Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CeBIT-Australia-2016-graham-thomson-mobility-enterprise-update

45 views

Published on

Mobility provides wonderful opportunities for individuals and teams within the workplace. With these opportunities comes security risk that needs to be managed. This session will explore some mobility security challenges and techniques to address them. These include:

- Leaking of enterprise data assets
- Evolving mobile device malware threats
- Rogue mobile applications
- Maintaining customer and employee trust in mobile devices

Published in: Technology
  • Be the first to comment

  • Be the first to like this

CeBIT-Australia-2016-graham-thomson-mobility-enterprise-update

  1. 1. Day 2 – DIGITAL BUSINESS TECHNOLOGIES Mobility @ CeBIT Global Conferences General Manager, Information Security and Assurance nbn™ Mobility in the enterprise, an update from the field Graham Thomson
  2. 2. Mobility in the Enterprise, an update from the field Synopsis: Mobility provides wonderful opportunities for individuals and teams within the workplace. With these opportunities comes security risk that needs to managed. This session will explore some mobility security challenges and techniques to address them. These include: • Leaking of enterprise data assets • Evolving mobile device malware threats • Rogue mobile applications • Maintain customer and employee trust in mobile devices Welcome
  3. 3. Mobility for enterprises in 2016 can be defined as: • enabling employees and service providers to interact and transact with the organisation from anywhere, at anytime, using mobile devices such as smart phones, tablets and laptops • and the ability for organisations to interact and transact with customers and prospective customers using techniques and solutions previously not practicable or available What is Mobility? A definitions for the purpose of this presentation
  4. 4. • Personal data stored on the same device as corporate data – multiple personas • Mobile device may be used by other people - family and friends • Apps downloaded for personal use may compromise corporate assets • Connectivity to “wearables” and other devices such as watches and fitness trackers can undermine security controls • Malicious use of the device by malware to get capabilities such as call forwarding, call recording, reading and sending text messages, surveillance of the user of the device, an so forth Some of the challenges
  5. 5. CIA – Confidentiality, Integrity and Availability AAAA – Authentication, Authorisation, Accounting and Auditing • Device security • Application and transaction security • File and document security Aspects of mobile security
  6. 6. Basic security - good practice • PIN lock or Fingerprint (TouchID) • Remote wipe capability Other potential security controls • Device location tracking • Mobile device management • Anti-virus and anti-malware applications Device security
  7. 7. • Regular patching of OS and applications • Contextual information - the who, what, when, where and why the device is being used • Privacy - cameras, microphones, GPS • Stored credentials - automatic login to enterprise/cloud hosted services Application and Transaction security
  8. 8. • Self-protecting data - encryption and certificate technologies • Corporate assets stored on the mobile device • Corporate assets inadvertently shared and backed up to an individual's personal cloud data storage File and Document security
  9. 9. • Understand and develop the organisations mobility vision • Undertake a security threat and vulnerability risk assessment • Apply security control measures in accordance with the risk tolerance applicable for the organisation • Both individuals and enterprises need to be vigilant with security on mobile devices Conclusion
  10. 10. StaySmartOnline - https://www.communications.gov.au/what-we-do/internet/stay-smart-online/mobile-devices • Mobile devices NIST (National Institute of Standards and Commerce) - https://nccoe.nist.gov/projects/building_blocks/mobile_device_security • NCCoE - National Cybersecurity Center of Excellence • NIST Cybersecurity Practice Guide, SP 1800-4: Mobile Device Security: Cloud and Hybrid Builds • NIST Cybersecurity Framework Cloud Security Alliance - https://cloudsecurityalliance.org • Security Guidance for Critical Areas of Mobile Computing ASD (Australian Signals Directorate) • Risk Management of Enterprise Mobility including Bring Your Own Device (BYOD) - http://www.asd.gov.au/publications/protect/enterprise_mobility_bring_your_own_device_byod_paper.htm ENISA (European Union Agency for Network and Information Security) • Smartphone: Information security risks, opportunities and recommendations for users - https://www.enisa.europa.eu/publications/smartphones-information-security-risks-opportunities-and-recommendations-for-users Useful reference material

×