Security and Compliance challenges in Mobile environment

Similar documents
Managing and Securing the Mobile Device Invasion IBM Corporation

Private Geräte im Unternehmen - ein großes Potential mit Risiken

6 Things To Think About Before Implementing BYOD

IBM Endpoint Manager for Mobile Devices

Guideline on Safe BYOD Management

What We Do: Simplify Enterprise Mobility

Feature List for Kaspersky Security for Mobile

BYOD: End-to-End Security

Symantec Mobile Management 7.2

Symantec Mobile Management for Configuration Manager 7.2

Chris Boykin VP of Professional Services

perspective The battle between MDM and MAM: Where MAM fills the gap? Abstract - Payal Patel, Jagdish Vasishtha (Jags)

Kony Mobile Application Management (MAM)

Symantec Mobile Management 7.1

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

Symantec Mobile Management 7.1

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

Securing Corporate on Personal Mobile Devices

Ben Hall Technical Pre-Sales Manager

Kaspersky Security for Mobile

BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE

How To Protect Your Mobile Devices From Security Threats

Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise

Cisco Mobile Collaboration Management Service

ForeScout MDM Enterprise

Mobile Device Management for CFAES

Beyond passwords: Protect the mobile enterprise with smarter security solutions

The ForeScout Difference

When enterprise mobility strategies are discussed, security is usually one of the first topics

Mobile Device Management in the Systems Management Ecosystem. Katie Wiederholt, Dell Software

If you can't beat them - secure them

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Data Protection Act Bring your own device (BYOD)

W H I T E P A P E R E m b r a c i n g C o n s u m e r i z a t i o n w i t h C o n f i d e n c e

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering!

Tom Schauer TrustCC cell

Mobile Security & BYOD Policy

Hands on, field experiences with BYOD. BYOD Seminar

Athena Mobile Device Management from Symantec

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

EndUser Protection. Peter Skondro. Sophos

Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility.

IT Resource Management & Mobile Data Protection vs. User Empowerment

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Symantec Mobile Management Suite

User Manual for Version Mobile Device Management (MDM) User Manual

IBM United States Software Announcement , dated February 3, 2015

IBM MobileFirst Protect: Secure & Manage your mobile enterprise

Total Enterprise Mobility

Healthcare Buyers Guide: Mobile Device Management

IBM Cognos Mobile Overview

BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size.

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

Securing the mobile enterprise with IBM Security solutions

Codeproof Mobile Security & SaaS MDM Platform

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

EOH Cloud Mobile Device Management. EOH Cloud Services - EOH Cloud Mobile Device Management

The User is Evolving. July 12, 2011

Managing Mobility in the BYOD Era:

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

Smart Givaudan. From BYOD experience to new mobile opportunities

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

MDM: Enabling Productivity in the world of mobility. Sudhakar S Peddibhotla Director of Engineering, Good Technology

1. Introduction Activation of Mobile Device Management How Endpoint Protector MDM Works... 5

Mobile Device Management ios Policies

Mobility Challenges & Trends The Financial Services Point Of View

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT

RFI Template for Enterprise MDM Solutions

Enterprise Mobility as a Service

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Ubiquitous Computing, Pervasive Risk: Securely Deploy and Manage Enterprise Mobile Devices

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile device and application management. Speaker Name Date

How To Manage A Mobile Device Management (Mdm) Solution

SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

Ensuring the security of your mobile business intelligence

Transcription:

Security and Compliance challenges in Mobile environment Emerging Technologies November 19, 2013 Bob Bastani

Introductions Bob Bastani, Security & Compliance Program Manager, IBM, 301-803-6078, bbastani@us.ibm.com 2

Agenda Trends in Mobile Computing Benefits, challenges and risks Movie Security & Risk mitigation technologies Summary 3

Trends in Mobile Computing 4

Mobile is a mandatory transformation 10 Billion devices by 2020 61% of CIOs put mobile as priority 45% increased productivity with mobile apps 5

Fun Mobile Marketing Facts 1 billion of the world s 4+ billion mobiles phones are now Smart Phones 9 out of 10 mobile searches lead to an action, and over 50% lead to a purchase 70% of mobile online searches lead to an action within an hour, while 70% of desktop online searches lead to an action within a month Mobile ads perform 4 to 5 times better than traditional online ads 40% of tablet owners said they have looked up information on a show on their tablet while they were watching that same show 74% of smartphones users use their phones for shopping, and of that 79% make a purchase as a result of using their phones Mobile coupons have a redemption rate 10 times higher than that of print coupons 50% of smartphones users have bought a product on their phone http://socialmediatoday.com/brianna5mith/1373106/50-mobile-marketing-facts-will-blow-you-away 6

