Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Device Management Ryder Audit Services 2013.

Similar presentations

Presentation on theme: "Mobile Device Management Ryder Audit Services 2013."— Presentation transcript:

1 Mobile Device Management Ryder Audit Services 2013

2 Agenda Ryder Profile Mobile Device Background Mobile Device Overview Baseline – Inventory Baseline – Policies and Standardization Baseline – Responsibilities Central Management Security Settings Audit Strategy Questions Proprietary and Confidential

3 3

4 Ryder Profile Revenue (1) $6.1 Billion Operating Revenue (1) $4.8 Billion Earnings Before Tax (1) $279 Million Net Earnings (1) $170 Million Free Cash Flow (1) $257 Million Assets $7.6 Billion Vehicles Maintained 205,200 Employees 27,500 Full Year 2011 Dedicated Contract Carriage Fleet Management Solutions Supply Chain Solutions (1) These amounts result from continuing operations. Proprietary and Confidential4

5 Background Over 5,000 mobile devices (laptops, smart phones and tablets) access corporate emails, applications, intranet Employees primarily located throughout US, Canada, UK, Mexico (key countries) Controls around access of Corporate networks and emails via laptops have been in place for a long time Ryder has some controls in place around Laptops: Polices Procedures and process (procure, install software, track inventory, audit, etc) Mature technology (hardware/software) allows access to corporate networks Resources and management However, with Blackberry definition of mobility started to change … access emails from any where Laptop became the new desktop Focus on managing truly mobile devices Iphones, Androids and the tablets 6/2/2014Proprietary and Confidential5

6 Types of Mobile Devices - Laptops, Netbooks - Tablets - Smartphones - Personal Digital Assistants (PDA) - Portable Universal Serial Bus (USB) devices, thumb drives - Digital Cameras - Radio frequency devices (RFID) - Infrared enabled devices 6/2/2014Proprietary and Confidential6

7 Overview There is an increasing Demand to access more via mobile devices Beyond email now Intranet Access business application data Approvals (deals, contracts, transactions, etc.) Applications are more critical than the devices themselves Find a balance Organizational needs User preferences Information security requirements with greater mobility 6/2/2014Proprietary and Confidential7

8 When asked what caused the organization the biggest headache: almost half (43%) cited an employee device (most likely USB device) introducing a virus; more than a quarter (26%) pointed the finger at employees losing a device, and employees stealing data the biggest concern for 22% of respondents. (Source: 6/2/2014Proprietary and Confidential8

9 Baseline – Inventory How many mobile devices are connected to your network? Personally owned devices Corporate owned/issued devices Have you audited the Corporate issued devices? What types of mobile devices and OSs are connecting to your network? RIM/Blackberry iOS Iphone/iPads Android phones and tablets Windows based phones What software/technology does the corporation use to access the emails and data via mobile technology? Lotus Notes MS Outlook Each software (tool) can be configured differently 6/2/2014Proprietary and Confidential9

10 6/2/2014Proprietary and Confidential10

11 Baseline – Policies and Standardization What policies are available to be used? Email usage Remote access Computer usage Laptops Mobile devices Can the user bypass the corporate security settings on the mobile devices? Can the user turn off encryption on the mobile device? Can the user change password requirement on the mobile device? Have the data wipe settings (passwords to be 5 characters, data can be wiped remotely) been changed on the mobile device? Are the security settings standard across all mobile platforms? 6/2/2014Proprietary and Confidential11

12 BYOD has solidified its standing in workplace. Here is a breakout of usage of personal mobile devices or tablets for work: 92 percent working in professional services 86 percent in financial services 84 percent in healthcare 77 percent of information technology workers 38 percent in government All companies, ranging from 200 to 2,000+ employees, report BYOD use at over 50 percent. (Source: 6/2/2014Proprietary and Confidential12

13 Baseline – Responsibility Who is responsible for managing or setting up the policies and enforcing the policies IT Management Legal/General Counsel Global Compliance Enterprise Mobile Team Risk management Who approves use of mobile devices? Director level approval needed to use the mobile devices There is usually a licensing cost with the number of devices allowed to access the network. Standardization the type/kind of mobile devices to be used Blackberry, Android phones, iPhones, iPads 6/2/2014Proprietary and Confidential13

14 Smartphones give you full mobility as opposed to nomadic laptops and notebooks Smartphones are always (in most geographic locations) connected to a network and always reachable 6/2/2014Proprietary and Confidential14

15 Central Management o How does your organization track/manage these devices? o Require all devices to enroll in a central program o Corporate policy o Require new devices to register o OS on the mobile gets upgraded (re-register) o Stage the device to ensure proper enrollment o Allow administer time for review/installation o Register the device o Limit number of devices user can login from o Authenticate the user/device o Passwords/tokens o Terms of conditions & Restrictions o Comply with rules of the organization o Outdated mobile devices or jailbroken devices not to be used 6/2/2014Proprietary and Confidential15

16 According to Cisco Systems' annual Visual Networking Index Forecast released in June, 2012: By 2015, there will be almost 15 billion network- connected devices-including smartphones, notebooks, tablets and other smart machines-more than two for every person on the planet. By 2015, the average U.S. citizen will have seven connected devices. 6/2/2014Proprietary and Confidential16

17 Security Settings Roll out common standard security settings regardless of the mobile device Encryption of full device Minimum Passwords length/complexity requirement Wiping remotely (in case mobile device is lost) Restrictions of specific features on the device Ability to push configurations to all devices Ability to restrict access Ability to monitor usage (time, location, etc.) of the device Roll-out updates and provide remote support 6/2/2014Proprietary and Confidential17

18 Other Security Concerns Ensure the transport layer is secure end to end Reliance placed on Virtual Private Network (secure end to end tunnel) for laptop/notebook usage VPN does not work well in securing end to end transport layer with mobile devices. Mobile sites may not have the necessary Secure Socket Layer (SSL) security. Mobile traffic is routed to the users network provider depending on where the user is located Therefore, data that has been stored/processed needs to be secured by the organization during the transport 6/2/2014Proprietary and Confidential18

19 40 % of devices at work are personally owned (Source: IDC) 66% of young people (20 – 29 year olds) will circumvent anti-BYOD rules and 30% will install and use their own applications (Source:VisionCritical) Certain companies have defined policies to block usage of Siri and Dropbox; because of privacy concerns. (Source: ISACA Journal Vol 1, 2013) 6/2/2014Proprietary and Confidential19

20 Audit Strategy Does your organization have standard policies and procedures in place? How old and relevant are the policies? How many policies (email, mobile devices, laptops, computer usage, etc.) do you need to review? Who at your organization is responsible for mobile device security? How involved are they? Has an inventory of the corporate devices been done? What tool/software is used to manage the security on the mobile devices? 6/2/2014Proprietary and Confidential20

21 Audit Strategy If multiple tools, are being used, how sure you are that the security settings are configured uniformly? Request and review the security settings (IT would be glad to help) Ensure the security settings are in line with the corporate policies (encryption at all times, file sharing, etc.) Do terminated employees still have access to the corporate data through these mobile devices? Where would you rank your organization in the maturity model Non-existent controls Adhoc / Initial Defined Managed/Measurable Optimized 6/2/2014Proprietary and Confidential21

22 Questions/Answers/Links/Thank you!!! Useful Links Ashish Dham Sr. Director Audit & Investigations Ryder System Inc. Mobile: 954-661-6480 6/2/2014Proprietary and Confidential22

Download ppt "Mobile Device Management Ryder Audit Services 2013."

Similar presentations

Ads by Google