Secure Your Mobile Content!


Published on

Embrace BYOD - Help your customers be more productive and use their mobile device of choice. At the same time be VERY SECURE - manage your mobile content!

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Secure Your Mobile Content!

  1. 1. Best Practices for Securing Mobile Content Mike Brannon, National Gypsum
  2. 2. National Gypsum Company is a fully integrated building products manufacturer Headquartered in Charlotte, NC with mines and quarries, and manufacturing plants across North America
  3. 3. Charlotte Metro ISSA Email us at Twitter: @cltissa ISSA local chapter delivers excellent and low cost Security Training, hosts an annual Summit event and sponsors UNCC scholarships Quarterly gatherings to share practices and network – support from sponsor / partners for meetings Please Join Us!
  4. 4. 44
  5. 5. 5 Definition… Mobile First organizations embrace mobility as their primary IT platform in order to transform their businesses and increase their competitiveness Content of all types is easily and securely available on any device CONTENT End users choose their devices Security is invisible to end users User experience is the #1 design criteria USER EXPERIENCES New apps are developed and delivered to mobile devices first Core business processes can be performed on any device APPLICATIONS In a Mobile First Company…
  6. 6. 66 Traditional enterprise security 6 Firewall & VPN
  7. 7. 77 The perimeter is gone Copy/Paste Open-in Forward
  8. 8. 88 The more the CIO says no, the less secure the organization becomes. Vivek Kundra, Former U.S. Federal CIO Responsible, not restrictive Mike Brannon, National Gypsum
  9. 9. 99 Securing data-at-rest
  10. 10. 1010 Open In Copy SaveView SharePoint documents Open In Copy SaveView Email attachments MobileIron Confidential10 Secure your document repositories • Solve “open in” problem • Store documents securely on device • Control cut / copy / paste actions • Selectively wipe documents • Prevent unauthorized distribution • Control end-to-end with policy • Leverage existing content repositories • Prevent use of unauthorized tools – – DropBox for example Open In Copy SaveView Box shared documents
  11. 11. 1111 Securing email attachments 11 Email App Secure Content Viewer Email with Attachment REMOVE
  12. 12. 1212 Colligo App Viewer Securing SharePoint 12 REMOVE Sharepoint
  13. 13. 1313 Closed-loop actions when compromised 13 Remediation Notify Block Quarantine Closed-loop actions • Notify user and admin • Prevent access • Remove saved files • Remove SharePoint config • Protect enterprise persona MobileIron Confidential
  14. 14. 1414 National Gypsum Implementation • Risks / Threats Addressed: – Loss of Company Data / Lost Devices / Departing Employees – All Devices and Users Registered / Security Policies Enforced – Ease of Use for Employees AND Improved Security & Efficiency • What We Deployed (And Timeline) – MobileIron device (VSP) and support (Sentry) – All Smartphones – Blackberry (now gone), Apple iOS and Android Devices – Push Secure WiFi Config to Minimize Data Use On Premise – Rush To Adopt iPads – From 0 to 100’s of Devices! – More than email access! Apps for SharePoint and Data! – Manage “Allowed” and “Disallowed” Settings / Apps (DropBox) – Leverage Internal PKI and Push Webclips – Deliver Data
  15. 15. 1515 • Where Are We Now? – BES Retired – 70% iOS, 25% Android, 5% Windows Devices – iPad is currently only supported Tablet – Testing others (Surface?) – Plans to allow Windows 8 and MAC OS/X BYOD – Colligo Briefcase for SharePoint Document Access – BOX for External Data Sharing with Partners – Two Apps Deployed on iOS with “One Tap For Data” • Certificates delivered to Device and to User (SCEP/MobileIron) • Invisible Authentication via Juniper Secure Access • IIS Web Server & Application Configuration – “Last Seen User State” • HTML5 / JavaScript to deliver SQL and Mainframe Data National Gypsum Implementation
  16. 16. 1616 National Gypsum Implementation
  17. 17. 1717 Best practices for mobile content DLP 17 Closed-loop compliance Continuous management OS integrity OS versioning Passcode / encryption Auto-wipe Identity Secure tunnel Attachment protection Secure content hub Role of cloud Credible ecosystem MobileIron Confidential
  18. 18. 1818 Security considerations 2013+ … “No” not a sustainable option -> provide credible alternatives Massive content ecosystem -> crowd-source but don’t lock-in Uncertain economics -> establish “help-yourself-desk” Dynamic risk at endpoint -> automate your mobile trust model Content always one-click from cloud -> co-habitate responsibly Blurring between content and app -> explore new forms
  19. 19. 1919 Content doesn’t exist in isolation Enterprise Mobile Persona Native experience Data separation Shared policy Selective wipe Secure communications Email Apps Certs Policy Content Federated identity
  20. 20. 2020 Journey to the Mobile First Enterprise Device Security BYOD (user choice) Email access (secure ActiveSync) Multi-OS security (BlackBerry replacement) App & Content Enablement 1st gen of mobile apps Mobile docs (SharePoint) Cloud protections Business Transformation New user & business experiences
  21. 21. Thank you Mike Brannon ( ISSA local chapter delivers excellent and low cost Security Training, hosts an annual Summit event and sponsors UNCC scholarships Please Join Us!