Securing end-user mobile devices in the enterprise



Similar documents
The New Workplace: Supporting Bring your own

Ensuring the security of your mobile business intelligence

The flexible workplace: Unlocking value in the bring your own device era

Securing mobile devices in the business environment

How To Protect Your Mobile Devices From Security Threats

SECURING TODAY S MOBILE WORKFORCE

What We Do: Simplify Enterprise Mobility

IBM Endpoint Manager for Mobile Devices

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

Ensuring the security of your mobile business intelligence

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

How To Protect Your Business Information From Being Stolen From A Cell Phone Or Tablet Device

Mobile Device Management and Security Glossary

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Symantec Mobile Management 7.1

Cisco Mobile Collaboration Management Service

IBM MobileFirst Managed Mobility

Kaspersky Security for Mobile

WHITE PAPER THE CIO S GUIDE TO BUILDING A MOBILE DEVICE MANAGEMENT STRATEGY AND HOW TO EXECUTE ON IT

WHITE PAPER. Mobile Security. Top Five Security Threats for the Mobile Enterprise and How to Address Them

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

BYOD: BRING YOUR OWN DEVICE.

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Mobile Device Management for CFAES

IBM Endpoint Manager for Core Protection

Securing the mobile enterprise with IBM Security solutions

Preparing your network for the mobile onslaught

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

STRONGER AUTHENTICATION for CA SiteMinder

Beyond passwords: Protect the mobile enterprise with smarter security solutions

SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

Successful Mobile Deployments Require Robust Security

Symantec Mobile Management for Configuration Manager 7.2

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

IT Resource Management vs. User Empowerment

Symantec Mobile Management 7.1

EndUser Protection. Peter Skondro. Sophos

Copyright 2013, 3CX Ltd.

BlackBerry Enterprise Solution

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices

Symantec Mobile Management 7.2

Reducing the cost and complexity of endpoint management

Adams County, Colorado

Mobile Device Management Version 8. Last updated:

Stay ahead of insiderthreats with predictive,intelligent security

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

10 best practice suggestions for common smartphone threats

WHITE PAPER. The CIO s guide. management

[BRING YOUR OWN DEVICE POLICY]

ADDING STRONGER AUTHENTICATION for VPN Access Control

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Symantec Mobile Management 7.2

Trust Digital Best Practices

Smartphone Vulnerabilities Securing your personal and business data

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Today s Best Practices: How smart business is protecting enterprise data integrity and employee privacy on popular mobile devices. Your Device Here.

Google Identity Services for work

The Top Five Security Challenges Presented by Mobile SharePoint Access

Chris Boykin VP of Professional Services

Securing your credit *

Endpoint protection for physical and virtual desktops

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Bring Your Own Device. Individual Liable User Policy Considerations

Mobile Device Management Glossary.

Password Management Evaluation Guide for Businesses

Master s STI GDWP. Authors: Mark Baggett, mark.baggett@morris.com Jim Horwath, jim.horwath@rcn.com. Submitted: June 6, 2010

Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise

Enterprise on the Go. How enterprises can leverage mobile apps

Deploying iphone and ipad Security Overview

Mobile Device Management (MDM) Policies. Best Practices Guide.

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

The Maximum Security Marriage:

Athena Mobile Device Management from Symantec

Adding Stronger Authentication to your Portal and Cloud Apps

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

Security and Compliance challenges in Mobile environment

Why you need. McAfee. Multi Acess PARTNER SERVICES

Secure Your Mobile Workplace

Security Policy JUNE 1, SalesNOW. Security Policy v v

FileCloud Security FAQ

McAfee Enterprise Mobility Management

Five Best Practices for Secure Enterprise Content Mobility

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Cortado Corporate Server

ADAPTIVE USER AUTHENTICATION

Mobile Security: Top Five Security Threats for the Mobile Enterprise and How to Address Them

Windows Phone 8.1 in the Enterprise

BYOD Policy Implementation Guide. February 2016 March 2016

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

Security Best Practices for Mobile Devices

Security. Mobile Device FOR. by Rich Campagna, Subbu Iyer, and Ashwin Krishnan. John Wiley & Sons, Inc. Foreword by Mark Bauhaus.

