Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Device Management

Similar presentations

Presentation on theme: "Mobile Device Management"— Presentation transcript:

1 Mobile Device Management
Ryder Audit Services 2013

2 Agenda Ryder Profile Mobile Device Background Mobile Device Overview
Baseline – Inventory Baseline – Policies and Standardization Baseline – Responsibilities Central Management Security Settings Audit Strategy Questions Proprietary and Confidential

3 Proprietary and Confidential

4 Ryder Profile Full Year 2011 Fleet Management Solutions
Dedicated Contract Carriage Supply Chain Solutions Over the past decade Ryder has become a more focused company, with almost $5 billion in revenue and nearly 30,000 employees worldwide. Today the company is focused on three primary operating areas: Fleet Management Solutions Dedicated Contract Carriage, and Supply Chain Solutions. I’d like to take a few minutes to provide a brief overview of each of these business segments. Full Year 2011 Revenue (1) $6.1 Billion Operating Revenue (1) $4.8 Billion Earnings Before Tax (1) $279 Million Net Earnings (1) $170 Million Free Cash Flow (1) $257 Million Assets $7.6 Billion Vehicles Maintained ,200 Employees ,500 (1) These amounts result from continuing operations. Proprietary and Confidential 4

5 Background Over 5,000 mobile devices (laptops, smart phones and tablets) access corporate s, applications, intranet Employees primarily located throughout US, Canada, UK , Mexico (key countries) Controls around access of Corporate networks and s via laptops have been in place for a long time Ryder has “some” controls in place around Laptops: Polices Procedures and process (procure, install software, track inventory, audit, etc) Mature technology (hardware/software) allows access to corporate networks Resources and management However, with Blackberry definition of mobility started to change … access s from any where Laptop became the new desktop Focus on managing “truly” mobile devices Iphones, Androids and the tablets 3/31/2017 Proprietary and Confidential

6 Types of Mobile Devices
- Laptops, Netbooks - Tablets - Smartphones - Personal Digital Assistants (PDA) - Portable Universal Serial Bus (USB) devices, thumb drives - Digital Cameras - Radio frequency devices (RFID) - Infrared enabled devices 3/31/2017 Proprietary and Confidential

7 “Applications are more critical than the devices themselves”
Overview There is an increasing “Demand” to “access” more via mobile devices Beyond now Intranet Access business application data Approvals (deals, contracts, transactions, etc.) “Applications are more critical than the devices themselves” Find a balance Organizational needs User preferences Information security requirements with greater mobility 3/31/2017 Proprietary and Confidential

8 When asked what caused the organization the biggest headache:
almost half (43%) cited an employee device (most likely USB device) introducing a virus; more than a quarter (26%) pointed the finger at employees losing a device, and employees stealing data the biggest concern for 22% of respondents. (Source: 3/31/2017 Proprietary and Confidential

9 Baseline – Inventory How many “mobile” devices are connected to your network? Personally owned devices Corporate owned/issued devices Have you audited the Corporate issued devices? What types of mobile devices and OS’s are connecting to your network? RIM/Blackberry iOS Iphone/iPads Android phones and tablets Windows based phones What software/technology does the corporation use to access the s and data via mobile technology? Lotus Notes MS Outlook Each software (tool) can be configured differently 3/31/2017 Proprietary and Confidential

10 3/31/2017 Proprietary and Confidential

11 Baseline – Policies and Standardization
What policies are available to be used? usage Remote access Computer usage Laptops Mobile devices Can the user bypass the corporate security settings on the mobile devices? Can the user turn off encryption on the mobile device? Can the user change password requirement on the mobile device? Have the data wipe settings (passwords to be 5 characters, data can be wiped remotely) been changed on the mobile device? Are the security settings standard across all mobile platforms? 3/31/2017 Proprietary and Confidential

12 92 percent working in professional services
BYOD has solidified its standing in workplace. Here is a breakout of usage of personal mobile devices or tablets for work: 92 percent working in professional services 86 percent in financial services 84 percent in healthcare 77 percent of information technology workers 38 percent in government All companies, ranging from 200 to 2,000+ employees, report BYOD use at over 50 percent. (Source: 3/31/2017 Proprietary and Confidential