Trends in Mobile Computing for 2013 1. Mobile App Developers Are Popular: As businesses find new ways to harness mobility in 2013, the demands for specialized apps and support will only increase. 2. HTML5 comes on board: Android and IOS have the market for the moment, but developers are also interested in HTML5 3. Consumerization: BYOD is here to stay.and Consumerization leads to other related BYOD (personal cloud, app stores, Windows 8, etc.) 4. Mobile Device Management: Growth in BYOD programs will lead to increased popularity of MDM solutions and services 5. Mobile Collaboration: Social Business trend drives need for new mobile collaboration capability 6. Video Streaming: Live and recorded videos embedded into mobile business processes 7. Mobile Assistants: Workers demand enterprise versions of Watson/Siri for mobile search and productivity apps 8. Mobile Analytics and Visualization Apps: New analytical and visualization solutions will be developed and deployed for remote and mobile workers. 9. Mobile Clouds: Enterprises will develop and deploy mobile clouds for specific apps 10. Mobile Payments: Employee expenses paid via mobile. Business accepting payments for products solutions and services via mobile 11. Increased Need for Speed: Big data, analytics, social, and mobile video will drive demand for faster mobile networks 12. CIO Leadership: CIOs take lead in managing the enterprise mobile strategy, including developing new business models, embedding mobile technology innovations into processes, and protecting mobile data. IBM Mobile Computing 2013 HorizonWatch Trend Report 7

Benefits, challenges and risks 8

With enormous opportunities Business to Enterprise Business to Consumer Increase worker productivity Improved claims processing Increase revenue with sales engagements Extend existing applications to mobile workers and customers Reducing fuel, gas, or fleet maintenance costs where relevant Increase employee and business partner responsiveness and decision making speed Resolve internal IT issues faster Reduce personnel cost (utilizing personal devices instead of corporate devices) Improve customer satisfaction Deeper customer engagement and loyalty Drive increased sales through Personalized offers Customer service Competitive differentiator Improve brand perception Deeper insight into customer buying behavior for up sell and cross sell Improve in store experience with mobile concierge services 9

But mobile also brings business and IT challenges Enterprise Business Model Changes New business opportunities based upon geolocation Anytime, anywhere business transactions Importance of social business interactions App Development Lifecycle Complexity Complexity of multiple device platforms with fragmented Web, native, and hybrid model landscape Connecting the enterprise back-end services in a secure and scalable manner Unique mobile requirements (user interface, connected/disconnected use, version upgrades, etc.) Faster time-to-market demands and iterative delivery Mobile Security and Management Protection of privacy and confidential information Use of client-owned smartphones and tablets Visibility, Security & Management of mobile platform requirements Top Mobile Adoption Concerns: 1. Security/privacy (53%) 2. Cost of developing for multiple mobile platforms (52%) 3. Integrating cloud services to mobile devices (51%) Source: 2011 IBM Tech Trends Report https://www.ibm.com/developerworks/mydeveloperworks /blogs/techtrends/entry/home?lang=en 10

Mobile Security http://www.youtube.com/watch?v=8wmcv IvaVEI 11

Mobile security, risk and mitigation technologies 12

Top Risks introduced by Mobile Computing Device loss or theft Exposure or loss of sensitive data Malicious software, viruses, and malware Application Security Secure network penetration Regulatory Compliance 13

Mobile Device Management (MDM) Mobile Device Management functionality Policy & Security Management -- Manage password policies, device encryption, jailbreak and root detection Management Actions -- Selective wipe, full wipe, deny email access, remote lock Application Management -- Application inventory, recommended app deployment, app categorization Enterprise Access Management -- Manage access to enterprise resources including email, VPN, and wifi Location Services -- Optionally track device locations for corporate devices Management rules for device and user authentication Push out security patches to protect against malware 14

Mobile Device Security the problem End User Mail / Calendar / Contacts Access (VPN / WiFi) Apps (app store) Enterprise Apps Encryption not enforced VPN / WiFi Corporate Network Access Mobile devices are not only computing platforms, but also communication devices, we could have: Potential unauthorized access (lost, stolen) Disabled encryption Insecure devices connecting to network icloud Corporate data leakage itunes Sync icloud Sync 15

