Mark Wright Senior Systems Consultant, Global Mobility SWAT Sybase an SAP Company Thursday,...
-
Upload
mariano-reasons -
Category
Documents
-
view
216 -
download
1
Transcript of Mark Wright Senior Systems Consultant, Global Mobility SWAT Sybase an SAP Company Thursday,...
Drag picture to placeholder or click icon to add
Mark WrightSenior Systems Consultant, Global Mobility SWATSybase an SAP CompanyThursday, September 29th 2011
Mobile Enterprise Security
© 2011 SAP AG. All rights reserved. 2
Unwired Enterprise EvolutionRE
ACH
Local
Global
Computer Centric Human Centric
Mainframe Internet Unwired Enterprise
Client/Server
© 2011 SAP AG. All rights reserved. 3
Two Stages of Mobile
Mobile 1.0 Mobile 2.0
Transform the enterpriseExtend the enterprise
© 2011 SAP AG. All rights reserved. 4
Mobility is The New Standard
75% of all US workers willbe mobile by 2013
Source: “W o r l d w i d e M o b i l e W o r k e r P o p u l a t i o n 2 0 0 9 – 2 0 1 3 F o r e c a s t ”, IDC
35%% of global workforce that will be mobile information workers by 2013
© 2011 SAP AG. All rights reserved. 5
Consumer Mobility has hit critical mass
There are More Mobile Phones than Toothbrushes (5B vs 2.2B)
© 2011 SAP AG. All rights reserved. 6
Mobility Is Not Just About Road Warriors Anymore
Execs
Line of BusinessManagers
Task and Business Users
Consumers and Ecosystem
E-m
ail
Con
tact
s
Appr
oval
Req
uest
s
Fiel
d Se
rvic
e
Tim
e &
Expe
nse
Dashboards
Approvals
Calendars
CR
M
Scheduling & Dispatch
Mobile E-Commerce Mobile Marketing Self-Service
© 2011 SAP AG. All rights reserved. 7
Key Trends in 2011 and Beyond
Consumerization of IT with Employee-owned Devices
Momentum of Managed Mobility Services
Increasing demand for enterprise applications
Increasing demand for integrated solutions versus point products
Shifts in Development Paradigm and Ecosystem
© 2011 SAP AG. All rights reserved. 8
Enterprise Mobility Trends and Drivers
1- Gartner 2 – IDC Forecast
Trends• 10B Apple App Store downloads• 55M Tablets in 2011, 208M by 20141
• 1B smart phones and 1.2B mobile workers by 20132
Mobility drivers• Shift to cloud computing• Consumerization of IT• Increasing sophistication of devices,
OSs, applications, and networks• Business demand
Lessons learned• Security and device management are
a must have and the first step
• A device-agnostic mobility strategy is critical
• New business scenarios are coming!
© 2011 SAP AG. All rights reserved. 9
What Does This Mean?
is the new edge we will use to connect to
our world
MOBILITYof developing and managing applications, data, and clients, has dramatically increased.
COMPLEXITY
but
© 2011 SAP AG. All rights reserved. 10
Mobility Is Not in the Future, It Is Now
2010 2011 2012 2013 20140
200
400
600
800
1000
1200
1400
1600
1800Tablets forecast
Desktop PC Mobile PC Smartphones
(millions of units)
smart phones and tabletsare the dominant computing devices
Enterprisesare building mobile applications today
Mobile commerceis a prominent marketplace and competitive edge for retailers
expect to support up to 4 different mobile operating system platforms
of companies as a priority will implement mobile enterprise apps in 2011
45%
58%Shopping on the mobile web will reach
of retailers in the United States are planning for m-commerce
74%
$119 billionby 2015
Smart phones and tabletsare the dominant computing devices
Enterprisesare building mobile applications today
© 2011 SAP AG. All rights reserved. 11
Interesting market stats
Approximately 1.3 million mobile phones are stolen EACH YEAR, just in the UK
More than one in three data breaches last year involved a mobile device
Major US corporations lose by theft 1,985 USB memory sticks, 1,075 smartphones, and 640 laptops, EVERY WEEK
120,000 cell phones are left in Chicago taxi cabs EACH YEAR
In the US, 113 cell phones are lost EVERY MINUTE
113 Smart Phones are lost every
minute!
© 2011 SAP AG. All rights reserved. 12
Mobile “Insecurity”
61% report that business
use of smartphones is their TOP SECURITY
CONCERN
54% report at least one
security breach in the last year
33% report requiring
advanced authentication for
corporate network access
33% report using data
encryption on mobile devices
© 2011 SAP AG. All rights reserved. 13
What users are looking for
• Simplicity and Ease of Use
•Access to personal data,
photos, movies, apps
• Access to work email and
work apps/systems
• Rich Web browsing
• Freedom of device choice
© 2011 SAP AG. All rights reserved. 14
What it is IT looking for
• To protect corporate assets from
loss and theft
• To ensure corporate security policies
are enforced on devices that have
access to the network and data
• The ability to remotely delete corporate
data on the device
• Enforce device configurations such as
password, network settings, etc.
• Asset tracking capabilities
© 2011 SAP AG. All rights reserved. 15
Understanding Mobility Risks and Remedies
Four areas of vulnerability in mobile business operations:
Lost or stolen devices Unauthorized data access
Risks arising from combining personal and work use in one device
Gaps in device management and policy enforcement
!
© 2011 SAP AG. All rights reserved. 16
Lost and stolen devices
User authentication at the device level
Remote lock and wipe
Data encryption
Data fading
Data backup
© 2011 SAP AG. All rights reserved. 17
Unauthorized data access
Mobile application provisioning and settings
Remote configuration updates
Event and activity monitoring and logging
Unauthorized access through virus or malware infected devices
Antivirus software and firewall protection
Remote provisioning of software patches and security updates
Enforce security policies related to application downloads
Activity monitoring and tracking
!
