SlideShare ist ein Scribd-Unternehmen logo

The intersection of cool mobility and corporate protection

E
EnclaveSecurity

Cool Mobility in business terms is mobile productivity. It enables a workforce to have instant access to information through mobile applications anywhere, anytime. People are fundamentally changing the way they work, and in order to remain competitive, organizations are making enterprise applications accessible through mobile devices. But, what about the confidential data? How do we audit those mobile devices? This presentation will provide a streamline approach to auditing endpoint security on mobile devices.

TechnologieBusiness
1 von 26
The Intersection of Cool Mobility and Corporate Protection: Practical Steps for Assessing the Security of Mobile Devices James Tarala, Enclave Security
Mobility is a Reality • Organizations want their toys… • These devices will not be going away anytime soon… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Business Legitimacy • Almost every industry has discovered ways of enhancing productivity with mobility: – Healthcare – Financial Services – Manufacturing – Retail – Government – Professional Services – And more… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
What are we protecting? • Potentially any / all of your organization’s data • More than simply contacts & calendars • Potentially we are protecting: – Financial records – Private health records – Credit card numbers – Anything in an email mailbox – And much, much more… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
What if we ignore the risk? • The primary risk to consider is the loss of data confidentiality • If a mobile device is lost or stolen, the information stored on the device is also at risk • However, other risks include: – Compromised authentication (SMS, soft tokens) – Manipulation of data sets – Impersonation of device owner The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Mobility Statistics • 81% of global executives say they are connected to work through mobile devices all of the time (Korn/Ferry International, August 2006) • Telecommunications managers believe 28% of their employees are using their mobile phone as their primary work phone (IDC, June 2006) • 85% of mobile users said it was important or very important for mobile apps to remember their favorites/preferences (Action Engine, September 2005) The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Mobility Statistics (cont) • 81% of companies surveyed reported the loss of one or more laptops containing sensitive information during the past 12 months (Ponemon 2010) • 64% of companies surveyed reported that they have never conducted an inventory of sensitive consumer information (Ponemon 2010) • 85% say handheld devices used in their organization should require security protection (Bluefire Wireless Security, April 2006) The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Evolution of Mobile Risk • There has been an evolution in mobile computing • The evolution has been from: – Phones & PDAs – Laptops – Smart Phones & Tablets • Although device capabilities have evolved, security controls have not necessarily kept up The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Typical Mobile Device Controls • Generally organizations secure laptops by implementing technical controls, such as: – Whole disk encryption – Anti-malware software – Application whitelisting software – Personal / host-based firewalls – Strong / two-factor authentication – Secure operating system configurations The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Whole Disk Encryption Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Anti-Malware Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Application Whitelisting Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Host-Based Firewall Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Authentication Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Security Configuration Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
More than BlackBerrys • RIM BlackBerrys are the modern Lotus Notes • Phrases heard from clients: – “We went with BlackBerry because of their security.” – “BlackBerrys are protected by default by RIM and BlackBerry Enterprise Servers (BES).” • These principles apply to all mobile devices The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
So what have we learned so far? • By default most mobile devices do not implement even basic security controls • Even when software is available it must be configured, it is not “out of the box” • Most mobile devices require not only configuration, but owners to research & buy additional software to gain functionality • Centralized management is another issue altogether… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Mobile Specific Threat Vectors In addition to traditional risk vectors, mobile devices deserve extra attention in the areas of: – Physical theft / loss – Wireless / Bluetooth hacking – Geo-location tracking – General privacy threats – General ownership threats The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Minimum Technical Controls • Already, the following controls for all mobile devices have been mentioned: – Whole disk encryption – Anti-malware software – Application whitelisting software – Personal / host-based firewalls – Strong / two-factor authentication – Secure operating system configurations The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Minimum Technical Controls (cont) • In addition, organizations should consider controls such as: – Functionality limitations (cameras, wireless, etc) – LoJack / phone home – Storage card encryption – Remote wiping – Remote locking – Logging / auditing – “Jailbreak detection” The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Governance Questions • In addition to technical controls, organizations must establish policy to determine: – Can organization data reside on personal devices? – Who is responsible for data residing on a device? – Will the organization purchase mobile devices for workforce members? – Regardless of ownership, can mobile devices be inspected by organization personnel? – Can data on devices be monitored by organizational personnel? The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Governance Questions (cont) – Who will support mobile devices? – Which workforce members will be offered support? – Will all or only certain types of devices be supported by the organization? – Will application support be included? – Who is responsible installing / supporting security software applications on devices? – And on, and on, and on… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Central Management • Laws are useful, but only when there are sufficient mechanisms to enforce those laws • If end users can disable controls, they will • Technical controls help organizations to enforce business decisions • Therefore centralized mobile device management must be considered The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Commercial Enterprise Tools • April 2011, Gartner releases a “Magic Quadrant” study for mobile device management software • Evaluates security & manageability • Names the following leaders: – AirWatch – Good Technology – MobileIron – Sybase http://www.sap.com/campaigns/2011_04_mobility/assets/GartnerReport_MDM_MQ_April2011.pdf The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Lessons Learned • Organizations want to use mobile devices (even infosec groups), do not just be a barrier • Educate business owners on specific risks and allow them to accept it or not • Define mandatory and optional security controls for these devices, and stick to them • But be willing to ban devices that do not meet corporate standards for mobility The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
Further Questions • James Tarala – E-mail: james.tarala@enclavesecurity.com – Twitter: @isaudit, @jamestarala – Blog: http://www.enclavesecurity.com/blogs/ • Resources for further study: – SANS Security 505: Securing Windows – Gartner Magic Quadrant for Mobile Device Management Software (April 2011) The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011

