SlideShare una empresa de Scribd logo

The intersection of cool mobility and corporate protection

E
EnclaveSecurity

Cool Mobility in business terms is mobile productivity. It enables a workforce to have instant access to information through mobile applications anywhere, anytime. People are fundamentally changing the way they work, and in order to remain competitive, organizations are making enterprise applications accessible through mobile devices. But, what about the confidential data? How do we audit those mobile devices? This presentation will provide a streamline approach to auditing endpoint security on mobile devices.

TecnologíaEmpresariales
1 de 26
The Intersection of Cool Mobility and Corporate Protection: Practical Steps for Assessing the Security of Mobile Devices James Tarala, Enclave Security
Mobility is a Reality • Organizations want their toys… • These devices will not be going away anytime soon… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Business Legitimacy • Almost every industry has discovered ways of enhancing productivity with mobility: – Healthcare – Financial Services – Manufacturing – Retail – Government – Professional Services – And more… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
What are we protecting? • Potentially any / all of your organization’s data • More than simply contacts & calendars • Potentially we are protecting: – Financial records – Private health records – Credit card numbers – Anything in an email mailbox – And much, much more… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
What if we ignore the risk? • The primary risk to consider is the loss of data confidentiality • If a mobile device is lost or stolen, the information stored on the device is also at risk • However, other risks include: – Compromised authentication (SMS, soft tokens) – Manipulation of data sets – Impersonation of device owner The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Mobility Statistics • 81% of global executives say they are connected to work through mobile devices all of the time (Korn/Ferry International, August 2006) • Telecommunications managers believe 28% of their employees are using their mobile phone as their primary work phone (IDC, June 2006) • 85% of mobile users said it was important or very important for mobile apps to remember their favorites/preferences (Action Engine, September 2005) The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Mobility Statistics (cont) • 81% of companies surveyed reported the loss of one or more laptops containing sensitive information during the past 12 months (Ponemon 2010) • 64% of companies surveyed reported that they have never conducted an inventory of sensitive consumer information (Ponemon 2010) • 85% say handheld devices used in their organization should require security protection (Bluefire Wireless Security, April 2006) The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Evolution of Mobile Risk • There has been an evolution in mobile computing • The evolution has been from: – Phones & PDAs – Laptops – Smart Phones & Tablets • Although device capabilities have evolved, security controls have not necessarily kept up The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Typical Mobile Device Controls • Generally organizations secure laptops by implementing technical controls, such as: – Whole disk encryption – Anti-malware software – Application whitelisting software – Personal / host-based firewalls – Strong / two-factor authentication – Secure operating system configurations The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Whole Disk Encryption Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Anti-Malware Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Application Whitelisting Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Host-Based Firewall Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Authentication Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Security Configuration Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
More than BlackBerrys • RIM BlackBerrys are the modern Lotus Notes • Phrases heard from clients: – “We went with BlackBerry because of their security.” – “BlackBerrys are protected by default by RIM and BlackBerry Enterprise Servers (BES).” • These principles apply to all mobile devices The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
So what have we learned so far? • By default most mobile devices do not implement even basic security controls • Even when software is available it must be configured, it is not “out of the box” • Most mobile devices require not only configuration, but owners to research & buy additional software to gain functionality • Centralized management is another issue altogether… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Mobile Specific Threat Vectors In addition to traditional risk vectors, mobile devices deserve extra attention in the areas of: – Physical theft / loss – Wireless / Bluetooth hacking – Geo-location tracking – General privacy threats – General ownership threats The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Minimum Technical Controls • Already, the following controls for all mobile devices have been mentioned: – Whole disk encryption – Anti-malware software – Application whitelisting software – Personal / host-based firewalls – Strong / two-factor authentication – Secure operating system configurations The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Minimum Technical Controls (cont) • In addition, organizations should consider controls such as: – Functionality limitations (cameras, wireless, etc) – LoJack / phone home – Storage card encryption – Remote wiping – Remote locking – Logging / auditing – “Jailbreak detection” The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Governance Questions • In addition to technical controls, organizations must establish policy to determine: – Can organization data reside on personal devices? – Who is responsible for data residing on a device? – Will the organization purchase mobile devices for workforce members? – Regardless of ownership, can mobile devices be inspected by organization personnel? – Can data on devices be monitored by organizational personnel? The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Governance Questions (cont) – Who will support mobile devices? – Which workforce members will be offered support? – Will all or only certain types of devices be supported by the organization? – Will application support be included? – Who is responsible installing / supporting security software applications on devices? – And on, and on, and on… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Central Management • Laws are useful, but only when there are sufficient mechanisms to enforce those laws • If end users can disable controls, they will • Technical controls help organizations to enforce business decisions • Therefore centralized mobile device management must be considered The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Commercial Enterprise Tools • April 2011, Gartner releases a “Magic Quadrant” study for mobile device management software • Evaluates security & manageability • Names the following leaders: – AirWatch – Good Technology – MobileIron – Sybase http://www.sap.com/campaigns/2011_04_mobility/assets/GartnerReport_MDM_MQ_April2011.pdf The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Lessons Learned • Organizations want to use mobile devices (even infosec groups), do not just be a barrier • Educate business owners on specific risks and allow them to accept it or not • Define mandatory and optional security controls for these devices, and stick to them • But be willing to ban devices that do not meet corporate standards for mobility The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Further Questions • James Tarala – E-mail: james.tarala@enclavesecurity.com – Twitter: @isaudit, @jamestarala – Blog: http://www.enclavesecurity.com/blogs/ • Resources for further study: – SANS Security 505: Securing Windows – Gartner Magic Quadrant for Mobile Device Management Software (April 2011) The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011

