Meeting Mobile and BYOD Security Challenges

Similar documents
Symantec Managed PKI Service Deployment Options

Why Digital Certificates Are Essential for Managing Mobile Devices

Symantec Mobile Management 7.2

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Symantec Mobile Management for Configuration Manager 7.2

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

How To Support Bring Your Own Device (Byod)

Symantec Mobile Management 7.1

Symantec Mobile Management 7.1

Athena Mobile Device Management from Symantec

Symantec Mobile Management Suite

Symantec Mobile Security

Business Case for Voltage Secur Mobile Edition

Cisco Mobile Collaboration Management Service

Two-Factor Authentication

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution

Symantec Encryption Solutions for , Powered by PGP Technology

Endpoint Protection Small Business Edition 2013?

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

Authentication Solutions Buyer's Guide

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster

Bring Your Own Device Mobile Security

Symantec Backup Exec.cloud

How To Protect Your Mobile Devices From Security Threats

Securing Your Software for the Mobile Application Market

How To Secure Your Mobile Devices

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

Mobile Device Management for CFAES

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Symantec Client Management Suite 8.0

RSA SecurID Two-factor Authentication

Symantec Mobile Management 7.2

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Top 5 Reasons to Choose User-Friendly Strong Authentication

Payment Card Industry Data Security Standard

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Closing the Vulnerability Gap of Third- Party Patching

Symantec Endpoint Protection

Chris Boykin VP of Professional Services

Protecting Content and Securing the Organization Through Smarter Endpoint Choices

CoSign by ARX for PIV Cards

"Secure insight, anytime, anywhere."

How to Turn the Promise of the Cloud into an Operational Reality

Symantec Endpoint Protection

Windows Phone 8.1 in the Enterprise

ForeScout MDM Enterprise

Secure Your Mobile Device Access with Cisco BYOD Solutions

The ForeScout Difference

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

ENTRUST CLOUD. SSL Digital Certificates, Discovery & Management entrust@entrust.com entrust.com

Using Entrust certificates with VPN

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud

Protect Identities for people, workstations, mobiles, networks

WhitePaper. Private Cloud Computing Essentials

How Drive Encryption Works

Deriving a Trusted Mobile Identity from an Existing Credential

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

BEST PRACTICES IN BYOD

How To Use Netbackup For Business

Managed Public Key Infrastructure

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Securing end-user mobile devices in the enterprise

Security Overview Enterprise-Class Secure Mobile File Sharing

Symantec Enterprise Vault.cloud Overview

Simplify Your Windows Server Migration

Cloud Backup and Recovery for Endpoint Devices

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

ADDING STRONGER AUTHENTICATION for VPN Access Control

The Maximum Security Marriage:

The Convergence of IT Security and Physical Access Control

Executive Summary P 1. ActivIdentity

Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise

A Symantec Connect Document. A Total Cost of Ownership Viewpoint

Mobile Enterprise Management: Improving Healthcare While Protecting Patient Information

Enterprise Data Protection

Ensuring the security of your mobile business intelligence

Copyright 2013, 3CX Ltd.

Symantec Enterprise Vault for Microsoft Exchange

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Mobile First Government

Mobile Device Management

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

5 Must-Haves for an Enterprise Mobility Management (EMM) Solution

How To Get Cloud Computing For A Fraction Of The Cost

VMware Hybrid Cloud. Accelerate Your Time to Value

Robson Communications Hosted Exchange Whitepaper

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

How To Protect Your Data From Harm

Comodo Certificate Manager. Centrally Managing Enterprise Security, Trust & Compliance

Guide to Evaluating Multi-Factor Authentication Solutions

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Advanced Service Desk Security

Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It

IT Resource Management & Mobile Data Protection vs. User Empowerment

Symantec Federal Solutions

Real-World Scale for Mobile IT: Nine Core Performance Requirements

EMBRACING SECURE BYOD

Readiness Assessments: Vital to Secure Mobility

Transcription:

WHITE PAPER: MEETING MOBILE AND BYOD SECURITY CHALLENGES........................................ Meeting Mobile and BYOD Security Challenges Who should read this paper This white paper is written for enterprise executives who wish to understand what digital certificates are and why they are invaluable for mobile and Bring Your Own Device (BYOD) security on wired and wireless networks. The paper also illustrates the benefits of adopting Symantec Managed PKI Service and provides real-world use cases.

