MOBILE DEVICE MANAGEMENT IN THE REAL WORLD! JOE ATNIP, CONCEPT TECHNOLOGY INCORPORATED JAMES BOCK, COMMUNITY BANK & TRUST JUDY LONG, FIRST CITIZENS NATIONAL.

Slides:

Advertisements

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Advertisements

Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

Security for Mobile Devices

November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

1 1 March 20, 2014 A SIMPLE APPROACH TO BYOD. WHAT THEY DONT WANT IS: Company monitoring of their personal activities or restriction of the apps they.

IBM Endpoint Manager for Mobile Devices Mobile Device Management

Mobile Access: BYOD Trends SCOTT DUMORE - DIRECTOR, TECHNOLOGY, CHANNELS & ALLIANCES AUTONOMY, HP SOFTWARE.

Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.

Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.

Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.

iOS & other Android devices KNOX EMM (Client) Cloud Service Active Directory integration (Optional) Mobile Device & App Management MDM IAM Samsung Device.

IPads Everywhere! Management Considerations for the Enterprise Bill Morrison Director of Technology, Rapides Parish School District

Desktop Central Managing Desktops, Servers & Devices Romanus Prabhu R Technical Account Manager LinkedIn : romanus.prabhu.

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.

Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.

Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

IOS 8 for MDM/EMM Greg Elliott Shiv Chandra Kumar.

Lexmark Print Management

MobileFirst Protect 1. MobileFirst Protect (MaaS360) 2 Mobile Device Management Enable and Manage Apple iOS smartphones, and tablets with Apple DEP Gain.

Introducing TakeCharge SyncedTool The most secure, agile hosted file-sharing platform for business.

Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.

1 ZIXCORP The Criticality of Security Dena Bauckman Director Product Management April 2015.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Chris Nilsson n.

1 Thomas Lippert Senior Product Manager - Mobile What’s new in SMC 5.0.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

Bizfss File Sync and Sharing Solution, Built on Microsoft Azure, Allows Businesses to Sync, Share, Back Up Using Their Own Cloud Storage MICROSOFT AZURE.

Gary Gruba Systems Engineer Absolute Manage MDM Managing iPhones, iPads, iPod Touches and Android Dougald MacNaughton Account Executive.

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows

James Lewis and Simon Waight Office 365 security: everywhere you need it to be PRD33 1.

Microsoft Virtual Academy Preparing for the Windows 8.1 MCSA Module 5: Managing Devices & Resource Access.

User and Device Management

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

Policies and Security for Internet Access

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.

Kaspersky Small Office Security INTRODUCING New for 2014!

BYOD Technical workshop Simon Bright - E2BN Philip Pearce – E2BN.

© 2014 IBM Corporation Mobile Customization & Administration IBM Connections 5.0 Workshop Author: Paul Godby IBM Ecosystem Development Duration: 30 minutes.

Mobile Security Solution Solution Overview Check Point Mobile Threat Prevention is an innovative approach to mobile security that detects and stops advanced.

Managing Devices in the Enterprise: From EMS zero to Hero in only 60 minutes Ken Goossens Herman Arnedo Mahr.

MaaS360 MDM for iOS, Android & Windows Phone 7

Barracuda Mobile Device Manager

The time to address enterprise mobility is now

Deployment Planning Services

Hybrid Cloud Web Filtering Platform

Mobile Operating Systems

DATA SECURITY FOR MEDICAL RESEARCH

Mobile Data Solutions Inc

Exam Prep : Section 2: Design for Device Access and Protection

Get Office 2016 with Office 365 and get down to business

Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.

It’s About Time – ScheduleMe Outlook Add-In for Office 365 Enables Users to Schedule Meetings Easily with People Outside of Your Organization Partner Logo.

Which is right for your business, Office 365 or Microsoft 365?

Which is right for your business, Office 365 or Microsoft 365?

11/27/ :16 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

MICROSOFT AZURE ISV PROFILE: ONEBE

IT Management, Simplified

Microsoft Virtual Academy

Presentation transcript:

MOBILE DEVICE MANAGEMENT IN THE REAL WORLD! JOE ATNIP, CONCEPT TECHNOLOGY INCORPORATED JAMES BOCK, COMMUNITY BANK & TRUST JUDY LONG, FIRST CITIZENS NATIONAL BANK TOM PAYNE, TENNESSEE TECHNOLOGICAL UNIVERSITY

MDM CHALLENGES SECURITY & COMPLIANCE ENFORCEMENT REDUCE SUPPORT COST OF MOBILE ASSETS PROVIDE APPLICATION & PERFORMANCE MANAGEMENT PROVIDE BETTER BUSINESS CONTINUITY MAKE EMPLOYEES MORE PRODUCTIVE & MORE SATISFIED

TO BYOD OR NOT TO BYOD? THAT IS THE QUESTION EACH BANK HAS TO DECIDE THIS FOR THEMSELVES WHILE WEIGHING THE PROS AND CONS OF EACH. MAKE SURE THAT YOUR POLICIES & PROCEDURES ADDRESS BYOD WHETHER OR NOT YOUR INSTITUTION SUPPORTS IT! IF YOU HAVE A GUEST WIRELESS NETWORK & YOU DON’T ALLOW BYOD…. GUESS WHAT? YOU WILL VERY LIKELY HAVE EMPLOYEES USE THEIR PERSONAL DEVICES FOR BANKING PURPOSES. AT LEAST IF YOU ALLOW BYOD, YOU CAN MAKE THE RULES SURROUNDING IT!

