1 / 28

Enterprise Mobile Device Security

Enterprise Mobile Device Security. Bryan Glancey Vice President of Research & Development. Devices are the Weakest link. "Because that's where the money is."  ( Willie Sutton , his response when asked why he robs banks)

gaurav
Download Presentation

Enterprise Mobile Device Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development

  2. Devices are the Weakest link • "Because that's where the money is."  (Willie Sutton, his response when asked why he robs banks) • This is the rock-solid principle on which the whole of the Corporation's [IBM's] Galaxy-wide success is founded...their fundamental design flaws are completely hidden by their superficial design flaws. • TH Nelson, Computer Lib., 1988, London: Penguin.

  3. Mobile Devices Devices – Our Friends? • PDAs & SmartPhones • 802.11 Devices • Wireless Modems • CDPD

  4. Why Mobile wireless devices are great!!! • Remote E-mail • Remote Contacts • Remote Calendar • Remote Applications

  5. Why wireless devices are the worst thing that ever happened to information security.

  6. Confidential information • Remote E-mail • Remote Contacts • Remote Calendar

  7. Regulatory Compliance • Lots of legislation regarding information assets • HIPAA – Health Insurance Portability & Accountability Act • Mandates Protection of Medical Information • Liability for both Organization and Individuals • Gramm-Leach-Bliley Act of 1999 • Mandates protection of financial information • Active as of July 2001 • http://www.cdt.org/privacy/plif.shtml

  8. Identity theft and Fraud • Your Palmtop often contains all the information needed to assume your identity

  9. Meet Mike • Mike is an Executive • Mike is Successful • Mike Travels 50% of the time • Mike wants to keep in touch with minimum hassle

  10. Meet Mike’s Wireless Device • Mike can: • Read E-mail • Access his Contacts • View his Calendar • Make Meeting Notes • Generate Sales!!

  11. Mike sinks up his Device • Communications Protocol Issues • CDPD Security • 802.11 Security • Let’s assume that the data makes it safely to his device • Let’s take a look at what’s in there -

  12. What’s in Mike’s Device? • Contacts • Contact information for his entire companies contact database • Personal information regarding his customers • Personal information about company employees • Customer Sales information • Pricing/contracts data

  13. What’s in Mike’s Device? • Calendar • Information about customer meetings – with contact info and subject • Information about competitive situations • Information that presents competitive advantage!!

  14. What’s in Mike’s Device? • Mail • Negotiating Positions • Price lists • Order information • Product information • Legal Discussions

  15. So where does Mike go with this information? • Airports • Airplanes • Taxi Cabs • Hotels • Rental Cars • Restaurants • Baseball Games • Everywhere he goes!

  16. So? What’s the difference? All that information was already on their Laptop!

  17. Devices vs. Laptops • Wireless Devices are sometimes Laptop replacements 7.5 lbs 5.25’’ 13’’ 6.7 oz

  18. Wireless devices are extremely prone to theft! • The information stored on the device is a corporate asset • The information stored on the Device is a Liability – and possibly protected by legislation • Even with secure transport, the data remains on the device

  19. Steps to take • Put some thought into extending your security policy to include mobile devices • What data can be stored on Mobile Devices? • Are there any regulatory implications? • Is there any business Risk in disclosure? • Pick a standard Device! • Easier in include in Security Policy if they are all the same – if it’s not too late!

  20. Steps to take & Trends • Look into Access control products for your Mobile Devices • Focus on Integrating Mobile Devices into your existing Security Policy • Start with the expectation that PDAs will meet the same security standards as PCs

  21. Why none of the current solutions work - yet • Bad Management • Poor User experience • Different solutions on different platforms • No Enterprise Visibility • ‘Insecurity is in the implementation not the math’ – Bruce Schneier

  22. History of Device Security • Hard Disk Encryption • PC-DACS • Protect Data (Pointsec) • Safeguard Easy • PDA Protection • PDA Bomb • F-Secure

  23. 2003 – “The Year of Convergence” - Gartner • The Pitfalls of Multi-Vendor Security • Management • “Which proprietary Management tool do I use for the Palm Security?” • User Acceptance • “Why does the security on My PDA work different then the one on my Laptop?”

  24. Uniform Security – Cross Platform • Policies & Procedures are Enterprise Wide without exception • Same/Similar operation on all Devices • Enterprise Management Tools – Manage all platforms from one place • Single Enterprise Security Policy

  25. Uniform Reporting • Enterprise visibility for Security • Simple Executive Reports – ‘Show me the ROI for this security Stuff!’ • E-mail notifications, Pager notifications based on events – just like the Firewall people

  26. Uniform Management • Common Tool Administration • Microsoft Management Console • Active Directory • SNMP

  27. Conclusion • Mobile Devices provide easy access to corporate information assets • Mobile Devices are extremely mobile – therefore prone to theft • Look for pragmatic solutions to your problems • Extend your security policy to include mobile devices

  28. Thank You Reminder: • Please be sure to complete your session evaluation forms and place them in the box outside the room. We appreciate your feedback.

More Related