Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.
-
Upload
roland-anthony -
Category
Documents
-
view
222 -
download
0
Transcript of Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.
![Page 1: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/1.jpg)
Enterprise Mobile Device Security
Bryan Glancey
Vice President of Research & Development
![Page 2: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/2.jpg)
Devices are the Weakest link
• "Because that's where the money is." (Willie Sutton, his response when asked why he robs banks)
• This is the rock-solid principle on which the whole of the Corporation's [IBM's] Galaxy-wide success is founded...their fundamental design flaws are completely hidden by their superficial design flaws. – TH Nelson, Computer Lib., 1988, London: Penguin.
![Page 3: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/3.jpg)
Mobile Devices Devices – Our Friends?
• PDAs & SmartPhones
• 802.11 Devices• Wireless Modems
– CDPD
![Page 4: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/4.jpg)
Why Mobile wireless devices are great!!!
• Remote E-mail
• Remote Contacts
• Remote Calendar
• Remote Applications
![Page 5: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/5.jpg)
Why wireless devices are the worst thing that
ever happened to information security.
![Page 6: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/6.jpg)
Confidential informationConfidential information
• Remote E-mail
• Remote Contacts
• Remote Calendar
![Page 7: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/7.jpg)
Regulatory Compliance
• Lots of legislation regarding information assets
• HIPAA – Health Insurance Portability & Accountability Act– Mandates Protection of Medical Information– Liability for both Organization and Individuals
• Gramm-Leach-Bliley Act of 1999– Mandates protection of financial information
– Active as of July 2001
• http://www.cdt.org/privacy/plif.shtml
![Page 8: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/8.jpg)
Identity theft and Fraud
• Your Palmtop often contains all the information needed to assume your identity
•Bank Accounts •Credit Cards
•Contact Info •Historic Information
•E-mail •Schedule
•Your home address
•Passwords & PINs
![Page 9: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/9.jpg)
Meet Mike
• Mike is an Executive
• Mike is Successful• Mike Travels 50%
of the time• Mike wants to keep
in touch with minimum hassle
![Page 10: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/10.jpg)
Meet Mike’s Wireless Device
Mike can:
• Read E-mail
•Access his Contacts
•View his Calendar
•Make Meeting Notes
•Generate Sales!!
![Page 11: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/11.jpg)
Mike sinks up his Device
• Communications Protocol Issues– CDPD Security– 802.11 Security
• Let’s assume that the data makes it safely to his device
• Let’s take a look at what’s in Let’s take a look at what’s in there -there -
![Page 12: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/12.jpg)
What’s in Mike’s Device?
• Contacts– Contact information for
his entire companies contact database
– Personal information regarding his customers
– Personal information about company employees
– Customer Sales information
– Pricing/contracts data
![Page 13: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/13.jpg)
What’s in Mike’s Device?• Calendar
– Information about customer meetings – with contact info and subject
– Information about competitive situations
– Information that presents competitive advantage!!
![Page 14: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/14.jpg)
What’s in Mike’s Device?
• Mail– Negotiating
Positions
– Price lists
– Order information
– Product information
– Legal Discussions
![Page 15: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/15.jpg)
So where does Mike go with this information?
• Airports• Airplanes• Taxi Cabs• Hotels• Rental Cars• Restaurants • Baseball Games• Everywhere he goes!
![Page 16: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/16.jpg)
So? What’s the difference? All that information was already on
their Laptop!
![Page 17: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/17.jpg)
Devices vs. Laptops• Wireless Devices are sometimes
Laptop replacements
13’’
5.25’’
6.7 oz
7.5 lbs
![Page 18: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/18.jpg)
Wireless devices are extremely prone to theft!
• The information stored on the device is a corporate asset
• The information stored on the Device is a Liability – and possibly protected by legislation
• Even with secure transport, the data remains on the device
![Page 19: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/19.jpg)
Steps to take
• Put some thought into extending your security policy to include mobile devices– What data can be stored on Mobile Devices?– Are there any regulatory implications?– Is there any business Risk in disclosure?
• Pick a standard Device!– Easier in include in Security Policy if they are all the same – if it’s
not too late!
![Page 20: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/20.jpg)
Steps to take & Trends
• Look into Access control products for your Mobile Devices
•Focus on Integrating Mobile Devices into your existing Security Policy
•Start with the expectation that PDAs will meet the same security standards as PCs
![Page 21: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/21.jpg)
Why none of the current solutions work - yet
• Bad Management
• Poor User experience
• Different solutions on different platforms
• No Enterprise Visibility
• ‘Insecurity is in the implementation not the math’ – Bruce Schneier
![Page 22: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/22.jpg)
History of Device Security
• Hard Disk Encryption– PC-DACS– Protect Data (Pointsec)– Safeguard Easy
• PDA Protection– PDA Bomb– F-Secure
![Page 23: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/23.jpg)
2003 – “The Year of Convergence” - Gartner
• The Pitfalls of Multi-Vendor Security– Management
• “Which proprietary Management tool do I use for the Palm Security?”
– User Acceptance• “Why does the security on My PDA work
different then the one on my Laptop?”
![Page 24: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/24.jpg)
Uniform Security – Cross Platform
• Policies & Procedures are Enterprise Wide without exception
• Same/Similar operation on all Devices
• Enterprise Management Tools – Manage all platforms from one place
• Single Enterprise Security Policy
![Page 25: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/25.jpg)
Uniform Reporting
• Enterprise visibility for Security
• Simple Executive Reports – ‘Show me the ROI for this security Stuff!’
• E-mail notifications, Pager notifications based on events – just like the Firewall people
![Page 26: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/26.jpg)
Uniform Management
• Common Tool Administration– Microsoft Management Console– Active Directory– SNMP
![Page 27: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/27.jpg)
Conclusion
• Mobile Devices provide easy access to corporate information assets
• Mobile Devices are extremely mobile – therefore prone to theft
• Look for pragmatic solutions to your problems
• Extend your security policy to include mobile devices
![Page 28: Enterprise Mobile Device Security Bryan Glancey Vice President of Research & Development.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649e995503460f94b9caa0/html5/thumbnails/28.jpg)
Thank You
Reminder:
• Please be sure to complete your session evaluation forms and place them in the box outside the room. We appreciate your feedback.