Content Safeguarding Networks in an Increasingly Mobile World.................................................................... 1 Digital Certificates Address Today s Business Security Needs.............................................................. 1 The Challenge of Digital Certificates Managing the I in PKI.............................................................. 2 Symantec Managed PKI Service: A Proven, Scalable, Cost-Effective Solution.................................................. 3 Symantec Managed PKI Service Use Cases................................................................................ 6 Next Steps........................................................................................................... 10

Safeguarding Networks in an Increasingly Mobile World Today, businesses and their IT managers must balance the desire to give employees the freedom to use a range of devices, including ones they own (BYOD), to access company network resources against the very real threats those devices pose to the health and safety of the network and its data assets. According to a 2014 Gartner study in the United States, approximately 40 percent of U.S. consumers who work for large enterprises said they use their personally owned smartphone, desktop or laptop daily for some form of work purposes. ("User Survey Analysis: Gartner Consumer Insights - People at Work and Play in 2014," Garnter, June 2014) The huge growth of wireless and mobile devices such as tablets and smart phones in business communications poses a significant challenge because these devices are easily lost, stolen or compromised. Only by implementing a solution that can identitfy and monitor them as trusted components can IT managers allow wireless and mobile devices to access network resources. Digital Certificates Address Today s Business Security Needs Best practice security requires IT to verify that users and devices can be trusted to access the company network and its applications and data. Even if IT strictly limits the applications available to users, authenticating users is still a priority. Digital certificates offer a much stronger form of authentication than employing shared secret passwords or access control lists (ACLs). In fact, global enterprises, government organizations, and digitally connected communities recognize digital certificates as the gold standard for highly secure and trusted authentication, digital signatures and encryption. Digital certificates provide a stable, scalable, and highly secure method of authenticating devices and users. They not only verify the identity of the individual, they can also verify the legitimacy of the device and secure the transport of information across a LAN, wireless LAN (WLAN), public WAN like the Internet, or a mobile cellular network. 1

Digital certificates easily integrate into existing environments, readily interoperating with virtual private networks (VPNs), virtual desktop integration (VDI), policy control platforms, email software, web browsers, wireless access points, and Mobile Device Management (MDM) Digital certificates protect information assets in the following ways: platforms. MDMs are used by many organizations to manage mobile devices accessing their networks. Although MDMs are not required components of a mobile device strategy, they do offer Authentication - Validates the identity of machines and users. certain advantages such as onboarding and offboarding capabilities, device and application security, digital certificate delivery, and full and selective remote wipe capabilities. Encryption - Encodes data to ensure that unauthorized users or machines cannot read transmitted content. The Challenge of Digital Certificates Managing the I in PKI Taking advantage of the many benefits of digital certificates requires a Public Key Infrastructure (PKI). Common misconceptions are that a PKI is made up solely of certificate enrollment software Digital signing - Provides the electronic equivalent of a hand-written signature; also enables organizations to verify the integrity of data and determine whether it has been tampered with in transit. and hardware, and that all PKIs (free, open source, and commercially available) are equally suited to meet the modern enterprise s needs. In reality, the software can provide the underlying platform and tools, but it takes significantly more to build a stable, scalable and secure Infrastructure. Access control Works with third-party applications to determine what type of information a user or application can access and what operations can be performed upon access; also called authorization. Single-purpose PKI solutions are typically deployed using open source programs or are what many believe to be free programs included in larger server software packages. The most common occurrence of a single-purpose PKI in an organization is what is referred to as a Project Non-repudiation - Ensures that transactions, communications and data exchanges are legally valid and irrevocable. PKI. This is not a true enterprise PKI, but a collection of public key cryptography tools utilized together to meet a project s deadlines and operational constraints. More often than not, the `I` in PKI is not considered as a fundamental design requirement to avoid the costly impact on the project. Such practices lead to the creation of multiple Project PKIs, each with their own set of unique requirements. The most well-known, and purportedly easy to deploy, example of a single-purpose PKI solution is Microsoft Active Directory Certificate Services. It is more sophisticated than a loose collection of tools, including such basic certificate lifecycle management capabilities as autoenrollment, but beneath the veneer of simplicity lie a number of hidden weaknesses. Platform specific software such as Microsoft Active Directory Certificate Services provides a basic platform and set of tools that can perform basic PKI functions, but the reality is there are many critical PKI aspects that cannot be addressed without complex supporting infrastructure: Single-purpose PKI solutions generally have either limited or single platform support. This ignores the reality that the modern enterprise network is an increasingly heterogeneous and mobile environment that must support a variety of devices and operating systems. Single-purpose solutions lack the automation and full lifecycle management features of purchased enterprise solutions. In addition, most single-purpose solutions lack the self-service options that allow select employees to request and manage certificates for unique needs. Furthermore, although small-scale PKI solutions can easily provide certificates for their own employees, they are usually not in a position to issue certificates that are automatically trusted outside the organization thereby posing challenges, such as lack of trust, that are crucial for enabling applications such as secure email or digital document signing. Without proper planning, a single-purpose PKI lacks the ability to deliver the reliability required across mission-critical security applications. Finally, as a company grows, it is forced to deploy multiple single-purpose PKIs. The resulting expense and overhead makes it a costly choice in the long run. 2

