1 ZIXCORP The BYOD Tug-of-War: Security versus Privacy Neil Farquharson January, 2015
Founded in 1998 as an encryption company More than 11,000 active customers including : Six divisions of the U.S. Treasury All of the FFIEC U.S. federal financial regulators (incl. FDIC and OCC) The U.S. Securities and Exchange Commission 24 U.S. state financial regulators More than 2,000 U.S. financial institutions 25% of all banks in the U.S. 20% of all hospitals in the U.S. 32 Blue Cross Blue Shield organizations ABOUT ZIXCORP 2
3
BYOD REQUIRES… 4 MDM Mobile Device Management MAM Mobile Application Management MCM Mobile Content Management EMM Enterprise Mobility Management =
Advantages o Device inventory and management capabilities o Access to multiple platforms from personal or corporate devices o Secure access to corporate data o Support for a wide range of wireless vendors and operating systems o Some data protection with wiping capabilities MOBILE DEVICE MANAGEMENT (MDM) 5
PROLIFERATION OF MDM VENDORS 6
7 MDM COMPARISON Source: MOBIwm.com
HUNDREDS OF APPLICATIONS 8
MOST POPULAR MOBILE BUSINESS APPS , CALENDAR AND CONTACTS 9 Source: BYOD and Mobile Security Report, 2014, Holger Schulze, Information Security Community on LinkedIn
Survey results indicate 45% of respondents report that within the previous 12 months, one or more employees lost a mobile device containing company data InformationWeek’s 2014 Mobile Security Report 3.1 Million smartphones were stolen in the USA during sixty per minute Consumer Reports’ Annual State of the Net survey, % of respondents say their top mobile security concern is data loss from lost or stolen devices InformationWeek’s 2014 Mobile Security Report 10 MARKET RESPONSE TO BYOD
MOBILE DEVICE USERS’ FRUSTRATION 11
ADDING TO BYOD CHALLENGES 12
MOBILE SECURITY Trust the Platform or Container Trust the Viewer Trust Nothing Trust the App Example: EMM Example: Streaming Example: Virtual Example: App Wrapper Security by Management Security by Abstraction Security by Isolation 13 From Gartner Spectrum of Trust for Mobile Enterprise Design, published April 4, 2014
14 TYPICAL MDM SOLUTION S ARE RETAINED IN PERMANENT MEMORY
ZIXONE SOLUTION S ARE VIEWED ONLY 15
ACCESSIBLE JAILBREAKING SOFTWARE 16
17 MDM SECURITY DISASTER OFFLINE PREVENTS WIPE
Mail Server ZixOne 18 ZIXONE A COMPLETELY NEW PHILOSOPHY
ZixONE app that delivers a view of corporate , calendar and contacts on mobile devices ZixONE server connects to Exchange or Office365 Efficient, secure protocols deliver information quickly 19
Advantages o Device inventory and management capabilities o Access to multiple platforms from personal or corporate devices o Some data protection with wiping capabilities Disadvantages o Leaves data on the device – exposes offline weakness o Loss of employee control and privacy o Employee acceptance issues o Corporate liability SUMMARY 20