Best practices for mobile enterprise security


Published on

Presented at CSO Perspectives Seminar on Enabling and Securing the Mobile Enterprise conference in Boston, MA on November 15 at the Westin Boston Waterfront

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Best practices for mobile enterprise security

  1. 1. Best practices for mobile enterprise securityChris PepinIBM Global Mobile Offering Manager and Evangelist © 2012 IBM Corporation
  2. 2. Mobile is a milestone in the evolution of computing Mobile & cloud Web Client server @MainframeSource: IBM press release November 20122 © 2012 IBM Corporation
  3. 3. Enterprise are faced with multiple mobile challenges  “Consumerization of IT” forcing chief information officers s to have Business “bring-your-own-device” (BYOD) policy and plan; provide employee–device choice and  Anytime, anywhere, any device access now standard IT change  Social business interactions are increasingly important  Protection of privacy and confidential information Security and  Policies for client-owned smartphones and tablets management  Visibility, security and management of mobile platform requirements  Complexity of multiple device platforms Lifecycle  Unique mobile requirements for employees/workers complexity  Extending data, voice and video applications to mobile devices  Integrating across wired or wireless local area network (LAN) platformsSource: The New Workplace Chief Information Officer (CIO) Study, IBM Market Insights, October 2011Review the Flexible Workplace Sellers Assets (Client Presentation, Discussion Guide, and More)3 © 2012 IBM Corporation
  4. 4. Mobile security is top of mind for today’s CIO’s Advanced mobile security 76% Application virtualization 67% Enterprise mobile strategy 66% Multi-device mobile access 66% Tablets to augment PCs 64% Unified communications 58%Source: The New Workplace CIO Study, IBM Market Insights, October 20114 © 2012 IBM Corporation
  5. 5. There are multiple mobile security risks to address Loss and theft Malware In 2011, mobile Google Android device users saw malware grew 155% 400% increase in malware from June 2010 to1 in 20 mobile devices were stolen across all platforms.1 . January 2011.1in 2010.1 Spam Wi-Fi Wi-Fi hotspot are set to increase 350% by 2015 provided more opportunities for “man-in-the-middle” attacks.170% of mobile device spamis fraudulent financial services.2¹Juniper Networks Malicious Mobile Threats Report 2010/2011, May 2011²GSMA Outlines Findings from Spam Reporting Service Pilot press release, February 10, 20115 © 2012 IBM Corporation
  6. 6. Mobile security involves strategy, policy, education and technology Strategy Education Policy Technology6 © 2012 IBM Corporation
  7. 7. The mobile enterprise starts with defining a strategy Defining the business problem Personas and use cases Mobile applications Strategy Success criteria Enterprises need at least two strategies: B2E and B2C7 © 2012 IBM Corporation
  8. 8. Written corporate mobile policy is essential Terms and conditions  What devices, OS’s and apps are supported  Passcode, device wipe, allowed applications Corporate owned devices Policy BYOD and data privacy Human resources, legal, procurement and reimbursement A comprehensive policy for PCs, smartphones and tablets is recommended8 © 2012 IBM Corporation
  9. 9. Technology implements, monitors and enforces corporate policy Endpoint management Encryption Containerization Network access Technology Anti-malware Authentication Solutions that support multiple endpoints are recommended9 © 2012 IBM Corporation
  10. 10. It’s all about the apps! Native, web, hybrid, virtual Out of the box applications  Email, contacts, calendar, file sharing, etc. Custom applications  Native SDK Technology  Mobile Application Platform  Containerization and application wrapping Application management and marketplace One size doesn’t fit all10 © 2012 IBM Corporation
  11. 11. Employees are the weakest link and education is essential Identifying cybersecurity threats Protecting corporate and client data Safeguarding devices Data and security incident reporting Education Build a “culture of security”Published guidelines, online education and social interaction is recommended11 © 2012 IBM Corporation
  12. 12. IBM CIO has embraced mobile IBMs BYOD program "really  435,000 employees worldwide is about supporting employees in the way they want to work. They will find the most appropriate tool to get their job done. I want to  50% of employees work remotely make sure I can enable them to do that, but in a way that safeguards the integrity of our business.“  50% workforce have less than 5 years of service - IBM CIO Jeanette Horan How did IBM address the challenge? Business outcomes 1. Deploy a secure technology framework  Increased employee productivity  Increased employee satisfaction 2. Develop a strong usage policy  Reduced security risk and loss of corporate data 3. Educate employees for personally owned devices  Over 120,000 employees using mobile devices for 4. Support personally owned devices business with over 80,000 BYOD through social software12 © 2012 IBM Corporation1
  13. 13. IBM offers products and services to address the complete mobilelifecycle Connect to backend systems Build mobile in support of mobile applications Assess and Plan Manage mobile devices enterprise mobile and applications strategy Secure your mobile business Transform the business by creating Extend existing business new opportunities capabilities to mobile devices1313 © 2012 IBM Corporation
  14. 14. By engaging a services provider, leading businesses acceleratevalue from mobile while positioning for long-term success. Benefits resulting from outsourcing2/3of chief information officers Free IT staff to focus on other business-critical initiatives(CIOs) plan to partnerextensively to gain newskills and expertise Leverage additional skill sets as needed20%productivity gains and cost Gain in-depth expertise of methodologies and toolssavings experienced byCIOs who have outsourcedkey mobile services Have wider range of mobile activities underwaySource: The New Workplace CIO Study, IBM Market Insights, October 201114 © 2012 IBM Corporation
  15. 15. For more informationIBM mobile mobile Follow us on Twitter! @IBMMobile15 © 2012 IBM Corporation
  16. 16. Questions?16 © 2012 IBM Corporation
  17. 17. 17 © 2012 IBM Corporation