• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Enterprise Mobile Security
 

Enterprise Mobile Security

on

  • 832 views

Paul Schwarzenberger from HP, looks at the business drivers towards the growing use of mobile devices and consumerisation, security risks, and the requirements for securely enabling the use of ...

Paul Schwarzenberger from HP, looks at the business drivers towards the growing use of mobile devices and consumerisation, security risks, and the requirements for securely enabling the use of business apps

Statistics

Views

Total Views
832
Views on SlideShare
832
Embed Views
0

Actions

Likes
0
Downloads
38
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Enterprise Mobile Security Enterprise Mobile Security Presentation Transcript

    • Enterprise Mobile Security HP Enterprise Security Services Paul Schwarzenberger MSc, M.Inst.ISP, CISSP, CLAS1 ©2011 Copyright 2010 Hewlett-Packard Development The information © Hewlett-Packard Development Company, L.P. Company, L.P. contained herein is subject to change without notice
    • ENTERPRISE MOBILE SECURITY – Senior executives want to use iPhones, iPads, Androids and other mobile devices to access corporate data – New business requirements for tablets, e.g. retail, medical – Consumerisation / BYOD – expand mobile workforce cost effectively What are the risks? What security can be applied? How to securely enable apps? 2 © Copyright 2010 Hewlett-Packard Development Company, L.P.
    • SECURITY RISKS – Malware / malicious apps Fake Netflix analysis by Symantec, October 2011 – No (or poorly implemented) encryption – Jailbroken operating systems – SMS – Data loss – corporate / personal emails – Data loss – email attachments / Dropbox – Sync and backup – to home PC and iCloud – Malicious, compromised, or inappropriate web sites 3 © Copyright 2010 Hewlett-Packard Development Company, L.P.
    • MOBILE MALWARE - CUMULATIVE The continued growth of mobile phone adoption globally is driving growth in the mobile malware sector. While malware targeting the Symbian platform is still the most prevalent, there has been a sea change in top targets in 2011. In Q3 nearly all of the malware samples discovered by McAfee Labs targeted the newer and more popular (now) Android platform. Others 1400 1200 Java ME 8% 1000 9% 800 Symbian 600 3rd Ed. 400 200 11% Symbian 0 Android 56% 16% Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 09 09 09 09 10 10 10 10 11 11 11 iOS – two viruses detected to date, both only effective against jailbroken devices4 © Copyright 2010 Hewlett-Packard Development Company, L.P. data from McAfee
    • APP REQUIREMENTS – Personal /corporate apps – Public / in-house apps – Blacklist, Whitelist apps – Prevent data leakage – Secure connectivity – Authentication 5 © Copyright 2010 Hewlett-Packard Development Company, L.P.
    • ENTERPRISE MOBILE SECURITY MODEL Enable Applications • e-mail, calendar and contacts • Business applications Sandbox • Protect corporate data • Control Interaction with host Enforce Mobile Security • Device Password • Encryption • Whitelist or blacklist Apps • Connection methods • Block jailbroken devices • Remote wipe mobile device with • Control synchronisationoptional security app • Mobile Anti-Virus e-mail and • Personal Firewall business application servers Device Management • Monitor and audit • Reporting and alerts • Remote unlock 6 © Copyright 2010 Hewlett-Packard Development Company, L.P.
    • ENTERPRISE MOBILE SECURITY - COMPONENTS – Mobile Device Management (Secure Container / Whole Device) – Anti-Malware – Secure Connectivity – Application control – VPN – Certificates – Data Loss Prevention – URL filtering 7 © Copyright 2010 Hewlett-Packard Development Company, L.P.
    • EXAMPLE: UK POLICE MOBILE DATA – Balfour Beatty Workplace – Mobile data workflow and information – Police outsource contract – Police / UK Government security standards – Ease of use – “invisible” security – Solution: SSL VPN / lockdown / certificate 8 © Copyright 2010 Hewlett-Packard Development Company, L.P.
    • EXAMPLE: IPAD APPLICATION ACCESS 9 © Copyright 2010 Hewlett-Packard Development Company, L.P.
    • EXAMPLE: ANDROID MALWARE PROTECTION – Mobile Device Management – Anti-Malware Client – App Inventory – App Control Policies • Disallow malware • Require Anti-Malware client 10 © Copyright 2010 Hewlett-Packard Development Company, L.P.
    • CONCLUSIONS – Strong demand for business use of mobile devices – Multiple security risks – Need to enable enterprise applications – Solutions available – No solution is perfect!11 © Copyright 2010 Hewlett-Packard Development Company, L.P. 11
    • thank you paul.schwarzenberger@hp.com 07968 542371 ©2011 Copyright 2010 Hewlett-Packard Development The information12 © Hewlett-Packard Development Company, L.P. Company, L.P. contained herein is subject to change without notice