extended systems


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

extended systems

  1. 1. OneBridge Mobile Secure Overview on Security 25th February 2005
  2. 2. Agenda <ul><li>Overview of Market </li></ul><ul><li>Product Offering </li></ul><ul><li>Upcoming Releases </li></ul><ul><ul><li>OBMS 1.5 </li></ul></ul><ul><ul><li>OBMS 2.0 </li></ul></ul><ul><ul><li>OBMS 2.5 </li></ul></ul><ul><li>Credant Relationship </li></ul><ul><li>Competitive Differentiators </li></ul>
  3. 3. Device trends <ul><li>Stand alone devices </li></ul><ul><ul><li>The GPS market is powering standalone PDA sales in Europe, and it's a market that is driven by price. Medion has been very successful in this arena, and it's now joined by Mitac and, more recently, Yakumo and Anubis. PalmOne is attempting to fight back with Zire 72- and Zire 31-based GPS bundles. Latest devices from PalmOne is the treo 650 & T5 </li></ul></ul><ul><li>smart phones . </li></ul><ul><ul><li>Shipments totalled 1.85m units during the same period, up 38 per cent on Q3 2003's 1.34m total, info from IDC </li></ul></ul><ul><ul><li>RIM's Blackberry managed to grab almost seven per cent of the smart phone market, this is up by 300 percent due an order in the UK from Vodafone. </li></ul></ul><ul><li>Applications </li></ul><ul><ul><li>More than email, Service management, Sales management, Bespoke Healthcare etc… </li></ul></ul>
  4. 4. Can you keep a Secret ? Why do Organisations protect data ?
  5. 5. @RISK: The Consensus Security Vulnerability Alert February 24, 2005 Vol. 4. Week 8 <ul><li>-- Third Party Windows Apps </li></ul><ul><li>05.8.1 - fallback-reboot Remote Denial of Service </li></ul><ul><li>05.8.2 - WebConnect Multiple Remote Vulnerabilities </li></ul><ul><li>05.8.3 - SD Server Directory Traversal Vulnerability </li></ul><ul><li>05.8.4 - Bontago Game Server Remote Nickname Buffer Overrun </li></ul><ul><li>05.8.5 - Xinkaa WEB Station Directory Traversal </li></ul><ul><li>05.8.6 - Arkeia Network Backup Agent Remote Unauthorized Access </li></ul><ul><li>05.8.7 - PuTTY, PSFTP and PSCP Multiple Remote Integer Overflow Vulnerabilities </li></ul><ul><li>05.8.8 - TrackerCam Multiple Remote Vulnerabilities </li></ul><ul><li>-- Linux </li></ul><ul><li>05.8.9 - OpenLDAP SlapD Remote Denial of Service </li></ul><ul><li>-- Unix </li></ul><ul><li>05.8.10 - Information Resource Manager Authentication Unspecified Vulnerability </li></ul><ul><li>05.8.11 - Arkeia Type 77 Request Remote Buffer Overrun </li></ul><ul><li>05.8.12 - GProFTPD GProstats Remote Format String Vulnerability </li></ul><ul><li>05.8.13 - glFTPD ZIP Plugins Directory Traversal </li></ul><ul><li>-- Cross Platform </li></ul><ul><li>05.8.14 - UnAce Archive Directory Traversal </li></ul><ul><li>05.8.15 - Mono Multiple Cross-Site Scripting Vulnerabilities </li></ul><ul><li>05.8.16 - PHPBB Arbitrary File Disclosure Vulnerability </li></ul><ul><li>05.8.17 - cURL/libcURL NTLM Authentication Buffer Overflow </li></ul><ul><li>05.8.18 - cURL/libcURL Kerberos Authentication Buffer Overflow </li></ul><ul><li>05.8.19 - ZeroBoard Multiple Cross-Site Scripting Vulnerabilities 05.8.20 - Tarantella Enterprise/Secure Global Information Disclosure </li></ul><ul><li>05.8.21 - Bidwatcher Remote Format String Vulnerability </li></ul><ul><li>05.8.22 - Yahoo! Messenger Download Dialogue Box File Name Spoofing </li></ul><ul><li>05.8.23 - Gaim Multiple Remote Denial of Service Vulnerabilities </li></ul><ul><li>05.8.24 - WebCalendar SQL Injection </li></ul><ul><li>05.8.25 - PaNews Cross-Site Scripting </li></ul><ul><li>-- Web Application </li></ul><ul><li>05.8.26 - MediaWiki Multiple Unspecified Remote Vulnerabilities </li></ul><ul><li>05.8.27 - iGeneric iG Shop Multiple SQL Injection Vulnerabilities </li></ul><ul><li>05.8.28 - phpBB Arbitrary File Deletion Vulnerability </li></ul><ul><li>05.8.29 - PHPBB Multiple Vulnerabilities 05.8.30 - Biz Mail Form Unauthorized Mail Relay Vulnerability </li></ul><ul><li>05.8.31 - vBulletin Arbitrary PHP Script Code Execution </li></ul><ul><li>05.8.32 - Verity Ultraseek Cross-Site Scripting </li></ul><ul><li>05.8.33 - Mambo Open Source Remote File Include </li></ul><ul><li>05.8.34 - INL Ulog-php Multiple SQL Injection Vulnerabilities </li></ul><ul><li>05.8.35 - paNews Remote PHP Script Code Execution </li></ul><ul><li>05.8.36 - PMachine Pro Remote File Include Vulnerability </li></ul><ul><li>05.8.37 - NewsBruiser Comment System Security Restrictions Bypass </li></ul><ul><li>05.8.38 - Skull-Splitter Guestbook HTML Injection </li></ul><ul><li>05.8.39 - BibORB Multiple Input Validation Vulnerabilities 05.8.40 - paFaq SQL Injection Vulnerability </li></ul><ul><li>05.8.41 - MercuryBoard Forum Cross-Site Scripting </li></ul><ul><li>05.8.42 - ELOG Web Logbook Multiple Remote Vulnerabilities </li></ul><ul><li>-- Network Device </li></ul><ul><li>05.8.43 - Gigafast EE400-R Router Multiple Remote Vulnerabilities </li></ul><ul><li>05.8.44 - Thomson TCW690 Cable Modem Multiple Vulnerabilities </li></ul>
  6. 6. Why we use security!!!!!!! --University of California at San Diego Computers Compromised Again (18 January 2005) For the third time in one year, computers containing information belonging to at University of California San Diego students and alumni have been breached. The university has been phasing out the use of Social Security numbers as identifiers, but these computers were among the last that still contained this data. While there is no evidence that the data has been used to steal identities, those whose personal information was compromised have been informed in compliance with California law. The intruder used the servers to store music and video files. http://www.nbcsandiego.com/education/4103051/detail.html SANS NewsBites Vol. 7 Num. 4
  7. 7. Ebay:- in the news again --eBay Sellers Offering eMail Addresses, Spam Tools (20 January 2005) Despite eBay's recent effort to protect its customers from spam, sellers on the auction site are offering millions of email addresses and spamming tools. Certain lots have been removed from the site, but Steve Linford of anti-spam organization Spamhaus believes eBay should pay closer attention to what is sold on its site and be a leader in the fight against spam. SANS NewsBites Vol. 7 Num. 4
  8. 8. USA rules OK! --US Considers Reviewing IBM/Levono Deal for National Security Risks (25 January 2005) The Committee on Foreign Investments in the United States is considering launching an investigation into whether IBM's proposed sale of IBM's PC business to Chinese computer manufacturer Levono Group Ltd. poses a threat to national security. Some have expressed concern that Chinese computer experts could use an IBM facility to conduct industrial espionage. SANS NewsBites Vol. 7 Num. 4
  9. 9. Stolen? <ul><li>Somebody placed an advertisement on eBay that advertised a Blackberry    RIM &quot;sold as is.&quot; A Seattle computer consultant sent in a bid of US$15.50. His bid was accepted, making him the new owner of the pager-size wireless pocket communicator with 4 MB of memory. </li></ul><ul><li>He soon discovered that he was the of a Senior Vice President’s of a Merchant Banks Blackberry. It contained a hoard of corporate data, names & address’s, phone numbers, and other very confidential information. </li></ul><ul><li>It was then auctioned on Ebay for an serious amount of cash….. </li></ul>
  10. 10. Security Policies: the Options ! <ul><li>Trust Everyone all of the Time </li></ul><ul><ul><li>Easiest to in force but impractical </li></ul></ul><ul><ul><li>One bad apple can ruin the whole barrel </li></ul></ul><ul><li>Trust No One at Any Time </li></ul><ul><ul><li>Most restrictive, but also impractical </li></ul></ul><ul><ul><li>Difficult for staff positions </li></ul></ul><ul><li>Trust some of the people some of the time! </li></ul><ul><ul><li>Exercise caution on the amount of trust given </li></ul></ul><ul><ul><li>Access is given out as needed </li></ul></ul><ul><ul><li>Technical controls need to ensure trust is not violated </li></ul></ul>
  11. 11. The need for a “Win-Win” policy People view policies as: An impediment to productivity Measures to control behaviour People have different views about needs for security controls People fear policies will be difficult to follow & implement Policies will affect everyone within the organisation Tension!!! Users… its stopping me working! Systems support : how do the controls work, will we be effected? Management: concerned about costs v protection!
