SlideShare a Scribd company logo

California's New Mobile Security Laws Require EMM

MobileIron
MobileIron

This document discusses new legal requirements for mobile security in California. It summarizes data from the California Attorney General showing a rise in data breaches affecting millions of California residents. The document recommends that enterprises implement an Enterprise Mobility Management (EMM) system to meet requirements of California law by securely managing mobile devices and applications. It outlines how EMM can help satisfy several of the 20 Critical Security Controls and argues that EMM has become necessary for legal compliance, as shown by a $650,000 HIPAA settlement resulting from a failure to manage mobile devices. Resources on MobileIron's website are provided.

Technology
1 of 19
Download to read offline
MobileIron  Confidential New  Legal  Requirements   for  Mobile  Security Ojas  Rege Chief  Strategy  Officer Carl  Spataro Chief  Privacy  Officer August  9,  2016
MobileIron  ConfidentialMobileIron  Confidential
MobileIron  ConfidentialMobileIron  Confidential In  the  past  four  years,  the  Attorney  General  has  received  reports   on  657 data  breaches,  affecting  a  total  of  over  49  million  records   of  Californians.  In  2012,  there  were  131  breaches,  involving  2.6   million  records  of  Californians;;  in  2015,  178  breaches  put  over  24   million  records  at  risk.  This  means  that  nearly  three  in  five   Californians  were  victims  of  a  data  breach  in  2015  alone.   “2016  California  Data  Breach  Report,  February  2016
MobileIron  ConfidentialMobileIron  Confidential EMM  is  the  recommended  approach  for  implementing  the  foundational   Critical  Security  Controls  for  mobile  devices  as  required  by  California  law   https://oag.ca.gov/breachreport2016
MobileIron  ConfidentialMobileIron  Confidential Importance  of  planning:  Citibank  breach  (2011)   IT Compliance Privacy
MobileIron  ConfidentialMobileIron  Confidential https://www.cisecurity.org/critical-­controls.cfm 20  Critical  Security  Controls  from   Center  for  Internet  Security  (CIS) California’s  information  security  statute  (California  Civil  Code  Sec.  1798.81.5)  requires  that  businesses  – headquartered  anywhere  in  the  world  – that  own,  license  or  maintain personal  information  about  California   residents  use  “reasonable security  procedures  and  practices  appropriate  to  the  nature  of  the  information, to   protect  personal  information  from  unauthorized  access,  destruction,  use,  modification  or  disclosure.” Data  Breach  Report  defines  “minimum level  of  information  security”
MobileIron  ConfidentialMobileIron  Confidential If  you  are  using  ActiveSync  for   mobile  security  …. …  you  will  not be  able  to  meet   these  requirements.
MobileIron  ConfidentialMobileIron  Confidential Recommended  role  for  MDMApplicability  to  mobile “One  must  have  knowledge  of  all  devices  used   to  access  data  and  resources  in  the   organization.  Mobile  devices  aren’t  perpetually   attached  to  the  network like  other  IT  systems,  so   new  methods  need  to  be  used  to  maintain  the   inventory.” Inventory  of  authorized  and  unauthorized  devices1 Critical  Security  Controls “…  Mobile  Device  Management  (MDM)  can   support  this  by  installing  agents  on  the  mobile   devices  to  push  down  configuration  and  security   profiles,  monitor  devices  for  configuration   changes  and  provide  access  controls  based  on   policy.” Device  inventory,  config,  policy,  compliance MobileIron  Sentry  and  Access
MobileIron  ConfidentialMobileIron  Confidential Recommended  role  for  MDMApplicability  to  mobile “There  are  millions  of  mobile  apps  across   dozens  of  different  platforms.    Mobile  apps  can   bring  risks  and  threats  to  data  and  credentials.     Being  able  to  know  what  is  installed,  control   access  to  malicious  apps  and  insecure  versions   of  apps  is  important  to  protect  the  organization.” Inventory  of  authorized  and  unauthorized  software2 Critical  Security  Controls “MDM tools  can  inventory  apps,  and  set  policies   and  whitelisting to  promote  use  of  secure   versions  of  apps.”   App  inventory,  config,  policy,  whitelisting AppConnect for  containerization
