Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mark Wright Senior Systems Consultant, Global Mobility SWAT Sybase an SAP Company Thursday, September 29 th 2011 Mobile Enterprise Security.

Similar presentations


Presentation on theme: "Mark Wright Senior Systems Consultant, Global Mobility SWAT Sybase an SAP Company Thursday, September 29 th 2011 Mobile Enterprise Security."— Presentation transcript:

1 Mark Wright Senior Systems Consultant, Global Mobility SWAT Sybase an SAP Company Thursday, September 29 th 2011 Mobile Enterprise Security

2 ©2011 SAP AG. All rights reserved.2 Unwired Enterprise Evolution REACH Local Global Computer Centric Human Centric Mainframe Internet Unwired Enterprise Client/Server

3 ©2011 SAP AG. All rights reserved.3 Two Stages of Mobile Mobile 1.0 Mobile 2.0 Transform the enterpriseExtend the enterprise

4 ©2011 SAP AG. All rights reserved.4 Mobility is The New Standard Source: W o r l d w i d e M o b i l e W o r k e r P o p u l a t i o n – F o r e c a s t, IDC

5 ©2011 SAP AG. All rights reserved.5 Consumer Mobility has hit critical mass There are More Mobile Phones than Toothbrushes (5B vs 2.2B)

6 ©2011 SAP AG. All rights reserved.6 Mobility Is Not Just About Road Warriors Anymore Execs Line of Business Managers Task and Business Users Consumers and Ecosystem ContactsApproval Requests Field Service Time & Expense Dashboards ApprovalsCalendars CRM Scheduling & Dispatch Mobile E-CommerceMobile MarketingSelf-Service

7 ©2011 SAP AG. All rights reserved.7 Key Trends in 2011 and Beyond Consumerization of IT with Employee-owned Devices Momentum of Managed Mobility Services Increasing demand for enterprise applications Increasing demand for integrated solutions versus point products Shifts in Development Paradigm and Ecosystem

8 ©2011 SAP AG. All rights reserved.8 Enterprise Mobility Trends and Drivers 1- Gartner 2 – IDC Forecast Trends 10B Apple App Store downloads 55M Tablets in 2011, 208M by B smart phones and 1.2B mobile workers by Mobility drivers Shift to cloud computing Consumerization of IT Increasing sophistication of devices, OSs, applications, and networks Business demand Lessons learned Security and device management are a must have and the first step A device-agnostic mobility strategy is critical New business scenarios are coming!

9 ©2011 SAP AG. All rights reserved.9 What Does This Mean? is the new edge we will use to connect to our world MOBILITY of developing and managing applications, data, and clients, has dramatically increased. COMPLEXITY but

10 ©2011 SAP AG. All rights reserved.10 Mobility Is Not in the Future, It Is Now smart phones and tablets are the dominant computing devices Enterprises are building mobile applications today Mobile commerce is a prominent marketplace and competitive edge for retailers expect to support up to 4 different mobile operating system platforms of companies as a priority will implement mobile enterprise apps in % 58% Shopping on the mobile web will reach of retailers in the United States are planning for m- commerce 74% $119 billion by 2015 Smart phones and tablets are the dominant computing devices Enterprises are building mobile applications today

11 ©2011 SAP AG. All rights reserved.11 Interesting market stats Approximately 1.3 million mobile phones are stolen EACH YEAR, just in the UK More than one in three data breaches last year involved a mobile device Major US corporations lose by theft 1,985 USB memory sticks, 1,075 smartphones, and 640 laptops, EVERY WEEK 120,000 cell phones are left in Chicago taxi cabs EACH YEAR In the US, 113 cell phones are lost EVERY MINUTE 113 Smart Phones are lost every minute!

12 ©2011 SAP AG. All rights reserved.12 Mobile Insecurity 61% report that business use of smartphones is their TOP SECURITY CONCERN 54% report at least one security breach in the last year 33% report requiring advanced authentication for corporate network access 33% report using data encryption on mobile devices

13 ©2011 SAP AG. All rights reserved.13 What users are looking for Simplicity and Ease of Use Access to personal data, photos, movies, apps Access to work and work apps/systems Rich Web browsing Freedom of device choice

14 ©2011 SAP AG. All rights reserved.14 What it is IT looking for To protect corporate assets from loss and theft To ensure corporate security policies are enforced on devices that have access to the network and data The ability to remotely delete corporate data on the device Enforce device configurations such as password, network settings, etc. Asset tracking capabilities

15 ©2011 SAP AG. All rights reserved.15 Understanding Mobility Risks and Remedies Four areas of vulnerability in mobile business operations: Lost or stolen devicesUnauthorized data access Risks arising from combining personal and work use in one device Gaps in device management and policy enforcement !

