SlideShare a Scribd company logo

Andrew Jaquith SOURCE Boston 2011

Source Conference
Source Conference

What The Post-PC Era Means for Enterprise Security

Technology
1 of 32
What The Post-PC Era Means for Enterprise Security Andrew Jaquith Chief Technology Officer April 20, 2011 1
Welcome from the CTO •  Former senior analyst, Forrester Research and Yankee Group •  Co-founder of pioneering security consultancy @stake •  Widely cited in CSO, Information Week, Forbes, and BusinessWeek. Research includes: !  Apple’s iPhone and iPad: Secure Enough for Business? (Aug 2010) !  The Forrester Wave: Data Leak Prevention •  Author of best-selling security book, “Security Metrics: Replacing Fear, Uncertainty and Doubt •  Founder, securitymetrics.org 2
Agenda •  Introduction •  Three mobile trends •  Four things you don’t need •  Five things you must do •  Q&A 3
Agenda •  Introduction •  Three mobile trends •  Four things you don’t need •  Five things you must do •  Q&A 4
Mission and vision •  Give all customers the same level of security as a Fortune 500 firm, by providing solutions that allow them to easily assess, monitor and reduce their messaging, security and compliance risks. •  We achieve this by: !  Using our private cloud to manage the critical resources we protect — including email, logs and archived data. !  Leveraging the best security technology and the best people, on behalf of our customers. !  Leveraging our scale, visibility and analytical insights to bring enhanced security solutions to customers. 5
Key facts about Perimeter E-Security •  6,000 customers (1,800 in financial services) •  $525 billion in assets protected •  5,700 managed CPE devices •  1 million secure messaging users •  50m e-mails filtered per day •  200 terabytes of managed archives •  240m managed security events daily •  300 employees Perimeter Security Operations Center 6
Perimeter E-Security SaaS platform SaaS Managed SaaS Vulnerability SaaS Secure Messaging Security Services Management 24x7 Global Customer Support Global Management Platform Consulting Services Migration Assessment Penetration testing 7
Agenda •  Introduction •  Three mobile trends •  Four things you don’t need •  Five things you must do •  Q&A 8
Trend 1: Post-PC devices are taking over 1.4 billion 72% Post-PC tablets and smartphones 540 million 351 million PCs 314 million 2010 2011 2012 2015 Source: Gartner, Inc., “IT Spending Forecast, 1Q11 Update,” forecast unit shipments. 9
Trend 2: Consumer brands crowding out IT favorites 985 million 70% Consumer brands: Apple, Google, Symbian 414 million 77% 243 million 71 million IT favorites: RIM, HP, Microsoft 2010 2011 2012 2013 2014 2015 Source: Gartner, Inc., “IT Spending Forecast, 1Q11 Update,” forecast unit shipments. 10
Trend 3: Mobile’s differences from PCs becoming clearer PCs Post-PCs OS design Wide open Closed OS capabilities Anything Some things RIM, Apple: one source App sources Anywhere Android: any source Sandboxing Browser All apps Device integrity None Trusted boot RIM, Apple: vendor Security decisions You Android: you 11
Trend 3: Mobile’s differences from PCs becoming clearer PCs Post-PCs OS design Wide open Closed OS capabilities Anything Some things RIM, Apple: one source App sources Anywhere Android: any source Sandboxing Browser All apps Device integrity None Trusted boot RIM, Apple: vendor Security decisions You Android: you Likelihood of compromise High Low Likelihood of loss or theft Medium High Biggest risks Malware, privacy Loss of device, privacy 12
Privacy, not malware, will be the dominant security issue *Unless we’re talking about Android 13
Agenda •  Introduction •  Three mobile trends •  Four things you don’t need •  Five things you must do •  Q&A 14
Four things you don’t need 1.  Mobile anti-virus… except maybe for Android !  Post-PC OSes (Apple, RIM, Microsoft, Google*) locked down !  Apps are digitally signed, and run in a sandbox that limits what they can do — making malicious compromise unlikely !  Quality of Android stores is concerning 2.  Mobile data leak prevention !  Host DLP scans local drives and email for sensitive content (SSNs, credit card numbers, etc.) !  DLP isn’t mainstream yet, but many enterprises want it !  For mobile: best to limit DLP to e-mail scanning on the server 15
Four things you don’t need (continued) 3.  The same brand of device everywhere !  Modern Post-PC OSes support the key capabilities most companies need !  Focus on capabilities not brands 4.  The same old password policy !  Skip expiration… it annoy users without increasing security !  Automatic lock/wipe provides the essential margin of safety 16
Agenda •  Introduction •  Three mobile trends •  Four things you don’t need •  Five things you must do •  Q&A 17