MobileIron  ConfidentialMobileIron  Confidential Recommended  role  for  MDMApplicability  to  mobile “Like  with  PCs,  secure  configurations  and   monitoring  of  these  configurations  are  critical  to   maintain  trust with  these  devices.” Secure  configurations  for  hardware  and  software  on  mobile  devices,   laptops,  workstations  and  servers 3 Critical  Security  Controls “MDMs can  restrict  access  to  cameras,  white-­list   Wi-­Fi  networks,  apply  password  policy   enforcement,  and  inventory what  apps  are   installed  …  and  provide  the  necessary   monitoring  to  be  alerted  when  devices  are  out  of   compliance;;  for  instance,  if  someone  installs  an   unauthorized  application,  turns  off  encryption,  or   jailbreaks  or  roots  their  device.” Lockdown  and  security  policy Compliance  notification
MobileIron  ConfidentialMobileIron  Confidential Recommended  role  for  MDMApplicability  to  mobile “Mobile  vulnerabilities  are  usually  linked  to   versions  of  the  operating  system  or  malicious   apps.    Since  mobile devices  aren’t  attached  to   the  network,  you  can’t  identify  and  manage   vulnerabilities  like  you  do  on  PCs,  servers  or   other  networked  devices.”   Continuous  vulnerability  assessment  and  remediation4 Critical  Security  Controls “One  can’t  just  run  vulnerability  scans  on  a   network  to  scrutinize  mobile  devices.    Therefore,   mobile  vulnerability  assessments  must   incorporate  threat  modeling,  and  understanding   the  devices,  data,  users  and  their  behaviors.   MDMs  can  play  a  key  role  in  gathering  the   information  for  the  “what”  and  “who”  for  mobile   management.” Compliance  monitoring Mobile  reporting  
MobileIron  ConfidentialMobileIron  Confidential Recommended  role  for  MDMApplicability  to  mobile “Many  intrusions  use  valid  credentials  obtained   either  through  social  engineering,  or  captured  by   other  means.    One  important  risk  in  mobile  is   protecting  credentials  stored  on  the  device   because  a  user’s  email  account  could  also  be  a   system  or  Domain  Admin  account.” Controlled  use  of  administrative  privileges5 Critical  Security  Controls “It’s  dangerous  to  allow  users  to  root  or  jailbreak   mobile  devices,  because  it  opens  up  risks  to   vulnerabilities  running  at  that  lowest  level.     MDM and  mobile  security  tools  can  provide   visibility  by  having  agents  on  phones  that  send   events  and  alerts  to  a  central  server.” Jailbreak  /  root  detection Remediation  actions  and  notifications
MobileIron  ConfidentialMobileIron  Confidential From  discretionary  security  to   necessary  compliance
MobileIron  ConfidentialMobileIron  Confidential Helping  compliance  team  achieve  its  goals Speaking  the  language Brand  trust Minimum  standards Not  disruptive  to  operations Ease  and  speed  of  deployment Compliance Privacy IT
MobileIron  ConfidentialMobileIron  Confidential “The  unifying theme  is  that  an  enterprise  cannot  reasonably  believe   that  it  is  providing  adequate  security  for  important  data  unless  it  can   demonstrate  that  it  has  implemented  appropriate  enterprise  mobility   management  controls  and  procedures  to  ensure  that  the  device,   application,  and  user  are  properly  authorized  and  authenticated   before  providing  access  the  data  and  making  sure  that  the  data,  once   on  the  device,  is  protected  from  unauthorized  use  or  disclosure. Carl  Spataro,  Chief  Privacy  Officer,  MobileIron
MobileIron  ConfidentialMobileIron  Confidential June 2016: Failure to Manage Mobile Device Results in Action under HIPAA A  recent  $650,000  settlement  agreement   under  Health  Insurance  Portability  and   Accountability  Act  of  1996  (HIPAA)  makes  it   clear  that  an  effective  enterprise  mobility   management  (EMM)  solution  is  a   requirement  for  compliance  with  the  privacy   and  security  rules  of  HIPAA
MobileIron  ConfidentialMobileIron  Confidential is  the  proactive  approach  to   legal  compliance EMM  is  not  optional
MobileIron  ConfidentialMobileIron  Confidential Resources  on  www.mobileiron.com Blog https://www.mobileiron.com/en/ smartwork-­blog/emm-­and-­law Resources  /  Blog White  paper https://www.mobileiron.com/en/ whitepaper/emm-­and-­law Resources  /  White  Papers This  webinar  (on-­demand) https://www.mobileiron.com/en/resources/webinars/new -­legal-­requirements-­mobile-­security-­emm-­not-­optional Resources  /  Webinars
MobileIron  Confidential