  12. 12. <ul><li>Explosive growth of mobile computing has increased productivity and introduced new opportunities for business </li></ul><ul><li>New threats and management issues abound — lack of tools to manage and secure </li></ul><ul><li>Difficult to determine who is using mobile devices </li></ul><ul><li>Priceless enterprise data is being synchronized and stored on devices </li></ul><ul><li>Data travels well beyond the safety of the firewall </li></ul><ul><li>Sensitive information travels over public networks </li></ul><ul><li>Mobile devices are too easily lost or stolen </li></ul>what customers are experiencing
  13. 13. why be concerned about data security? <ul><ul><li>PDAs are very prone to loss and theft. Gartner estimates more than 250,000 cell phones and PDAs were lost at airports alone last year. </li></ul></ul><ul><ul><li>SANS Institute reports studies show up to 30% loss rate for PDAs. </li></ul></ul><ul><ul><li>Tom Walsh of Enterprise Security says, &quot;Robbers net about $85 per holdup and are caught 80% of the time. Information thefts average $800,000 in value and are caught 2% of the time.” </li></ul></ul><ul><ul><li>Information on employee PDAs can often provide access to your network, customers and confidential information. </li></ul></ul><ul><ul><li>Company reputation: responsibility to customers/clients. </li></ul></ul>
  14. 14. 1995 EU Data Protection Act Directive 95/46/EC <ul><li>Multinationals operating across the EU cannot assume the native individual Countries Data Protection laws will be mirrored across Europe. </li></ul><ul><li>Not all fifteen Member States, (for example Belgium), have instated a &quot;Data Protection Officer / Commissioner&quot; to help ensure data protection law compliance, </li></ul><ul><li>One theme consistent throughout the survey was that all countries have the capability to impose sanctions for non compliance. </li></ul><ul><li>Germany & Italy (started Jan 2004), stricter than the main directive. </li></ul><ul><li>Initial requirement: All fifteen member states to implement by 25 th October 1998 </li></ul>
  15. 15. what kind of data are your employees likely to keep on their devices? <ul><li>Enterprises cannot control what data the users can sync onto their device </li></ul><ul><li>According to a recent PDA usage survey on mobile technologies: </li></ul><ul><ul><li>85% Business Calendar </li></ul></ul><ul><ul><li>80% Business Contacts </li></ul></ul><ul><ul><li>35% Documents </li></ul></ul><ul><ul><li>33% Passwords </li></ul></ul><ul><ul><li>32% E-mail </li></ul></ul>
  16. 16. <ul><li>Enable secure access anytime, anywhere </li></ul><ul><li>Maximizes the protection of mobile information and limits legal exposure </li></ul>Addressing Business Mandates Reduces cost of ownership by securing the mobile enterprise with centrally managed, policy-based security Reduces threat of unauthorized access to business information Easily detects and governs diverse mobile devices Protects the enterprise, wireless access and mobile devices Meet regulatory and audit requirements Limit risk from device loss, theft or attack Control mobile device usage and synchronization Secure priceless enterprise mobile data Business Mandates Benefits Deploy new solutions that address mobile device “disconnected mode” Deliver cost-effective solution to deploy, support and manage diverse types of mobile devices Maximizes the protection of mobile information and limits legal exposure Architected to address the unique requirements of mobile computing
  17. 17. business imperative — secure the mobile ecosystem Protect Wireless Access Protect the Enterprise Protect Mobile Devices Take control of mobile device usage Enable productivity from anywhere Limit risk from loss, theft and attack
  18. 18. <ul><li>To gain a benefit </li></ul><ul><ul><li>Faster and more confident technology deployment </li></ul></ul><ul><ul><li>Compliance with legislation or tendering requirement </li></ul></ul><ul><ul><li>To win customer confidence and maintain privacy </li></ul></ul><ul><li>Or to mitigate a risk </li></ul><ul><ul><li>Commercial risk from theft of proprietary information </li></ul></ul><ul><ul><li>Reputation risk from bad publicity </li></ul></ul><ul><ul><li>Legal risk from litigation and compliance failure </li></ul></ul>Why do customers choose to encrypt?