© 2011 SAP AG. All rights reserved. 18
RISKS Related to personal and business use on the same device
Segregating business functions on the mobile device
Remote data wipe
Data fading
© 2011 SAP AG. All rights reserved. 19
Gaps in device management and policy enforcement
A single security management platform – This provides a common security management console capable of supporting all the device types and applications that make up a dynamic business mobility environment
© 2011 SAP AG. All rights reserved. 20
SUMMARY
Risk Remedies
Data lost due to lost or stolen devices
• User authentication at the device level• Remote lock and wipe • Data encryption • Data fading • Data backup
Unauthorized user accesses data with a lost or stolen phone
• Same as above
Authorized user gains unauthorized access to, or makes inappropriate use of, proprietary information
• Security policies• Mobile application provisioning and settings • Remote configuration updates • Event and activity monitoring and logging
Unauthorized access through virus or malware infected devices
• Anti virus software and firewall protection • Remote provisioning of software patches and security
updates• Enforce security policies regarding application downloads • Activity monitoring and tracking
Risks arising from combining personal and work use in one device
• Security policies• Segregating business functions on the mobile device• Remote data wipe• Data fading
!
© 2011 SAP AG. All rights reserved. 21
IT needs to make the rules
• Security. Anyone who uses their personal smartphone at work should be required to install mobility management software that enforces passwords, encrypts data and can remotely erase corporate information on lost or stolen devices.
• Permissible content. Storing pirated or objectionable content on a personal device that’s utilized for business should be strictly forbidden. “If you use it for work, it’s a work asset and should be governed by workplace rules of conduct,”
• Choice of plan. Companies that cover work-related voice and data charges should make using the corporate mobile plan mandatory. That way the expenses they underwrite will always be based on low group rates.
• Phone number ownership. Employees who leave your firm should take their smartphone with them—but leave the phone number behind. The last thing you want to do is make it easy for your customers to reach ex-employees who now work for a competitor. Of course, setting guidelines alone is just a starting point. You should also provide thorough training, get written agreement from employees to abide by the rules and punish workers who break them.
© 2011 SAP AG. All rights reserved. 22
Admit personal mobile devices
How do I deny access to unauthorized users? For starters, establish a mandatory security policy requiring employees to set a strong password on their mobile device and to change it every three to six months. Mobile management systems can help IT administrators enforce such policies automatically, without the need for user involvement.
What’s my plan if a personal device gets lost or stolen? Passwords alone won’t be protection enough in such cases. You’ll need mobile management software offering remote lock and remote wipe capabilities. Remote lock features enable administrators to temporarily “freeze” a device that may simply have been misplaced. Remote wipe functionality enables the IT department to erase data from a lost or stolen mobile device.
How do I remove corporate data from a personal device whose owner is leaving the company? IT departments that allow enterprise data to reside on a personal device can use management tools to separate enterprise data from personal data. When an employee leaves, IT can wipe the enterprise data from that person’s device while leaving personal data unaffected. This approach makes it possible to cleanse proprietary information from an outgoing employee’s mobile device without also deleting personal applications and music.
How do I keep prying eyes away from confidential files? Use mobility management software to encrypt enterprise data, both when it’s in transit to the device over a wireless network and when it’s at “at rest” in the device’s memory. Use an application platform to develop your internal applications so that you can apply your company security to that application instead of relying on 3 rd parties.
© 2011 SAP AG. All rights reserved. 23
Lessen the threat
• Be aware of all types of threats to mobile devices, including device loss, malware, bugs, and out-of-date mobile OS software
• Create mobile governance policies that emphasize security; educate employees on how to adhere to those rules
• Use a mobile management platform that allows IT to centrally deploy, configure, and manage a fleet of multiplatform mobile devices (whether personally owned or company-purchased)
• Use mobile management tools that offer IT visibility into device status, so security breaches can be quickly and automatically shut down
• Restrict or limit known vulnerabilities, including application download, camera, Bluetooth, or Wi-Fi
• Implement a portfolio of device security tools that include alphanumeric passcodes, authentication, encryption, and remote wipe
• Control download and installation of any apps that give users access to corporate information.
© 2011 SAP AG. All rights reserved. 24
Mobile security as a way of life
• Support for a broad spectrum of mobile devices
• The platform must support strong user authentication
• The platform must support strong encryption
• Able to set access restrictions and security policies for all mobile business applications
• The platform must support strong over-the-air controls like remote provisioning, remote device configuration, remote device lock, and remote data wipe
• The platform must have a depth of sophisticated security controls and activity monitoring capability
• The platform must support (as available) antivirus software, firewall protection, including over the air distribution of patches and security updates
© 2011 SAP AG. All rights reserved. 25
What to do next
• Discover mobile devices on the network.
• Determine the back-office systems employees want to access.
• Formalize user types and set policies.
• Get ready to take action.
• Add password and encryption policies plus remote wipe capabilities at a minimum.
• Consider separating personal data from business data.
• Enable users to be self-sufficient.
© 2011 SAP AG. All rights reserved. 26
Checklist of Key Moves
• Change your mind-set. Start viewing workplace use of smartphones as an opportunity rather than a threat.
• Ensure that you have firm employee guidelines in place regarding issues such as storing pirated or objectionable content on a personal mobile device, choosing voice and data plans and getting technical support.
• Equip your IT department to realize the productivity-enhancing potential of personal mobile devices by deploying tools it can use to “mobilize” key business processes; provide mobile access to back-end ERP and CRM systems; and create graphical, touch-friendly smartphone apps.
• Thoroughly examine the potential security issues associated with admitting personal mobile devices to the enterprise, and begin formulating plans for addressing them.
Thank You