A secure, enterprise-scale PKI is a combination of hardware, software, facilities, people, policies, and processes employed to create, manage, store, distribute, and revoke digital certificates. Building an on-premise PKI requires managing the purchase, deployment, expiration and renewal of digital certificates for multiple servers, email, purposes and users often in many different locations and from many different vendors which can lead to critical application outages if reliability is not rock solid. The following figure illustrates the various aspects of building a PKI infrastructure: Implementing all the components that make up a robust, secure PKI is time-consuming and costly and requires that the organization accept a certain amount of risk in the event there is a breach or the root certificate is compromised. Managing internal digital certificates for identities, devices and machines can further compound the challenge. Symantec Managed PKI Service: A Proven, Scalable, Cost-Effective Solution Symantec Managed PKI Service enables organizations of any size to cost effectively deploy and control certificate lifecycle processes for all devices, from desktops to cell phones, and from fully owned and managed devices to wide open BYOD situations, with a level of security that other PKI solutions, especially in-house PKI solutions, cannot begin to match. Because it is cloud-based, Symantec Managed PKI Service economically fits a range of business needs, from tens to tens of thousands of devices. The figure below shows how the service handles multiple network security applications. 3

Convenient for Users No Matter What Device They Choose Mobility and BYOD offer companies the opportunity to improve efficiency, increase workplace effectiveness and accomplish things faster. However, these trends pose very real dangers in lost or stolen devices, data loss and malware infecting the corporate network. The challenge is to balance the multiple lines of defense IT understandably erects to safeguard the company network with user demands for more convenience. Fortunately, Symantec s digital certificates can be used to securely authenticate users and their devices without the need for hardware tokens, additional programming, or a MDM because it includes automated enrollment capabilities. In addition, once the digital certificate is installed, the second factor of the authentication process is completely transparent to users. Unlike free single-purpose solutions, Symantec Managed PKI does not require laptop users to configure usage by application or by browser, and client software automatically stays current through Symantec s Live Update feature. Symantec Managed PKI Service also works with industry-leading MDM products from MobileIron, AirWatch, and Fiberlink as well as Symantec Mobile Management to seamlessly handle content security on mobile devices. With or without a MDM, enrollment is essentially the same for laptop, desktop and mobile users. Symantec Managed PKI Service provides special localizable and custom branded enrollment pages for end-user registration and certificate renewal. One commonly overlooked security benefit of the Symantec Managed PKI Service is that because it is a cloud-based service, the validation server is hosted outside the firewall; this means there is no need for security compromises, such as firewall holes that in-house solutions require to authenticate mobile devices. With Symantec Managed PKI Service the organization is not required to accept any additional security risks to support mobile devices; and suppliers, partners, contractors, visitors, and temporary employees can be given access to defined areas of the network to perform their jobs without compromising the corporate core. 4

