SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE Michael CLICK TO Albek EDIT MASTER - SecureDevice SUBTITLE STYLE 2011
Driven by changing trends and increasing globalization, the needs of the workforce are constantly evolving. Today s mobile workforce needs: Any device Any location Any application Follows consumerization of IT / Bring Your Own Device (BYOD) trends
With the explosion in smartphone use, employees are increasingly using personal mobile devices to access corporate data. Smartphone sales now exceed the sales of personal computers. * Mobile devices are being increasingly used by employees, whether sanctioned or not. Empowering employees to work at any time and anywhere is a strategic opportunity for companies. However, companies need to demonstrate due diligence in securing corporate data on company-owned and employee-owned smartphones and tablets. * Source:http://www.computerworld.com/s/article/9208478/Android_drives_big_smartphone_growth_in_2010_IDC_says; http://www.gartner.com/it/page.jsp?id=1519417
Organizational policies are changing toward personal devices, resulting in the need to address the challenge of securing these devices. By 2014, 90 percent of organizations will support corporate applications on personal device The main driver individuals who prefer to use private consumer smartphones or notebooks for business Gartner Top Predictions for 2011: IT s Growing Transparency and Consumerization Select five of the top challenges you will face over the next six months. * *Source: Executive Spotlight: Top Priorities for Security and Risk Leaders, 1H 2011 Forrester, April 2011
Three Enterprise Mobility Use Cases CEO at Starbucks Viewing Corporate Data on Personal ipad via Unrestricted WiFi Employee at Office Loading Photos to Facebook on Corporate Android VP Lands in China Accessing M&A Documents from Dropbox on Personal iphone On Any Device Are your data protected? Which apps are safe? Is the connection secure?
Mobility Rapidly Coming of Age Device Proliferation App Explosion Mobility Power $ 2010 Gotta Have It! Devices Eclipse PCs 2011 That s Cool! 60 Apps Per ios Device Future That s Productive Best-in-Class Companies 3x Likely to Have Mobility Strategy How do we manage all these devices? How do we protect our data and network? How can we transform our business? Sources: Asymco and Aberdeen
Foundation for Any Mobility Strategy: Security and Risk Management Device Overload Ever-Changing Types, OSs and Security Features Network Risk User Risk Acting in Non- Compliant / Wrongful Ways App Risk Insecure Access to Corporate Apps Lack of Reliability Usage of Many Secure and Unsecure Networks Lack of Mobile Network Visibility Corporate Network Vulnerability to Mobile Threats Data Risk Sensitive Data Leakage Device Lost or Employee Leaves Mobile Devices Bypass Existing Security Protections Any Breach Can Have Major Business Consequences
The threat to mobile devices is real, and it is growing at a rapid pace. 1 GPS Global Positioning System Draw Slasher, a legitimate game that requires minimal permissions Blood versus Zombie, a malicious copy of Draw Slasher that contains more permissions than a game should need including GPS 1 and SMS 2 access. 2 SMS Short Message Service 8
Data protection mandates are among the main reasons why your business should care about mobile device security. Example of an internal standard: Security of handheld devices Mobile computing devices such as smartphones, mobile phones with data access, etc. require physical and logical access controls if business sensitive data is stored by the device or the device is used to access corporate infrastructure. The following actions are required: Activate a power-on password with a compliant password Activate a password controlled time-out or lock-out feature with a period of no more than 30 minutes Configure the device so that any data stored on the device is removed after ten failed access attempts and it is managed by a service with the ability to remotely wipe any data stored on device Install and run an antivirus program on any device that has access to the internal network or data centers Example of an external mandate: Sarbanes-Oxley Act (SOX) not only requires security controls but also requires that companies be able to prove to auditors that the controls have been implemented and are being maintained and monitored.
Differentiated Value: Protection At All Layers CEO Employee Board of Directors DEVICES APPLICATIONS NETWORK DATA + + + Any and All Ever Increasing Any Connection to Enterprise Repository Integration DATA (IP, non-public financial, BI, customer data, employee data) Real-Time Security At All Layers
Enabling Enterprise Mobility Provision Devices Manage Apps Protect Network Secure Data All Devices: iphone, ipad, Windows Mobile, Blackberry, Android, Symbian Configuration and Security Across Lifecycle Secure Access Reliability, QoS, Audit Protection from Bad Apps Data over Insecure Networks Corporate Network Protection Mobile Security Intelligence SIEM Integration Data in Motion and at Rest Mobile DLP Solution Easy Integration with Existing Enterprise Infrastructure Mobile End-to-End Security, Compliance and Management Solution
The IBM solution helps protect mobile devices used by employees to access corporate data. Our solution can provide the most important security controls: Mobile Device Management cross platforms Device wipe - Lost or stolen spyware and viruses Apps blocking / controlling Investigation tools Encrypted connectivity Remote access VPN client Device security settings enforcement Restrictions (for example, disable camera, USB) User tracking and monitoring User Self-service portal
Michael Albek Partner at SecureDevice Email. Michael.albek@securedevice.dk Phone: +45 51551724