  19. 19. OneBridge Security Evolution <ul><li>Multi-tier Public Keys to authenticate users </li></ul><ul><ul><li>Power-On Password to provide basic security to devices </li></ul></ul><ul><ul><ul><li>Over-the-Air Security to protect data transmission enables via RSA </li></ul></ul></ul><ul><ul><ul><ul><li>On-Device Encryption to lock down data enabled via Credant </li></ul></ul></ul></ul>
  20. 20. Sync Cradle (USB, Serial, etc.) PPC with CMG Shield & OneBridge Client Tablet PC with CMG Shield & OneBridge Client Palm with CMG Shield & OneBridge Client On WAN or LAN OneBridge Desktop Connector (PC) Security Policy Editor OneBridge Server SQL or Advantage Server LDAP, AD, NT, DB, Lotus, Radius, RSA OneBridge Helpdesk Console OneBridge Admin Console SSL Wired or Wireless connection (128 Bit RSA Encryption) 128 Bit RSA Encryption Architecture OneBridge Mobile Secure
  21. 21. LAN/WAN <ul><li>OBMS Shield </li></ul><ul><li>Provides robust on-device policy enforcement - access control, data encryption and user authorizations. </li></ul><ul><ul><li>Maximizes the protection of mobile business information. </li></ul></ul><ul><li>OBMS Administration </li></ul><ul><li>Centralized specification of policy for your PDAs </li></ul><ul><li>Save and load different policy sets for different groups within your organization </li></ul><ul><li>Create installable Shield images for PPC, Palm, Smartphone or Symbian </li></ul><ul><li>Integrated in OneBridge Software Deployment functionality </li></ul><ul><li>Designate corporate security policy for mobile Devices </li></ul>Architecture OneBridge Mobile Secure
  22. 22. <ul><li>Robust on-device encryption of corporate data on the device </li></ul><ul><li>Centralized management of devices and data security policies </li></ul><ul><li>Ability to receive updated email and data – even while device is locked – via our LiveConnect functionality </li></ul><ul><li>Self-service and administrator-assisted password recovery options available </li></ul>OneBridge Mobile Secure overview
  23. 23. What is OBMS? <ul><li>Protects mobile devices and applications </li></ul><ul><ul><li>Authentication required to access data on device </li></ul></ul><ul><ul><li>data encryption </li></ul></ul><ul><ul><li>on-device restrictions </li></ul></ul><ul><ul><li>administrator device and data recovery </li></ul></ul><ul><li>Broad platform support for diverse mobile hardware and operating systems for PDAs and smartphones </li></ul><ul><li>Easy to administer – centrally-defined security policies for consistency across all mobile users </li></ul><ul><li>Shield provides industry-leading depth of security policies </li></ul><ul><li>Flexible and cost-effective implementation with upgrade paths to enterprise-wide solutions </li></ul><ul><ul><li>Ease of implementation </li></ul></ul><ul><ul><li>Multiple deployment options </li></ul></ul>
  24. 24. OneBridge Mobile Secure Features <ul><li>Centrally-defined user authentication provides: </li></ul><ul><ul><li>Pin, Password and Question/Answer: length, strength, number of retries, expiry, history </li></ul></ul><ul><ul><li>Timeouts – inactivity </li></ul></ul><ul><ul><li>Self-service password reset via question/answer </li></ul></ul><ul><ul><li>Administrator recovery – different between Group and Enterprise </li></ul></ul><ul><ul><li>Fail-safe action if under attack - extend retry timeout or wipe device (remove all data) </li></ul></ul><ul><li>On-device data encryption: </li></ul><ul><ul><li>Built in PIM applications: email (including attachments), calendar, contacts </li></ul></ul><ul><ul><li>Other applications, including custom applications </li></ul></ul><ul><ul><li>Blowfish 128, 3DES, AES128, AES256 (notebook/tablet) </li></ul></ul><ul><li>Port Controls </li></ul><ul><ul><li>Infrared </li></ul></ul><ul><ul><li>Bluetooth </li></ul></ul><ul><ul><li>External Storage </li></ul></ul><ul><ul><li>Network </li></ul></ul><ul><li>Application Controls </li></ul><ul><ul><li>Any application can be disabled , including cameras </li></ul></ul><ul><ul><li>Useful for customizing devices for specific business applications </li></ul></ul>
