Securing Corporate Email on Personal Mobile Devices



Similar documents
Symantec Mobile Management for Configuration Manager 7.2

Ben Hall Technical Pre-Sales Manager

Kaspersky Security for Mobile

Google Identity Services for work

Symantec Mobile Management 7.2

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Hands on, field experiences with BYOD. BYOD Seminar

Enterprise Mobility as a Service

FileCloud Security FAQ

Lync SHIELD Product Suite

Symantec Mobile Management Suite

Feature List for Kaspersky Security for Mobile

Securing mobile devices in the business environment

Copyright 2013, 3CX Ltd.

Securing Office 365 with MobileIron

EndUser Protection. Peter Skondro. Sophos

Athena Mobile Device Management from Symantec

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

STRONGER AUTHENTICATION for CA SiteMinder

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Mobile Device Management Version 8. Last updated:

Security Architecture Whitepaper

Codeproof Mobile Security & SaaS MDM Platform

Chris Boykin VP of Professional Services

AT&T Toggle. 4/23/2014 Page i

Choosing an MDM Platform

Data Protection Act Bring your own device (BYOD)

Security and Compliance challenges in Mobile environment

The ForeScout Difference

CHOOSING AN MDM PLATFORM

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

White Paper. Data Security. The Top Threat Facing Enterprises Today

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

Marble & MobileIron Mobile App Risk Mitigation

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Ibrahim Yusuf Presales Engineer at Sophos Smartphones and BYOD: what are the risks and how do you manage them?

ForeScout MDM Enterprise

Symantec Mobile Management 7.1

PULSE SECURE FOR GOOGLE ANDROID

10 best practice suggestions for common smartphone threats

Protecting Content and Securing the Organization Through Smarter Endpoint Choices

Kony Mobile Application Management (MAM)

Securing Enterprise Mobility for Greater Competitive Advantage

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Symantec Mobile Management 7.1

Ensuring the security of your mobile business intelligence

MTP. MTP AirWatch Integration Guide. Release 1.0

Top Five Security Must-Haves for Office 365. Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering

ADDING STRONGER AUTHENTICATION for VPN Access Control

10 Quick Tips to Mobile Security

Mobile Security and Management Opportunities for Telcos and Service Providers

EasiShare Whitepaper - Empowering Your Mobile Workforce

Secure Your Mobile Workplace

Secure, Centralized, Simple

Trust Digital Best Practices

BES10 Cloud architecture and data flows

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Sophos Mobile Control Technical guide

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Sophos Mobile Control

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

Executive s Guide to Cloud Access Security Brokers

The increasing popularity of mobile devices is rapidly changing how and where we

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

How To Protect Your Mobile Device From Attack

COMMUNITAKE TECHNOLOGIES MOBILE DEVICE MANAGEMENT FROM BELL USER GUIDE

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Vodafone Secure Device Manager Administration User Guide

WHITE PAPER AUGUST 2014

Dell World Software User Forum 2013

Total Enterprise Mobility

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

How To Support Bring Your Own Device (Byod)

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

Deployment Guide Sept-2014 rev. a. Array Networks Deployment Guide: AG Series and DesktopDirect with VMware Horizon View 5.2

Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It

Mobility Challenges & Trends The Financial Services Point Of View

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

Mobile Madness or BYOD Security?

Securing the mobile enterprise with IBM Security solutions

Google Apps Premier Edition. Included Yes Yes Yes Storage 25 GB Varies by deployment

Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

Transcription:

Securing Corporate Email on Personal Mobile Devices

Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture... 4 Email and Attachment Protection... 5 Contacts and Calendar Protection... 5 Corporate Credentials Protection... 6 Security Advantages... 6 Visibility and Control... 6 Low Total Cost of Ownership... 6 Summary... 7 2

