Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security considerations for mobile devices in GoRTT

Published byDwayne Roberts Modified over 8 years ago

Similar presentations

Presentation on theme: "Security considerations for mobile devices in GoRTT"— Presentation transcript:

1 Security considerations for mobile devices in GoRTT
Dearl Bain, Security & Assurance Unit 18 April, 2013

2 Mobile Devices Definition:
Any portable device that can be used to access corporate data and information services. Examples : Smart-Phones,Tablets, Laptops

3 Security for Mobile Devices
There is increased use of portable computing devices such as (smartphones, netbooks, tablets) Work-from-home employees An organizations’ data vulnerability points have increased exponentially.

4 Industry experts say that by 2013 there will be 1
Industry experts say that by 2013 there will be 1.2 billion mobile workers worldwide. They also report that by 2013,75 percent of all U.S. workers will be mobile, meaning those workers will use a mobile device for at least 20 percent of their work. Another survey reveals that 36 percent of cell phone owners have either lost a phone or had one stolen. These facts suggest that in the near future, nearly 25 percent of all workers will have lost a mobile device that could provide access to confidential information. It’s no wonder that mobile device security is a top concern

5 Responsibility & Accountability
GoRTT is responsible, accountable and legally liable for information it stores, processes and transports. 1000’s of personal devices currently hold GoRTT information, files, conversations and account access information. Security configurations of personal devices do not correspond to enterprise security standards, e.g. password strength

6 Personal Use vs Risk Exposure

7 Personal Devices in The Enterprise
Current User Control / Access: Unrestricted Access to consumer services Unrestricted access to applications Corporate Access Consumer Cloud storage Camera and Video recording access

8 Corporate Devices in the Enterprise
Ideal Corporate Control Scenario: Restrict Access to internal services Restrict Access to External 3rd Party services Detect tampering (rootkits, rooting etc.) Audit logging of asset location & usage Audit trail for records, compliance investigations Securely extend network services beyond perimeter defenses. Remotely monitor and protect data Access network file shares Data Loss Prevention

9 Managing Risks – Mobile Enterprise
Corporate vs BYOD, Which is best? What level of data classification is accessed? What services are required to perform job? What is the risk rating for the individual? Does the user have a device that allows for encrypted secure workspace?

10 Risks of Inadequate Mobile Security
Storage of enterprise data on unsecured personal devices Storage of enterprise data on 3rd party infrastructure and services outside of jurisdiction (Dropbox, Skydrive, etc) Multiple, disparate and uncoordinated file storage silos Malicious mining of enterprise data using stolen devices with saved access credentials Legal liability for information breaches under the Data Privacy Act if citizen data is compromised

11 Managing Risk in Mobile Computing
Policy Data classification Mobile usage policy Mobile assignment policies Corporate services policy Confidentiality policies Identify legal recourse for non-compliance BYOD

12 Managing Risk in Mobile Computing
Centralized Management Mobile Device Management Solutions (BES10, etc) for device policy enforcement Access Management Single Sign On Device recovery Remote Information Recovery / Information Removal

13 Managing Risk in Mobile Computing
User Education & Accountability Policy Awareness Policy Enforcement User agreement forms/Acceptable use Confidentiality Statements

14 Managing Risk in Mobile Computing
Compliance Mobile Access Auditing (Active Sync, BES) Data Retention (Laws / Regulations) Incident Reporting Mobile device incident reporting for Loss & Theft Device itself may be required to provide evidence in legal matter or assist in investigations

15 Contingency Approach Conclusions
Secure mobile devices as you would secure a laptop Provide security controls in line with data classifications, highest class applies. Educate users on their responsibilities and the policies they must abide by Ensure access granted to employee and to device matches organizational responsibilities

16

Download ppt "Security considerations for mobile devices in GoRTT"

Similar presentations

Presented By Krypto Security Software, LLC. What is BackStopp is a simple but effective tool to help an organization protect its mobile data in the event.

Presented By Krypto Security Software, LLC. What is BackStopp is a simple but effective tool to help an organization protect its mobile data in the event.
Security for Mobile Devices

Security for Mobile Devices
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
© Peter Readings 2007 1 Data Leakage Pete Readings CISSP.

© Peter Readings Data Leakage Pete Readings CISSP.
Optimizing the Cloud in Government Hyatt Regency, Miami 25 July, 2012.

Optimizing the Cloud in Government Hyatt Regency, Miami 25 July, 2012.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
SAM for Mobile Device Management Presenter Name. of employees spend at least some portion of their time working outside their office. Mobility is the.

SAM for Mobile Device Management Presenter Name. of employees spend at least some portion of their time working outside their office. Mobility is the.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.

Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.

IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.

Similar presentations

Ads by Google