  25. 25. OneBridge Mobile Secure key differentiators <ul><li>Ease of implementation and support </li></ul><ul><ul><li>Easily map security, management and control to meet diverse IT and regulatory compliance requirements </li></ul></ul><ul><ul><li>Minimize costs and maximize existing investments by integrating with existing enterprise directories </li></ul></ul><ul><ul><li>Over-the-air distribution of shield and policies for mobile devices </li></ul></ul><ul><li>Reduced cost of ownership </li></ul><ul><ul><li>Single administrative package to centrally manage all mobile devices </li></ul></ul><ul><ul><li>Self-service password reset </li></ul></ul><ul><li>Best of breed solution </li></ul><ul><ul><li>Ability to push data to the device even when locked </li></ul></ul><ul><ul><li>Leverages Credant Mobile Security Platform </li></ul></ul><ul><li>Robust security </li></ul><ul><ul><li>Policy-based on-device security enforcement </li></ul></ul><ul><ul><li>Mutually authenticated synchronization </li></ul></ul><ul><ul><li>Automatic fail-safe action if mobile device is lost or stolen ensures valuable information is protected </li></ul></ul>
  26. 26. OneBridge Mobile Secure Specifications <ul><li>Shield Platforms </li></ul><ul><ul><li>Pocket PC 2000 with ARM processor, Pocket PC 2002, Windows Mobile 2003 and Windows Mobile 2003 Second Edition with 2MB free memory </li></ul></ul><ul><ul><li>Palm OS 3.5 through 5.x with at least 4MB RAM and 1.5 MB free storage </li></ul></ul><ul><ul><li>Smartphone 2003 with 1MB free main memory </li></ul></ul><ul><li>Policy Editor Platforms </li></ul><ul><ul><li>Windows 2000 Professional SP3 </li></ul></ul><ul><ul><li>Windows XP Professional SP1 </li></ul></ul><ul><li>Encryption Algorithms </li></ul><ul><ul><li>AES 128, Triple DES, Blowfish 128, Lite </li></ul></ul><ul><li>Certifications </li></ul><ul><ul><li>FIPS 140-2 </li></ul></ul>
  27. 27. OBMS Version 1.5 New Key Features <ul><li>Features </li></ul><ul><ul><li>Windows Mobile 2003 (Smartphone) Shield </li></ul></ul><ul><ul><ul><li>Samsung i600 </li></ul></ul></ul><ul><ul><ul><li>Motorola MPx 220 </li></ul></ul></ul><ul><ul><li>Full Encryption on Palm Shield </li></ul></ul><ul><ul><li>New Devices </li></ul></ul><ul><ul><ul><li>PalmOne Treo 650 Support </li></ul></ul></ul><ul><ul><li>Port and Application Blocking </li></ul></ul><ul><ul><li>SD Card Encryption </li></ul></ul><ul><ul><li>French, Italian, German, and Spanish Language Support </li></ul></ul><ul><ul><li>Hotfix for OBMG to provide full functionality on Software Distribution. </li></ul></ul><ul><li>Availability </li></ul><ul><ul><li>Mid March GA </li></ul></ul>
  28. 28. OBMS Version 2.0 Key Features <ul><li>Features </li></ul><ul><ul><li>Fully integrated into OneBridge Admin Console (part of OneBridge Mobile Groupware 4.5) </li></ul></ul><ul><ul><li>Ability to create Temporary Admin Passwords for Support </li></ul></ul><ul><ul><li>Symbian Shield (Authentication) UIQ and Series 80 Devices </li></ul></ul><ul><li>Availability </li></ul><ul><ul><li>May 2005 </li></ul></ul>
  29. 29. OBMS Version 2.5 Key Features <ul><li>Features </li></ul><ul><ul><li>Full Encryption on Symbian </li></ul></ul><ul><ul><li>Windows 32 Client </li></ul></ul><ul><li>Availability </li></ul><ul><ul><li>Summer 2005 </li></ul></ul>
  30. 30. Device Validation Process
  31. 31. Development Details 4 weeks minimum Typical Project Duration Client Sign off acceptance of OBMG Client Extended Systems Deliver QA’ed OBMG client to Client 1 week Extended Systems Complete OBMG Client QA Client Deliver to Extended Systems <one> SIM unlocked device with final ROM Extended Systems Deliver beta OBMG client to Client for evaluation TBD Extended Systems Complete additional development work Client and Extended Systems Review and agree target delivery date for OBMG Client 1 week Extended Systems Analyse results and scope the additional development work required 2 weeks Extended Systems Run OBMG Client test suite Client Deliver to Extended Systems <three> SIM unlocked devices Client Deliver to Extended Systems the device specifications and documentation Duration Responsibility Action
  32. 32. Device Certification Queue
  33. 33. <ul><li>“ The emergence of a highly competitive new vendor, CREDANT Technologies, has raised the threshold at which other vendors can pursue leadership.” </li></ul><ul><li>“ CREDANT went furthest by offering the most features in the fewest number of products.” </li></ul><ul><li>“ CREDANT’s comprehensiveness of vision forced a lower comparative ranking of many incumbent vendors.” </li></ul><ul><li>“ CREDANT’s strong first-year sales are a prelude to leadership.” </li></ul>Who is Credant?