ShareSync from LR Associates Inc. A business-grade file sync and share service that meets the needs of BOTH users and administrators.

ipad in Business Security

IT Resource Management & Mobile Data Protection vs. User Empowerment

End User Devices Security Guidance: Apple ios 8

F-Secure Mobile Security for Business. Getting Started Guide

Transcription:

IBM Global Technology Services Thought Leadership White Paper January 2012 Securing end-user mobile devices in the enterprise Develop an enforceable mobile security policy and practices for safer corporate data

2 Securing end-user mobile devices in the enterprise Executive summary Mobile devices, including smartphones and tablets, enable increasing numbers of employees to work anywhere, anytime. The security of enterprise data is a key concern, particularly on mobile devices that are easily lost or stolen. The security risk is further heightened by the proliferation of employee-owned mobile devices in many enterprises. Employees will almost always take the path of least resistance in leveraging mobile devices for business purposes, which may lead to unsafe computing practices. A clearly documented and enforceable mobile security policy is critical to reducing the risk of data loss. This white paper outlines the security risks of mobile devices accessing enterprise data and suggests approaches to mitigating the risk, which may include authentication, data encryption, malware, viruses and network security. Managing various devices and platforms In the past, organizations often standardized enterprise mobility on a single mobile platform such as BlackBerry smartphones, which were provided to a select number of employees because of cost. Today increasing numbers of employees have their own mobile devices and want to use them for business purposes. The diversity of devices that employees are bringing to work adds complexity to the IT organization and puts corporate data at risk. Many mobile devices and platforms are targeted at consumers and consequently lack enterprise-grade security. When considering mobile security, you will want to look at: Controlling access Because mobile devices are portable, they are easily lost or stolen. Requiring authentication, such as a passcode lock, can make it more difficult for unauthorized users to access the device. Unfortunately, most approaches can also make it more difficult for the device owner, leading to user dissatisfaction, particularly when the devices are personally owned. Today there are few robust solutions available to adequately separate access to personal and work data, although this is likely to be an area of focus for a number of vendors in the space. In addition to standard numeric and alphanumeric passwords, other security options might include biometrics (such as fingerprint or voice detection), smart cards, tokens or digital certificates. In fact, two or more of these options may be required for multifactor authentication. Preventing the loss of corporate data In its sixth annual study, the Ponemon Institute found the average organizational cost of a data breach increased to US$7.2 million and cost companies an average of US$214 per compromised record, markedly higher when compared to US$204 in 2009. 1 The study is based on the actual data breach experiences of 51 U.S. companies from 15 different industry sectors. If you were to extrapolate this worldwide, the annual cost to business from lost or pilfered data is enormous and likely to grow as mobile devices get smaller and, unfortunately, easier to leave on a taxi or restaurant seat. Access control, which may include passcode locks Data protection, such as encryption Malware prevention

IBM Global Technology Services 3 And then there are deliberate attacks. The Ponemon Institute study identified malicious attacks as the root cause of 31 percent of the data breaches studied, up from 24 percent in 2009 and 12 percent in 2008. 2 Wiping or deleting all data from the mobile device after a certain number of invalid password attempts can help reduce the risk of a brute-force attack. In addition, a local wipe remote wipe initiated by an end user or administrator is a recommended practice when a device is lost or stolen. Encrypting the data on mobile devices can provide an additional level of security. Hardware-based encryption, one of the most common methods, offers an advantage over software encryption because it is built into the device and may enhance performance. Browser and virtualized applications can provide alternatives to storing data on mobile devices. Little, if any, data is actually stored on the device; instead, data is requested and displayed as needed, reducing the risk of data loss. However, network access is required, so users can t access data when offline or disconnected. In addition, performance may be less than that of a native rich client accessing local data on the mobile device, or end-user response time may be longer. Battling a new wave of viruses Although the threat of malware on personal computers (PCs) is real, the threat on mobile devices is just beginning to emerge as they grow in popularity. Users may unknowingly infect their devices by visiting a compromised website, receiving a short message service (SMS) text message, or simply by installing an application. Even applications from pre-approved application stores like the Apple App Store or Google Marketplace are not immune. It is virtually impossible for application store owners to conduct in-depth code reviews of all applications. To address this threat, security suite software similar to what currently exists on PCs is gaining market acceptance. The software runs on the mobile device, scanning for malware and viruses, and is regularly updated as new threats arise. Defining a security policy Practically speaking, it is very difficult to prevent employees from using personal mobile devices for businesses purposes. IT professionals can get ahead of this trend by establishing set policies and procedures regarding what content is allowed to be accessed on these devices, how it will be accessed and how the organization will handle lost or stolen devices that may contain business data. This way, employees can still be productive on the

