We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byMariano Reasons
Modified over 2 years ago
Mark Wright Senior Systems Consultant, Global Mobility SWAT Sybase an SAP Company Thursday, September 29 th 2011 Mobile Enterprise Security
©2011 SAP AG. All rights reserved.2 Unwired Enterprise Evolution REACH Local Global Computer Centric Human Centric Mainframe Internet Unwired Enterprise Client/Server
©2011 SAP AG. All rights reserved.3 Two Stages of Mobile Mobile 1.0 Mobile 2.0 Transform the enterpriseExtend the enterprise
©2011 SAP AG. All rights reserved.4 Mobility is The New Standard Source: W o r l d w i d e M o b i l e W o r k e r P o p u l a t i o n – F o r e c a s t, IDC
©2011 SAP AG. All rights reserved.5 Consumer Mobility has hit critical mass There are More Mobile Phones than Toothbrushes (5B vs 2.2B)
©2011 SAP AG. All rights reserved.6 Mobility Is Not Just About Road Warriors Anymore Execs Line of Business Managers Task and Business Users Consumers and Ecosystem ContactsApproval Requests Field Service Time & Expense Dashboards ApprovalsCalendars CRM Scheduling & Dispatch Mobile E-CommerceMobile MarketingSelf-Service
©2011 SAP AG. All rights reserved.7 Key Trends in 2011 and Beyond Consumerization of IT with Employee-owned Devices Momentum of Managed Mobility Services Increasing demand for enterprise applications Increasing demand for integrated solutions versus point products Shifts in Development Paradigm and Ecosystem
©2011 SAP AG. All rights reserved.8 Enterprise Mobility Trends and Drivers 1- Gartner 2 – IDC Forecast Trends 10B Apple App Store downloads 55M Tablets in 2011, 208M by B smart phones and 1.2B mobile workers by Mobility drivers Shift to cloud computing Consumerization of IT Increasing sophistication of devices, OSs, applications, and networks Business demand Lessons learned Security and device management are a must have and the first step A device-agnostic mobility strategy is critical New business scenarios are coming!
©2011 SAP AG. All rights reserved.9 What Does This Mean? is the new edge we will use to connect to our world MOBILITY of developing and managing applications, data, and clients, has dramatically increased. COMPLEXITY but
©2011 SAP AG. All rights reserved.10 Mobility Is Not in the Future, It Is Now smart phones and tablets are the dominant computing devices Enterprises are building mobile applications today Mobile commerce is a prominent marketplace and competitive edge for retailers expect to support up to 4 different mobile operating system platforms of companies as a priority will implement mobile enterprise apps in % 58% Shopping on the mobile web will reach of retailers in the United States are planning for m- commerce 74% $119 billion by 2015 Smart phones and tablets are the dominant computing devices Enterprises are building mobile applications today
©2011 SAP AG. All rights reserved.11 Interesting market stats Approximately 1.3 million mobile phones are stolen EACH YEAR, just in the UK More than one in three data breaches last year involved a mobile device Major US corporations lose by theft 1,985 USB memory sticks, 1,075 smartphones, and 640 laptops, EVERY WEEK 120,000 cell phones are left in Chicago taxi cabs EACH YEAR In the US, 113 cell phones are lost EVERY MINUTE 113 Smart Phones are lost every minute!
©2011 SAP AG. All rights reserved.12 Mobile Insecurity 61% report that business use of smartphones is their TOP SECURITY CONCERN 54% report at least one security breach in the last year 33% report requiring advanced authentication for corporate network access 33% report using data encryption on mobile devices
©2011 SAP AG. All rights reserved.13 What users are looking for Simplicity and Ease of Use Access to personal data, photos, movies, apps Access to work and work apps/systems Rich Web browsing Freedom of device choice
©2011 SAP AG. All rights reserved.14 What it is IT looking for To protect corporate assets from loss and theft To ensure corporate security policies are enforced on devices that have access to the network and data The ability to remotely delete corporate data on the device Enforce device configurations such as password, network settings, etc. Asset tracking capabilities
©2011 SAP AG. All rights reserved.15 Understanding Mobility Risks and Remedies Four areas of vulnerability in mobile business operations: Lost or stolen devicesUnauthorized data access Risks arising from combining personal and work use in one device Gaps in device management and policy enforcement !