The Impact of Personal Mobile Devices on Corporate Security Today, every organization must consider the risks of data loss and leakage via mobile devices, and adopt a risk management strategy that is in line with their business, budget and compliance obligations. According to analysts, email is by far the most popular mobile application for corporate users and the most sensible place to begin implementing mobile security practices. Top 5 Business Applications in use on BYO Devices 2011-2103 (Source IDC) An effective strategy for protecting corporate email on mobile devices must address four key concerns: Security: Preventing data loss and leakage from mobile devices, as well as protecting corporate login credentials and passwords, is a requirement that cannot be compromised. Total cost of ownership: Recent surveys show that IT labor costs per smartphone user are climbing rapidly to as much as $339 in 2013 (Osterman Research). To enable the majority of workers to benefit from corporate email, the TCO must be within reach. Cooperation: Any strategy must face the fact that users do not want to give up control over their mobile devices along with how and where they can use them. They are reluctant to give up the native user experience that they love in order to use proprietary corporate applications. Compliance: Mobile security must both enforce and easily demonstrate compliance with corporate and regulatory policies. Introducing LetMobile Secure Mobile Email LetMobile offers secure, easy to manage, non-intrusive access to corporate data on mobile devices. LetMobile is an innovative, frictionless solution that does not take over the user device or require the use of containers and dedicated applications and environments. Employees love LetMobile because it enables them to continue working with the native mail apps on their favorite devices, without changing the way they work, and without giving IT control over the device and their personal information. Corporate security prefers LetMobile because it is more secure corporate email, attachments and passwords are never left on the device; it is easy to enforce and manage security policies. Corporate IT appreciates LetMobile because it is easy to deploy and manage without straining IT resources. Corporate compliance can depend on LetMobile because it prevents data leakage and provides policy enforcement, auditing and accountability that are required for proper regulatory compliance. Corporate finance loves LetMobile because of the low total cost of ownership. LetMobile offers a unique solution to secure corporate email in the new age of BYOD and IT consumerization. It enables IT professionals to accept and even encourage the use of personal smartphones and tablets, while at the 3

same time maintaining the strictest security and management requirements demanded by the organization. LetMobile offers full collaboration platform capabilities (including secure e-mail, attachments, contacts and calendar) from personal and corporate owned devices (including Android and ios 1 ). LetMobile cleanly and elegantly solves the confidentiality, integrity and availability issues relating to corporate collaboration on mobile devices. If a device is lost or stolen, or if communications are hacked in a public hotspot, LetMobile ensures that corporate information is protected. Let Mobile provides the most effective protection available against the most common threats: If a device is lost or stolen, it is also likely that it has been turned off or had the SIM card removed so the traditional approach of wiping the device will be ineffective. LetMobile will ensure that corporate data is not present on the device. If the communication channel has been compromised, traditional control oriented approaches will not protect the corporate credentials. LetMobile ensures the confidentiality of the corporate password by never passing it over the wire. If the device is a shared device, traditional control oriented approaches will not provide protection to the content of the corporate email while allowing access to personal applications. LetMobile will. Solution Architecture The LetMobile architecture provides a clean, single integration point, which does not require modification to the corporate collaboration platform, the communications protocols, or the end user devices. More importantly the overall solution can be implemented without a major IT project, and corporate collaboration users will not suffer a major change in the mobile computing user experience. The LetMobile solution can be deployed in the cloud (public or private), or on-premise. Cloud-based services are offered by LetMobile as well as by local and global partners. To access corporate data, all devices must pass 1 Supports Microsoft Exchange 2007,2010, Microsoft Office 365, Google Apps, Gmail, and any ActiveSync service 4

through the LetMobile servers. Communications between mobile devices, LetMobile servers and corporate servers use the standard ActiveSync protocol, which is securely transmitted over HTTPs. ActiveSync has been in use for over 10 years and was adopted by the most advanced mobile operating systems including ios and Android. This protocol is well tested and optimized for battery and content consumption. From the security perspective, since we do not transmit the corporate password or email content inside the protocol s payload, all information, including attachments, is completely secure. All modern smartphones and tablets support ActiveSync out-of-thebox as the default protocol for Exchange accounts defined on the device. All the data that passes through the LetMobile servers is inspected and filtered (or blocked) according to a predefined set of rules. Security rules can be defined by a company s IT security professionals Email and Attachment Protection LetMobile is the only solution that enables workers to use their mobile device s native email application to view and send corporate email. Users are required to enter a password before opening corporate emails only. Once the password is entered correctly the user can freely view corporate emails without the need to re-enter the password. IT admins can define a timeout period after which users will have to re-enter the password before accessing company s emails. IT admins can define different timeouts based on different policies, for example, a longer timeout while the user is physically inside corporate offices. With the LetMobile solution, email content is never stored on the mobile device. Once a user opens an email on his or her mobile device the content of the email is retrieved from the LetMobile servers - all within the native email app. In case of attachments, the email that arrives at the mobile device does not include the attachment but only a link embedded in the email body the attachment is never downloaded to the mobile device. Once a user clicks on the link the attachment is presented to the user. The user cannot store the attachment on his device unless it is permitted by the administrator. In addition, administrators can define a policy that enables specific attachment types (for example wma files) to be downloaded to the mobile device so they can be played by a 3rd party app. All attachments that are leaving the LetMobile security zone are audited and tracked. Contacts and Calendar Protection IT administrators can configure LetMobile to filter out all sensitive information from all contacts and appointments. For contacts, only the must have, most used fields will be exposed to the contacts app: only name, picture, email (optional) and phone numbers are exposed in the native contacts application. A phone s native Caller ID functionality is based on the above information and therefore it is crucial to expose this information to the native contacts app. For calendar, the basic appointment information is not blocked by the LetMobile servers (i.e. the time, date, subject etc.). Sensitive information such as the appointment notes are blocked and not presented in the appointment body. All the information that was filtered out and is not presented in the contacts/calendar apps can be viewed from the secure LetMobile server. A link inside the contacts/calendar element enable users to directly visit the LetMobile server and view the sensitive content after authenticating to the LetMobile service. 5

