect Your Mobile Devices From Security Threats
Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has
More informationFrequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy
Frequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy Converting a Device Whose phones will be wiped on Wednesday, January 30? If you continue to have a company-paid phone, you are
More informationFeature List for Kaspersky Security for Mobile
Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance
More informationHow To Manage A Mobile Device Management (Mdm) Solution
Mobile Device Management Buyers Guide IT departments should be perceived as the lubricant in the machine that powers an organization. BYOD is a great opportunity to make life easier for your users. But
More informationMobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.
White Paper Securing Today s Mobile Workforce Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2012, Juniper Networks, Inc. 1 Table
More information{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationIT Resource Management vs. User Empowerment
Mobile Device Management Buyers Guide IT Resource Management vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity leading to rising mobile
More informationMobile Operating Systems & Security
Mobile Operating Systems & Security How can I protect myself? Operating Systems Android Apple Microsoft What do they do? operate smartphones, tablets, watches and other mobile devices includes touchscreens
More informationThe Truth About Enterprise Mobile Security Products
The Truth About Enterprise Mobile Security Products Presented by Jack Madden at TechTarget Information Security Decisions 2013 Welcome to my enterprise mobile security product session! Instead of printing
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More information1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?
MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,
More informationMobile Device Management for CFAES
Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are
More informationPULSE SECURE FOR GOOGLE ANDROID
DATASHEET PULSE SECURE FOR GOOGLE ANDROID Product Overview In addition to enabling network and resource access for corporate managed mobile devices, many enterprises are implementing a Bring Your Own Device
More information4 Steps to Effective Mobile Application Security
Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional
More informationNetSafe Smartphone Security Report 2014
NetSafe Smartphone Security Report 2014 Smartphone Security Report 2014 Smartphone Security Advice 1. Lock your smartphone Use a pin, password, complex swipe or other option to restrict access to your
More informationKony Mobile Application Management (MAM)
Kony Mobile Application Management (MAM) Kony s Secure Mobile Application Management Feature Brief Contents What is Mobile Application Management? 3 Kony Mobile Application Management Solution Overview
More informationThe Need for BYOD Mobile Device Security Awareness and Training
The Need for Awareness and Training Completed Research Paper Mark A. Harris University of South Carolina maharris@hrsm.sc.edu Karen Patten University of South Carolina pattenk@hrsm.sc.edu Elizabeth Regan
More informationIBM Endpoint Manager for Mobile Devices
IBM Endpoint Manager for Mobile Devices A unified platform for managing mobile devices together with your traditional endpoints Highlights Address business and technology issues of security, complexity
More informationEnabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments
Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments Efficiently and Cost- Effectively Managing Mobility Risks in the Age of IT Consumerization Table of Contents EXECUTIVE
More informationSECURING TODAY S MOBILE WORKFORCE
WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table
More informationDevice Independence - BYOD -
Charting Our Future Device Independence - BYOD - BYOD: Bring your own device to work day What is BYOD? BYOD (Bring Your Own Device) As distinguished from BYOC (Bring Your Own Computer); or BYOT (Bring
More informationCisco Mobile Collaboration Management Service
Cisco Mobile Collaboration Management Service Cisco Collaboration Services Business is increasingly taking place on both personal and company-provided smartphones and tablets. As a result, IT leaders are
More informationMobile Security BYOD and Consumer Apps
Mobile Security BYOD and Consumer Apps Adam Shnider, Managing Director, Coalfire October 16, 2012 Agenda I. The Mobile World - Trends I. Mobile devices - threats and risks I. BYOD Security Top Five I.
More informationIT Resource Management & Mobile Data Protection vs. User Empowerment
Enterprise Mobility Management Buyers Guide IT Resource Management & Mobile Data Protection vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity
More informationBENEFITS OF MOBILE DEVICE MANAGEMENT
BENEFITS OF MOBILE DEVICE MANAGEMENT White Paper 2013 SUMMARY OVERVIEW This white paper outlines the benefits of Mobile Device Management in different use cases. SyncShield is a Mobile Device Management
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationHealthcare Buyers Guide: Mobile Device Management
Healthcare Buyers Guide: Mobile Device Management Physicians and other healthcare providers see value in using mobile devices on the job. BYOD is a great opportunity to provide better and more efficient
More informationMy CEO wants an ipad now what? Mobile Security for the Enterprise
My CEO wants an ipad now what? Mobile Security for the Enterprise Agenda Introductions Emerging Mobile Trends Mobile Risk Landscape Response Framework Closing Thoughts 2 Introductions Amandeep Lamba Manager
More informationDeploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
More information[BRING YOUR OWN DEVICE POLICY]
2013 Orb Data Simon Barnes [BRING YOUR OWN DEVICE POLICY] This document specifies a sample BYOD policy for use with the Orb Data SaaS MDM service Contents 1 ACCEPTABLE USE... 3 1.1 GENERAL RULES... 3 2
More informationBYOD: End-to-End Security
BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com
More informationBYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size.