©2011 SAP AG. All rights reserved.16 Lost and stolen devices User authentication at the device level Remote lock and wipe Data encryption Data fading Data backup
©2011 SAP AG. All rights reserved.17 Unauthorized data access Mobile application provisioning and settings Remote configuration updates Event and activity monitoring and logging Unauthorized access through virus or malware infected devices Antivirus software and firewall protection Remote provisioning of software patches and security updates Enforce security policies related to application downloads Activity monitoring and tracking !
©2011 SAP AG. All rights reserved.18 RISKS Related to personal and business use on the same device Segregating business functions on the mobile device Remote data wipe Data fading
©2011 SAP AG. All rights reserved.19 Gaps in device management and policy enforcement A single security management platform – This provides a common security management console capable of supporting all the device types and applications that make up a dynamic business mobility environment
©2011 SAP AG. All rights reserved.20 SUMMARY RiskRemedies Data lost due to lost or stolen devices User authentication at the device level Remote lock and wipe Data encryption Data fading Data backup Unauthorized user accesses data with a lost or stolen phone Same as above Authorized user gains unauthorized access to, or makes inappropriate use of, proprietary information Security policies Mobile application provisioning and settings Remote configuration updates Event and activity monitoring and logging Unauthorized access through virus or malware infected devices Anti virus software and firewall protection Remote provisioning of software patches and security updates Enforce security policies regarding application downloads Activity monitoring and tracking Risks arising from combining personal and work use in one device Security policies Segregating business functions on the mobile device Remote data wipe Data fading !
©2011 SAP AG. All rights reserved.21 IT needs to make the rules Security. Anyone who uses their personal smartphone at work should be required to install mobility management software that enforces passwords, encrypts data and can remotely erase corporate information on lost or stolen devices. Permissible content. Storing pirated or objectionable content on a personal device thats utilized for business should be strictly forbidden. If you use it for work, its a work asset and should be governed by workplace rules of conduct, Choice of plan. Companies that cover work-related voice and data charges should make using the corporate mobile plan mandatory. That way the expenses they underwrite will always be based on low group rates. Phone number ownership. Employees who leave your firm should take their smartphone with thembut leave the phone number behind. The last thing you want to do is make it easy for your customers to reach ex-employees who now work for a competitor. Of course, setting guidelines alone is just a starting point. You should also provide thorough training, get written agreement from employees to abide by the rules and punish workers who break them.
©2011 SAP AG. All rights reserved.22 Admit personal mobile devices How do I deny access to unauthorized users? For starters, establish a mandatory security policy requiring employees to set a strong password on their mobile device and to change it every three to six months. Mobile management systems can help IT administrators enforce such policies automatically, without the need for user involvement. Whats my plan if a personal device gets lost or stolen? Passwords alone wont be protection enough in such cases. Youll need mobile management software offering remote lock and remote wipe capabilities. Remote lock features enable administrators to temporarily freeze a device that may simply have been misplaced. Remote wipe functionality enables the IT department to erase data from a lost or stolen mobile device. How do I remove corporate data from a personal device whose owner is leaving the company? IT departments that allow enterprise data to reside on a personal device can use management tools to separate enterprise data from personal data. When an employee leaves, IT can wipe the enterprise data from that persons device while leaving personal data unaffected. This approach makes it possible to cleanse proprietary information from an outgoing employees mobile device without also deleting personal applications and music. How do I keep prying eyes away from confidential files? Use mobility management software to encrypt enterprise data, both when its in transit to the device over a wireless network and when its at at rest in the devices memory. Use an application platform to develop your internal applications so that you can apply your company security to that application instead of relying on 3 rd parties.
©2011 SAP AG. All rights reserved.23 Lessen the threat Be aware of all types of threats to mobile devices, including device loss, malware, bugs, and out-of-date mobile OS software Create mobile governance policies that emphasize security; educate employees on how to adhere to those rules Use a mobile management platform that allows IT to centrally deploy, configure, and manage a fleet of multiplatform mobile devices (whether personally owned or company-purchased) Use mobile management tools that offer IT visibility into device status, so security breaches can be quickly and automatically shut down Restrict or limit known vulnerabilities, including application download, camera, Bluetooth, or Wi-Fi Implement a portfolio of device security tools that include alphanumeric passcodes, authentication, encryption, and remote wipe Control download and installation of any apps that give users access to corporate information.