Corporate Credentials Protection Credential theft is one of the most common hacking methods. The traditional ActiveSync mechanism requires storage of user names, passwords and mail server addresses on the mobile device in order to access collaboration platforms. When the mobile device passes these credentials across a compromised Wi-Fi hotspot, or the device is compromised by malware or stolen, these credentials can be extracted and used by hackers to access corporate assets. LetMobile does not store corporate passwords on mobile devices. Instead, the gateway uses patentpending technology to generate a complex, two-part password that cannot be used to access the corporate network. LetMobile generates the real password on the fly and never stores it on its servers. Security Advantages LetMobile is a purpose-built solution for preventing leakage of corporate information from mobile devices. It offers the most robust protection available in an easy-to-deploy, easy-to-manage package: Security by absence if it is not stored, there is nothing to steal. The corporate credentials are not stored on the device. Email content is not stored on the device. Before users can view sensitive data on a mobile device they must authenticate. (Note that the LetMobile solution is independent of any device authentication method such as device-level PIN code locking). Credential protection both at rest and in motion. Corporate risk mitigation through proven reverse proxy, data confidentiality, and auditing techniques. Visibility and Control The LetMobile solution enables IT administrators to control and understand mobile user behavior: Control and manage all users and device types, models and versions. Detect irregular behaviour based on IP geo-location, suspicious locations like anonymous proxies, unsuccessful login attempts. Remotely lock users/devices when needed. Identify jailbreak/rooted devices connected to the corporate network and block if needed. Send a logout command to the LetMobile server and instantly logout from the device (even if the device has had the SIM card removed, or the device is powered off). Personalize security policies at the application or attachment level. Integration with an anti-virus scanning engine enabling LetMobile to scan every attachment sent from any mobile device. Detect devices that are not used for a long period of time and alert or block their users. A device can be locked to a user, preventing a user from adding devices that are not approved by IT. LetMobile supports the ios profile mechanism enabling admins to provision ios devices based on corporate policies. LetMobile fully supports all ActiveSync policies. Low Total Cost of Ownership LetMobile is not only robust it is the most cost-effective security solution available: Up and running on a new device in minutes Scalable gateway server available as either a SaaS cloud service or on-premise No changes required to existing Email server settings, ActiveSync network infrastructure or policies Simple management console for setting security policies 6

Optional user self-service to reduce support overhead LetMobile also lowers data roaming costs. It does not synchronize the entire inbox, only headers. It only downloads the full message at the user s request, giving them full control over the amount of data that is consumed. Summary According to Forrester Research, by 2016, 350 million employees will use smartphones, and 200 million will bring their mobile device to work. Organizations must be prepared to harness the opportunity, and reduce the liability, of personal mobile devices. LetMobile s Secure Mobile Gateway technology is a unique approach to mobile security that prevents data loss and theft, while protecting the corporate network from unauthorized access. Unlike conventional approaches that use proprietary applications and bulky containers to segregate corporate data, LetMobile simply keeps the data where it belongs off of the device. With LetMobile, corporate data and passwords are never stored on a mobile phone or tablet the best protection against loss, theft and malicious attack. Today, all mobile devices are personal even if they are owned by the enterprise. They go to work, ride the train, and attend the weekend ball game. LetMobile is committed to helping companies realize the productivity benefits of using personal smart mobile devices for work, while minimizing the risks. We offer an elegant solution that enables IT professionals to ensure data security that is virtually transparent for users - not taking control over their personal devices. Around the world, enterprises and service providers are using LetMobile to meet their mobile data security, auditing and compliance needs. Contact us to learn more about how LetMobile can work for you. 2012 LetMobile Ltd. All rights reserved. LetMobile is a trademark of LetMobile, Ltd. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information