Mark Wright Senior Systems Consultant, Global Mobility SWAT Sybase an SAP Company Thursday,...

Drag picture to placeholder or click icon to add

Mark WrightSenior Systems Consultant, Global Mobility SWATSybase an SAP CompanyThursday, September 29th 2011

Mobile Enterprise Security

© 2011 SAP AG. All rights reserved. 2

Unwired Enterprise EvolutionRE

ACH

Local

Global

Computer Centric Human Centric

Mainframe Internet Unwired Enterprise

Client/Server


Two Stages of Mobile

Mobile 1.0 Mobile 2.0

Transform the enterpriseExtend the enterprise


Mobility is The New Standard

75% of all US workers willbe mobile by 2013

Source: “W o r l d w i d e M o b i l e W o r k e r P o p u l a t i o n 2 0 0 9 – 2 0 1 3 F o r e c a s t ”, IDC

35%% of global workforce that will be mobile information workers by 2013


Consumer Mobility has hit critical mass

There are More Mobile Phones than Toothbrushes (5B vs 2.2B)


Mobility Is Not Just About Road Warriors Anymore

Execs

Line of BusinessManagers

Task and Business Users

Consumers and Ecosystem

E-m

ail

Con

tact

s

Appr

oval

Req

uest

s

Fiel

d Se

rvic

e

Tim

e &

Expe

nse

Dashboards

Approvals

Calendars

CR

M

Scheduling & Dispatch

Mobile E-Commerce Mobile Marketing Self-Service


Key Trends in 2011 and Beyond

Consumerization of IT with Employee-owned Devices

Momentum of Managed Mobility Services

Increasing demand for enterprise applications

Increasing demand for integrated solutions versus point products

Shifts in Development Paradigm and Ecosystem


Enterprise Mobility Trends and Drivers

1- Gartner 2 – IDC Forecast

Trends• 10B Apple App Store downloads• 55M Tablets in 2011, 208M by 20141

• 1B smart phones and 1.2B mobile workers by 20132

Mobility drivers• Shift to cloud computing• Consumerization of IT• Increasing sophistication of devices,

OSs, applications, and networks• Business demand

Lessons learned• Security and device management are

a must have and the first step

• A device-agnostic mobility strategy is critical

• New business scenarios are coming!


What Does This Mean?

is the new edge we will use to connect to

our world

MOBILITYof developing and managing applications, data, and clients, has dramatically increased.

COMPLEXITY

but


Mobility Is Not in the Future, It Is Now

2010 2011 2012 2013 20140

200

400

600

800

1000

1200

1400

1600

1800Tablets forecast

Desktop PC Mobile PC Smartphones

(millions of units)

smart phones and tabletsare the dominant computing devices

Enterprisesare building mobile applications today

Mobile commerceis a prominent marketplace and competitive edge for retailers

expect to support up to 4 different mobile operating system platforms

of companies as a priority will implement mobile enterprise apps in 2011

45%

58%Shopping on the mobile web will reach

of retailers in the United States are planning for m-commerce

74%

$119 billionby 2015

Smart phones and tabletsare the dominant computing devices

Enterprisesare building mobile applications today


Interesting market stats

Approximately 1.3 million mobile phones are stolen EACH YEAR, just in the UK

More than one in three data breaches last year involved a mobile device

Major US corporations lose by theft 1,985 USB memory sticks, 1,075 smartphones, and 640 laptops, EVERY WEEK

120,000 cell phones are left in Chicago taxi cabs EACH YEAR

In the US, 113 cell phones are lost EVERY MINUTE

113 Smart Phones are lost every

minute!


Mobile “Insecurity”

61% report that business

use of smartphones is their TOP SECURITY

CONCERN

54% report at least one

security breach in the last year

33% report requiring

advanced authentication for

corporate network access

33% report using data

encryption on mobile devices


What users are looking for

• Simplicity and Ease of Use

•Access to personal data,

photos, movies, apps

• Access to work email and

work apps/systems

• Rich Web browsing

• Freedom of device choice


What it is IT looking for

• To protect corporate assets from

loss and theft

• To ensure corporate security policies

are enforced on devices that have

access to the network and data

• The ability to remotely delete corporate

data on the device

• Enforce device configurations such as

password, network settings, etc.

• Asset tracking capabilities


Understanding Mobility Risks and Remedies

Four areas of vulnerability in mobile business operations:

Lost or stolen devices Unauthorized data access

Risks arising from combining personal and work use in one device

Gaps in device management and policy enforcement

!


Lost and stolen devices

User authentication at the device level

Remote lock and wipe

Data encryption

Data fading

Data backup


Unauthorized data access

Mobile application provisioning and settings

Remote configuration updates

Event and activity monitoring and logging

Unauthorized access through virus or malware infected devices

Antivirus software and firewall protection

Remote provisioning of software patches and security updates

Enforce security policies related to application downloads

Activity monitoring and tracking

!