1. Configure devices to protect your data •  Secure connections !  Enforce SSL for mail, calendar sessions: ActiveSync, IMAP, SMTP !  VPN and in-the-cloud web proxy for content filtering •  Remote-wipe lost or stolen devices !  RIM, Apple devices and most ActiveSync devices can do this •  Device-specific policies !  Require hardware- or content-encryption (Apple or RIM devices) !  Consider disallowing camera, App Store purchases Email is your chokepoint for enforcing data protection policies (BES, ActiveSync) 18
2. Pick a sensible mobile security policy •  Balance security and usability with this policy: !  8-digit numeric PIN (or 6 alphanumeric characters) !  Simple PINs disallowed !  Automatic lock after 15 minutes !  Grace period of 2 minutes !  Automatic wipe/permanent lock after eight wrong tries !  No expiration. Remember, it’s not your network password This policy aligns with NIST 800-63 Level 1 guidance (1:1,024 guessing entropy). See my paper “Picking a Sensible Mobile Password Policy” for more details, and the math. 19
3. Support multiple devices •  ActiveSync !  ActiveSync is Microsoft’s protocol for push e-mail. When e-mail is pushed, ActiveSync also enforces security policies on the device !  Servers: Microsoft Exchange and Lotus Notes Traveler implement it !  Devices: WinMo/WP7, Apple and some Android devices natively support some/all ActiveSync features. •  Apple !  Apple’s .mobileconfig policy files can be downloaded to configure new devices. These support all Apple security policies. !  Products that use Apple’s MDM API can manage devices after installation, eg, push apps, reset passwords, and send new policies. 20
3. Support multiple devices (continued) •  RIM BlackBerry !  BlackBerry Enterprise Server (BES) supports huge number of policies for enterprises using Exchange or Lotus Notes !  For non-Exchange enterprises (IMAP, POP/SMTP, CMS), BlackBerry Internet Service (BIS) provides connectivity, but no security or configuration policy enforcement. •  Android !  Android’s primary method for enforcing security policies is via ActiveSync, and only a small subset of ActiveSync policies. !  Google Apps Device Policy App is available for corporate Google customers. 21
4. Merge mobile IT operations and security teams •  No need for parallel security operations team !  No mobile anti-malware infrastructure needed •  Mobile security typically part of IT ops toolchain !  In particular: mail tools such as ActiveSync, BES •  Security should be primary stakeholder for data security decisions, however !  Enforces company security and compliance policies !  Drives policy decisions that IT ops inplements 22
5. Create a mobile access and security covenant •  Your employees need to get their e-mail •  You need to enforce security policies •  So… here’s the deal you strike !  Employees can connect their own devices to your network if: !  …the device enforces your data protection policies (encryption, passcode, remote wipe, auto-lock), and: !  …employees accept your responsibility to protect your data on their devices as a condition of access, including remote wipe !  Employees should also agree to turn over device for forensics 23
Recommendations •  In closing, don’t: •  Worry about anti-virus; only Android needs it (maybe) •  Worry about DLP on the devices: do it server-side •  Recycle your desktop password policy •  Do: •  Pick a sensible, simple mobile password policy •  Use your email system as the choke point for enforcing data protection policies — Perimeter can help •  Allow access by devices with content encryption (BlackBerry, all Apple devices since 2009, some Android) •  Define a compact that trades access for security 24
For more information •  Picking a Sensible Mobile Password Policy !  http://perimeterusa.com/blog/picking-a-sensible-mobile- password-policy/ •  NIST 800-63 Electronic Authentication Guideline !  http://csrc.nist.gov/publications/nistpubs/800-63/ SP800-63V1_0_2.pdf 25
One more thing… 26
Technology preview: e!n!r! o! An open source project sponsored by Perimeter E-Security 27
iEnroll provides essential security for iPads and iPhones Authenticate Enters activation code and accept policy Server requests private key generation Request signed certificate Return device certificate Security policies and configurations No agent or code needed on device Image copyright James MacDonald http://enthusiastik.com/ 28
Demo 29
Available for download June 1st ienroll.org 30
Agenda •  Introduction •  Three mobile trends •  Four things you don’t need •  Five things you must do •  Q&A 31
Andrew Jaquith Chief Techology Officer Perimeter E-Security ajaquith@perimeterusa.com Twitter: arj Contact us: experts@perimeterusa.com 1.800.234.2175 Option #2 feed://perimeterusa.com/blog/feed/ http://www.facebook.com/perimeterusa http://twitter.com/PerimeterNews 32