13 Baseline – Responsibility
Who is responsible for managing or setting up the policies and enforcing the policies IT Management Legal/General Counsel Global Compliance Enterprise Mobile Team Risk management Who approves use of mobile devices? Director level approval needed to use the mobile devices There is usually a licensing cost with the number of devices allowed to access the network. Standardization the type/kind of mobile devices to be used Blackberry, Android phones, iPhones, iPads 3/31/2017 Proprietary and Confidential

14 Smartphones give you full mobility as opposed to nomadic laptops and notebooks
Smartphones are always (in most geographic locations) connected to a network and always reachable 3/31/2017 Proprietary and Confidential

15 Central Management How does your organization track/manage these devices? Require all devices to enroll in a “central” program Corporate policy Require new devices to register OS on the mobile gets upgraded (re-register) Stage the device to ensure proper enrollment Allow administer time for review/installation Register the device Limit number of devices user can login from Authenticate the user/device Passwords/tokens Terms of conditions & Restrictions Comply with rules of the organization Outdated mobile devices or jailbroken devices not to be used 3/31/2017 Proprietary and Confidential

16 By 2015, the average U.S. citizen will have seven connected devices.
According to Cisco Systems' annual Visual Networking Index Forecast released in June, 2012: By 2015, there will be almost 15 billion network-connected devices-including smartphones, notebooks, tablets and other smart machines-more than two for every person on the planet. By 2015, the average U.S. citizen will have seven connected devices. 3/31/2017 Proprietary and Confidential

17 Security Settings Roll out common standard security settings regardless of the mobile device Encryption of full device Minimum Passwords length/complexity requirement Wiping remotely (in case mobile device is lost) Restrictions of specific features on the device Ability to push configurations to all devices Ability to restrict access Ability to monitor usage (time, location, etc.) of the device Roll-out updates and provide remote support 3/31/2017 Proprietary and Confidential

18 Other Security Concerns
Ensure the transport layer is secure end to end Reliance placed on Virtual Private Network (secure end to end tunnel) for laptop/notebook usage VPN does not work well in securing end to end transport layer with mobile devices. Mobile sites may not have the necessary Secure Socket Layer (SSL) security. Mobile traffic is routed to the user’s network provider depending on where the user is located Therefore, data that has been stored/processed needs to be secured by the organization during the transport 3/31/2017 Proprietary and Confidential

19 40 % of devices at work are personally owned (Source: IDC)
66% of young people (20 – 29 year olds) will circumvent anti-BYOD rules and 30% will install and use their own applications (Source:VisionCritical) Certain companies have defined policies to block usage of Siri and Dropbox; because of privacy concerns. (Source: ISACA Journal Vol 1, 2013) 3/31/2017 Proprietary and Confidential

20 Audit Strategy Does your organization have standard policies and procedures in place? How old and relevant are the policies? How many policies ( , mobile devices, laptops, computer usage, etc.) do you need to review? Who at your organization is responsible for mobile device security? How involved are they? Has an inventory of the corporate devices been done? What tool/software is used to manage the security on the mobile devices? 3/31/2017 Proprietary and Confidential

21 Audit Strategy If multiple tools, are being used, how sure you are that the security settings are configured uniformly? Request and review the security settings (IT would be glad to help) Ensure the security settings are in line with the corporate policies (encryption at all times, file sharing, etc.) Do terminated employees still have access to the corporate data through these mobile devices? Where would you rank your organization in the maturity model Non-existent controls Adhoc / Initial Defined Managed/Measurable Optimized 3/31/2017 Proprietary and Confidential

22 Questions/Answers/Links/Thank you!!!
Useful Links Ashish Dham Sr. Director Audit & Investigations Ryder System Inc. Mobile: 3/31/2017 Proprietary and Confidential

Download ppt "Mobile Device Management"

Similar presentations

Ads by Google