3. Automated
Workforce
•Document Management Systems (DMS), Field Force Automation (FFA),
Salesforce Automation (SFA), Customer Relationship Management
(CRM), and Enterprise Resource Planning (ERP).
•Minimize paperwork, reduce back‐to‐office visits, improve productivity,
and achieve higher sales closing ratios by simplifying and automating
their day‐to‐day processes.
Always
Connected
Unified Communications (UC), Location‐based
Services (LBS), and Business Intelligence (BI).
Anytime, anywhere, any device real‐time
communication and collaboration capabilities to
employees. Enterprises can leverage LBS to track
vehicles and employees in real‐time, while
information can be extracted, analyzed and reported
using BI.
Pervasive
Mobility
Mobile Point‐of‐Sale (MPOS),
Social Networking Services (SNS),
Financial Management System
(FMS)
Human Resource Management
Systems (HRMS).
Enhance brand image , facilitate
efficient administration of internal
operations
24 March 2014 PARAG DEODHAR 3
4. • Consumerization of IT is driving new
devices and access requests
• Companies need to accept and address the
reality
• People expect to work on multiple devices
and from anywhere
• Companies need to provide access to
applications and data from any device
• IT needs to change its processes and tools
to manage the devices, taking security into
consideration
PARAG DEODHAR 4
88%
Globally, 88% of
executives report
employees are using
their personal computing
technologies for business
purposes today
‐ Gartner
24 March 2014
5. The Blame Game – why company provided tools are not used?
– The system is too complicated and takes too long
– External partners have trouble accessing files I sent through company tools
– The company does not offer mobile access – convenience…
– I was never trained to use company systems
Source: Ponemon institute
Survey shows that
many employees
use high risk
methods to store or
move sensitive
corporate data.
24 March 2014 PARAG DEODHAR 5
12. Jailbreak Jammers
– Fool the MDM agent by patching the device leaving no trace for
the MDM agent to detect if the device is Jailbroken or Rooted.
mRAT
– Gets high privilege access and can access all communications that
happen on the device, can access all encrypted emails and secure
highly confidential documents and then sends these content to
the attacker’s command and control (C&C) servers
– Bypass container encryption – grab the information at the point
where the user pulls up the data to read it.
Mobile Device Tunnel Borers
– Since the tunnel is typically created on allowed ports (e.g. port 22,
SSH) it cannot be blocked by Firewalls and or IDS/IPS solution.
24 March 2014 PARAG DEODHAR 12
13. Corporate Owned
• High Cost = Device + Management
• Allow personal data – risk of “pirated”
software / images / videos on corporate
device
• Generally single OS/brand/model – easy to
manage but no choice for employees
BYOD
• Increases Productivity – myth or fact?
• Lower cost
• Multiple OS/brands/models to manage
• Employee privacy – does law allow data
wiping on assets owned by someone else?
24 March 2014 PARAG DEODHAR 13
14. MAM
MIM
24 March 2014 PARAG DEODHAR 14
DEVICE
APPLICATION
DATA
• Ability to ensure the proper
protection around the entire device
and ensure compliance with the set
policies.
• Central management of all mobile
devices and ability to check
compliance of each device.
• Security around the information is
an unknown.
• Ability to apply controls becomes
significantly difficult.
• Monitoring becomes significantly
difficult.
• Centralized location for data and
information.
• Ability to access information from
almost any device and share
between multiple platforms
• Loss of native apps and the “look
and feel” of what the user is
typically accustomed to
• Intrusive management & lock down
• Degraded user experience and
added troubleshooting
requirements
• Electronic Discovery difficult.
• Inability to separate personal data
from company data.
• Containerization.
• Policies are pushed only to the
container; user experience is not
impacted for the entire phone.
• Applications within the container
• Support single‐sign‐on
15. COMPLY WITH APPLICABLE LAWS AND REGULATIONS
FOCUS ON DATA – NOT ON DEVICE
POLICY AND TRAINING / AWARENESS
END USER AGREEMENT
LIST OF ALLOWED DEVICES
CHOOSE THE RIGHT MDM / MAM / MIM SOLUTION
– YOUR ENVIRONMENT & DEVICES
– DATA FLOW AND ACCESS REQUIREMENTS
– CONVENIENCE v/s SECURITY
• CONTAINERIZATION & DEVICE LEVEL POLICIES
• SECURE WIPE
• IDENTITY AND ACCESS
• ENCRYPTION
– EMPLOYEE PERSONAL DATA PRIVACY
– CORPORATE APP STORE
– INTEGRATION WITH DLP & DRM
MOBILE SECURITY SOLUTIONS
IMPLEMENT ENHANCED NETWORK SECURITY FOR MOBILE GATEWAYS
TRAIN APPLICATION DEVELOPERS IN SECURE CODING PRACTICES FOR MOBILE DEVICE PLATFORMS
LIMIT THE SENSITIVE DATA TRANSFERRED TO MOBILE DEVICES, OR CONSIDER VIEW‐ONLY ACCESS.
PERFORM TECHNICAL SECURITY ASSESSMENTS ON MOBILE DEVICES AND THE SUPPORTING
INFRASTRUCTURE — FOCUS ON DEVICE‐SIDE DATA STORAGE.
ESTABLISH A PROGRAM THAT CONTINUALLY EVALUATES NEW AND EMERGING THREATS IN MOBILE PLATFORMS.
AUDIT THE DEVICES…
24 March 2014 PARAG DEODHAR 15