THE MAAS COMMANDMENTS OF BYOD 1. CREATE THY POLICY BEFORE PROCURING TECHNOLOGY 2. SEEK THE FLOCK’S DEVICES 3. ENROLLMENT SHALL BE SIMPLE 4. THOU SHALT CONFIGURE DEVICES OVER-THE-AIR 5. GIVE THY USERS SELF-SERVICE 6. HOLD SACRED PERSONAL INFORMATION 7. PART THE SEAS OF CORPORATE & PERSONAL DATA 8. MONITOR THY FLOCK – HERD AUTOMATICALLY 9. MANAGE THY DATA USAGE 10. DRINK FROM THE FOUNTAIN OF ROI

ROI CONSIDERATIONS CORPORATE-OWNED MODELBYOD DEVICE COSTCOST OF SUBSIDIZING DATA PLAN DATA PLAN COSTELIMINATED DEVICE COST REPLACING DEVICES EVERY FEW YEARSCOST OF MOBILE MANAGEMENT WARRANTY PLANS BOTH OPTIONS TAKE IT TIME & EFFORT TO MANAGE

WHAT DOES A GOOD MDM PROGRAM CONTAIN FROM A BANKERS PROSPECTIVE? MOBILE DEVICE RISK ASSESSMENT GOOD POLICY FRAMEWORK ACCEPTABLE USE POLICY BYOD POLICY MOBILE DEVICE POLICY INFORMATION SECURITY POLICY DATA CLASSIFICATION POLICY

MDM FROM A TECHNOLOGY PERSPECTIVE: SOLUTIONS THAT PROVIDE COORDINATED VISIBILITY & CONTROL OVER ALL DEVICES & OPERATING SYSTEMS. ENFORCE PASSCODE PROTECTION, ENCRYPTION, & SECURITY UPDATES CONTROL NETWORK & APPLICATION SETTINGS REMOTELY LOCATE, BLOCK, OR WIPE (FULL & SELECTIVE) DEVICES THAT HAVE BEEN LOST, STOLEN, OR ARE NO LONGER AUTHORIZED. SECURE , MESSAGING, & BROWSING WHITELISTING & BLACKLISTING BE EASY TO USE, CENTRALLY MANAGED, AND QUICK TO DEPLOY

INTEGRATION IS KEY A GOOD MDM SOLUTION WILL INTEGRATE WITH ACTIVE DIRECTORY, PLATFORMS (EXCHANGE, OFFICE 365,ETC.), SHAREPOINT, INTRANET, WEB APPLICATIONS, AND ALL OF YOUR EXISTING INFRASTRUCTURE. SINGLE SIGN ON ACROSS APPLICATIONS FOR AUTHENTICATION.

WHAT KIND OF ACTIONS WILL AN MDM SOLUTION PERFORM? REFRESH DEVICE DETAILS IN REAL-TIME INCLUDING LOCATION. PERFORM HELP DESK OPERATIONS LIKE LOCKING A DEVICE OR RESETTING A FORGOTTEN PASSCODE. PERFORM A FULL WIPE OF A LOST DEVICE OR A SELECTIVE WIPE OF ONLY THE CORPORATE DATA WHILE MAINTAINING PERSONAL DATA OF AN EMPLOYEE OWNED DEVICE. CHANGE IOS POLICY. REMOTELY PUSH APPS TO DEVICES INCLUDING “HOME GROWN” APPS & PUBLISHED UPDATES. PREVENT DATA LEAKAGE – KEEP PERSONAL DATA SEPARATE FROM COMPANY DATA

SET & DISTRIBUTE POLICIES ENFORCE PASSCODE REQUIREMENTS CONFIGURE RESTRICTIONS ENFORCE ENCRYPTED DEVICE BACKUPS RESTRICT USE OF CAMERA, FACETIME, & SCREEN CAPTURES RESTRICT APPLICATION INSTALLATION RESTRICT SAFARI, YOUTUBE, ETC… (BUILT IN APPLICATIONS) DISTRIBUTE WI-FI, VPN, PROXY, & PROFILES/SETTINGS MANAGE ICLOUD CONTROLS AND SETTINGS SECURITY – RESTRICT USERS FROM MOVING S BETWEEN ACCOUNTS AND RESTRICT 3 RD PARTY APPS FROM SENDING S DETECTION OF JAIL BROKEN AND ROOTED DEVICES COMPLIANCE REPORTING

