SlideShare a Scribd company logo

Mobile Workplace Risks

Parag Deodhar
Parag Deodhar

Parag Deodhar presented on securing mobile workplaces at the Enterprise Mobility Summit on May 9th, 2012 in Bengaluru. He discussed how mobility is changing how IT operates as data moves outside of corporate networks. This crossing of the "Lakshman Rekha" or corporate firewall poses security risks. He highlighted issues with bring your own device policies including difficulty securing and managing personal devices on the network. Deodhar argued that organizations need a mobile enterprise strategy including device management, updated security policies, training, and enforcement mechanisms to balance security and productivity in an increasingly mobile workplace.

1 of 23
“Crossing the Lakshman Rekha” Mobile Workplace Risks Enterprise Mobility Summit 9th May 2012, Bengaluru Parag Deodhar Chief Risk Officer
circa 5000 BC – Treta Yuga One of the first recorded Social Engineering & Spoofing Attack takes place… 9 May 2012 Parag Deodhar 2
Raavan = RA.One Sita = Data Lakshman Rekha = CorporateDeodhar 9 May 2012 Parag Firewall & Security Measures 3
Crossing the Lakshman Rekha • Mobility is reshaping business worldwide. It's also reshaping how IT operates… • As a CIO / CISO, you like to be in control. • But mobile and wireless devices are bringing an element of lawlessness to your carefully designed architecture. • Data goes outside the walls of the enterprise, and the “Lakshman Rekha” you have drawn – i.e. all the security measures you have designed for your network. 9 May 2012 Parag Deodhar 4
Information Security • Concerns are still the same – Confidentiality – Integrity – Availability • But the context has changed… 9 May 2012 Parag Deodhar 5
What are we talking about? • 645 mn+ smart phones* • 100 mn+ tablets* • 35 bn+ apps* • 2G/3G/4G internet connectivity * Data as of end 2011 9 May 2012 Parag Deodhar 6
The CEO Wants an iPad Have you made provisioning exceptions for “specialized members” (i.e. executives) to set up non-corporate standard mobile devices? The iPass Mobile Enterprise Report ©2011 iPass Inc. 9 May 2012 Parag Deodhar 7
Sounds familiar? • CEO comes to the CIO with an “request” to support his shiny new device. • If the CIO chooses not to support the device, well… (is that really a scenario?) • If the CIO chooses to support the device – He opens the floodgates to chaos: COO, CFO, VPs, GMs, are in queue to use the same device for personal use and work too. – One strategy could be to isolate the CEO and his device into a "test group" in order to buy time to create a BYOD strategy and policy. – But ideal strategy would be to bring to notice of CEO - the impact and risks associated with allowing a new device on the network. 9 May 2012 Parag Deodhar 8
Once the floodgates are open… • There’s no controlling the demand for these gadgets. – Everyone wants a Wi-Fi-enabled laptop or handheld so they can e-mail their colleagues while sitting in the airport lounge or access critical sales applications on their network while meeting with customers. – Everyone wants a smart phone, a converged device that combines cell phone and handheld functions. – At worst, these gadgets are status symbols. At best, they increase your workforce’s agility and improve productivity. – Can you say no? 9 May 2012 Parag Deodhar 9
New challenges… • Consumerisation raises new and significant challenges: – How do we support these devices if we don’t know what they are? – How can we secure our networks and data, if we can’t control the devices? – How do we differentiate between corporate and personal data on employee-owned devices that are accessing the network? 9 May 2012 Parag Deodhar 10
Security problems Have you experienced any of the following security problems? 74% The iPass Mobile Enterprise Report ©2011 iPass Inc. 9 May 2012 Parag Deodhar 11
B.Y.O.Ds. • "Bring Your Own Device" trend is increasing by the day. • Despite security concerns and manageability challenges, there are positive effects associated with the BYOD trend. • It supposedly lower costs, increases employee satisfaction and brings about better business outcomes. 46% “policy has increased productivity among end users”. “BYOD has improved employee attraction and retention” "We have seen a change in morale" “Increased job satisfaction” “Increased satisfaction with central corporate IT's customer service" “Increased end users' ability to work from home” 47% 9 May 2012 Parag Deodhar 12
B.Y.O.D. Challenge • BYOD blurs the lines between work life and personal life. Context changes throughout the day and sometimes during a single session on Facebook. • Compliance mandates such as PCI DSS, HIPAA, or GLBA have certain requirements related to information security and safeguarding specific data. Those rules still must be followed even if the data is on a laptop owned by an employee. • In the event that a worker is let go, or leaves the company of their own accord, segregating and retrieving company data can be a problem. 9 May 2012 Parag Deodhar 13