Empfohlen

Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...Information Security Awareness Group
 
Byod
ByodByod
ByodAsifulla Azad
 
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillTheAnfieldGroup
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)k33a
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Murray Security Services
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
BYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And BenefitsBYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And BenefitsModis
 
BYOD
BYODBYOD
BYODNeeraj Muduli
 

Empfohlen

Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...Information Security Awareness Group
 
Byod
ByodByod
ByodAsifulla Azad
 
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillTheAnfieldGroup
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)k33a
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Murray Security Services
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
BYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And BenefitsBYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And BenefitsModis
 
BYOD
BYODBYOD
BYODNeeraj Muduli
 
Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DeviceWaterstons Ltd
 
BYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security IssuesBYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security IssuesHarsh Kishore Mishra
 
Preparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility StrategyPreparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility StrategyLogicalis Australia
 
Bring your own device
Bring your own deviceBring your own device
Bring your own deviceC/D/H Technology Consultants
 
Mobile Security in 2013
Mobile Security in 2013 Mobile Security in 2013
Mobile Security in 2013 Troy C. Fulton
 
Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Md Yousup Faruqu
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)Michael W. Chitwa
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesChris Pepin
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust DesignationMurray Security Services
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthrcnossen
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iotCaston Thomas
 
Mobile device management and byod – major players
Mobile device management and byod – major playersMobile device management and byod – major players
Mobile device management and byod – major playersWaterstons Ltd
 
IoT_Structure
IoT_StructureIoT_Structure
IoT_StructureBrandon Walston
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Steve Markey
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseIBM Security
 
BYOD risk management best practices
BYOD risk management best practices BYOD risk management best practices
BYOD risk management best practices Troy C. Fulton
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile securityJAYANT RAJURKAR
 
Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Jason Edelstein
 
BYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessBYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessMike Brannon
 

Weitere ähnliche Inhalte

Was ist angesagt?

Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DeviceWaterstons Ltd
 
BYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security IssuesBYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security IssuesHarsh Kishore Mishra
 
Preparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility StrategyPreparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility StrategyLogicalis Australia
 
Mobile Security in 2013
Mobile Security in 2013 Mobile Security in 2013
Mobile Security in 2013 Troy C. Fulton
 
Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Md Yousup Faruqu
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)Michael W. Chitwa
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesChris Pepin
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthrcnossen
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iotCaston Thomas
 
Mobile device management and byod – major players
Mobile device management and byod – major playersMobile device management and byod – major players
Mobile device management and byod – major playersWaterstons Ltd
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Steve Markey
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseIBM Security
 
BYOD risk management best practices
BYOD risk management best practices BYOD risk management best practices
BYOD risk management best practices Troy C. Fulton
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile securityJAYANT RAJURKAR
 

Was ist angesagt? (20)

Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own Device
 
BYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security IssuesBYOD: Bring Your Own Device Implementation and Security Issues
BYOD: Bring Your Own Device Implementation and Security Issues
 
Preparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility StrategyPreparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility Strategy
 