4 Securing end-user mobile devices in the enterprise road, at home or at a customer site, and you can reduce the risk that data will be lost to unauthorized access. Here is a sample mobile security policy, applicable to both enterprise and employee-owned mobile devices to help you get started: Eight-character alphanumeric mobile device password Expiration every 90 days Device lock after 15 minutes Password prompt on device should pause for incremental time after each unsuccessful login to protect against brute-force login attempts Device wipe Remote (by administrator) if device is lost or stolen After 10 invalid password attempts to protect against brute-force login attempts Data-at-rest encryption for employees with high-value or sensitive access Encryption key strength of at least 128 bits (AES) Protection for associated encryption keys exchanged or stored in a manner not easily retrieved in readable form at rest on the file system or in transmission Method to reflect the encryption status of a given device based on value, application of policy or other manner Bluetooth configuration set so that it is not discoverable, and only connected with paired devices on all handheld devices supporting these features Requirement that remote access for data synchronization or to the corporate infrastructure must go through an approved remote access gateway and support the required security authentication Local synchronization using direct Universal Serial Bus (USB), infrared, Bluetooth, wireless local area network (WLAN), local area network (LAN) or wireless connections Antivirus program run on any device with access to the corporate network Firewall program run on the mobile device Putting it all together: implementing a security policy Once you have defined a policy, mobile technology solutions can help you implement it. A mobile device management (MDM) solution will likely serve as the cornerstone. Although major messaging players like IBM Lotus Domino or Microsoft Exchange have basic device management capabilities, advanced MDM solutions typically deliver a more comprehensive approach. These may include self-service functions like onboarding, remote wipe or online help and the ability to manage mobile applications or track voice and data plans to reduce cost and improve management. In addition, some MDM solutions can help separate work and personal data and eliminate the need for an all-access device password lock. They may also provide remote wipe capabilities for just the enterprise data if the employee leaves the company, keeping personal data intact. Mobile security suite software may also protect devices from malware and viruses. When combined with MDM, the device s security posture can be ascertained before it connects to the network. If the device fails the security check, the user can be notified and the device separated from others to reduce enterprise network risks.

Notes

For more information To learn more about IBM Enterprise Services managed mobility services, contact your IBM marketing representative, IBM Business Partner, or visit the following website: ibm.com/services/mobility Additionally, financing solutions from IBM Global Financing can enable effective cash management, protection from technology obsolescence, improved total cost of ownership and return on investment. Also, our Global Asset Recovery Services help address environmental concerns with new, more energy-efficient solutions. For more information on IBM Global Financing, visit: ibm.com/financing Copyright IBM Corporation 2012 IBM Global Services Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America January 2012 IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corporation in the United States, other countries or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( or ), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at Copyright and trademark information at ibm.com/legal/copytrade.shtml BlackBerry, RIM, Research In Motion and related trademarks, names and logos are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world. Used under license from Research In Motion Limited. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. iphone, ipad and ipod Touch are trademarks of Apple Inc., registered in the U.S. and other countries. Other company, product or service names may be trademarks or service marks of others. 1 2010 Annual Study: U.S. Cost of a Data Breach, Ponemon Institute, LLC, March 8, 2011. 2 2010 Annual Study: U.S. Cost of a Data Breach, Ponemon Institute, LLC, March 8, 2011. Please Recycle AZW03001-USEN-02

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information