250 likes | 359 Views
Best Practices to Secure the Mobile Enterprise. Macy Torrey mtorrey@checkpoint.com. Early year’s solutions. Laptops brought freedom…. … and then it became easier. Mobile Workforce Challenges. Access from anywhere…. While maintaining security. The Security Challenges.
E N D
Best Practices to Secure the Mobile Enterprise Macy Torrey mtorrey@checkpoint.com
Laptops brought freedom… … and then it became easier
Mobile Workforce Challenges Access from anywhere… While maintaining security
The Security Challenges Keep communication private Allow access only to device owner Allow access only to the needed information Protected device access(passcode, encryption, etc.)
Four Scenarios for Mobile Security Background | Challenges | Needs |Best Practices Check Point Solution • OnTheGo • High Tech Company • Many managed laptops • Roadwarriors • LotsToMake • Manufacturing Company • Managed laptops • Little travel • YourRHired • Human Resources Company • Personal PC’s and Contractors • BetMore • Gaming Equipment Company • Personal Mobile and portable devices
OnTheGo High Tech Company • Background • Large mobile workforce • Employees issued company owned laptops • Employees work from home, coffee shops and travel frequently • Users need to access corporate resources at any given time • Employees shares fair amount of sensitive data • Challenges • Employees let their kids play with computers, a number of unauthorized apps are downloaded • IT must manage security policy on 10,000 laptops • Sensitive data has found it’s way into competitor’s hands lately • Needs • Access to native applications (like SAP and a homegrown application) • Keep employees productive • Ensure only endpoints that comply with security policy are able to access corporate resources • Protect corporate data
OnTheGo High Tech Company • Best Practices • Encrypt laptop in case of theft or loss during travel • Ensure any data leaving the laptop is encrypted • Control programs allowing only authorized apps to be run • Protect the laptop from malware • Firewall the road warriors • Protect from drive-by downloads • Use an always-on IPSec VPN solution for access to native applications
Solution for OnTheGo Automatically and transparently secure all information on endpoint hard drives Centrally enforceable encryption of removable media and port control Provide secure, seamless access to corporate networks remotely Protects your endpoint from unsecure, malicious and unwanted applications Protect against drive-by-downloads, phishing sites and zero-day attacks Stop unwanted traffic, prevent malware and block targeted attacks
LotsToMake Hardware Manufacturing Company • Background • Employees issued company owned laptops • Employees occasionally work from home and travel • Users need to access corporate resources sometimes • Has a firewall today but no remote access • Existing AV and File based Encryption solution • Challenges • Travel and working from home occasional, but happens often enough to worry • Small IT group must manage security too • Needs • Occasional access to native applications (Oracle) • Keep employees productive, no matter where they are • Protect corporate resources
LotsToMake Hardware Manufacturing Company • Best Practices • Encrypt laptop in case of theft or loss during travel • Ensure any data leaving the laptop is encrypted • Control programs allowing only authorized apps to be run • Protect the laptop from malware • Firewall the road warriors • Protect from drive-by downloads • Use an always-on IPSec VPN solution for access to native applications • Continue using current Endpoint Protection Solution • Even though occasionally mobile, security is still key
Solution for LotsToMake • Endpoint Security client: • VPN, FDE, Compliance, Anti-Malware • Managed VPN access from central Gateway • Includes a Desktop Firewall
YouRHired Human Resources Company • Background • Employees use desktops at work and personal PC’s or Macs at home • Some Contractors are used as sales force • Users occasionally need to access corporate resources from home • Have a Check Point Gateway • Challenges • Employees complain that they need access to intranet and internal applications (Inventory Application) • Contractors need access to some web-based applications (SalesForce) • Company is cutting budget on IT spending • Needs • Secure access to corporate data from unmanaged employee and contractor computers • Employees need access to network based, home-grown application • Protect corporate resources
YouRHired Human Resources Company • Best Practices • Allow Contractors secure access to web-based applications through browser-based secure encrypted connection • Allow Employees secure access to network-based applications with browser plug-in • Check compliance of any endpoint accessing your network or specific applications • Train and encourage secure home use of PC’s
Solution for YouRHired Web Portal for PC and Mac using SSL VPN • SSL VPN Web Portal • Easy and secure access to critical resources • Connect through a standard Web browser Web mail On-demand, dissolvable SSL VPN agent for non-web-application access (SSL Network Extender) Web apps Endpoint Security On-demand Shared files Secure Workspace
BetMore Gaming Manufacturing Company • Background • Large mobile workforce • Employees want access from their own personal mobile devices (iPhones, iPads, Android devices, etc.) • Users want to access corporate resources at any given time • Challenges • Securing the enterprise being accessed by unmanaged devices • Difficult to manage unmanaged devices • Employees are concerned of losing personal freedom of their device • Needs • Keep communication private • Verified access for employees only (2-factor authentication) • Allow access only to authorized applications
BetMore Gaming Manufacturing Company • Best Practices • Allow corporate access only through encrypted communication • Create policy of Remote-Wipe if user’s device is lost or stolen • Choose a solution that increases productivity for employees, but easy to support • Easy for end user • Don’t end up supporting user-owned devices • Minimize corporate “intrusion” on the employee owned device
Solution for BetMore Two-factor authentication for safe connectivity Certificate and username/password Pair device with its owner for a safer connection
User and Device Access Control Control data access by user and device settings Personalized portal, based on identity Set up device security features Remote-wipe device upon loss
Protect Your Internal Servers Shield your mail and web servers All Active Sync & Web traffic is secured by SSL VPN technology
Simple for the End User • Download App • Enter your password • Gain secure access to your data!
Simple for the Administrator • Enable Mobile Access Blade on your gateway • Set access policies for users • Generate and send an activation key to the users
Mobile Client for Android • Full VPN client (Layer 3 IPSec) • Web application access via SSL VPN • Strong authentication – two factor User/Pass and Certificate • Device-to-user pairing • Automatic certificate enrollment • Easy access to application • Concurrent users license
Remote Access Strategy Remote access solutions for a variety of endpoint scenarios