Recomendados

Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Information Security Awareness Group
 
Byod
ByodByod
Byod
Asifulla Azad
 
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
TheAnfieldGroup
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
k33a
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
Murray Security Services
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
Sina Manavi
 
BYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And BenefitsBYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And Benefits
Modis
 
BYOD
BYODBYOD
BYOD
Neeraj Muduli
 

Recomendados

Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Information Security Awareness Group
 
Byod
ByodByod
Byod
Asifulla Azad
 
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
TheAnfieldGroup
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
k33a
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
Murray Security Services
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
Sina Manavi
 
BYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And BenefitsBYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And Benefits
Modis
 
BYOD
BYODBYOD
BYOD
Neeraj Muduli
 
Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own Device
Waterstons Ltd
 
BYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security IssuesBYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security Issues
Harsh Kishore Mishra
 
Preparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility StrategyPreparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility Strategy
Logicalis Australia
 
Bring your own device
Bring your own deviceBring your own device
Bring your own device
C/D/H Technology Consultants
 
Mobile Security in 2013
Mobile Security in 2013 Mobile Security in 2013
Mobile Security in 2013
Troy C. Fulton
 
Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD]
Md Yousup Faruqu
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)
Michael W. Chitwa
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
AugmentedWorldExpo
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
Chris Pepin
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Security
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
Ben Rothke
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
Murray Security Services
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
rcnossen
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot
Caston Thomas
 
Mobile device management and byod – major players
Mobile device management and byod – major playersMobile device management and byod – major players
Mobile device management and byod – major players
Waterstons Ltd
 
IoT_Structure
IoT_StructureIoT_Structure
IoT_Structure
Brandon Walston
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5
Steve Markey
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile Enterprise
IBM Security
 
BYOD risk management best practices
BYOD risk management best practices BYOD risk management best practices
BYOD risk management best practices
Troy C. Fulton
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
JAYANT RAJURKAR
 
Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009
Jason Edelstein
 
BYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessBYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with business
Mike Brannon
 

Más contenido relacionado

La actualidad más candente

Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own Device
Waterstons Ltd
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)
Michael W. Chitwa
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
AugmentedWorldExpo
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Security
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
rcnossen
 
Mobile device management and byod – major players
Mobile device management and byod – major playersMobile device management and byod – major players
Mobile device management and byod – major players
Waterstons Ltd
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5
Steve Markey
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile Enterprise
IBM Security
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
JAYANT RAJURKAR
 

La actualidad más candente (20)

Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own Device
 
BYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security IssuesBYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security Issues
 
Preparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility StrategyPreparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility Strategy
 
Bring your own device
Bring your own deviceBring your own device
Bring your own device
 
Mobile Security in 2013
Mobile Security in 2013 Mobile Security in 2013
Mobile Security in 2013
 
Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD]
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot
 
Mobile device management and byod – major players
Mobile device management and byod – major playersMobile device management and byod – major players
Mobile device management and byod – major players
 
IoT_Structure
IoT_StructureIoT_Structure
IoT_Structure
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile Enterprise
 
BYOD risk management best practices
BYOD risk management best practices BYOD risk management best practices
BYOD risk management best practices
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
 

Destacado

Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009
Jason Edelstein
 
Secure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private CloudSecure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private Cloud
Extreme Networks
 
Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview
Chris Genazzio
 
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Andris Soroka
 

Destacado (14)

Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009
 
BYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessBYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with business
 
Azure Active Directory : on fait le point
Azure Active Directory : on fait le pointAzure Active Directory : on fait le point
Azure Active Directory : on fait le point
 
