2 The IT Manager s Nightmare... Good morning, the board decided last night that we need to have ipads in order to do our work properly. Can you please have these set up for us by next Friday so that we can read the board minutes, oh, and I decided I couldn t wait, so here is mine so that you can get me connected today
3 Disruptive Technologies 1980 s The Microcomputer 1980 s The Network 1990 s Personal s The Web 2000 s Smart Phones 2010 s Mobile Computing Devices
4 Mobile Computing Security Challenges What ever happened to the network perimeter? Is that one of our devices? Is that really one of our users? Where is our data? No, I said it s our data, not your data Yes, I know that it s a clever app Who s in charge of things anyway?
6 Best Practices for Policy Engage the business Understand their mobile computing requirements Survey your workforce Establish a corporate strategy based on requirement vs risk
7 Best Practices for Policy Establish levels of service Tier 1 Corporate owned devices PIM and business applications Tier 2 Corporate or user owned devices Lightly managed and supported (eg mail/calendar) Tier 3 User owned devices Web based access only Unsupported
8 Best Practices for Policy Reserve to right to manage ALL devices with access to corporate resources Includes connections to internal wireless LANs and connections to PC s. Require installation of your security profile on all devices as a condition of access.
9 Best Practices for Policy Isolate corporate data from private data Sandboxing Policy compliance Application publication (no data at rest)
10 Best Practices for Policy Enforce strong security controls Passwords Auto lock Remote wipe Certificates Encryption Enforced device policy
11 Best Practices for Policy Consider disabling device functions that conflict with business activities Camera App stores Cloud storage services YouTube Explicit content
12 Best Practices for Policy Enforce acceptable use policy Cover current and future devices everywhere access means wiping a device when the employee leaves the organisation... And that may include their own personal device if it has been used to access corporate systems.
13 Best Practices for Policy Determine how users with be provisioned with applications The use of app stores is fine with only a few users but can become unwieldy with many users Start with basic applications ( , collaboration, productivity) Layer on advanced applications
14 Best Practices for Policy Proactively monitor voice and data usage Implement ongoing recording of usage
15 Best Practices for Policy Require users to backup their own data If it s their information, they are responsible for it. Assert the right to wipe the device if it is lost or stolen Assert the right to wipe the device when the employee leaves
16 Best Practices for Policy Require users to understand and agree with policy Security policies don t belong in a book Publish policies for all users to read Review the policies annually See Mrs K afterwards if you don t know how to do this bit
17 Best Practices for Policy Address the ramifications of non compliance to policy Usage infractions Unauthorised application installation Inappropriate material Not reporting lost devices Excessive personal use
18 OK, So You ve Got Your New Toys, Now What? Learn to walk before you can fly! Implement a mobile device management system Establish a base device policy Enforce that policy
19 Device Policy #1 Enable Password Protection Require a PIN code after power on Require a PIN code after auto lock Minimum of 4 digits Preferably longer if the device supports it
20 Device Policy #2 Lock the Device Always enable autolock on mobile devices Keep the lock period to as short as possible
21 Device Policy #3 Enable Wiping Wipe on more than five invalid PIN code entries Remote wipe in the event of loss or theft Easily implemented in Exchange, Keriomail and BES Setup a lost device hotline Wipe devices prior to disposal
22 Device Policy #4 Turn on Device Encryption IOS4.x, 5.x All user data is automatically encrypted Android Information on removable media is not encrypted by default. Windows Mobile 7 Encryption not supported It's important to note that Windows Phone 7 (WP7) primarily was developed as a consumer device and not an enterprise device. Windows 8 Expected to be supported when it is released
23 Device Policy #5 Encrypt Data in Transit Enable SSL encryption Use digital certificates
24 Device Policy #6 Update Frequently Keep the operating system and applications up to date Enable auto update if available
25 Device Policy #7 Control Network Connections Disable network services if not required Wifi Bluetooth Infrared Restrict WiFi Connections to authorised networks
26 Device Policy #8 Install AntiVirus Software Install AntiVirus software wherever practical Controlled and scrutinised application release minimises the threat
27 Strategy Decisions: BYOD Bring Your Own Device Your data, their device, your risk Firmly establish a data centric security strategy before even considering a BYOD strategy
28 Strategy Decisions: Application Publication Model Securely publish applications to mobile devices from your data centre Removes data at rest risk Device agnostic approach Requires good data centre bandwidth Enabler for BYOD strategy
29 Going Full Circle?
30 Going Full Circle?
31 Conclusion Mobile devices/tablets are a game changing technology Successful (and secure) deployment requires an effective policy and an effective strategy
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
Reducing the Cyber Risk in 10 Critical Areas Information Risk Management Regime Establish a governance framework Enable and support risk management across the organisation. Determine your risk appetite
The Impact of BYOD in Education Contents Introduction...1 Survey Methodology...1 Key Findings...2 BYOD in Education Today...3 BYOD Adoption Across Education...3 Types of Devices Allowed...4 How Personal
Data Security Policy Member of Staff Responsible ICT Team Author: Sunil Pindoria Dated 03/02/2015 Date of next review 03/02/2016 Page 1 CONTENTS INTRODUCTION... 3 MONITORING... 4 BREACHES... 5 DATA SECURITY...
Information Security Policy The purpose of this Policy is to describe the procedures and processes in place to ensure the secure and safe use of the federation s network and its resources and to protect
Apple Deployment Programs Apple ID for Students: Parent Guide As a parent or guardian, you want the best learning environment for your student. One that makes learning relevant for each student and allows
Enterprise Mobility Management: A Data Security Checklist Executive Summary Secure file sharing, syncing and productivity solutions enable mobile workers to access the files they need from any source at
Consumerization of IT: Risk Mitigation Strategies [Deliverable 2012-12-19] Consumerization of IT: Risk Mitigation Strategies I Acknowledgements This report has been produced by ENISA using input and comments
INFORMATION SECURITY GUIDE FOR STAFF December 2013 TABLE OF CONTENTS Why is information security so important for you and the university...1 Use strong passwords and keep them safe...2 E-mail use...2 Beware
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Contact name Contact email Contact
Guidelines on Wireless Networks for Schools (March 2015) Scope and purpose There is a significant shift in schools where the newer computing devices being introduced by schools for learning are increasingly
BT CLOUD VOICE. CUSTOMER ADMINISTRATOR GUIDE. A comprehensive guide to setting up and using the many features of BT Cloud Voice, and how they can help you get the very best out of your business. WHAT S
Introduction Hello everyone. Today we re going to take a look at network security in light of the changing face of a school Network. History of network security As recently as five or six years ago, most
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Isuz Ltd. trading as Schoolcomms
The workplace landscape is changing rapidly as people walk into the office with the expectations and sometimes the tools they carry from home. The requirements for flexibility rise even higher as employees
What ios 7 Means for the Enterprise Introduction 3 1. ios 7 Mobile Application Management Enhancements 4 Enhancements to Accelerate Enterprise Application Development and Use 5 Enterprise Application Single
Acknowledgment to ECSC for guidance and support in the creation of elements of this manual Introduction Rapidly developing information and communication technologies (ICT) are exciting and motivating learning
School Information Security Policy Created By: Newport Education Service Date Created: 22 December 2009 Version: V1.0 Contents Background... 3 IT Infrastructure... 3 IT Access... 3 Acceptable use policy...
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...