©2011 SAP AG. All rights reserved.24 Mobile security as a way of life Support for a broad spectrum of mobile devices The platform must support strong user authentication The platform must support strong encryption Able to set access restrictions and security policies for all mobile business applications The platform must support strong over-the-air controls like remote provisioning, remote device configuration, remote device lock, and remote data wipe The platform must have a depth of sophisticated security controls and activity monitoring capability The platform must support (as available) antivirus software, firewall protection, including over the air distribution of patches and security updates
©2011 SAP AG. All rights reserved.25 What to do next Discover mobile devices on the network. Determine the back-office systems employees want to access. Formalize user types and set policies. Get ready to take action. Add password and encryption policies plus remote wipe capabilities at a minimum. Consider separating personal data from business data. Enable users to be self-sufficient.
©2011 SAP AG. All rights reserved.26 Checklist of Key Moves Change your mind-set. Start viewing workplace use of smartphones as an opportunity rather than a threat. Ensure that you have firm employee guidelines in place regarding issues such as storing pirated or objectionable content on a personal mobile device, choosing voice and data plans and getting technical support. Equip your IT department to realize the productivity-enhancing potential of personal mobile devices by deploying tools it can use to mobilize key business processes; provide mobile access to back-end ERP and CRM systems; and create graphical, touch-friendly smartphone apps. Thoroughly examine the potential security issues associated with admitting personal mobile devices to the enterprise, and begin formulating plans for addressing them.
©2011 SAP AG. All rights reserved.27 What Is Afaria? Afaria allows IT administrators to centrally MANAGE, SECURE and DEPLOY mobile data, applications and devices.
©2011 SAP AG. All rights reserved.28 Managing and Securing the Device Life Cycle MANAGING AND SECURING THE DEVICE LIFECYCLE Manage Assign group membership and policies Configuring device for connectivity OTA delivery of management client Initial application deployment Secure Establish security policies Initialize power-on password Install and encrypt data on device Install & configure AV, firewall, port/peripheral controls
©2011 SAP AG. All rights reserved.29 Managing and Securing the Device Life Cycle MANAGING AND SECURING THE DEVICE LIFECYCLE Manage Track asset data Update / repair software Monitoring & self-healing Maintain / modify device & app configuration Distribute & update LOB data & files Software license usage and tracking Scheduled and automate activities Remote control of devices Secure Back-up device data Apply patch and security updates Enforce security policies Monitor / track security violations /threats Compliance activity logging
©2011 SAP AG. All rights reserved.30 Managing and Securing the Device Life Cycle MANAGING AND SECURING THE DEVICE LIFECYCLE Secure Disable lost / stolen device –Remote kill / lock –Access violation lock –Data fading Disable device, network, application access Manage Reprovision / reimage device –Replacement device-same user –Repurposed device Redeploy software assets Restore data (after device kill)
©2011 SAP AG. All rights reserved.31 Comprehensive Management & Security
©2011 SAP AG. All rights reserved.32 Managing iOS 4 Manage Device Without User Interaction Deliver and remove device policies behind the scenes through a trusted relationship Accurate and Up to Date Asset Tracking Data Device Information, Device Network Information,Security Information, Installed Profile List, installed 3 rd party apps, certificate list, and applied restrictions Enterprise App Deployment Over the Air enterprise applications delivered directly to the device iPhone End User Experience Easy provisioning process Select and download suggested applications Corporate Security Remotely lock and wipe device or enterprise applications and data Ensure corporate security policies are enforced on the device Gate access to corporate assets based upon device compliance
©2011 SAP AG. All rights reserved.33 Managing Android Afaria client for Android Supports communication through the Relay Server Outbound notifications from the server to initiate a client connection Delivers enterprise in-house apps OTA to SD card in device Can distribute enterprise applications Integrated application download logging and reporting data for accurate tracking Client-side portal for application selection Displays packages grouped by admin defined categories Allows for end-user selection and installation Extensive hardware and software inventory collection Android 2.2 Devices Native device lock, unlock and wipe options (will not rely on MS Exchange) Administrator can enforce the use of password policies and control the format, min/max length, failures before wipe, etc. Android Advanced Enterprise Security (AES) Enabling Mobile Device Management features through device firmware
