RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Private Sector

MOBILE SECURITY SMACKDOWN:HOW GOVERNMENT “PWNED” THE PRIVATE SECTOR John Bordwine Symantec, Inc. Session ID: MBS-T18B Session Classification: Intermediate

“PWNED”► To be owned or dominated by an opponent or situation Presenter Logo

Quick Facts on Why► Over 1,300 “agencies” within the US government► Somewhere between 10 and 14 million employees► Hundreds of agency CIO’S► Varying levels of information classification► Increased mobile workforce► Not only workforce support but also citizen support for information access from mobile devices Presenter Logo

Government Dilemma, Which is Best? Policy ► Government issued and locked down devices ► Government issued and allow a level of personal access ► Employee owned and government managed Devices ► Smart-phones ► Tablets ► Hybrids Presenter Logo

Mobility Considerations SECURITY Presenter Logo

Hmmmm…. Presenter Logo

Defining the Key ComponentsManagement Devices/OS Applications Classification Data SecurityDevice iOS E-mail Unclassified VPNInformation Android Agency specific Highly Identity classified ManagementApplication Windows Personal Personal data Encryption at restAuthentication RIM Information General access Encryption in share motionUnified Hybrids Cloud access PII DLP Presenter Logo

Private/Public Sector Comparison Private Sector Public SectorEncrypted data storage Limited FIPS 140-2Multi-factor authentication Limited Utilize existing PKI/credential methodsApplication control Sand-box method Application wrappingGeo-fencing Limited Full awarenessCompliance measurements Limited to IT policy Defined compliance metricsChain of assurance No Access and data protectionRoot of trust OS testing OS control ► Advantage…Public Sector Presenter Logo

Best of Both Worlds?► Agency/Organization ► Well managed user access and critical device components ► Strong security ► Information protection ► Application management► End User ► Ease of use ► Fully functional ► Productivity benefits Private Sector can utilize the extensive work already performed by the Public Sector! Presenter Logo

In Conclusion...► Just how did Government “pwn” the private sector? ► By implementing a progressively multi-faceted “all of the above” strategy, while the private sector struggled with narrower, less effective policies. ► In other words: “Necessity is the mother of invention.” -- Plato Presenter Logo

Thank You!John_Bordwine@Symantec.com

Additional Information

Core Mobile Security ComponentsGovernment Focus► Application Management ► Government applications secured, trusted and protected► Device Management ► Impact of lost device► User Management ► Prevent abuse and ensure proper ownership► Information Management ► Protection of government information. Data loss prevention to protect sensitive information Presenter Logo

Core Security Components► Cloud Access ► Appropriate controls to cloud information► Access Control ► Defining the authenticity of the user and the device► Unified Management ► Devices, users and information protected independent of access point► Secure Operating System ► How to ensure the OS is not compromised► Trusted Service Manager ► Trusted authority to issue secure applications Presenter Logo

https://twitter.com	103
http://eventifier.co	6
http://media.rsaconference.com	1
http://www.eventifier.co	1

RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Private Sector

by Symantec on Feb 27, 2013

Accessibility

Categories

Upload Details

Usage Rights

4 Embeds 111

Statistics

RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Private Sector Presentation Transcript