SECURE BROWSING A GOOD SOLUTION WILL PROVIDE: URL FILTERING BASED ON CATEGORIES AND INCLUDE THE ABILITY TO CUSTOMIZE WHITELISTS AND BLACKLISTS BLOCK KNOWN MALICIOUS WEBSITES RESTRICT COOKIES, DOWNLOADS, COPY, PASTE, & PRINTING FUNCTIONALITY NOTIFY USERS & ADMINISTRATORS OF VIOLATIONS PROVIDE DETAILED REPORTING WITH AN AUDIT TRAIL

SECURE DOCUMENT SHARING A GOOD MDM SOLUTION SHOULD ALSO PROVIDE A SECURE CONTAINER FOR DOCUMENTS THAT CAN BE EDITED ON THE DEVICE THIS WILL REDUCE THE RISK OF DATA LEAKAGE SET TIME BASED EXPIRATIONS FOR AUTOMATIC DOCUMENT DELETION WORK WILL ALL COMMON FILE TYPES SUCH AS MICROSOFT OFFICE & PDF FORMATS ENFORCE USER AUTHENTICATION

BOARD MINUTE PORTAL BEST PRACTICES CHOOSE DEVICE CAREFULLY. IOS IS RECOMMENDED BECAUSE OF SECURITY. CORPORATE OWNED DEVICE MANAGED SETTINGS USER FRIENDLY SOLUTION FULL CONTROL OF DATA ON DEVICE DISABLE SCREEN SHOT LOCATE LOST DEVICE ENABLE ENCRYPTION DEVICE BACKUP DEVICE WIPE RISK ASSESSMENT IPAD POLICY / AGREEMENT

USING MDM FOR BOARD MINUTES USING AN APP FORM AN MDM SOLUTION PROVIDES DEVICE MANAGEMENT ALLOWS FOR FULL CONTROL OF DATA ON DEVICE ALLOWS FOR DEVICE WIPE ALLOWS TO ENCRYPT DATA ALLOWS FOR OPENING, DOWNLOADING, PRINTING RESTRICTIONS ALLOW OPENING IN SPECIFIED GEOGRAPHICAL RANGE USING AN MDM SOLUTION WILL COMBINE TWO SOLUTIONS IN ONE

AIRWATCH SECURE CONTENT LOCKER BY VMWARE FOUNDED IN 2003, AIRWATCH IS AN ATLANTA BASED ENTERPRISE, MOBILE DEVICE, MOBILE APPLICATION AND MOBILE CONTENT MANAGEMENT COMPANY. IN FEB 2014 VMWARE AQUIRED AIRWATCH IT PROVIDES SOLUTIONS THAT ARE COMPATIBLE WITH A VARIETY OF DEVICES INCLUDING IOS, ANDROID, BLACKBERRY AND WINDOWS PHONE. WON THE 2013 CLOUD STORAGE EXCELLENCE AWARD

AIRWATCH SECURE CONTENT LOCKER BY VMWARE Flexible Content Storage Hosted in Cloud On Premise Hybrid Device Wipe Set Time Limits on Data Set Data to be Viewed Online Only Password Protected Device Location Geographical Range Limits Disable Screen Shots Specify Wi-Fi Hotspot Disable Browser

MOBILE BEST PRACTICES 1. LOCK THE DEVICE WITH A PASSWORD OR PERSONAL IDENTIFICATION 2. NUMBER (PIN) 3. INSTALL APPS ONLY FROM TRUSTED SOURCES 4. BACK UP YOUR DATA 5. KEEP YOUR SYSTEM UPDATED 6. DO NOT HACK (JAIL-BREAK) YOUR DEVICE

MOBILE BEST PRACTICES (CONTINUED) 7. TURN OFF WI-FI AND BLUETOOTH SERVICES WHEN NOT IN USE 8. DO NOT AUTOMATICALLY CONNECT TO WI-FI HOT SPOTS 9. DO NOT USE UNTRUSTED HOT SPOTS PUBLIC OR PRIVATE. UNTRUSTED WI-FI HOT SPOTS ARE SUSCEPTIBLE TO MAN-IN-THE- MIDDLE ATTACKS. 10. AVOID SENDING PERSONAL INFORMATION VIA TEXT OR 11. BE CAREFUL WHAT YOU CLICK 12. INSTALL A MOBILE SECURITY APP

HOW FCNB ENABLES BYOD FCNB CURRENTLY ONLY ALLOWS ACCESS TO . FCNB SELECTED MOBILE IRON AS IT MOBILE DEVICE MANAGEMENT SYSTEM. EMPLOYEE MUST SIGN AND AGREE TO MOBILE POLICY. IN THE FUTURE FCNB WILL ALLOW ACCESS VIA SECURE CITRIX CONNECTION THE BANK IS NOT OBLIGATED OR RESPONSIBLE FOR PERSONAL , TEXTS, ETC... THE BANK CONTROLS THE CORPORATE PROFILE FCNB RESTRICTS FORWARDING OF THROUGH PERSONAL ACCOUNTS.

