Weitere ähnliche Inhalte Ähnlich wie Enterprise Mobile Security (20) Kürzlich hochgeladen (20) Enterprise Mobile Security1. Enterprise Mobile Security
HP Enterprise Security Services
Paul Schwarzenberger
MSc, M.Inst.ISP, CISSP, CLAS
1 ©2011 Copyright 2010 Hewlett-Packard Development The information
© Hewlett-Packard Development Company, L.P. Company, L.P.
contained herein is subject to change without notice
2. ENTERPRISE MOBILE SECURITY
– Senior executives want to use iPhones, iPads, Androids and other
mobile devices to access corporate data
– New business requirements for tablets, e.g. retail, medical
– Consumerisation / BYOD – expand mobile workforce cost
effectively
What are the risks?
What security can be applied?
How to securely enable apps?
2 © Copyright 2010 Hewlett-Packard Development Company, L.P.
3. SECURITY RISKS
– Malware / malicious apps Fake Netflix analysis by
Symantec, October 2011
– No (or poorly implemented) encryption
– Jailbroken operating systems
– SMS
– Data loss – corporate / personal emails
– Data loss – email attachments / Dropbox
– Sync and backup – to home PC and iCloud
– Malicious, compromised, or inappropriate web sites
3 © Copyright 2010 Hewlett-Packard Development Company, L.P.
4. MOBILE MALWARE - CUMULATIVE
The continued growth of mobile phone adoption globally is driving growth in the mobile malware
sector. While malware targeting the Symbian platform is still the most prevalent, there has been a
sea change in top targets in 2011. In Q3 nearly all of the malware samples discovered by McAfee
Labs targeted the newer and more popular (now) Android platform.
Others
1400
1200 Java ME 8%
1000 9%
800
Symbian
600
3rd Ed.
400
200 11% Symbian
0 Android 56%
16%
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3
09 09 09 09 10 10 10 10 11 11 11
iOS – two viruses detected to date, both
only effective against jailbroken devices
4 © Copyright 2010 Hewlett-Packard Development Company, L.P. data from McAfee
5. APP REQUIREMENTS
– Personal /corporate apps
– Public / in-house apps
– Blacklist, Whitelist apps
– Prevent data leakage
– Secure connectivity
– Authentication
5 © Copyright 2010 Hewlett-Packard Development Company, L.P.
6. ENTERPRISE MOBILE SECURITY MODEL
Enable Applications
• e-mail, calendar and contacts
• Business applications
Sandbox
• Protect corporate data
• Control Interaction with host
Enforce Mobile Security
• Device Password
• Encryption
• Whitelist or blacklist Apps
• Connection methods
• Block jailbroken devices
• Remote wipe
mobile device with • Control synchronisation
optional security app • Mobile Anti-Virus
e-mail and
• Personal Firewall business
application servers
Device Management
• Monitor and audit
• Reporting and alerts
• Remote unlock
6 © Copyright 2010 Hewlett-Packard Development Company, L.P.
7. ENTERPRISE MOBILE SECURITY - COMPONENTS
– Mobile Device Management (Secure Container / Whole Device)
– Anti-Malware
– Secure Connectivity
– Application control
– VPN
– Certificates
– Data Loss Prevention
– URL filtering
7 © Copyright 2010 Hewlett-Packard Development Company, L.P.
8. EXAMPLE: UK POLICE MOBILE DATA
– Balfour Beatty Workplace
– Mobile data workflow and information
– Police outsource contract
– Police / UK Government security standards
– Ease of use – “invisible” security
– Solution: SSL VPN / lockdown / certificate
8 © Copyright 2010 Hewlett-Packard Development Company, L.P.
10. EXAMPLE: ANDROID MALWARE PROTECTION
– Mobile Device
Management
– Anti-Malware Client
– App Inventory
– App Control Policies
• Disallow malware
• Require Anti-Malware client
10 © Copyright 2010 Hewlett-Packard Development Company, L.P.
11. CONCLUSIONS
– Strong demand for business use of mobile devices
– Multiple security risks
– Need to enable enterprise applications
– Solutions available
– No solution is perfect!
11 © Copyright 2010 Hewlett-Packard Development Company, L.P.
11
12. thank you
paul.schwarzenberger@hp.com
07968 542371
©2011 Copyright 2010 Hewlett-Packard Development The information
12 © Hewlett-Packard Development Company, L.P. Company, L.P.
contained herein is subject to change without notice