16 ©2011 SAP AG. All rights reserved.16 Lost and stolen devices User authentication at the device level Remote lock and wipe Data encryption Data fading Data backup

17 ©2011 SAP AG. All rights reserved.17 Unauthorized data access Mobile application provisioning and settings Remote configuration updates Event and activity monitoring and logging Unauthorized access through virus or malware infected devices Antivirus software and firewall protection Remote provisioning of software patches and security updates Enforce security policies related to application downloads Activity monitoring and tracking !

18 ©2011 SAP AG. All rights reserved.18 RISKS Related to personal and business use on the same device Segregating business functions on the mobile device Remote data wipe Data fading

19 ©2011 SAP AG. All rights reserved.19 Gaps in device management and policy enforcement A single security management platform – This provides a common security management console capable of supporting all the device types and applications that make up a dynamic business mobility environment

20 ©2011 SAP AG. All rights reserved.20 SUMMARY RiskRemedies Data lost due to lost or stolen devices User authentication at the device level Remote lock and wipe Data encryption Data fading Data backup Unauthorized user accesses data with a lost or stolen phone Same as above Authorized user gains unauthorized access to, or makes inappropriate use of, proprietary information Security policies Mobile application provisioning and settings Remote configuration updates Event and activity monitoring and logging Unauthorized access through virus or malware infected devices Anti virus software and firewall protection Remote provisioning of software patches and security updates Enforce security policies regarding application downloads Activity monitoring and tracking Risks arising from combining personal and work use in one device Security policies Segregating business functions on the mobile device Remote data wipe Data fading !

21 ©2011 SAP AG. All rights reserved.21 IT needs to make the rules Security. Anyone who uses their personal smartphone at work should be required to install mobility management software that enforces passwords, encrypts data and can remotely erase corporate information on lost or stolen devices. Permissible content. Storing pirated or objectionable content on a personal device thats utilized for business should be strictly forbidden. If you use it for work, its a work asset and should be governed by workplace rules of conduct, Choice of plan. Companies that cover work-related voice and data charges should make using the corporate mobile plan mandatory. That way the expenses they underwrite will always be based on low group rates. Phone number ownership. Employees who leave your firm should take their smartphone with thembut leave the phone number behind. The last thing you want to do is make it easy for your customers to reach ex-employees who now work for a competitor. Of course, setting guidelines alone is just a starting point. You should also provide thorough training, get written agreement from employees to abide by the rules and punish workers who break them.

22 ©2011 SAP AG. All rights reserved.22 Admit personal mobile devices How do I deny access to unauthorized users? For starters, establish a mandatory security policy requiring employees to set a strong password on their mobile device and to change it every three to six months. Mobile management systems can help IT administrators enforce such policies automatically, without the need for user involvement. Whats my plan if a personal device gets lost or stolen? Passwords alone wont be protection enough in such cases. Youll need mobile management software offering remote lock and remote wipe capabilities. Remote lock features enable administrators to temporarily freeze a device that may simply have been misplaced. Remote wipe functionality enables the IT department to erase data from a lost or stolen mobile device. How do I remove corporate data from a personal device whose owner is leaving the company? IT departments that allow enterprise data to reside on a personal device can use management tools to separate enterprise data from personal data. When an employee leaves, IT can wipe the enterprise data from that persons device while leaving personal data unaffected. This approach makes it possible to cleanse proprietary information from an outgoing employees mobile device without also deleting personal applications and music. How do I keep prying eyes away from confidential files? Use mobility management software to encrypt enterprise data, both when its in transit to the device over a wireless network and when its at at rest in the devices memory. Use an application platform to develop your internal applications so that you can apply your company security to that application instead of relying on 3 rd parties.

23 ©2011 SAP AG. All rights reserved.23 Lessen the threat Be aware of all types of threats to mobile devices, including device loss, malware, bugs, and out-of-date mobile OS software Create mobile governance policies that emphasize security; educate employees on how to adhere to those rules Use a mobile management platform that allows IT to centrally deploy, configure, and manage a fleet of multiplatform mobile devices (whether personally owned or company-purchased) Use mobile management tools that offer IT visibility into device status, so security breaches can be quickly and automatically shut down Restrict or limit known vulnerabilities, including application download, camera, Bluetooth, or Wi-Fi Implement a portfolio of device security tools that include alphanumeric passcodes, authentication, encryption, and remote wipe Control download and installation of any apps that give users access to corporate information.

24 ©2011 SAP AG. All rights reserved.24 Mobile security as a way of life Support for a broad spectrum of mobile devices The platform must support strong user authentication The platform must support strong encryption Able to set access restrictions and security policies for all mobile business applications The platform must support strong over-the-air controls like remote provisioning, remote device configuration, remote device lock, and remote data wipe The platform must have a depth of sophisticated security controls and activity monitoring capability The platform must support (as available) antivirus software, firewall protection, including over the air distribution of patches and security updates

25 ©2011 SAP AG. All rights reserved.25 What to do next Discover mobile devices on the network. Determine the back-office systems employees want to access. Formalize user types and set policies. Get ready to take action. Add password and encryption policies plus remote wipe capabilities at a minimum. Consider separating personal data from business data. Enable users to be self-sufficient.