HOW FCNB ENABLES BYOD (CONTINUED) CURRENTLY FIRST CITIZENS ONLY SUPPORTS IOS (IPHONE AND IPADS) AND SUPPORTED LEVELS OF THAT SOFTWARE. EMPLOYEES WILL BE HELD PERSONALLY RESPONSIBLE FOR ANY PROBLEMS CAUSED BY THEIR NEGLIGENCE AS DEEMED BY BANK MANAGEMENT. HISTORY AVAILABLE ON THE MOBILE SMARTPHONES AND TABLETS WILL BE LIMITED. A “JAIL BROKE” OPERATING SYSTEM WILL AUTOMATICALLY BE WIPED BY MOBILE IRON.

HOW FCNB ENABLES BYOD (CONTINUED) THE BANK IS NOT RESPONSIBLE FOR THAT EMPLOYEE DATA. CORPORATE AND DATA THAT IS MANAGED BY THE BANK’S MOBILE MANAGEMENT SYSTEM IS PROTECTED AND SEPARATED IN ITS OWN CONTAINER. EACH ATTACHMENT IS PROTECTED BY A SECURE GATEWAY AND CAN ONLY BE READ BY A TRUSTED READER. MOBILE IRON AUTOMATICALLY PROTECTS AGAINST MAN–IN–MIDDLE ATTACKS.

HOW FCNB ENABLES BYOD CONT. THE BANK CAN CHOOSE AT ANY TIME TO DO A SELECTIVE WIPE OF THE CORPORATE AND DATA ON SMARTPHONES AND TABLETS. THE BANK WILL AUTOMATICALLY QUARANTINE A SMARTPHONE OR TABLET THAT HAS NOT CHECKED IN TO THE BANK’S MOBILE MANAGEMENT SYSTEM. THE BANK WILL AUTOMATICALLY COMPLETE A FULL WIPE OF THE SMARTPHONE OR TABLET IF THE DEVICE HAS NOT CHECKED IN AFTER THIRTY DAYS. THIS PREVENTS DATA COMPROMISE IN CASE THE MOBILE DEVICE HAS BEEN STOLEN AND TAKEN OFF LINE (I.E. SIM CARD SWAP).

WHY FCNB SELECTED APPLE IOS EVERY IOS APP CAN ONLY ACCESS ITS OWN DATA CONTAINER: THERE IS NO GENERAL ACCESS TO THE FILE SYSTEM. AS A RESULT, APPS CAN ONLY DAMAGE THEIR OWN DATA, UNLESS IT IS A “JAIL BROKEN” DEVICE. THE APP STORE IS TIGHTLY CURATED: APPS ARE TESTED BY APPLE BEFORE BEING MADE AVAILABLE TO THE PUBLIC SO INCIDENCES OF MALWARE ARE RARE. APPLE CONTROLS THE DISTRIBUTION OF NEW OPERATING SYSTEM UPGRADES: APPLE CAN QUICKLY MAKE UPGRADES AVAILABLE FOR THE ENTIRE IPHONE, IPAD, AND IPOD DEVICE COMMUNITY. IF A SECURITY ISSUE IS IDENTIFIED, IT FIXES IT AND ENSURES THAT ALL DEVICES HAVE EASY ACCESS TO THE NEWLY-PATCHED IOS VERSION. THE TIMING OF THE FIX AND DISTRIBUTION IS ENTIRELY UNDER APPLE’S CONTROL.

WHY FCNB SELECTED APPLE IOS (CONTINUED) PASSCODE ENFORCEMENT PREVENTS UNAUTHORIZED ACCESS TO THE DEVICE. IT ALSO ACTIVATES IOS DATA PROTECTION TO ENHANCE BUILT-IN HARDWARE ENCRYPTION IN ORDER TO PROVIDE ADDITIONAL SECURITY FOR MESSAGES, ATTACHMENTS. MOBILE IRON SUPPORTS MULTIPLE DEVICES, SO IN THE FUTURE FCNB CAN ADD OTHER DEVICES AS NEEDED.

FCNB MOBILE BANKING MOBILE BANKING REQUIRES USER TO HAVE ONLINE BANKING ACCESS TWO FACTOR AUTHENTICATION IS NEEDED FOR ONLINE BANKING MOBILE DEVICE REQUIRES OUT-OF-BAND AUTHENTICATION