Recommended

MobileIron Presentation
MobileIron PresentationMobileIron Presentation
MobileIron PresentationWing Venture Capital
 
MobileIrn Presentation
MobileIrn PresentationMobileIrn Presentation
MobileIrn PresentationWing Venture Capital
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...IBM Security
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesChris Pepin
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
 
3 Steps to Safely Bringing Your Own Devices (BYOD)
3 Steps to Safely Bringing Your Own Devices (BYOD)3 Steps to Safely Bringing Your Own Devices (BYOD)
3 Steps to Safely Bringing Your Own Devices (BYOD)Motorola Solutions
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challengexKinAnx
 
IBM Mobile Analyzer Saves the Day
IBM Mobile Analyzer Saves the DayIBM Mobile Analyzer Saves the Day
IBM Mobile Analyzer Saves the DayIBM Security
 

Recommended

MobileIron Presentation
MobileIron PresentationMobileIron Presentation
MobileIron PresentationWing Venture Capital
 
MobileIrn Presentation
MobileIrn PresentationMobileIrn Presentation
MobileIrn PresentationWing Venture Capital
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...IBM Security
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesChris Pepin
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
 
3 Steps to Safely Bringing Your Own Devices (BYOD)
3 Steps to Safely Bringing Your Own Devices (BYOD)3 Steps to Safely Bringing Your Own Devices (BYOD)
3 Steps to Safely Bringing Your Own Devices (BYOD)Motorola Solutions
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challengexKinAnx
 
IBM Mobile Analyzer Saves the Day
IBM Mobile Analyzer Saves the DayIBM Mobile Analyzer Saves the Day
IBM Mobile Analyzer Saves the DayIBM Security
 
Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...AGILLY
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
IBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
IBM InterConnect 2103 - Institute a MobileFirst IT InfrastructureIBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
IBM InterConnect 2103 - Institute a MobileFirst IT InfrastructureChris Pepin
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile SecurityArrow ECS UK
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USUdløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USIBM Danmark
 
Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DeviceWaterstons Ltd
 
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.Sierraware
 
MaaS360 with Watson
MaaS360 with WatsonMaaS360 with Watson
MaaS360 with WatsonSylvia Low
 
Business-Class Productivity Meets Certified Security: BlackBerry Enterprise M...
Business-Class Productivity Meets Certified Security: BlackBerry Enterprise M...Business-Class Productivity Meets Certified Security: BlackBerry Enterprise M...
Business-Class Productivity Meets Certified Security: BlackBerry Enterprise M...BlackBerry
 
Stratégies de croissance via la mobilité (ems)
Stratégies de croissance via la mobilité (ems)Stratégies de croissance via la mobilité (ems)
Stratégies de croissance via la mobilité (ems)IAMCP Canada
 
Mobile's influence on IAM
Mobile's influence on IAMMobile's influence on IAM
Mobile's influence on IAMAbhinaw Kumar
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
System Center Mobile Device Manager
System Center Mobile Device ManagerSystem Center Mobile Device Manager
System Center Mobile Device ManagerJohn Rhoton
 
IBM Announce Intent to Acquire Fiberlink Analyst Presentation
IBM Announce Intent to Acquire Fiberlink Analyst PresentationIBM Announce Intent to Acquire Fiberlink Analyst Presentation
IBM Announce Intent to Acquire Fiberlink Analyst PresentationRon Favali
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseIBM Security
 