April 2014 BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size. Bring your own device (BYOD) refers to the policy of permitting employees
More informationRFI Template for Enterprise MDM Solutions
RFI Template for Enterprise MDM Solutions 2012 Zenprise, Inc. 1 About This RFI Template A secure mobile device management solution is an integral part of any effective enterprise mobility program. Mobile
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationForeScout MDM Enterprise
Highlights Features Automated real-time detection of mobile Seamless enrollment & installation of MDM agents on unmanaged Policy-based blocking of unauthorized Identify corporate vs. personal Identify
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationTHE ENTERPRISE MOBILITY POLICY GUIDEBOOK
THE ENTERPRISE MOBILITY POLICY GUIDEBOOK October 2010 Edition 2 About This Guidebook Research from Strategy Analytics shows that over 90% of organizations now have employees using smartphones within their
More informationFeature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT
Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT Feature Mobile Mobile OS Platform Phone 8 Symbian Android ios General MDM settings: Send SMS *(1 MOZO client settings (Configure synchronization
More information1. Introduction... 1. 2. Activation of Mobile Device Management... 3. 3. How Endpoint Protector MDM Works... 5
User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?... 2 2. Activation of Mobile Device Management... 3 2.1. Activation
More informationGood for Enterprise Good Dynamics
Good for Enterprise Good Dynamics What are Good for Enterprise and Good Dynamics? 2012 Good Technology, Inc. All Rights Reserved. 2 Good is far more than just MDM Good delivers greater value and productivity
More informationBYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012
BYOD and Mobile Device Security Shirley Erp, CISSP CISA November 28, 2012 Session is currently being recorded, and will be available on our website at http://www.utsystem.edu/compliance/swcacademy.html.
More informationMobile Application Management
Kony Write Once, Run Everywhere Mobile Technology WHITE PAPER July 2012 Meeting the BYOD challenge with next-generation application and device management Overview... 3 The Challenge... 4 MAM Functions...
More informationTom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell
Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Mobile Mobile Mobile Devices in the CU Environ Mobile Banking Risks and Reward Tom Schauer ü Since 1986 ü TrustCC Founded TrustCC in 2001 ü
More informationCopyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com
Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious
More informationSophos Mobile Control Administrator guide. Product version: 3.6
Sophos Mobile Control Administrator guide Product version: 3.6 Document date: November 2013 Contents 1 About Sophos Mobile Control...4 2 About the Sophos Mobile Control web console...7 3 Key steps for
More informationHow To Protect The Agency From Hackers On A Cell Phone Or Tablet Device
PRODUCT DESCRIPTION Product Number: 0.0.0 MOBILE DEVICE MANAGEMENT (MDM) Effective Date: Month 00, 0000 Revision Date: Month 00, 0000 Version: 0.0.0 Product Owner: Product Owner s Name Product Manager:
More informationIf you can't beat them - secure them
If you can't beat them - secure them v1.0 October 2012 Accenture, its logo, and High Performance delivered are trademarks of Accenture. Preface: Mobile adoption New apps deployed in the cloud Allow access
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationBuilding Apps for iphone and ipad. Presented by Ryan Hope, Sumeet Singh
Building Apps for iphone and ipad Presented by Ryan Hope, Sumeet Singh 1 Let s continue the conversation! @MaaS360 [Share comments, continue Q&A, suggest future topics] #MaaS360Webinar Click the link in
More informationProtecting Your Data On The Network, Cloud And Virtual Servers
Protecting Your Data On The Network, Cloud And Virtual Servers How SafeGuard Encryption can secure your files everywhere The workplace is never static. Developments include the widespread use of public
More informationAnswers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.