Recommended

NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps SecurityXavier Mertens
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White HatsVladimir Jirasek
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...Andris Soroka
 
2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key FindingsSymantec
 
Mobile Workplace Risks
Mobile Workplace RisksMobile Workplace Risks
Mobile Workplace RisksParag Deodhar
 

Recommended

NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps SecurityXavier Mertens
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White HatsVladimir Jirasek
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...Andris Soroka
 
2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key FindingsSymantec
 
Mobile Workplace Risks
Mobile Workplace RisksMobile Workplace Risks
Mobile Workplace RisksParag Deodhar
 
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiMasha Geller
 
2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overviewFabio Pietrosanti
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...AMD Developer Central
 
Smartphone Shootout: Which One is Best?
Smartphone Shootout: Which One is Best?Smartphone Shootout: Which One is Best?
Smartphone Shootout: Which One is Best?Christopher Hunt
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
Mobile testing
Mobile testingMobile testing
Mobile testingAlex Hung
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentHamilton Turner
 
Bringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android EndpointBringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android EndpointHamilton Turner
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security SuiteCharles McNeil
 
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...BlackBerry
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 
IBM Connect 2013 BP210 Using a Mobile Approach
IBM Connect 2013 BP210 Using a Mobile ApproachIBM Connect 2013 BP210 Using a Mobile Approach
IBM Connect 2013 BP210 Using a Mobile ApproachGraham Acres
 
Mobile security - Intense overview
Mobile security - Intense overviewMobile security - Intense overview
Mobile security - Intense overviewPrivateWave Italia SpA
 
Pulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentationPulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentationLeigh Williamson
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile DeviceTyler Shields
 
Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12Wireless_Analytics
 

More Related Content

What's hot

Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiMasha Geller
 
2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overviewFabio Pietrosanti
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...AMD Developer Central
 
Smartphone Shootout: Which One is Best?
Smartphone Shootout: Which One is Best?Smartphone Shootout: Which One is Best?
Smartphone Shootout: Which One is Best?Christopher Hunt
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
Mobile testing
Mobile testingMobile testing
Mobile testingAlex Hung
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentHamilton Turner
 
Bringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android EndpointBringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android EndpointHamilton Turner
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security SuiteCharles McNeil
 
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...BlackBerry
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 
IBM Connect 2013 BP210 Using a Mobile Approach
IBM Connect 2013 BP210 Using a Mobile ApproachIBM Connect 2013 BP210 Using a Mobile Approach
IBM Connect 2013 BP210 Using a Mobile ApproachGraham Acres
 

What's hot (19)

Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
 
2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
 
Smartphone Shootout: Which One is Best?
Smartphone Shootout: Which One is Best?Smartphone Shootout: Which One is Best?
Smartphone Shootout: Which One is Best?
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 
Mobile testing
Mobile testingMobile testing
Mobile testing
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
 
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile Environment
 
Bringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android EndpointBringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android Endpoint
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security Suite
 
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
 
IBM Connect 2013 BP210 Using a Mobile Approach
IBM Connect 2013 BP210 Using a Mobile ApproachIBM Connect 2013 BP210 Using a Mobile Approach
IBM Connect 2013 BP210 Using a Mobile Approach
 
Mobile security - Intense overview
Mobile security - Intense overviewMobile security - Intense overview
Mobile security - Intense overview
 

Similar to Andrew Jaquith SOURCE Boston 2011

Pulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentationPulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentationLeigh Williamson
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile DeviceTyler Shields
 
Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12Wireless_Analytics
 
mHealth Summit EU 2015
mHealth Summit EU 2015mHealth Summit EU 2015
mHealth Summit EU 20153GDR
 
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2
 
Wso2 con byod-shan-ppt
Wso2 con byod-shan-pptWso2 con byod-shan-ppt
Wso2 con byod-shan-pptWSO2
 
User Mobility Drives Data mobility: Integrating Systems with Context
User Mobility Drives Data mobility: Integrating Systems with ContextUser Mobility Drives Data mobility: Integrating Systems with Context
User Mobility Drives Data mobility: Integrating Systems with ContextJames Governor
 
Mobile application development4
Mobile application development4Mobile application development4
Mobile application development4Appin Kulti Branch
 