Bring your own device
Bring your own deviceBring your own device
Bring your own device
 
Mobile Security in 2013
Mobile Security in 2013 Mobile Security in 2013
Mobile Security in 2013
 
Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD]
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot
 
Mobile device management and byod – major players
Mobile device management and byod – major playersMobile device management and byod – major players
Mobile device management and byod – major players
 
IoT_Structure
IoT_StructureIoT_Structure
IoT_Structure
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile Enterprise
 
BYOD risk management best practices
BYOD risk management best practices BYOD risk management best practices
BYOD risk management best practices
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
 

Andere mochten auch

Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Jason Edelstein
 
BYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessBYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessMike Brannon
 
Azure Active Directory : on fait le point
Azure Active Directory : on fait le pointAzure Active Directory : on fait le point
Azure Active Directory : on fait le pointMaxime Rastello
 
Arquitectura y Visión de Extreme Networks en el Data Center
Arquitectura y Visión de Extreme Networks en el Data CenterArquitectura y Visión de Extreme Networks en el Data Center
Arquitectura y Visión de Extreme Networks en el Data CenterExtreme Networks
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachOmar Khawaja
 
Enterprise Mobility + Security : tour d'horizon
Enterprise Mobility + Security : tour d'horizonEnterprise Mobility + Security : tour d'horizon
Enterprise Mobility + Security : tour d'horizonMaxime Rastello
 
Secure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private CloudSecure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private CloudExtreme Networks
 
CIS14: Building Blocks for Mobile Authentication and Security
CIS14: Building Blocks for Mobile Authentication and SecurityCIS14: Building Blocks for Mobile Authentication and Security
CIS14: Building Blocks for Mobile Authentication and SecurityCloudIDSummit
 
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ssTelus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ssGraham Chalk
 
Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Chris Genazzio
 
Security and Privacy in the current e-mobility charging infrastructure
Security and Privacy in the current e-mobility charging infrastructureSecurity and Privacy in the current e-mobility charging infrastructure
Security and Privacy in the current e-mobility charging infrastructureAchim Friedland
 
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...Andris Soroka
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 

Andere mochten auch (14)

Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009
 
BYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with businessBYOD - Mobility - Protection: security partnering with business
BYOD - Mobility - Protection: security partnering with business
 
Azure Active Directory : on fait le point
Azure Active Directory : on fait le pointAzure Active Directory : on fait le point
Azure Active Directory : on fait le point
 
Arquitectura y Visión de Extreme Networks en el Data Center
Arquitectura y Visión de Extreme Networks en el Data CenterArquitectura y Visión de Extreme Networks en el Data Center
Arquitectura y Visión de Extreme Networks en el Data Center
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
 
Enterprise Mobility + Security : tour d'horizon
Enterprise Mobility + Security : tour d'horizonEnterprise Mobility + Security : tour d'horizon
Enterprise Mobility + Security : tour d'horizon
 
Secure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private CloudSecure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private Cloud
 
CIS14: Building Blocks for Mobile Authentication and Security
CIS14: Building Blocks for Mobile Authentication and SecurityCIS14: Building Blocks for Mobile Authentication and Security
CIS14: Building Blocks for Mobile Authentication and Security
 
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ssTelus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
Telus Analyst Briefing mobile security and managed mobility sept 2012 v6 gc ss
 
Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview
 
Security and Privacy in the current e-mobility charging infrastructure
Security and Privacy in the current e-mobility charging infrastructureSecurity and Privacy in the current e-mobility charging infrastructure
Security and Privacy in the current e-mobility charging infrastructure
 
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leaders
 
Mobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjaliMobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjali
 

Ähnlich wie The intersection of cool mobility and corporate protection

Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.pptssusera76ea9
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020tmbainjr131
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAvinash Birnale
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNorth Texas Chapter of the ISSA
 
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...RapidValue
 
Enterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationEnterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationDomenico Catalano
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devicesMarc Vael
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyOracleIDM
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalOracleIDM
 
Mobiquant Japan ITpro Expo Tokyo/ Mobile and IOT Security Conference - REDA Z...
Mobiquant Japan ITpro Expo Tokyo/ Mobile and IOT Security Conference - REDA Z...Mobiquant Japan ITpro Expo Tokyo/ Mobile and IOT Security Conference - REDA Z...
Mobiquant Japan ITpro Expo Tokyo/ Mobile and IOT Security Conference - REDA Z...MOBIQUANT TECHNOLOGIES
 