RISKS Related to personal and business use on the same device

Segregating business functions on the mobile device

Remote data wipe

Data fading


Gaps in device management and policy enforcement

A single security management platform – This provides a common security management console capable of supporting all the device types and applications that make up a dynamic business mobility environment


SUMMARY

Risk Remedies

Data lost due to lost or stolen devices

• User authentication at the device level• Remote lock and wipe • Data encryption • Data fading • Data backup

Unauthorized user accesses data with a lost or stolen phone

• Same as above

Authorized user gains unauthorized access to, or makes inappropriate use of, proprietary information

• Security policies• Mobile application provisioning and settings • Remote configuration updates • Event and activity monitoring and logging

Unauthorized access through virus or malware infected devices

• Anti virus software and firewall protection • Remote provisioning of software patches and security

updates• Enforce security policies regarding application downloads • Activity monitoring and tracking

Risks arising from combining personal and work use in one device

• Security policies• Segregating business functions on the mobile device• Remote data wipe• Data fading

!


IT needs to make the rules

• Security. Anyone who uses their personal smartphone at work should be required to install mobility management software that enforces passwords, encrypts data and can remotely erase corporate information on lost or stolen devices.

• Permissible content. Storing pirated or objectionable content on a personal device that’s utilized for business should be strictly forbidden. “If you use it for work, it’s a work asset and should be governed by workplace rules of conduct,”

• Choice of plan. Companies that cover work-related voice and data charges should make using the corporate mobile plan mandatory. That way the expenses they underwrite will always be based on low group rates.

• Phone number ownership. Employees who leave your firm should take their smartphone with them—but leave the phone number behind. The last thing you want to do is make it easy for your customers to reach ex-employees who now work for a competitor. Of course, setting guidelines alone is just a starting point. You should also provide thorough training, get written agreement from employees to abide by the rules and punish workers who break them.


Admit personal mobile devices

How do I deny access to unauthorized users? For starters, establish a mandatory security policy requiring employees to set a strong password on their mobile device and to change it every three to six months. Mobile management systems can help IT administrators enforce such policies automatically, without the need for user involvement.

What’s my plan if a personal device gets lost or stolen? Passwords alone won’t be protection enough in such cases. You’ll need mobile management software offering remote lock and remote wipe capabilities. Remote lock features enable administrators to temporarily “freeze” a device that may simply have been misplaced. Remote wipe functionality enables the IT department to erase data from a lost or stolen mobile device.

How do I remove corporate data from a personal device whose owner is leaving the company? IT departments that allow enterprise data to reside on a personal device can use management tools to separate enterprise data from personal data. When an employee leaves, IT can wipe the enterprise data from that person’s device while leaving personal data unaffected. This approach makes it possible to cleanse proprietary information from an outgoing employee’s mobile device without also deleting personal applications and music.

How do I keep prying eyes away from confidential files? Use mobility management software to encrypt enterprise data, both when it’s in transit to the device over a wireless network and when it’s at “at rest” in the device’s memory. Use an application platform to develop your internal applications so that you can apply your company security to that application instead of relying on 3 rd parties.


Lessen the threat

• Be aware of all types of threats to mobile devices, including device loss, malware, bugs, and out-of-date mobile OS software

• Create mobile governance policies that emphasize security; educate employees on how to adhere to those rules

• Use a mobile management platform that allows IT to centrally deploy, configure, and manage a fleet of multiplatform mobile devices (whether personally owned or company-purchased)

• Use mobile management tools that offer IT visibility into device status, so security breaches can be quickly and automatically shut down

• Restrict or limit known vulnerabilities, including application download, camera, Bluetooth, or Wi-Fi

• Implement a portfolio of device security tools that include alphanumeric passcodes, authentication, encryption, and remote wipe

• Control download and installation of any apps that give users access to corporate information.


Mobile security as a way of life

• Support for a broad spectrum of mobile devices

• The platform must support strong user authentication

• The platform must support strong encryption

• Able to set access restrictions and security policies for all mobile business applications

• The platform must support strong over-the-air controls like remote provisioning, remote device configuration, remote device lock, and remote data wipe

• The platform must have a depth of sophisticated security controls and activity monitoring capability

• The platform must support (as available) antivirus software, firewall protection, including over the air distribution of patches and security updates


What to do next

• Discover mobile devices on the network.

• Determine the back-office systems employees want to access.

• Formalize user types and set policies.

• Get ready to take action.

• Add password and encryption policies plus remote wipe capabilities at a minimum.

• Consider separating personal data from business data.

• Enable users to be self-sufficient.


Checklist of Key Moves

• Change your mind-set. Start viewing workplace use of smartphones as an opportunity rather than a threat.

• Ensure that you have firm employee guidelines in place regarding issues such as storing pirated or objectionable content on a personal mobile device, choosing voice and data plans and getting technical support.

• Equip your IT department to realize the productivity-enhancing potential of personal mobile devices by deploying tools it can use to “mobilize” key business processes; provide mobile access to back-end ERP and CRM systems; and create graphical, touch-friendly smartphone apps.

• Thoroughly examine the potential security issues associated with admitting personal mobile devices to the enterprise, and begin formulating plans for addressing them.

Thank You

Date post:	31-Mar-2015
Category:	Documents
Upload:	mariano-reasons
View:	217 times
Download:	1 times

Mark Wright Senior Systems Consultant, Global Mobility SWAT Sybase an SAP Company Thursday,...

Documents