Mobile application development
Mobile application developmentMobile application development
Mobile application developmentAppin Hisar
 
Mobile application development2
Mobile application development2Mobile application development2
Mobile application development2Appin Ara
 
Mobile application development2
Mobile application development2Mobile application development2
Mobile application development2Appin Vijayanagar
 
Secured Mobile Application Development in Android, Blackberry & iOS
Secured Mobile Application Development in Android, Blackberry & iOSSecured Mobile Application Development in Android, Blackberry & iOS
Secured Mobile Application Development in Android, Blackberry & iOSAppin Delhi
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandTyler Shields
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsBitbar
 
MaaS360 with Watson
MaaS360 with WatsonMaaS360 with Watson
MaaS360 with WatsonSylvia Low
 
MDM/MAM/MIM Workshop - CIS 2013
MDM/MAM/MIM Workshop - CIS 2013MDM/MAM/MIM Workshop - CIS 2013
MDM/MAM/MIM Workshop - CIS 2013Ashish Jain
 
BYOD for your business with WSO2 Enterprise Mobility Manager
BYOD for your business with WSO2 Enterprise Mobility ManagerBYOD for your business with WSO2 Enterprise Mobility Manager
BYOD for your business with WSO2 Enterprise Mobility ManagerWSO2
 

Similar to Andrew Jaquith SOURCE Boston 2011 (20)

Pulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentationPulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentation
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile Device
 
Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & android
 
Protecting Data on Laptops
Protecting Data on LaptopsProtecting Data on Laptops
Protecting Data on Laptops
 
mHealth Summit EU 2015
mHealth Summit EU 2015mHealth Summit EU 2015
mHealth Summit EU 2015
 
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
 
Wso2 con byod-shan-ppt
Wso2 con byod-shan-pptWso2 con byod-shan-ppt
Wso2 con byod-shan-ppt
 
User Mobility Drives Data mobility: Integrating Systems with Context
User Mobility Drives Data mobility: Integrating Systems with ContextUser Mobility Drives Data mobility: Integrating Systems with Context
User Mobility Drives Data mobility: Integrating Systems with Context
 
Mobile application development4
Mobile application development4Mobile application development4
Mobile application development4
 
Mobile application development
Mobile application developmentMobile application development
Mobile application development
 
Mobile application development2
Mobile application development2Mobile application development2
Mobile application development2
 
Mobile application development2
Mobile application development2Mobile application development2
Mobile application development2
 
Secured Mobile Application Development in Android, Blackberry & iOS
Secured Mobile Application Development in Android, Blackberry & iOSSecured Mobile Application Development in Android, Blackberry & iOS
Secured Mobile Application Development in Android, Blackberry & iOS
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS Apps
 
MaaS360 with Watson
MaaS360 with WatsonMaaS360 with Watson
MaaS360 with Watson
 
MDM/MAM/MIM Workshop - CIS 2013
MDM/MAM/MIM Workshop - CIS 2013MDM/MAM/MIM Workshop - CIS 2013
MDM/MAM/MIM Workshop - CIS 2013
 
BYOD for your business with WSO2 Enterprise Mobility Manager
BYOD for your business with WSO2 Enterprise Mobility ManagerBYOD for your business with WSO2 Enterprise Mobility Manager
BYOD for your business with WSO2 Enterprise Mobility Manager
 

More from Source Conference

iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on AndroidSource Conference
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICSource Conference
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsSource Conference
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network SecuritySource Conference
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration TestersSource Conference
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSource Conference
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSource Conference
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserSource Conference
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItSource Conference
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of AnonymousSource Conference
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary plantingSource Conference
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudSource Conference
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?Source Conference
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawSource Conference
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendSource Conference
 

More from Source Conference (20)

Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on Android
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and Bobs
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration Testers
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on Rails
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful Applications
 
Esteganografia
EsteganografiaEsteganografia
Esteganografia
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the Browser
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done It
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of Anonymous
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary planting
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime Law
 
JSF Security
JSF SecurityJSF Security
JSF Security
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security Spend
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Andrew Jaquith SOURCE Boston 2011