MDM - airwatch
MDM - airwatchMDM - airwatch
MDM - airwatchBharat Sinha
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & androidEndeavour Software Technologies
 
Enterprise mobility
Enterprise mobilityEnterprise mobility
Enterprise mobilitykhanrock247
 
MobileIron's Enterprise Solution for App Security and Management
MobileIron's Enterprise Solution for App Security and ManagementMobileIron's Enterprise Solution for App Security and Management
MobileIron's Enterprise Solution for App Security and ManagementMobileIron
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security Booz Allen Hamilton
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurityGary Sandoval
 

More Related Content

What's hot

Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...AGILLY
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
IBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
IBM InterConnect 2103 - Institute a MobileFirst IT InfrastructureIBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
IBM InterConnect 2103 - Institute a MobileFirst IT InfrastructureChris Pepin
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile SecurityArrow ECS UK
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USUdløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USIBM Danmark
 
Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DeviceWaterstons Ltd
 
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.Sierraware
 
MaaS360 with Watson
MaaS360 with WatsonMaaS360 with Watson
MaaS360 with WatsonSylvia Low
 
Business-Class Productivity Meets Certified Security: BlackBerry Enterprise M...
Business-Class Productivity Meets Certified Security: BlackBerry Enterprise M...Business-Class Productivity Meets Certified Security: BlackBerry Enterprise M...
Business-Class Productivity Meets Certified Security: BlackBerry Enterprise M...BlackBerry
 
Stratégies de croissance via la mobilité (ems)
Stratégies de croissance via la mobilité (ems)Stratégies de croissance via la mobilité (ems)
Stratégies de croissance via la mobilité (ems)IAMCP Canada
 
Mobile's influence on IAM
Mobile's influence on IAMMobile's influence on IAM
Mobile's influence on IAMAbhinaw Kumar
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
System Center Mobile Device Manager
System Center Mobile Device ManagerSystem Center Mobile Device Manager
System Center Mobile Device ManagerJohn Rhoton
 
IBM Announce Intent to Acquire Fiberlink Analyst Presentation
IBM Announce Intent to Acquire Fiberlink Analyst PresentationIBM Announce Intent to Acquire Fiberlink Analyst Presentation
IBM Announce Intent to Acquire Fiberlink Analyst PresentationRon Favali
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseIBM Security
 
Enterprise mobility
Enterprise mobilityEnterprise mobility
Enterprise mobilitykhanrock247
 
MobileIron's Enterprise Solution for App Security and Management
MobileIron's Enterprise Solution for App Security and ManagementMobileIron's Enterprise Solution for App Security and Management
MobileIron's Enterprise Solution for App Security and ManagementMobileIron
 

What's hot (20)

Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
IBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
IBM InterConnect 2103 - Institute a MobileFirst IT InfrastructureIBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
IBM InterConnect 2103 - Institute a MobileFirst IT Infrastructure
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watson
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile Security
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USUdløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
 
Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own Device
 
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
 
MaaS360 with Watson
MaaS360 with WatsonMaaS360 with Watson
MaaS360 with Watson
 
Business-Class Productivity Meets Certified Security: BlackBerry Enterprise M...
Business-Class Productivity Meets Certified Security: BlackBerry Enterprise M...Business-Class Productivity Meets Certified Security: BlackBerry Enterprise M...
Business-Class Productivity Meets Certified Security: BlackBerry Enterprise M...
 
Stratégies de croissance via la mobilité (ems)
Stratégies de croissance via la mobilité (ems)Stratégies de croissance via la mobilité (ems)
Stratégies de croissance via la mobilité (ems)
 
Mobile's influence on IAM
Mobile's influence on IAMMobile's influence on IAM
Mobile's influence on IAM
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
 
System Center Mobile Device Manager
System Center Mobile Device ManagerSystem Center Mobile Device Manager
System Center Mobile Device Manager
 
