90 likes | 326 Views
Mobility & Security Presented by Sean Gallagher sean@seanmgallagher.com. Mobile Apps in the Enterprise, Part 4. The Risks of Mobile Apps For Business. Mobile devices grow legs Mobile devices operate in a variety of network environments Rogue apps Users resistant to good security.
E N D
Mobility & Security Presented by Sean Gallagher sean@seanmgallagher.com Mobile Apps in the Enterprise, Part 4
The Risks of Mobile Apps For Business • Mobile devices grow legs • Mobile devices operate in a variety of network environments • Rogue apps • Users resistant to good security
Risk Varies by App Type • Business-to-employee • Direct enterprise data connection • Greater control over devices possible • Data loss risk can be reduced through… • Policy enforcement • Secure data connection • Control of apps installed • App architecture that minimizes data exposure • Two-factor authentication
Business-to-Consumer App Risks • No control of device • Web-like security model • Problem is protecting customer privacy, not enterprise data • Risk can be reduced by: • Minimizing data on device, limiting it to user configuration and passkey • Enforcing secure connections • User education/ avoiding bad apps
Platform Risks • Management and security tools for iOS, Android devices still in infancy • Apple iOS apps tend to not store data locally because of Apple Store guidelines, but enterprise apps and “jailbroken” devices can be a risk • No effective way to “blacklist” apps on devices, especially if you don't own them • Android openness opens it up to malware • “Hotspot” capabilities create potential network attack vectors
B2E: Device Management • Need to set policies that treat mobile device like laptops • Configuration management • Network access controls • VPN from outside corporate net • Strong authentication/password policies • Control over apps installed on device
Mobile Device SecurityManagement Options • McAfee Mobile Security for Enterprise • Integrates mobile devices into ePolicy management • Requires password protection • Ensures apps are properly configured • File scans and malware detection • Access control token apps • Two-factor authentication to connect to corporate data
Dealing With User-Owned Devices • Rapid turnover of devices makes keeping them certified and secure difficult • Need to take the same approach as with remote Web access: • Secure the connection • Isolate data • Restrict access by role