  • 1. What The Post-PC Era Means for Enterprise Security Andrew Jaquith Chief Technology Officer April 20, 2011 1
  • 2. Welcome from the CTO •  Former senior analyst, Forrester Research and Yankee Group •  Co-founder of pioneering security consultancy @stake •  Widely cited in CSO, Information Week, Forbes, and BusinessWeek. Research includes: !  Apple’s iPhone and iPad: Secure Enough for Business? (Aug 2010) !  The Forrester Wave: Data Leak Prevention •  Author of best-selling security book, “Security Metrics: Replacing Fear, Uncertainty and Doubt •  Founder, securitymetrics.org 2
  • 3. Agenda •  Introduction •  Three mobile trends •  Four things you don’t need •  Five things you must do •  Q&A 3
  • 4. Agenda •  Introduction •  Three mobile trends •  Four things you don’t need •  Five things you must do •  Q&A 4
  • 5. Mission and vision •  Give all customers the same level of security as a Fortune 500 firm, by providing solutions that allow them to easily assess, monitor and reduce their messaging, security and compliance risks. •  We achieve this by: !  Using our private cloud to manage the critical resources we protect — including email, logs and archived data. !  Leveraging the best security technology and the best people, on behalf of our customers. !  Leveraging our scale, visibility and analytical insights to bring enhanced security solutions to customers. 5
  • 6. Key facts about Perimeter E-Security •  6,000 customers (1,800 in financial services) •  $525 billion in assets protected •  5,700 managed CPE devices •  1 million secure messaging users •  50m e-mails filtered per day •  200 terabytes of managed archives •  240m managed security events daily •  300 employees Perimeter Security Operations Center 6
  • 7. Perimeter E-Security SaaS platform SaaS Managed SaaS Vulnerability SaaS Secure Messaging Security Services Management 24x7 Global Customer Support Global Management Platform Consulting Services Migration Assessment Penetration testing 7
  • 8. Agenda •  Introduction •  Three mobile trends •  Four things you don’t need •  Five things you must do •  Q&A 8
  • 9. Trend 1: Post-PC devices are taking over 1.4 billion 72% Post-PC tablets and smartphones 540 million 351 million PCs 314 million 2010 2011 2012 2015 Source: Gartner, Inc., “IT Spending Forecast, 1Q11 Update,” forecast unit shipments. 9
  • 10. Trend 2: Consumer brands crowding out IT favorites 985 million 70% Consumer brands: Apple, Google, Symbian 414 million 77% 243 million 71 million IT favorites: RIM, HP, Microsoft 2010 2011 2012 2013 2014 2015 Source: Gartner, Inc., “IT Spending Forecast, 1Q11 Update,” forecast unit shipments. 10
  • 11. Trend 3: Mobile’s differences from PCs becoming clearer PCs Post-PCs OS design Wide open Closed OS capabilities Anything Some things RIM, Apple: one source App sources Anywhere Android: any source Sandboxing Browser All apps Device integrity None Trusted boot RIM, Apple: vendor Security decisions You Android: you 11
  • 12. Trend 3: Mobile’s differences from PCs becoming clearer PCs Post-PCs OS design Wide open Closed OS capabilities Anything Some things RIM, Apple: one source App sources Anywhere Android: any source Sandboxing Browser All apps Device integrity None Trusted boot RIM, Apple: vendor Security decisions You Android: you Likelihood of compromise High Low Likelihood of loss or theft Medium High Biggest risks Malware, privacy Loss of device, privacy 12
  • 13. Privacy, not malware, will be the dominant security issue *Unless we’re talking about Android 13
  • 14. Agenda •  Introduction •  Three mobile trends •  Four things you don’t need •  Five things you must do •  Q&A 14
  • 15. Four things you don’t need 1.  Mobile anti-virus… except maybe for Android !  Post-PC OSes (Apple, RIM, Microsoft, Google*) locked down !  Apps are digitally signed, and run in a sandbox that limits what they can do — making malicious compromise unlikely !  Quality of Android stores is concerning 2.  Mobile data leak prevention !  Host DLP scans local drives and email for sensitive content (SSNs, credit card numbers, etc.) !  DLP isn’t mainstream yet, but many enterprises want it !  For mobile: best to limit DLP to e-mail scanning on the server 15
  • 16. Four things you don’t need (continued) 3.  The same brand of device everywhere !  Modern Post-PC OSes support the key capabilities most companies need !  Focus on capabilities not brands 4.  The same old password policy !  Skip expiration… it annoy users without increasing security !  Automatic lock/wipe provides the essential margin of safety 16
  • 17. Agenda •  Introduction •  Three mobile trends •  Four things you don’t need •  Five things you must do •  Q&A 17