IBM Announce Intent to Acquire Fiberlink Analyst Presentation
IBM Announce Intent to Acquire Fiberlink Analyst PresentationIBM Announce Intent to Acquire Fiberlink Analyst Presentation
IBM Announce Intent to Acquire Fiberlink Analyst Presentation
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile EnterpriseAre We There Yet? The Path Towards Securing the Mobile Enterprise
Are We There Yet? The Path Towards Securing the Mobile Enterprise
 
MDM - airwatch
MDM - airwatchMDM - airwatch
MDM - airwatch
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & android
 
Enterprise mobility
Enterprise mobilityEnterprise mobility
Enterprise mobility
 
MobileIron's Enterprise Solution for App Security and Management
MobileIron's Enterprise Solution for App Security and ManagementMobileIron's Enterprise Solution for App Security and Management
MobileIron's Enterprise Solution for App Security and Management
 

Similar to California's New Mobile Security Laws Require EMM

State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurityGary Sandoval
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
MUC -Summary - Lessons.docx
MUC -Summary - Lessons.docxMUC -Summary - Lessons.docx
MUC -Summary - Lessons.docxssuser4c58f5
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat ManagementKillian Delaney
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYODIBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYODCamilo Fandiño Gómez
 
ResearchProjectComplete
ResearchProjectCompleteResearchProjectComplete
ResearchProjectCompletedannyboi17
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppEric Zhuo
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats ReportJuniper Networks
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsBMI Healthcare
 
Mobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfMobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfGMATechnologies1
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesrebelreg
 
Information Security
Information SecurityInformation Security
Information Securitysteffiann88
 

Similar to California's New Mobile Security Laws Require EMM (20)

Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurity
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
MUC -Summary - Lessons.docx
MUC -Summary - Lessons.docxMUC -Summary - Lessons.docx
MUC -Summary - Lessons.docx
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat Management
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYODIBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
 
ResearchProjectComplete
ResearchProjectCompleteResearchProjectComplete
ResearchProjectComplete
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6pp
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-payments
 
Mobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfMobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdf
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devices
 
Information Security
Information SecurityInformation Security
Information Security
 

More from MobileIron

Infographic: Privacy in a BYOD World
Infographic: Privacy in a BYOD WorldInfographic: Privacy in a BYOD World
Infographic: Privacy in a BYOD WorldMobileIron
 
MobileIron's Enterprise Solution for Mobile Web Browsing
MobileIron's Enterprise Solution for Mobile Web BrowsingMobileIron's Enterprise Solution for Mobile Web Browsing
MobileIron's Enterprise Solution for Mobile Web BrowsingMobileIron
 
Android-Lockdown-SAFE
Android-Lockdown-SAFE Android-Lockdown-SAFE
Android-Lockdown-SAFE MobileIron
 
MobileIron "Touchless" Registration
MobileIron "Touchless" RegistrationMobileIron "Touchless" Registration
MobileIron "Touchless" RegistrationMobileIron
 
App reflect sneak peak
App reflect sneak peakApp reflect sneak peak
App reflect sneak peakMobileIron
 

More from MobileIron (6)

Gen M
Gen M Gen M
Gen M
 
Infographic: Privacy in a BYOD World
Infographic: Privacy in a BYOD WorldInfographic: Privacy in a BYOD World
Infographic: Privacy in a BYOD World
 
MobileIron's Enterprise Solution for Mobile Web Browsing
MobileIron's Enterprise Solution for Mobile Web BrowsingMobileIron's Enterprise Solution for Mobile Web Browsing
MobileIron's Enterprise Solution for Mobile Web Browsing
 
Android-Lockdown-SAFE
Android-Lockdown-SAFE Android-Lockdown-SAFE
Android-Lockdown-SAFE
 
MobileIron "Touchless" Registration
MobileIron "Touchless" RegistrationMobileIron "Touchless" Registration
MobileIron "Touchless" Registration
 
App reflect sneak peak
App reflect sneak peakApp reflect sneak peak
App reflect sneak peak
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