Delivering Non-Stop, Trusted Security Another compelling reason to consider Symantec Managed PKI Service is Symantec s worldwide reputation. The company is a global leader in providing security, storage and systems management solutions for small businesses all the way to large global enterprises. It is Symantec's mission to secure and manage information against more risks at more points, more completely and efficiently than any other company. Symantec leverages over 18 years of security expertise and over 60 million issued certificates to protect information. The multiple accreditations Symantec has earned from internationally recognized standards bodies such as WebTrust, International Organization for Standardization (ISO), Federal Information Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) attest to its high security standards. Trying to duplicate the global reach, high availability and disaster recovery infrastructure of Symantec Managed PKI Service would be prohibitively expensive for any organization for several reasons: 1 Symantec s cloud infrastructure is operated from multiple ANSI/TIA1-942 Tier 4 data centers the most stringent level of data center located physically and logically separated from its corporate network. Fully redundant fault-tolerant subsystems and compartmentalized security zones are controlled by biometric access restriction methods. All IT equipment is dual-powered and served by multiple independent distribution paths. Cooling and power infrastructures are independently dual-powered. Cryptographic keys are generated on dedicated Federal Information Processing Standard (FIPS2) 140-2 compliant hardware security modules and stored in an encrypted format. Symantec employs an independent external global service to monitor its critical services and perform daily vulnerability scans. The infrastructure undergoes multiple audits by WebTrust and PCI, among others, on an annual basis. Business continuity and disaster recovery plans are also tested on a regular basis. It is easy to understand why Symantec Managed PKI Service can offer a binding SLA with a 99.95 percent uptime guarantee. Reducing Complexity while Providing Scalability and Flexibility Symantec Managed PKI Service s competitive edge arises from its flexibility to scale incrementally as an organization s needs grow. Its PKI infrastructure is designed to handle more than 100 million certificates per year, but it also designed to meet individual customer needs; companies can add or delete certificates as needed. Another key competitive factor is Symantec s ability to eliminate risks to information, technology and processes independent of the device, platform, interaction or location. For example, as a recognized industry Certificate Authority (CA), Symantec issues X.509 certificates that support a wide range of operating systems, devices, VPN, email, web browsers, and ecosystems. Certificate profiles inherently cover common applications such as email encryption and signing, Adobe PDF signing, and Microsoft Exchange/ActiveSync. Cloud-based Authentication a Cost-Effective Solution One of the most compelling reasons to consider Symantec Managed PKI Service is the financial one. Compared to in-house PKI functions, the managed service is very scalable and cost effective and grows more so over time. Cloud-based PKI solutions can be several times cheaper than in-house PKI solutions. Symantec Managed PKI Service achieves this impressive costs saving in several ways: By eliminating costly hardware and software purchase and maintenance expenses. By eliminating labor costs associated with the planning, building, and maintaining of a certificate management infrastructure. 1- Fact Sheet: Symantec User Authentication Solutions Infrastructure Security 5

By reducing labor costs through the automation of certificate provisioning and application configuration tasks. A single staff member can administer a managed solution. By minimizing operation costs. Symantec Managed PKI Service user seat (certificate) covers all devices, a potential savings of three to four times the cost of competitive solutions that charge for each device. Symantec Managed PKI Service Use Cases This section of the paper takes a closer look at four customer successes with Symantec Managed PKI Service. These use cases exemplify how Symantec s experience and knowledge can significantly transform the way organizations secure their business. Use Case 1: Company-Owned Mobile Device Authentication A global Internet service provider came to Symantec with an initial need to manage 12,000 company-owned mobile devices and meet an extremely aggressive deployment timetable. Challenge: Need to authenticate company-owned Apple ios ipads and iphones. Top executives pushing IT staff to deploy a solution in less than one month. Mobile Authentication Solution: Symantec Managed PKI Service provides a flexible platform to issue and manage certificates for all employee mobile devices. It works with the company s MDM MobileIron, which provisions ios devices, treating the Symantec digital certificates as an application or secure data to be managed on the device. Mobile users are not charged for airtime during the authentication process or anytime they are on the company s wireless network. 6

Benefits: Symantec met the aggressive deadline with a flawless deployment. A quick and easy deployment reduces disruption to the organization. and by choosing a managed service it allows the company to focus on the business problem and not building out a PKI infrastructure. With automated certificate provisioning and application configuration, a single administrator can handle the entire enterprise network. Next Steps: Thanks to the success of the mobile device implementation, the company plans to use Symantec Managed PKI Service to authenticate its company-owned laptops. These laptops do not require additional certificates because they use the same user certificates, adding to the cost savings. Use Case 2: Company-Owned Mixed Device Authentication A Fortune 500 manufacturing conglomerate that recently changed its network architecture to support anywhere access needed a flexible, allin-one solution to manage the authentication of tens of thousands of company-owned laptops and mobile devices. Challenge: Need to authenticate Apple ios ipads and iphones and Windows laptops connecting over Internet VPNs or over onsite wired or wireless networks. Company cannot afford the risk of a trusted root certificate being compromised. Mixed Authentication Solution: Mobile users: Symantec Managed PKI Service works with the company s MDM, Airwatch, to manage certificate deployment, installation, configuration and renewal on ios devices. Laptop users: Symantec Managed PKI Client manages certificate deployment, installation, configuration and renewal on Windows-based laptops. Email: Digital IDs for Secure Email, also included in Symantec Managed PKI Service, signs and encrypts communications in email applications such as Outlook and Mozilla Thunderbird using Secure/Multipurpose Internet Mail Extension (S/MIME) certificates bound to validated email addresses. The service also provides certificates that can represent an entire department or business unit. 7

