Wrapping Your Arms Around Mobile Security in the Enterprise Nathan King, Senior Manager, IT Security Systems United Airlines May 2013
Choosing a Mobile Device Had to pass FAA Device Security Hardware encryption Manageability Maturity 3
Choosing a Mobile Device Management (MDM) Solution 3 Provide cloud support for quick deployment (PLUS) Backup database to implement in our datacenter Backup database and restore to the cloud for business continuity Provide full support for: Apple ios devices (ipads, iphones) Windows Mobile Android Blackberry (not a primary concern since we had BES) Symbian (also not a primary concern) Enterprise App Store (Critical) Jail Broken/Rooted Detection (Critical) Secure Document Management (Critical) We partnered with AirWatch Interface to Microsoft SCCM or HPCA (Since then, SCCM is our standard) Was not a requirement but did provide an incentive AirWatch has partnered with Microsoft to integrate with SCCM
4 Pilot EFB Electronic Flight Bag Flight Manuals SOPs Weather Charts Flight Charts Training Auto-Provision Wi-Fi Email Pros Reduce expense for paper manual reproduction Save fuel costs due to reduced weight of paper manuals $2+ million/year savings Cons New environment for those who are used to paper Some country s confiscate devices Email Only Access Use Exchange Active Sync Require PIN Pin Expires OWA allows user to wipe lost phone More than email Require MDM management
Corporate Devices BYOD Automatic Provision Wi-Fi Email Corporate Applications Loss Prevention Wipe lost devices Geo-locate lost devices Secure Document Management Secure sensitive & financial data Departments & Teams Green Initiative Full disk encryption Secure web filtering Support for 11,000 EFB ipads All corporate non-windows mobile devices Bring Your Own Device Breach Your Own Data Bring Your Own Disaster Current Currently some devices are sneaking their way on the network Temp Guest Wi-Fi for those who don t sneak as well as guests Using EAS for smart phones accessing email Future NAC Network Access Control Guest network w/ AD credentials LAN access by MDM only using certificate authentication VDI RDP to desktop Web applications that support Safari Auto-provision email & guest Wi-Fi Enterprise wipe Allow user wipe of lost personal devices 5
Challenges PIN More than 4 characters Alpha Numeric Does not allow repeating, ascending, descending Expiration History Max failed attempts Restrictions App monitoring for inappropriate or malicious apps Ratings Apps TV Movies Geo Location You can track me? 6
MDM Strengths & Weaknesses Apple Not quite enterprise ready Provides the best support for MDM Best security ios 6 updates allow ability to disable app install/delete Android Malicious apps Minimal MDM - still needs work Newer versions are increasing support for MDM solutions Less expensive that Apple Still few with hardware encryption Windows Mobile LAN based devices may be better managed by SCCM MDM solutions still best for devices that leave the corporate LAN App provides remote viewing for trouble shooting Still best solution for PCI related apps 7
Key Takeaways PIN The PIN is an integral part of ios encryption It also protects the passwords stored for email and other apps App password further protects data Geo-location I lost my phone however was able to recover it because of this Remote wipe Enterprise wipe for employees leaving the enterprise Full wipe for lost corporate devices Full wipe available for employees personal devices if managed. Still BIG concerns over Android OS Easily provision corporate applications Apple and Android are not ready for Enterprise PCI 8
Questions Nathan.King@united.com 713-324-2364 9