©2011 SAP AG. All rights reserved.34 Architecture Windows iPhone iPad Android Windows Mobile BlackBerry Symbian OMA/DM DMZ Access Control Utility Device Management Security Management Application Management Firewall DBA Repository File Systems Directories and Databases Afaria Server(s) IIS Server Administrative Console Browser TCP/IP HTTP SSL Reverse Proxy ISA/Apache or IAS Relay Server
©2011 SAP AG. All rights reserved.35 INDUSTRY RECOGNITION IDC recognized Sybase as the leader in mobile device management Sybase holds the #1 position for the ninth consecutive year in this market at 19.7% Sybase recognized in the LEADERS QUADRANT for Gartners Magic Quadrant for Mobile Enterprise Application Platforms for completeness of vision and ability to execute. Sybase recognized in the LEADERS CIRCLE for Mobile Device Management Solutions for strong strategy and product offering. * Source: Gartner, As of December 2009 * Source: The Forrester Wave As of April 2009 Source: IDC, Worldwide Mobile Device Management Enterprise Forecast 2009 Vendor Shares Report, Doc # , August 2010
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.
©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Best Practices to Secure the Mobile Enterprise Macy Torrey
Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?
November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.
© 2012 IBM Corporation IBM Endpoint Manager for Mobile Devices Mobile Device Management.
MOBYLLA 2012 Mobylla Hellas – InfocomAPPs, ATHENS, Feb.21 st, 2012.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course.
Gauteng Provincial Government An SAP Perspective: Mobility Enabled Public Service Transformation – mGovernment Sameer Areff: Head of Public Services -
1 © Copyright 2013 EMC Corporation. All rights reserved. Online File Synchronization and Sharing for the Enterprise.
To the ISSA Las Vegas Chapter April 13, Definition People Technology Policy.
ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
MANAGING AND SECURING BYOD Legal ITs Next Great Challenge.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
© 2008 FedEx. All rights reserved. FedEx Ship Manager ® at fedex.com Shipping Administration Presentation for administrators.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Mobile Device Security and Control NSAA IT Conference and Workshop Fourth Session: 2:45pm – 4:00pm _____________________________________.
Enable Bring Your Own Device with SCCM 2012 David Caddick Solutions Architect, Quest Software WCL315.
Services Course Windows Live SkyDrive Participant Guide.
© 2015 IBM Corporation John Guidone Account Executive IBM Security IBM MaaS360.
INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Short Customer Presentation September The Company Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.
Managed Infrastructure. 2 ©2015 EarthLink. All rights reserved. IT resources are under pressure… is it time to rethink the IT staffing model? Sources:
Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?
Sybase Confidential Propriety.iAnywhere ConfidentialiAnywhere Confidential Proprietary.Sybase Confidential Propriety. Addressing the Challenges of Device.
2 Industry trends and challenges Windows Server 2012: Modern workstyle, enabled Access from virtually anywhere, any device Full Windows experience.
BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.
Copyright Critical Software S.A All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Mobile Application Ecosystem.
Symantec App Center 1 Silvester Drobnič
© 2014 IBM Corporation Mobile Customization & Administration IBM Connections 5.0 Workshop Author: Paul Godby IBM Ecosystem Development Duration: 30 minutes.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei Remote Terminal Management.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
Securely connecting users and applications from anywhere to anywhere in todays global economy MY-ARRAY DesktopDirect Bring.
OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.
Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.
IT as a Service (ITaaS) by Evolve IP Managed Services Last Update: May 19, 2015.
TEMPLATE DESIGN © Android Data Confidentiality Alex Mayer University of Houston Abstract Employees are increasingly relying.
Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite
JUNOS PULSE Junos PULSE for Windows Junos PULSE Mobile Security Suite.
Mobile Protection Overview Pedro Pinto Sophos Confidential.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
© 2005 AT&T, All Rights Reserved. 11 July 2005 AT&T Enhanced VPN Services Performance Reporting and Web Tools Presenter : Sam Levine x111.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
© 2017 SlidePlayer.com Inc. All rights reserved.