Presentation is loading. Please wait.

Presentation is loading. Please wait.

To the ISSA Las Vegas Chapter April 13, 2011. Definition People Technology Policy.

Published byLesley Hooley Modified over 10 years ago

Similar presentations

Presentation on theme: "To the ISSA Las Vegas Chapter April 13, 2011. Definition People Technology Policy."— Presentation transcript:

1 To the ISSA Las Vegas Chapter April 13, 2011

2 Definition People Technology Policy

3 A cellular telephone with built-in applications and Internet access. Smartphones provide digital voice service as well as text messaging, e-mail, Web browsing, still and video cameras, MP3 player, video viewing and often video calling. In addition to their built-in functions, smartphones can run myriad applications, turning the once single- minded cellphone into a mobile computer. Source: PC Magazine Encyclopedia

4 What do they want? Only carry one Anywhere access Any device supported Transparent security

5

6 What does management want? Lower cost Low support overhead Increased Productivity Any device supported Transparent security

7 Is the business willing to securely support a mix of personal/business data and smartphones/tablets? Remote access - to how much? Authority over data? Is the value worth the cost?

8 Source: Symantec

9 What are your organizations compliance requirements? Which rewards does management want to balance against risk and cost? –Compliance –Strategic mobility –Employee productivity/creativity/retention

10 Is confidential data allowed on mobile devices? Are personally-owned mobile devices allowed access? Who has authority/responsibility for… –Who gets company-issued smartphones –Who gets access from smartphones, and to what? –Purchasing smartphones –Provisioning smartphones –Securing/monitoring smartphones? –Support of Organization-owned (O)? Personally- owned (P)?

11 What are O mobile devices allowed access to? Is it different for P? Will you list specific devices supported, or just OS versions? Who is going to test all the new devices? How often? What about application maintenance? (how) Do you wipe a P phone at term? Crawl/Walk/Run or Flash Cut?

12 Review others policies for ideas Review your laptop policy Involve stakeholders in requirements and design Communicate early and often –Stakeholders –IT (they have to make the tech work) –Finance (our buddies with the budget) –Users (they hate change too – be nice)

13

14 Pure Monolithic – typically BES –Organization (O) owned only Mixed Monolithic –O or Personally (P) owned Mail System w/Supported Security –O, O/P, limited to native OSs 3 rd Party Mgmt Software (in-house, hosted, managed) – multiple device types

15

16 From Most to Least Complete Options –Blackberry –Windows Mobile (6.1 and 6.5 only) –iPhone –Android –Windows Mobile 7 –Symbian? –Nokia?

17 Passwords not pins Remote wipe Secure Email/Calendar sync Device and storage card encryption

18 Disable capabilities (removable storage, camera, BlueTooth, IR, etc…) Two-factor authentication Failed attempts lock/wipe

19 Source: Microsoft - http://social.technet.microsoft.com/wiki/contents/articles/exchange-activesync-client- comparison-table.aspx#cite_note-3

20

21 Android 2.2 supports all the basic security requirements except encryption Android 3.0 (Honeycomb) provides encryption, but is currently only on tablets and one phone Carriers modify Android, sometimes badly NitroDesk Touchdown (Android Market or direct, $20) adds device and storage card encryption (3DES) to 2.2

22 Mobile Device Management (MDM) –Not just security – can have operations management and deployment capabilities Asset management Application whitelist Deploy in-house apps Deploy patches/upgrades

23 –Which one fits your organization better? In-House In-House with external comm center Hosted Managed Service

24 Good Technology Encrypts Android 2.1 and above, and iPhone 3G and above Separation of data and apps from OS in encrypted sandbox Can control transfer of data to personal side (contacts typically) Onsite servers transmit through Good telecomm datacenters – no ActiveSync

25 Mobile Iron Suite of applications for security, asset management, and expense Self-service portal for apps, communications search/history, and usage Encrypts iPhones, Androids (with integrated Touchdown), integrates with BES