  • 18. 1. Configure devices to protect your data •  Secure connections !  Enforce SSL for mail, calendar sessions: ActiveSync, IMAP, SMTP !  VPN and in-the-cloud web proxy for content filtering •  Remote-wipe lost or stolen devices !  RIM, Apple devices and most ActiveSync devices can do this •  Device-specific policies !  Require hardware- or content-encryption (Apple or RIM devices) !  Consider disallowing camera, App Store purchases Email is your chokepoint for enforcing data protection policies (BES, ActiveSync) 18
  • 19. 2. Pick a sensible mobile security policy •  Balance security and usability with this policy: !  8-digit numeric PIN (or 6 alphanumeric characters) !  Simple PINs disallowed !  Automatic lock after 15 minutes !  Grace period of 2 minutes !  Automatic wipe/permanent lock after eight wrong tries !  No expiration. Remember, it’s not your network password This policy aligns with NIST 800-63 Level 1 guidance (1:1,024 guessing entropy). See my paper “Picking a Sensible Mobile Password Policy” for more details, and the math. 19
  • 20. 3. Support multiple devices •  ActiveSync !  ActiveSync is Microsoft’s protocol for push e-mail. When e-mail is pushed, ActiveSync also enforces security policies on the device !  Servers: Microsoft Exchange and Lotus Notes Traveler implement it !  Devices: WinMo/WP7, Apple and some Android devices natively support some/all ActiveSync features. •  Apple !  Apple’s .mobileconfig policy files can be downloaded to configure new devices. These support all Apple security policies. !  Products that use Apple’s MDM API can manage devices after installation, eg, push apps, reset passwords, and send new policies. 20
  • 21. 3. Support multiple devices (continued) •  RIM BlackBerry !  BlackBerry Enterprise Server (BES) supports huge number of policies for enterprises using Exchange or Lotus Notes !  For non-Exchange enterprises (IMAP, POP/SMTP, CMS), BlackBerry Internet Service (BIS) provides connectivity, but no security or configuration policy enforcement. •  Android !  Android’s primary method for enforcing security policies is via ActiveSync, and only a small subset of ActiveSync policies. !  Google Apps Device Policy App is available for corporate Google customers. 21
  • 22. 4. Merge mobile IT operations and security teams •  No need for parallel security operations team !  No mobile anti-malware infrastructure needed •  Mobile security typically part of IT ops toolchain !  In particular: mail tools such as ActiveSync, BES •  Security should be primary stakeholder for data security decisions, however !  Enforces company security and compliance policies !  Drives policy decisions that IT ops inplements 22
  • 23. 5. Create a mobile access and security covenant •  Your employees need to get their e-mail •  You need to enforce security policies •  So… here’s the deal you strike !  Employees can connect their own devices to your network if: !  …the device enforces your data protection policies (encryption, passcode, remote wipe, auto-lock), and: !  …employees accept your responsibility to protect your data on their devices as a condition of access, including remote wipe !  Employees should also agree to turn over device for forensics 23
  • 24. Recommendations •  In closing, don’t: •  Worry about anti-virus; only Android needs it (maybe) •  Worry about DLP on the devices: do it server-side •  Recycle your desktop password policy •  Do: •  Pick a sensible, simple mobile password policy •  Use your email system as the choke point for enforcing data protection policies — Perimeter can help •  Allow access by devices with content encryption (BlackBerry, all Apple devices since 2009, some Android) •  Define a compact that trades access for security 24
  • 25. For more information •  Picking a Sensible Mobile Password Policy !  http://perimeterusa.com/blog/picking-a-sensible-mobile- password-policy/ •  NIST 800-63 Electronic Authentication Guideline !  http://csrc.nist.gov/publications/nistpubs/800-63/ SP800-63V1_0_2.pdf 25
  • 27. Technology preview: e!n!r! o! An open source project sponsored by Perimeter E-Security 27
  • 28. iEnroll provides essential security for iPads and iPhones Authenticate Enters activation code and accept policy Server requests private key generation Request signed certificate Return device certificate Security policies and configurations No agent or code needed on device Image copyright James MacDonald http://enthusiastik.com/ 28
  • 29. Demo 29
  • 30. Available for download June 1st ienroll.org 30
  • 31. Agenda •  Introduction •  Three mobile trends •  Four things you don’t need •  Five things you must do •  Q&A 31
  • 32. Andrew Jaquith Chief Techology Officer Perimeter E-Security ajaquith@perimeterusa.com Twitter: arj Contact us: experts@perimeterusa.com 1.800.234.2175 Option #2 feed://perimeterusa.com/blog/feed/ http://www.facebook.com/perimeterusa http://twitter.com/PerimeterNews 32