Securing a mobile oriented enterprise
Securing a mobile oriented enterpriseSecuring a mobile oriented enterprise
Securing a mobile oriented enterpriseinfra-si
 

Ähnlich wie The intersection of cool mobility and corporate protection (20)

Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
mobile application security
mobile application securitymobile application security
mobile application security
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.ppt
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon India
 
Outside the Office: Mobile Security
Outside the Office: Mobile SecurityOutside the Office: Mobile Security
Outside the Office: Mobile Security
 
mobilize
mobilizemobilize
mobilize
 
Isaca tech session 19 feb 2013 securing mobile devices rev
Isaca tech session 19 feb 2013 securing mobile devices revIsaca tech session 19 feb 2013 securing mobile devices rev
Isaca tech session 19 feb 2013 securing mobile devices rev
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
 
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
 
Ascure session
Ascure sessionAscure session
Ascure session
 
Enterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationEnterprise Mobility: Secure Containerization
Enterprise Mobility: Secure Containerization
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
 
Mobiquant Japan ITpro Expo Tokyo/ Mobile and IOT Security Conference - REDA Z...
Mobiquant Japan ITpro Expo Tokyo/ Mobile and IOT Security Conference - REDA Z...Mobiquant Japan ITpro Expo Tokyo/ Mobile and IOT Security Conference - REDA Z...
Mobiquant Japan ITpro Expo Tokyo/ Mobile and IOT Security Conference - REDA Z...
 
Securing a mobile oriented enterprise
Securing a mobile oriented enterpriseSecuring a mobile oriented enterprise
Securing a mobile oriented enterprise
 

Mehr von EnclaveSecurity

Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseEnclaveSecurity
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseEnclaveSecurity
 
Automating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellAutomating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellEnclaveSecurity
 
Enterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security AssessmentsEnterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security AssessmentsEnclaveSecurity
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsEnclaveSecurity
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsEnclaveSecurity
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementEnclaveSecurity
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
Recent changes to the 20 critical controls
Recent changes to the 20 critical controlsRecent changes to the 20 critical controls
Recent changes to the 20 critical controlsEnclaveSecurity
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsEnclaveSecurity
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controlsEnclaveSecurity
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controlsEnclaveSecurity
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usualEnclaveSecurity
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewallsEnclaveSecurity
 

Mehr von EnclaveSecurity (16)

Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for Defense
 
Automating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellAutomating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShell
 
Enterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security AssessmentsEnterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security Assessments
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security Assessments
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare Technology
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security Assessments
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to Measurement
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
 
Recent changes to the 20 critical controls
Recent changes to the 20 critical controlsRecent changes to the 20 critical controls
Recent changes to the 20 critical controls
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controls
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controls
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primer
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewalls
 