Mobile Device Security the solution End User Personal Mail / Calendar Personal Apps Corporate Profile Enterprise Mail / Calendar Enterprise Access (VPN/Wi-Fi) Enterprise Apps (App store or Custom) Encryption Enabled VPN / Wi-Fi itunes Sync Secured by policy icloud icloud Sync Corporate Network Access Enable password policies Enable device encryption Force encrypted backup Disable icloud sync Access to corporate email, apps, VPN, Wi-Fi contingent on policy compliance! Selectively wipe corporate data if employee leaves company Fully wipe if lost or stolen 16

How does Endpoint Manager manage devices? Agent-based Management Android via native BigFix agent IOS via Apple s MDM APIs Email-based management through Exchange and Lotus Traveler Supported platforms: IOS, Android, Windows Phone, Windows Mobile, Symbian Category Platform Support Management Actions Application Management Policy & Security Management Location Services Enterprise Access Management Expense Management Endpoint Manager Capabilities Apple ios, Google Android, Nokia Symbian, Windows Phone, Windows Mobile Selective wipe, full wipe, deny email access, remote lock, user notification, clear passcode Application inventory, enterprise app store, whitelisting, blacklisting, Apple Volume Purchase Program (VPP) Password policies, device encryption, jailbreak & root detection Track devices and locate on map Configuration of Email, VPN, Wi-fi Enable/disable voice and data roaming 17

Allows management of mobile devices for managing applications and security considerations into the enterprise 18

Detect Security Problems and non- Compliance 19

Applications can be provisioned to devices targeting different populations of users 20

Identity Management in a Mobile World 80 percent of organizations of BYOD program require only a password for mobile access To help prevent fraudulent access, mobile users need to prove their identity within the context in which they are accessing corporate resources Type of device Application running on the device Location or their patterns of activities 21

Context Aware Access Control Using contextual data analytics to calculate risk, organizations can grant access based on a dynamic risk assessment of the confidence level of a transaction When a user requests access to a protected resource, a risk score is calculated and determinations is made on whether access is permitted, denied, or permitted after a condition is met (such as answering a specific question only known by the device owner) In some situations, depending on the risk score, the user may be denied access to certain IT resources because the security risk is deemed to be too high 22

Identity Management Multifactor authentication including integration with third party authentication solutions Device authentication Use session management to force an authentication challenge when the user has been inactive for a period of time 23

Adaptive Mobile Security 24

Identity Aware applications Some mobile applications typically require users to enter a name and password to prove their identity. Some applications may store the credentials locally to help improve the user experience, which introduces additional vulnerabilities Security Access Manager for Mobile can make applications identity-aware by using OAuth. User credentials are not stored on the device only device tokens that are exchanged transparently each time the application is launched. 25

Summary Mobile computing is here, it is pervasive and it has changed the fabric of social interactions, business and commerce Persistent use of mobile devices has also increased the overall security and privacy risks Creating a holistic mobile computing strategy which clearly identifies vulnerabilities, threats, risks and mitigation strategies is paramount to security of any agency or enterprise 26

References Securing Mobile Devices, ISACA white paper August 2010, http://www.isaca.org/knowledge- Center/Research/ResearchDeliverables/Pages/Securing-Mobile-Devices.aspx IDC Government Insights, United States Government IT Infrastructures Strategies Methods and Parctices, #G I 2 3 3 3 74, https://w3-03.ibm.com/sales/competition/compdlib.nsf/41b3dc2211cc2f6ac12566a200259ba4/b83f859a91a4 71b9852579b600686454/$FILE/GI233374.pdf IBM Mobile Platform Strategy IBM Mobile Foundation, Greg Truty, IBM Distinguished Engineer, Chief Architect, https://www- 950.ibm.com/events/wwe/grp/grp004.nsf/vLookupPDFs/Mobile%20Presentation%20for%20Hursle y%20comes%20to%20you/$file/mobile%20presentation%20for%20hursley%20comes%20to% 20You.pdf Beyond passwords: Protect the mobile enterprise with smarter security solutions, IBM Thought Leadership Paper, http://www-01.ibm.com/common/ssi/cgibin/ssialias?infotype=sa&subtype=wh&htmlfid=wgw03036usen 27

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information