Arquitectura y Visión de Extreme Networks en el Data Center
Arquitectura y Visión de Extreme Networks en el Data CenterArquitectura y Visión de Extreme Networks en el Data Center
Arquitectura y Visión de Extreme Networks en el Data Center
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
 
Enterprise Mobility + Security : tour d'horizon
Enterprise Mobility + Security : tour d'horizonEnterprise Mobility + Security : tour d'horizon
Enterprise Mobility + Security : tour d'horizon
 
Secure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private CloudSecure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private Cloud
 
CIS14: Building Blocks for Mobile Authentication and Security
CIS14: Building Blocks for Mobile Authentication and SecurityCIS14: Building Blocks for Mobile Authentication and Security
CIS14: Building Blocks for Mobile Authentication and Security
 
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ssTelus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
 
Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview
 
Security and Privacy in the current e-mobility charging infrastructure
Security and Privacy in the current e-mobility charging infrastructureSecurity and Privacy in the current e-mobility charging infrastructure
Security and Privacy in the current e-mobility charging infrastructure
 
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leaders
 
Mobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjaliMobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjali
 

Similar a The intersection of cool mobility and corporate protection

Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
EnclaveSecurity
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
EC-Council
 

Similar a The intersection of cool mobility and corporate protection (20)

Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
mobile application security
mobile application securitymobile application security
mobile application security
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.ppt
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon India
 
Outside the Office: Mobile Security
Outside the Office: Mobile SecurityOutside the Office: Mobile Security
Outside the Office: Mobile Security
 
mobilize
mobilizemobilize
mobilize
 
Isaca tech session 19 feb 2013 securing mobile devices rev
Isaca tech session 19 feb 2013 securing mobile devices revIsaca tech session 19 feb 2013 securing mobile devices rev
Isaca tech session 19 feb 2013 securing mobile devices rev
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
 
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
 
Ascure session
Ascure sessionAscure session
Ascure session
 
Enterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationEnterprise Mobility: Secure Containerization
Enterprise Mobility: Secure Containerization
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
 
Mobiquant Japan ITpro Expo Tokyo/ Mobile and IOT Security Conference - REDA Z...
Mobiquant Japan ITpro Expo Tokyo/ Mobile and IOT Security Conference - REDA Z...Mobiquant Japan ITpro Expo Tokyo/ Mobile and IOT Security Conference - REDA Z...
Mobiquant Japan ITpro Expo Tokyo/ Mobile and IOT Security Conference - REDA Z...
 
Securing a mobile oriented enterprise
Securing a mobile oriented enterpriseSecuring a mobile oriented enterprise
Securing a mobile oriented enterprise
 

Más de EnclaveSecurity

Automating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellAutomating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShell
EnclaveSecurity
 
Enterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security AssessmentsEnterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security Assessments
EnclaveSecurity
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security Assessments
EnclaveSecurity
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare Technology
EnclaveSecurity
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security Assessments
EnclaveSecurity
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to Measurement
EnclaveSecurity
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
EnclaveSecurity
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controls
EnclaveSecurity
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controls
EnclaveSecurity
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
EnclaveSecurity
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
EnclaveSecurity
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewalls
EnclaveSecurity
 

Más de EnclaveSecurity (16)

Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for Defense
 
Automating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellAutomating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShell
 
Enterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security AssessmentsEnterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security Assessments
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security Assessments
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare Technology
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security Assessments
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to Measurement
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
 
Recent changes to the 20 critical controls
Recent changes to the 20 critical controlsRecent changes to the 20 critical controls
Recent changes to the 20 critical controls
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controls
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controls
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primer
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewalls
 

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Último (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