California's New Mobile Security Laws Require EMM

  • 1. MobileIron  Confidential New  Legal  Requirements   for  Mobile  Security Ojas  Rege Chief  Strategy  Officer Carl  Spataro Chief  Privacy  Officer August  9,  2016
  • 3. MobileIron  ConfidentialMobileIron  Confidential In  the  past  four  years,  the  Attorney  General  has  received  reports   on  657 data  breaches,  affecting  a  total  of  over  49  million  records   of  Californians.  In  2012,  there  were  131  breaches,  involving  2.6   million  records  of  Californians;;  in  2015,  178  breaches  put  over  24   million  records  at  risk.  This  means  that  nearly  three  in  five   Californians  were  victims  of  a  data  breach  in  2015  alone.   “2016  California  Data  Breach  Report,  February  2016
  • 4. MobileIron  ConfidentialMobileIron  Confidential EMM  is  the  recommended  approach  for  implementing  the  foundational   Critical  Security  Controls  for  mobile  devices  as  required  by  California  law   https://oag.ca.gov/breachreport2016
  • 5. MobileIron  ConfidentialMobileIron  Confidential Importance  of  planning:  Citibank  breach  (2011)   IT Compliance Privacy
  • 6. MobileIron  ConfidentialMobileIron  Confidential https://www.cisecurity.org/critical-­controls.cfm 20  Critical  Security  Controls  from   Center  for  Internet  Security  (CIS) California’s  information  security  statute  (California  Civil  Code  Sec.  1798.81.5)  requires  that  businesses  – headquartered  anywhere  in  the  world  – that  own,  license  or  maintain personal  information  about  California   residents  use  “reasonable security  procedures  and  practices  appropriate  to  the  nature  of  the  information, to   protect  personal  information  from  unauthorized  access,  destruction,  use,  modification  or  disclosure.” Data  Breach  Report  defines  “minimum level  of  information  security”
  • 7. MobileIron  ConfidentialMobileIron  Confidential If  you  are  using  ActiveSync  for   mobile  security  …. …  you  will  not be  able  to  meet   these  requirements.
  • 8. MobileIron  ConfidentialMobileIron  Confidential Recommended  role  for  MDMApplicability  to  mobile “One  must  have  knowledge  of  all  devices  used   to  access  data  and  resources  in  the   organization.  Mobile  devices  aren’t  perpetually   attached  to  the  network like  other  IT  systems,  so   new  methods  need  to  be  used  to  maintain  the   inventory.” Inventory  of  authorized  and  unauthorized  devices1 Critical  Security  Controls “…  Mobile  Device  Management  (MDM)  can   support  this  by  installing  agents  on  the  mobile   devices  to  push  down  configuration  and  security   profiles,  monitor  devices  for  configuration   changes  and  provide  access  controls  based  on   policy.” Device  inventory,  config,  policy,  compliance MobileIron  Sentry  and  Access
  • 9. MobileIron  ConfidentialMobileIron  Confidential Recommended  role  for  MDMApplicability  to  mobile “There  are  millions  of  mobile  apps  across   dozens  of  different  platforms.    Mobile  apps  can   bring  risks  and  threats  to  data  and  credentials.     Being  able  to  know  what  is  installed,  control   access  to  malicious  apps  and  insecure  versions   of  apps  is  important  to  protect  the  organization.” Inventory  of  authorized  and  unauthorized  software2 Critical  Security  Controls “MDM tools  can  inventory  apps,  and  set  policies   and  whitelisting to  promote  use  of  secure   versions  of  apps.”   App  inventory,  config,  policy,  whitelisting AppConnect for  containerization
  • 10. MobileIron  ConfidentialMobileIron  Confidential Recommended  role  for  MDMApplicability  to  mobile “Like  with  PCs,  secure  configurations  and   monitoring  of  these  configurations  are  critical  to   maintain  trust with  these  devices.” Secure  configurations  for  hardware  and  software  on  mobile  devices,   laptops,  workstations  and  servers 3 Critical  Security  Controls “MDMs can  restrict  access  to  cameras,  white-­list   Wi-­Fi  networks,  apply  password  policy   enforcement,  and  inventory what  apps  are   installed  …  and  provide  the  necessary   monitoring  to  be  alerted  when  devices  are  out  of   compliance;;  for  instance,  if  someone  installs  an   unauthorized  application,  turns  off  encryption,  or   jailbreaks  or  roots  their  device.” Lockdown  and  security  policy Compliance  notification