  34. 34. <ul><li>Sales model </li></ul><ul><ul><li>Territory - Global </li></ul></ul><ul><ul><li>OEM Shield provides on-device core of Mobile Secure solution </li></ul></ul><ul><ul><li>Ability to Resell any Credant products </li></ul></ul><ul><ul><li>Upgrade pricing available between shield versions (e.g. Group Edition to Enterprise Edition) </li></ul></ul><ul><li>Maintenance & Support </li></ul><ul><ul><li>ESI provides level 1 & 2 to customers </li></ul></ul><ul><ul><li>Credant provides level 3 to ESI </li></ul></ul><ul><li>Sales Support </li></ul><ul><ul><li>Credant reps are compensated for partner sales </li></ul></ul>Relationship Overview
  35. 35. Sales Process <ul><li>Credant is already working on a number of sales opportunities with ESI </li></ul><ul><li>Rules of engagement – under discussion </li></ul><ul><li>Goal is for ESI to take the lead with joint customers, Credant provide support to close deals </li></ul><ul><li>Credant will support ESI with prospects, pricing information, sales strategies, Webex presentations and demos, technical support, training, joint marketing, collateral development, etc… </li></ul><ul><li>Paul Huntingdon ( [email_address] ) is the prime AE contact for ESI EMEA </li></ul><ul><li>Sean Towns ( [email_address] ) is the prime SE contact for ESI EMEA </li></ul><ul><li>Kevin Burchett ( [email_address] ) is the prime BD contact for ESI EMEA </li></ul>
  36. 36. Competitive Comparison X X X Windows Mobile 2003 X 2005 Symbian X X Windows Mobile Smartphone Must unlock before can use phone Must unlock before can use phone X PPC 2002 Phone Edition X X X PPC 2002 X X X PPC 2000 X No encryption X Palm 3.5 – 5.x Platforms X OTA distribution of security software X Secure end to end security and mobile messaging Claimed Automated device detection, inventory and reporting X X X Centrally-defined mobile user security policies Trust Digital Pointsec OneBridge Mobile Secure Enterprise Policy Administration and Device Management
  37. 37. Competitive Comparison X Phone use without unlocking device Some PPC devices Ability to survive hard reset X Forgotten Pin /Password recovery – secure challenge response over the phone X X Forgotten PIN/Password recovery – Administrator in person X Port Control – IR, Bluetooth, Network… X Application Lockout X X Automatic Kill Action for lost/stolen devices X Self-Service PIN/Password Reset X X FIPS certified encryption algorithms X Not on Palm X On-device and removable storage data encryption X X X Centrally defined mandatory access control Trust Digital Pointsec OneBridge Mobile Secure Mobile Device Security and Control
  38. 38. Mobile Device Check list <ul><li>Security Policy </li></ul><ul><li>Use Policy </li></ul><ul><li>Awareness Training </li></ul><ul><li>Device registration </li></ul><ul><li>Initial Checklist </li></ul><ul><li>Employee Termination Procedure </li></ul><ul><li>Device Authentication </li></ul><ul><li>Anti Virus Software </li></ul><ul><li>Theft protection </li></ul><ul><li>File Encryption </li></ul><ul><li>Device Firewall </li></ul><ul><li>Device Integrity </li></ul><ul><li>Device Management </li></ul><ul><li>Network Connections </li></ul><ul><li>Expansion Slots </li></ul>
  39. 39. HP raising security profile with “ HP protect Tools” <ul><li>On a number of new devices HP is supplying as part of the on ROM security, a replacement from the Microsoft logon password solution. </li></ul><ul><li>It is also supplied by Credant. </li></ul><ul><li>It’s a personal version only. i.e. no central policy management </li></ul><ul><li>It can be turned off, and replaced by OBMSecure. </li></ul><ul><li>This is a big opportunity… HP are doing all the work… sell OBMSecure to these users. See the following screens.. </li></ul>