Enterprise Mobile Security  HP Enterprise Security Services  Paul Schwarzenberger  MSc, M.Inst.ISP, CISSP, CLAS1 ©2011 Cop...
ENTERPRISE MOBILE SECURITY – Senior executives want to use iPhones, iPads, Androids and other   mobile devices to access c...
SECURITY RISKS – Malware / malicious apps                                       Fake Netflix analysis by                  ...
MOBILE MALWARE - CUMULATIVE     The continued growth of mobile phone adoption globally is driving growth in the mobile mal...
APP REQUIREMENTS                                                                  – Personal /corporate apps              ...
ENTERPRISE MOBILE SECURITY MODEL                                             Enable Applications                          ...
ENTERPRISE MOBILE SECURITY - COMPONENTS – Mobile Device Management (Secure Container / Whole Device) – Anti-Malware – Secu...
EXAMPLE: UK POLICE MOBILE DATA – Balfour Beatty Workplace – Mobile data workflow and information – Police outsource contra...
EXAMPLE: IPAD APPLICATION ACCESS 9   © Copyright 2010 Hewlett-Packard Development Company, L.P.
EXAMPLE: ANDROID MALWARE PROTECTION                                                                   – Mobile Device     ...
CONCLUSIONS     – Strong demand for business use of mobile devices     – Multiple security risks     – Need to enable ente...
thank you  paul.schwarzenberger@hp.com  07968 542371 ©2011 Copyright 2010 Hewlett-Packard Development The information12   ...
Upcoming SlideShare
Loading in...5
×

Enterprise Mobile Security

739

Published on

Paul Schwarzenberger from HP, looks at the business drivers towards the growing use of mobile devices and consumerisation, security risks, and the requirements for securely enabling the use of business apps

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
739
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
43
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Enterprise Mobile Security

  1. 1. Enterprise Mobile Security HP Enterprise Security Services Paul Schwarzenberger MSc, M.Inst.ISP, CISSP, CLAS1 ©2011 Copyright 2010 Hewlett-Packard Development The information © Hewlett-Packard Development Company, L.P. Company, L.P. contained herein is subject to change without notice
  2. 2. ENTERPRISE MOBILE SECURITY – Senior executives want to use iPhones, iPads, Androids and other mobile devices to access corporate data – New business requirements for tablets, e.g. retail, medical – Consumerisation / BYOD – expand mobile workforce cost effectively What are the risks? What security can be applied? How to securely enable apps? 2 © Copyright 2010 Hewlett-Packard Development Company, L.P.
  3. 3. SECURITY RISKS – Malware / malicious apps Fake Netflix analysis by Symantec, October 2011 – No (or poorly implemented) encryption – Jailbroken operating systems – SMS – Data loss – corporate / personal emails – Data loss – email attachments / Dropbox – Sync and backup – to home PC and iCloud – Malicious, compromised, or inappropriate web sites 3 © Copyright 2010 Hewlett-Packard Development Company, L.P.
  4. 4. MOBILE MALWARE - CUMULATIVE The continued growth of mobile phone adoption globally is driving growth in the mobile malware sector. While malware targeting the Symbian platform is still the most prevalent, there has been a sea change in top targets in 2011. In Q3 nearly all of the malware samples discovered by McAfee Labs targeted the newer and more popular (now) Android platform. Others 1400 1200 Java ME 8% 1000 9% 800 Symbian 600 3rd Ed. 400 200 11% Symbian 0 Android 56% 16% Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 09 09 09 09 10 10 10 10 11 11 11 iOS – two viruses detected to date, both only effective against jailbroken devices4 © Copyright 2010 Hewlett-Packard Development Company, L.P. data from McAfee
  5. 5. APP REQUIREMENTS – Personal /corporate apps – Public / in-house apps – Blacklist, Whitelist apps – Prevent data leakage – Secure connectivity – Authentication 5 © Copyright 2010 Hewlett-Packard Development Company, L.P.
  6. 6. ENTERPRISE MOBILE SECURITY MODEL Enable Applications • e-mail, calendar and contacts • Business applications Sandbox • Protect corporate data • Control Interaction with host Enforce Mobile Security • Device Password • Encryption • Whitelist or blacklist Apps • Connection methods • Block jailbroken devices • Remote wipe mobile device with • Control synchronisationoptional security app • Mobile Anti-Virus e-mail and • Personal Firewall business application servers Device Management • Monitor and audit • Reporting and alerts • Remote unlock 6 © Copyright 2010 Hewlett-Packard Development Company, L.P.
  7. 7. ENTERPRISE MOBILE SECURITY - COMPONENTS – Mobile Device Management (Secure Container / Whole Device) – Anti-Malware – Secure Connectivity – Application control – VPN – Certificates – Data Loss Prevention – URL filtering 7 © Copyright 2010 Hewlett-Packard Development Company, L.P.
  8. 8. EXAMPLE: UK POLICE MOBILE DATA – Balfour Beatty Workplace – Mobile data workflow and information – Police outsource contract – Police / UK Government security standards – Ease of use – “invisible” security – Solution: SSL VPN / lockdown / certificate 8 © Copyright 2010 Hewlett-Packard Development Company, L.P.
  9. 9. EXAMPLE: IPAD APPLICATION ACCESS 9 © Copyright 2010 Hewlett-Packard Development Company, L.P.
  10. 10. EXAMPLE: ANDROID MALWARE PROTECTION – Mobile Device Management – Anti-Malware Client – App Inventory – App Control Policies • Disallow malware • Require Anti-Malware client 10 © Copyright 2010 Hewlett-Packard Development Company, L.P.
  11. 11. CONCLUSIONS – Strong demand for business use of mobile devices – Multiple security risks – Need to enable enterprise applications – Solutions available – No solution is perfect!11 © Copyright 2010 Hewlett-Packard Development Company, L.P. 11
  12. 12. thank you paul.schwarzenberger@hp.com 07968 542371 ©2011 Copyright 2010 Hewlett-Packard Development The information12 © Hewlett-Packard Development Company, L.P. Company, L.P. contained herein is subject to change without notice
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×