  • 11. MobileIron  ConfidentialMobileIron  Confidential Recommended  role  for  MDMApplicability  to  mobile “Mobile  vulnerabilities  are  usually  linked  to   versions  of  the  operating  system  or  malicious   apps.    Since  mobile devices  aren’t  attached  to   the  network,  you  can’t  identify  and  manage   vulnerabilities  like  you  do  on  PCs,  servers  or   other  networked  devices.”   Continuous  vulnerability  assessment  and  remediation4 Critical  Security  Controls “One  can’t  just  run  vulnerability  scans  on  a   network  to  scrutinize  mobile  devices.    Therefore,   mobile  vulnerability  assessments  must   incorporate  threat  modeling,  and  understanding   the  devices,  data,  users  and  their  behaviors.   MDMs  can  play  a  key  role  in  gathering  the   information  for  the  “what”  and  “who”  for  mobile   management.” Compliance  monitoring Mobile  reporting  
  • 12. MobileIron  ConfidentialMobileIron  Confidential Recommended  role  for  MDMApplicability  to  mobile “Many  intrusions  use  valid  credentials  obtained   either  through  social  engineering,  or  captured  by   other  means.    One  important  risk  in  mobile  is   protecting  credentials  stored  on  the  device   because  a  user’s  email  account  could  also  be  a   system  or  Domain  Admin  account.” Controlled  use  of  administrative  privileges5 Critical  Security  Controls “It’s  dangerous  to  allow  users  to  root  or  jailbreak   mobile  devices,  because  it  opens  up  risks  to   vulnerabilities  running  at  that  lowest  level.     MDM and  mobile  security  tools  can  provide   visibility  by  having  agents  on  phones  that  send   events  and  alerts  to  a  central  server.” Jailbreak  /  root  detection Remediation  actions  and  notifications
  • 13. MobileIron  ConfidentialMobileIron  Confidential From  discretionary  security  to   necessary  compliance
  • 14. MobileIron  ConfidentialMobileIron  Confidential Helping  compliance  team  achieve  its  goals Speaking  the  language Brand  trust Minimum  standards Not  disruptive  to  operations Ease  and  speed  of  deployment Compliance Privacy IT
  • 15. MobileIron  ConfidentialMobileIron  Confidential “The  unifying theme  is  that  an  enterprise  cannot  reasonably  believe   that  it  is  providing  adequate  security  for  important  data  unless  it  can   demonstrate  that  it  has  implemented  appropriate  enterprise  mobility   management  controls  and  procedures  to  ensure  that  the  device,   application,  and  user  are  properly  authorized  and  authenticated   before  providing  access  the  data  and  making  sure  that  the  data,  once   on  the  device,  is  protected  from  unauthorized  use  or  disclosure. Carl  Spataro,  Chief  Privacy  Officer,  MobileIron
  • 16. MobileIron  ConfidentialMobileIron  Confidential June 2016: Failure to Manage Mobile Device Results in Action under HIPAA A  recent  $650,000  settlement  agreement   under  Health  Insurance  Portability  and   Accountability  Act  of  1996  (HIPAA)  makes  it   clear  that  an  effective  enterprise  mobility   management  (EMM)  solution  is  a   requirement  for  compliance  with  the  privacy   and  security  rules  of  HIPAA
  • 17. MobileIron  ConfidentialMobileIron  Confidential is  the  proactive  approach  to   legal  compliance EMM  is  not  optional
  • 18. MobileIron  ConfidentialMobileIron  Confidential Resources  on  www.mobileiron.com Blog https://www.mobileiron.com/en/ smartwork-­blog/emm-­and-­law Resources  /  Blog White  paper https://www.mobileiron.com/en/ whitepaper/emm-­and-­law Resources  /  White  Papers This  webinar  (on-­demand) https://www.mobileiron.com/en/resources/webinars/new -­legal-­requirements-­mobile-­security-­emm-­not-­optional Resources  /  Webinars