Kürzlich hochgeladen

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

The intersection of cool mobility and corporate protection

  • 1. The Intersection of Cool Mobility and Corporate Protection: Practical Steps for Assessing the Security of Mobile Devices James Tarala, Enclave Security
  • 2. Mobility is a Reality • Organizations want their toys… • These devices will not be going away anytime soon… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 3. Business Legitimacy • Almost every industry has discovered ways of enhancing productivity with mobility: – Healthcare – Financial Services – Manufacturing – Retail – Government – Professional Services – And more… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 4. What are we protecting? • Potentially any / all of your organization’s data • More than simply contacts & calendars • Potentially we are protecting: – Financial records – Private health records – Credit card numbers – Anything in an email mailbox – And much, much more… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 5. What if we ignore the risk? • The primary risk to consider is the loss of data confidentiality • If a mobile device is lost or stolen, the information stored on the device is also at risk • However, other risks include: – Compromised authentication (SMS, soft tokens) – Manipulation of data sets – Impersonation of device owner The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 6. Mobility Statistics • 81% of global executives say they are connected to work through mobile devices all of the time (Korn/Ferry International, August 2006) • Telecommunications managers believe 28% of their employees are using their mobile phone as their primary work phone (IDC, June 2006) • 85% of mobile users said it was important or very important for mobile apps to remember their favorites/preferences (Action Engine, September 2005) The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 7. Mobility Statistics (cont) • 81% of companies surveyed reported the loss of one or more laptops containing sensitive information during the past 12 months (Ponemon 2010) • 64% of companies surveyed reported that they have never conducted an inventory of sensitive consumer information (Ponemon 2010) • 85% say handheld devices used in their organization should require security protection (Bluefire Wireless Security, April 2006) The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 8. Evolution of Mobile Risk • There has been an evolution in mobile computing • The evolution has been from: – Phones & PDAs – Laptops – Smart Phones & Tablets • Although device capabilities have evolved, security controls have not necessarily kept up The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 9. Typical Mobile Device Controls • Generally organizations secure laptops by implementing technical controls, such as: – Whole disk encryption – Anti-malware software – Application whitelisting software – Personal / host-based firewalls – Strong / two-factor authentication – Secure operating system configurations The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 10. Whole Disk Encryption Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 11. Anti-Malware Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 12. Application Whitelisting Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 13. Host-Based Firewall Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 14. Authentication Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 15. Security Configuration Scorecard The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 16. More than BlackBerrys • RIM BlackBerrys are the modern Lotus Notes • Phrases heard from clients: – “We went with BlackBerry because of their security.” – “BlackBerrys are protected by default by RIM and BlackBerry Enterprise Servers (BES).” • These principles apply to all mobile devices The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 17. So what have we learned so far? • By default most mobile devices do not implement even basic security controls • Even when software is available it must be configured, it is not “out of the box” • Most mobile devices require not only configuration, but owners to research & buy additional software to gain functionality • Centralized management is another issue altogether… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 18. Mobile Specific Threat Vectors In addition to traditional risk vectors, mobile devices deserve extra attention in the areas of: – Physical theft / loss – Wireless / Bluetooth hacking – Geo-location tracking – General privacy threats – General ownership threats The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 19. Minimum Technical Controls • Already, the following controls for all mobile devices have been mentioned: – Whole disk encryption – Anti-malware software – Application whitelisting software – Personal / host-based firewalls – Strong / two-factor authentication – Secure operating system configurations The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 20. Minimum Technical Controls (cont) • In addition, organizations should consider controls such as: – Functionality limitations (cameras, wireless, etc) – LoJack / phone home – Storage card encryption – Remote wiping – Remote locking – Logging / auditing – “Jailbreak detection” The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 21. Governance Questions • In addition to technical controls, organizations must establish policy to determine: – Can organization data reside on personal devices? – Who is responsible for data residing on a device? – Will the organization purchase mobile devices for workforce members? – Regardless of ownership, can mobile devices be inspected by organization personnel? – Can data on devices be monitored by organizational personnel? The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 22. Governance Questions (cont) – Who will support mobile devices? – Which workforce members will be offered support? – Will all or only certain types of devices be supported by the organization? – Will application support be included? – Who is responsible installing / supporting security software applications on devices? – And on, and on, and on… The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 23. Central Management • Laws are useful, but only when there are sufficient mechanisms to enforce those laws • If end users can disable controls, they will • Technical controls help organizations to enforce business decisions • Therefore centralized mobile device management must be considered The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 24. Commercial Enterprise Tools • April 2011, Gartner releases a “Magic Quadrant” study for mobile device management software • Evaluates security & manageability • Names the following leaders: – AirWatch – Good Technology – MobileIron – Sybase http://www.sap.com/campaigns/2011_04_mobility/assets/GartnerReport_MDM_MQ_April2011.pdf The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 25. Lessons Learned • Organizations want to use mobile devices (even infosec groups), do not just be a barrier • Educate business owners on specific risks and allow them to accept it or not • Define mandatory and optional security controls for these devices, and stick to them • But be willing to ban devices that do not meet corporate standards for mobility The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011
  • 26. Further Questions • James Tarala – E-mail: james.tarala@enclavesecurity.com – Twitter: @isaudit, @jamestarala – Blog: http://www.enclavesecurity.com/blogs/ • Resources for further study: – SANS Security 505: Securing Windows – Gartner Magic Quadrant for Mobile Device Management Software (April 2011) The Intersection of Cool Mobility and Corporate Protection © Enclave Security 2011

Hinweis der Redaktion

  1. Cool Mobility in business terms is mobile productivity. It enables a workforce to have instant access to information through mobile applications anywhere, anytime. People are fundamentally changing the way they work, and in order to remain competitive, organizations are making enterprise applications accessible through mobile devices. But, what about the confidential data? How do we audit those mobile devices? This presentation will provide a streamline approach to auditing endpoint security on mobile devices.