The intersection of cool mobility and corporate protection

  • 1. The Intersection of Cool Mobility and Corporate Protection: Practical Steps for Assessing the Security of Mobile Devices James Tarala, Enclave Security
  • 2. Mobility is a Reality • Organizations want their toys… • These devices will not be going away anytime soon… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 3. Business Legitimacy • Almost every industry has discovered ways of enhancing productivity with mobility: – Healthcare – Financial Services – Manufacturing – Retail – Government – Professional Services – And more… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 4. What are we protecting? • Potentially any / all of your organization’s data • More than simply contacts & calendars • Potentially we are protecting: – Financial records – Private health records – Credit card numbers – Anything in an email mailbox – And much, much more… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 5. What if we ignore the risk? • The primary risk to consider is the loss of data confidentiality • If a mobile device is lost or stolen, the information stored on the device is also at risk • However, other risks include: – Compromised authentication (SMS, soft tokens) – Manipulation of data sets – Impersonation of device owner The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 6. Mobility Statistics • 81% of global executives say they are connected to work through mobile devices all of the time (Korn/Ferry International, August 2006) • Telecommunications managers believe 28% of their employees are using their mobile phone as their primary work phone (IDC, June 2006) • 85% of mobile users said it was important or very important for mobile apps to remember their favorites/preferences (Action Engine, September 2005) The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 7. Mobility Statistics (cont) • 81% of companies surveyed reported the loss of one or more laptops containing sensitive information during the past 12 months (Ponemon 2010) • 64% of companies surveyed reported that they have never conducted an inventory of sensitive consumer information (Ponemon 2010) • 85% say handheld devices used in their organization should require security protection (Bluefire Wireless Security, April 2006) The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 8. Evolution of Mobile Risk • There has been an evolution in mobile computing • The evolution has been from: – Phones & PDAs – Laptops – Smart Phones & Tablets • Although device capabilities have evolved, security controls have not necessarily kept up The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 9. Typical Mobile Device Controls • Generally organizations secure laptops by implementing technical controls, such as: – Whole disk encryption – Anti-malware software – Application whitelisting software – Personal / host-based firewalls – Strong / two-factor authentication – Secure operating system configurations The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 10. Whole Disk Encryption Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 11. Anti-Malware Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 12. Application Whitelisting Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 13. Host-Based Firewall Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 14. Authentication Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 15. Security Configuration Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 16. More than BlackBerrys • RIM BlackBerrys are the modern Lotus Notes • Phrases heard from clients: – “We went with BlackBerry because of their security.” – “BlackBerrys are protected by default by RIM and BlackBerry Enterprise Servers (BES).” • These principles apply to all mobile devices The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 17. So what have we learned so far? • By default most mobile devices do not implement even basic security controls • Even when software is available it must be configured, it is not “out of the box” • Most mobile devices require not only configuration, but owners to research & buy additional software to gain functionality • Centralized management is another issue altogether… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 18. Mobile Specific Threat Vectors In addition to traditional risk vectors, mobile devices deserve extra attention in the areas of: – Physical theft / loss – Wireless / Bluetooth hacking – Geo-location tracking – General privacy threats – General ownership threats The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 19. Minimum Technical Controls • Already, the following controls for all mobile devices have been mentioned: – Whole disk encryption – Anti-malware software – Application whitelisting software – Personal / host-based firewalls – Strong / two-factor authentication – Secure operating system configurations The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 20. Minimum Technical Controls (cont) • In addition, organizations should consider controls such as: – Functionality limitations (cameras, wireless, etc) – LoJack / phone home – Storage card encryption – Remote wiping – Remote locking – Logging / auditing – “Jailbreak detection” The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 21. Governance Questions • In addition to technical controls, organizations must establish policy to determine: – Can organization data reside on personal devices? – Who is responsible for data residing on a device? – Will the organization purchase mobile devices for workforce members? – Regardless of ownership, can mobile devices be inspected by organization personnel? – Can data on devices be monitored by organizational personnel? The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 22. Governance Questions (cont) – Who will support mobile devices? – Which workforce members will be offered support? – Will all or only certain types of devices be supported by the organization? – Will application support be included? – Who is responsible installing / supporting security software applications on devices? – And on, and on, and on… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 23. Central Management • Laws are useful, but only when there are sufficient mechanisms to enforce those laws • If end users can disable controls, they will • Technical controls help organizations to enforce business decisions • Therefore centralized mobile device management must be considered The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 24. Commercial Enterprise Tools • April 2011, Gartner releases a “Magic Quadrant” study for mobile device management software • Evaluates security & manageability • Names the following leaders: – AirWatch – Good Technology – MobileIron – Sybase http://www.sap.com/campaigns/2011_04_mobility/assets/GartnerReport_MDM_MQ_April2011.pdf The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 25. Lessons Learned • Organizations want to use mobile devices (even infosec groups), do not just be a barrier • Educate business owners on specific risks and allow them to accept it or not • Define mandatory and optional security controls for these devices, and stick to them • But be willing to ban devices that do not meet corporate standards for mobility The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 26. Further Questions • James Tarala – E-mail: james.tarala@enclavesecurity.com – Twitter: @isaudit, @jamestarala – Blog: http://www.enclavesecurity.com/blogs/ • Resources for further study: – SANS Security 505: Securing Windows – Gartner Magic Quadrant for Mobile Device Management Software (April 2011) The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011

Notas del editor

  1. Cool Mobility in business terms is mobile productivity. It enables a workforce to have instant access to information through mobile applications anywhere, anytime. People are fundamentally changing the way they work, and in order to remain competitive, organizations are making enterprise applications accessible through mobile devices. But, what about the confidential data? How do we audit those mobile devices? This presentation will provide a streamline approach to auditing endpoint security on mobile devices.