26 ©2011 SAP AG. All rights reserved.26 Checklist of Key Moves Change your mind-set. Start viewing workplace use of smartphones as an opportunity rather than a threat. Ensure that you have firm employee guidelines in place regarding issues such as storing pirated or objectionable content on a personal mobile device, choosing voice and data plans and getting technical support. Equip your IT department to realize the productivity-enhancing potential of personal mobile devices by deploying tools it can use to mobilize key business processes; provide mobile access to back-end ERP and CRM systems; and create graphical, touch-friendly smartphone apps. Thoroughly examine the potential security issues associated with admitting personal mobile devices to the enterprise, and begin formulating plans for addressing them.

27 ©2011 SAP AG. All rights reserved.27 What Is Afaria? Afaria allows IT administrators to centrally MANAGE, SECURE and DEPLOY mobile data, applications and devices.

28 ©2011 SAP AG. All rights reserved.28 Managing and Securing the Device Life Cycle MANAGING AND SECURING THE DEVICE LIFECYCLE Manage Assign group membership and policies Configuring device for connectivity OTA delivery of management client Initial application deployment Secure Establish security policies Initialize power-on password Install and encrypt data on device Install & configure AV, firewall, port/peripheral controls

29 ©2011 SAP AG. All rights reserved.29 Managing and Securing the Device Life Cycle MANAGING AND SECURING THE DEVICE LIFECYCLE Manage Track asset data Update / repair software Monitoring & self-healing Maintain / modify device & app configuration Distribute & update LOB data & files Software license usage and tracking Scheduled and automate activities Remote control of devices Secure Back-up device data Apply patch and security updates Enforce security policies Monitor / track security violations /threats Compliance activity logging

30 ©2011 SAP AG. All rights reserved.30 Managing and Securing the Device Life Cycle MANAGING AND SECURING THE DEVICE LIFECYCLE Secure Disable lost / stolen device –Remote kill / lock –Access violation lock –Data fading Disable device, network, application access Manage Reprovision / reimage device –Replacement device-same user –Repurposed device Redeploy software assets Restore data (after device kill)

31 ©2011 SAP AG. All rights reserved.31 Comprehensive Management & Security

32 ©2011 SAP AG. All rights reserved.32 Managing iOS 4 Manage Device Without User Interaction Deliver and remove device policies behind the scenes through a trusted relationship Accurate and Up to Date Asset Tracking Data Device Information, Device Network Information,Security Information, Installed Profile List, installed 3 rd party apps, certificate list, and applied restrictions Enterprise App Deployment Over the Air enterprise applications delivered directly to the device iPhone End User Experience Easy provisioning process Select and download suggested applications Corporate Security Remotely lock and wipe device or enterprise applications and data Ensure corporate security policies are enforced on the device Gate access to corporate assets based upon device compliance

33 ©2011 SAP AG. All rights reserved.33 Managing Android Afaria client for Android Supports communication through the Relay Server Outbound notifications from the server to initiate a client connection Delivers enterprise in-house apps OTA to SD card in device Can distribute enterprise applications Integrated application download logging and reporting data for accurate tracking Client-side portal for application selection Displays packages grouped by admin defined categories Allows for end-user selection and installation Extensive hardware and software inventory collection Android 2.2 Devices Native device lock, unlock and wipe options (will not rely on MS Exchange) Administrator can enforce the use of password policies and control the format, min/max length, failures before wipe, etc. Android Advanced Enterprise Security (AES) Enabling Mobile Device Management features through device firmware

34 ©2011 SAP AG. All rights reserved.34 Architecture Windows iPhone iPad Android Windows Mobile BlackBerry Symbian OMA/DM DMZ Access Control Utility Device Management Security Management Application Management Firewall DBA Repository File Systems Directories and Databases Afaria Server(s) IIS Server Administrative Console Browser TCP/IP HTTP SSL Reverse Proxy ISA/Apache or IAS Relay Server

35 ©2011 SAP AG. All rights reserved.35 INDUSTRY RECOGNITION IDC recognized Sybase as the leader in mobile device management Sybase holds the #1 position for the ninth consecutive year in this market at 19.7% Sybase recognized in the LEADERS QUADRANT for Gartners Magic Quadrant for Mobile Enterprise Application Platforms for completeness of vision and ability to execute. Sybase recognized in the LEADERS CIRCLE for Mobile Device Management Solutions for strong strategy and product offering. * Source: Gartner, As of December 2009 * Source: The Forrester Wave As of April 2009 Source: IDC, Worldwide Mobile Device Management Enterprise Forecast 2009 Vendor Shares Report, Doc # , August 2010

36 Thank You


Download ppt "Mark Wright Senior Systems Consultant, Global Mobility SWAT Sybase an SAP Company Thursday, September 29 th 2011 Mobile Enterprise Security."

Similar presentations


Ads by Google