26 Air-Watch Can be purchased as a cloud service, appliance, or software Encrypts iPhones but not Android 2.x

27 Verizon Managed Mobility Service 750 employee accounts minimum Based on Sybase solutions Services include inventory & expense mgmt, provisioning and logistics, and Sybase (policies, security, app store) Note: Sybase did not support iOS4 or Android until Oct 2010

28

29 Employee and management requirements often conflict Consumer-grade products = security an afterthought or non-existent Proprietary OS = complexity, inequality, lack of standards Immature market = rapid change

30 Perform constant market research Provide non-technical executive management enough information to make informed risk decision(s) regarding mobile devices –Immature market = limited choices, constant change –Set realistic expectations – no Holy Grail –Communicate risks in business terms –Crawl/Walk/Run

31 Hi, my names Terry and Im a CISO…

32

Download ppt "To the ISSA Las Vegas Chapter April 13, 2011. Definition People Technology Policy."

Similar presentations

Riva Integration Server for Oracle CRM On Demand Server-side sync | No plug-ins required Wolfgang Berger Business Development EMEA Region Omni Technology.

Riva Integration Server for Oracle CRM On Demand Server-side sync | No plug-ins required Wolfgang Berger Business Development EMEA Region Omni Technology.
IT Services September 29, 2011. Portable OS solutions U3 Cryptostick Ceedo USB Suite Sticky (circa 2006)

IT Services September 29, Portable OS solutions U3 Cryptostick Ceedo USB Suite Sticky (circa 2006)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 © 2010 Cisco and/or its affiliates. All rights reserved. 1 BYOD: Security, Policy.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 © 2010 Cisco and/or its affiliates. All rights reserved. 1 BYOD: Security, Policy.
Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.

Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.
MANAGING AND SECURING BYOD Legal ITs Next Great Challenge.

MANAGING AND SECURING BYOD Legal ITs Next Great Challenge.
Www.sophos.com/loveyourphone Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
Security for Mobile Devices

Security for Mobile Devices
November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.

November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.
IBM Endpoint Manager for Mobile Devices Mobile Device Management

IBM Endpoint Manager for Mobile Devices Mobile Device Management
310KM M-Commerce Application Selection of Mobile Platform Group 4 Choy Chun Lung, Lawrence Hui Yiu Ting, Eddy Chan Ki Yin, CKY Liu Tsz Ping, Scott.

310KM M-Commerce Application Selection of Mobile Platform Group 4 Choy Chun Lung, Lawrence Hui Yiu Ting, Eddy Chan Ki Yin, CKY Liu Tsz Ping, Scott.
Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.

Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.
Office 365 for Enterprises ITExpo February 2, 2012.

Office 365 for Enterprises ITExpo February 2, 2012.
© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Offerings For Service Providers Ceedo Client Workspace Virtualization.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Offerings For Service Providers Ceedo Client Workspace Virtualization.
 This session details common scenarios for deploying Office 365 services. Office 365 provides a breadth of capability, but often there is a key scenario.

 This session details common scenarios for deploying Office 365 services. Office 365 provides a breadth of capability, but often there is a key scenario.
Which server is right for you? Get in Contact with us 021- 671 2170

Which server is right for you? Get in Contact with us
{ Making Microsoft Office work for you Organizing Your Life at work and home in the Cloud Presented by: Matthew Baker (321)

{ Making Microsoft Office work for you Organizing Your Life at work and home in the Cloud Presented by: Matthew Baker (321)
| Copyright© 2010 Microsoft Corporation Quick Start into Activating and Selling Office 365.

| Copyright© 2010 Microsoft Corporation Quick Start into Activating and Selling Office 365.
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. Honing In on Multiple Targets with a Single Codebase Jeff Tapper Senior Technologist.

© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. Honing In on Multiple Targets with a Single Codebase Jeff Tapper Senior Technologist.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Building Mobile Apps in the Cloud – Comparing Approaches.

Building Mobile Apps in the Cloud – Comparing Approaches.

Similar presentations

Ads by Google