Benefits: Authentication is fully automated and completely transparent to both laptop and mobile users; client software automatically keeps current through Symantec s Live Update technology. Recipients of emails from this company can trust their origin and trust that content has not been tampered with during transit. Symantec s per-user seat covers all devices for each user, a potential savings of two to three times the cost of competitive solutions that charge for each device. Next Steps: The solution has been so successful that the manufacturer is looking to add digital certificates managed by Symantec Managed PKI Service for machine-to-machine (M2M) communications in durable goods to reduce operating costs, increase revenue, and streamline production and delivery processes. Use Case 3: Mobile BYOD Authentication for Wireless Network Access A Fortune 500 pharmaceutical was implementing a new wireless network on a tight schedule and needed a solid, quickly implementable solution to manage the authentication of tens of thousands of BYOD mobile devices. The company recognized that Microsoft Active Directory Certificate Services was not really a free solution, requiring in-house expertise to deploy, monitor and manage PKI processes successfully. Challenge: Authenticate any BYOD mobile device transparently to users. Deploy the solution for 32,000 BlackBerrys, ipads, and iphones in six weeks. Meet stringent Federal government security regulations. Mobile BYOD Authentication Solution: Symantec Managed PKI Service works with the company s MDM, MobileIron, which manages certificate deployment, installation, configuration and renewal on ios devices. Symantec Managed PKI Service works with the auto-enrollment server to deploy certificates to all Windows laptop users. 8

Benefits: Symantec Professional Services had the knowledge and expertise to meet the aggressive deadline, deploying the solution flawlessly in less than one month. Users noticed no change in connectivity or response time. Outsourcing eliminated the need to hire six to ten full-time temporary PKI engineers to develop the solution in-house. Authentication is fully automated and completely transparent to both laptop and mobile users; client software automatically keeps current through Symantec s Live Update technology. Symantec Managed PKI Service meets top federal regulations, including NIST4 SP800-53, which specifies security controls for information systems in U.S. federal government executive agencies. It is also FIPS-201 cross-certified with the U.S. Federal Bridge Certification Authority for personal identity verification (PIV) for smart cards. Next Steps: Thanks to the success of the BYOD mobile device implementation, the company is considering Symantec Managed PKI Service for authenticating BYOD PCs. The PCs will use the same user certificates, adding to the cost savings. Use Case 4: Bring Your Own Everything (BYOE) Authentication This Fortune 500 insurance company decided to allow users to access its network with whichever devices they choose. The long-time Symantec customer needed to meet an extremely aggressive deadline to deploy the authentication solution. Challenge: Need to authenticate a range of devices for 15,000 users. Need to ensure that no data or resources leave the corporate network. Company cannot afford the risk of a trusted root certificate being compromised. Executives pushing IT staff to deploy a solution in less than 6 weeks. All-in-One Authentication Solution: Symantec Managed PKI Service integrates with the company s VLAN web page to manage the certification enrollment process. Users requesting network access are directed to the web page to request and receive certificates. Symantec PKI Client handles certification installation and configuration for laptops, notepads and non-ios mobile devices. Symantec Managed PKI Service uses native ios protocols Over-the-Air (OTA) and Simple Certificate Enrollment Protocol (SCEP) to provision Apple devices such as imac laptops, ipads and iphones. 9

Benefits: Symantec met the aggressive deadline with a flawless deployment. The company can continue to rely on Symantec s over 18 years of certificate security expertise and ongoing leadership to protect their data and resources. Users determine which devices they prefer to use without corporate constraints, improving productivity. After initial enrollment, the certification process is seamless and transparent for all users, which significantly reduces IT time. VDI separates and secures network applications and resources so no data leaves the corporate environment. Next Steps More information can be found about Symantec Managed PKI Service on the web: http://www.symantec.com/mpki including a link to a free trial. The full-featured trial includes all the Symantec Manager PKI deployment options, ranging from a fully cloud-based deployment to a hybrid Enterprise Gateway deployment. The trial is limited to 90 days and up to 100 users. 10

About Symantec Symantec protects the world s information, and is a global leader in security, backup, and availability solutions. Our innovative products and services protect people and information in any environment from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our worldrenowned expertise in protecting data, identities, and interactions gives our customers confidence in a connected world. More information is available at www.symantec.com or by connecting with Symantec at go.symantec.com/socialmedia. For specific country offices and contact numbers, please visit our website. Symantec World Headquarters 350 Ellis St. Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Copyright 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 8/2015 21307003-1

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information