Mobility options and landscapes are evolving quickly for the corporate enterprise. Mobile platform providers such as Apple, Google and Microsoft, and leading device hardware vendors are constantly updating
More informationWhite Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0
White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative
More informationMobile Device Management. Andrius Šaveiko andrius.saveiko@atea.lt
Mobile Device Management Andrius Šaveiko andrius.saveiko@atea.lt Content Mobile Device Management (MDM) where to start? Situation on MDM market MDM solutions very similar, but very different ios, Android,
More informationThe ForeScout Difference
The ForeScout Difference Mobile Device Management (MDM) can help IT security managers secure mobile and the sensitive corporate data that is frequently stored on such. However, ForeScout delivers a complete
More informationEnterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect
Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...
More informationA guide to enterprise mobile device management.
WHITEPAPER A guide to enterprise Beyond expectation. www.azzurricommunications.co.uk Introduction. As smartphones and tablets proliferate in the enterprise, IT leaders are under pressure to implement an
More informationManaging and Securing the Mobile Device Invasion. 2012 IBM Corporation
Managing and Securing the Mobile Device Invasion 2012 IBM Corporation Please Note: IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM
More informationProtecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices
Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices It s common today for law enforcement
More informationBYOD Policy Implementation Guide. February 2016 March 2016
BYOD Policy Implementation Guide February 2016 March 2016 Table of Contents Step One: Evaluate Devices... 3 Step Two: Refine Network Accessibility... 4 Step Three: Determine Appropriate Management Policies...
More informationThe Bring Your Own Device Era:
The Bring Your Own Device Era: Benefits Clearly Justify BYOD, but Businesses Must Mitigate Security, Compliance and Application Performance Risks Executive Overview The Bring-Your-Own-Device (BYOD) era
More informationBring Your Own Device. Individual Liable User Policy Considerations
Bring Your Own Device Individual Liable User Contents Introduction 3 Policy Document Objectives & Legal Disclaimer 3 Eligibility Considerations 4 Reimbursement Considerations 4 Security Considerations
More informationWhy you need. McAfee. Multi Acess PARTNER SERVICES
Why you need McAfee Multi Acess PARTNER SERVICES McAfee Multi Access is an online security app that protects all types of devices. All at once. The simple monthly subscription covers up to five devices
More informationRunning Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University
Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will
More informationMobile First Government
Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,
More informationMobile Device Management Version 8. Last updated: 17-10-14
Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names
More informationMECS: Mobile Enterprise Compliance and Security Server
MECS: Mobile Enterprise Compliance and Security Server Mobile Active Defense locks down, secures and puts your iphones, ipads, Androids, other smartphones and tablets into regulatory compliance. By employing
More informationTwo Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.
Two Factor Authentication Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are. For example, one method currently utilized within
More informationIT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA
IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly
More informationMobile Device Management Glossary. www.maas360.com
Mobile Device Management Glossary www.maas360.com Copyright 2014 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential information of Fiberlink,
More informationUser Manual for Version 4.4.0.5. Mobile Device Management (MDM) User Manual
User Manual for Version 4.4.0.5 Mobile Device Management (MDM) User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?...
More informationAirWatch Solution Overview
AirWatch Solution Overview Marenza Altieri-Douglas - AirWatch Massimiliano Moschini Brand Specialist Itway 2014 VMware Inc. All rights reserved. Cloud Computing 2 BYOD 3 Device aziendali? 4 From Client/Server
More informationWHITEPAPER BEST PRACTICES IN MOBILE APPLICATION TESTING
WHITEPAPER BEST PRACTICES IN MOBILE APPLICATION TESTING 1 The basic frame of software testers mind-set is attuned to check documentation, functionality, stability, API and performance and make sure that
More informationONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014
ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program
More information10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)
10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM) CONTENT INTRODUCTION 2 SCOPE OF BEST PRACTICES 2 1. HAVE A POLICY THAT IS REALISTIC 3 2. TAKE STOCK USING A MULTIPLATFORM REPORTING AND INVENTORY TOOL...3
More informationSecurity and Compliance challenges in Mobile environment
Security and Compliance challenges in Mobile environment Emerging Technologies November 19, 2013 Bob Bastani Introductions Bob Bastani, Security & Compliance Program Manager, IBM, 301-803-6078, bbastani@us.ibm.com
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationSA Series SSL VPN Virtual Appliances
SA Series SSL VPN Virtual Appliances Data Sheet Published Date July 2015 Product Overview The world s mobile worker population passed the 1 billion mark in 2010 and will grow to more than 1.3 billion by
More informationCloud Services MDM. Overview & Setup Admin Guide
Cloud Services MDM Overview & Setup Admin Guide 10/27/2014 CONTENTS Systems Overview... 2 Solution Overview... 2 System Requirements... 3 Admin Console Overview... 4 Logging into the Admin Console... 4
More informationFive Best Practices for Secure Enterprise Content Mobility
A N A C C E L L I O N W H I T E P A P E R Five Best Practices for Secure Enterprise Content Mobility Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite 200 www.accellion.com
More informationBYOD Guidance: BlackBerry Secure Work Space
GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.
More informationBYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager
BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy
More informationQuick Start Guide. Version R9. English
Mobile Device Management Quick Start Guide Version R9 English February 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept
More informationContents. Introduction. What is the Cloud? How does it work? Types of Cloud Service. Cloud Service Providers. Summary
Contents Introduction What is the Cloud? How does it work? Types of Cloud Service Cloud Service Providers Summary Introduction The CLOUD! It seems to be everywhere these days; you can t get away from it!
More informationSmart Phone and Operating System Industry in China
Smart Phone and Operating System Industry in China NZTE, July 2010 This publication is provided to you as a free service and is intended to flag to you market opportunities and possibilities. Use of and
More informationMobile Device. Management-
Mobile Device Management- What to Know, What to Do Michael F. Finneran Principal, dbrn Associates, Inc. mfinneran@dbrnassociates.com Mobile Policy Development What you really need is a mobility plan- possibly
More informationHow to Successfully Roll Out an Android BYOD Program
How to Successfully Roll Out an Android BYOD Program Nathan Steuer, Director of Mobility Solutions Ann Marie Cullen, Advisory Services Manager Global Computing Platform Market Share! 1Billion! Android
More informationManaging Mobility. 10 top tips for Enterprise Mobility Management
Managing Mobility 10 top tips for Enterprise Mobility Management About Trinsic Trinsic is a new kind of business communications specialist, built from the ground up to help your organisation leave behind
More informationBell Mobile Device Management (MDM)
Bell MDM Business FAQs 1 Bell Mobile Device Management (MDM) Frequently Asked Questions INTRODUCTION Bell Mobile Device Management provides business customers an all in one device administration tool to
More informationEmerging threats for the healthcare industry: The BYOD. By Luca Sambucci www.deepsecurity.us
Emerging threats for the healthcare industry: The BYOD Revolution By Luca Sambucci www.deepsecurity.us Copyright 2013 Emerging threats for the healthcare industry: The BYOD REVOLUTION Copyright 2013 Luca
More informationSophos Mobile Control Administrator guide. Product version: 3
Sophos Mobile Control Administrator guide Product version: 3 Document date: January 2013 Contents 1 About Sophos Mobile Control...4 2 About the Sophos Mobile Control web console...7 3 Key steps for managing
More informationAnceroAir Mobile Device Management (MDM) Service Guide
AnceroAir Mobile Device Management (MDM) Service Guide Contents Service Overview... 3 Core Mobile Device Management... 3 Mobility Management Bundle... 3 Secure Productivity Suite... 4 TouchDown (with Exchange
More informationSecurity. Mobile Device FOR. by Rich Campagna, Subbu Iyer, and Ashwin Krishnan. John Wiley & Sons, Inc. Foreword by Mark Bauhaus.
Mobile Device Security FOR by Rich Campagna, Subbu Iyer, and Ashwin Krishnan Foreword by Mark Bauhaus Executive Vice President, Device and Network Systems Business Group, Juniper Networks WILEY John Wiley
More informationMobile App Containers: Product Or Feature?
ANALYST BRIEF Mobile App Containers: Product Or Feature? APPLE AND SAMSUNG HAVE TAKEN BIG STEPS WITH CONTAINERIZATION Author Andrew Braunberg Overview Secure workspaces, or containers, used for isolating
More informationMobile Device Security Is there an app for that?
Mobile Device Security Is there an app for that? Session Objectives. The security risks associated with mobile devices. Current UC policies and guidelines designed to mitigate these risks. An approach
More information