Concerns with mobile devices • Access Control – Who uses the device? At home? • What is stored on the device? How? – Stored in mobile devices, Cloud storage, sd cards, sim cards – Is data encrypted? – What happens if the device is lost? – Can it be remotely deleted? • How is the data accessed – Is it through encrypted channel? – Over GPRS, wifi, bluetooth… • How is the data shared – social networking on devices; – requests to support new devices: – consumer cloud storage – dropbox, skydrive • Data Leakage Prevention (DLP) – does it work with mobile devices? • Use of Jail-broken devices • What apps are installed on the device? Are these apps certified, tested, malware free? • Device end of life - An exec who sold his dead BlackBerry on eBay for $15.50 after he left the company. Turns out the batteries had just run out, and the new owner found hundreds of confidential e-mails still on the handheld. 9 May 2012 Parag Deodhar 14
Unknown risks… What about RIM, bada, symbian – ignorance is bliss! 9 May 2012 Parag Deodhar 15
Do you have anti-virus on your mobile? • Symantec says mobile vulnerabilities, almost exclusive to Android, increased by more than 93 percent. More than half of all Android threats collect device data or track users' activities. • A quarter of the mobile threats identified were designed to make money by sending premium SMS messages from infected phones, which could be even more lucrative than stealing your credit card details. Hacked Websites Deliver Android Malware • Websites that have been hacked to deliver malicious software to devices running Android, an apparent new attack vector crafted for the mobile operating system. • The style of attack is known as a drive-by download and is common on the desktop: When someone visits a hacked website, malware can transparently infect the computer if it doesn't have up-to-date patches. • Numerous websites had been compromised to execute the attack. • The malware will automatically start downloading if the hacked website detects an Android device is visiting by looking at the web browser's user-agent string, which specifies the device's operating system. • The hacked websites have an hidden iframe, which is a window that brings other content into the target Web site, at the bottom of a page. The iframe causes the browser to pull content from two other malicious websites hosting the malware. 9 May 2012 Parag Deodhar 16
We have content filtering!!! • Religious Sites Carry More Malware Than Porn Sites – Religious and ideological websites can carry three times more malware threats than pornography sites, according to research from security firm Symantec. • Symantec found that the average number of security threats on religious sites was around 115, while adult sites only carried around 25 threats per site – a particularly notable discrepancy considering that there are vastly more pornographic sites than religious ones. Also, only 2.4 percent of adult sites were found to be infected with malware, compared to 20 percent of blogs. 9 May 2012 Parag Deodhar 17
Mobile Enterprise Strategy Does your company’s mobility strategy include any of the following?The iPass Mobile Enterprise Report ©2011 iPass Inc. 9 May 2012 Parag Deodhar 18
Policy paralysis Do you believe that your company needs to update its IT policies in regards to employee connectivity and mobile device use on any of the iPass Mobile Enterprise Report ©2011 iPass Inc. The following? 9 May 2012 Parag Deodhar 19
You need strategy, policy, standards and enforcement • Create a strategy for managing mobile and wireless devices: – identify if there’s a business need for a device – segmenting your employees by job function and requirements – decide on list of devices that IT will (and will not) support – and devising a training plan for users and help desk staffers – enforcement mechanisms that will ensure device security. • Update your security policy and standards – Include mobile device acceptable usage, security standards, provisioning, de-provisioning – all chapters! • Communicate and Train users 9 May 2012 Parag Deodhar 20
Enforcement mechanism • Implement a Mobile Device Management solution – Centralize management of mobile platforms – Real-time visibility into mobile environment – Administer consistent policies across devices – Analyze and report critical device information – Ensure compliance with regulations – 2 factor authentication – On BYOD – separate corporate and personal data – use sandbox / containers – Avoid copy / storage on device – if allowed shouldbe encrypted – Install anti-malware – Remote wipe / lock down devices – VPN access – DLP to include mobile devices – Backup critical data – Secure cloud storage – Don’t forget app security 9 May 2012 Parag Deodhar 21
Balancing Act! • As enterprise mobility increases… so must security! But… OR • Security should be effective but as transparent as possible – should not hamper user experience and productivity. 9 May 2012 Parag Deodhar 22
THANK YOU

Recommended

Managing BYOD in Corporate Environments
Managing BYOD in Corporate EnvironmentsManaging BYOD in Corporate Environments
Managing BYOD in Corporate Environments
Osterman Research, Inc.
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityТранслируем.бел
 
Security that works
Security that worksSecurity that works
Security that worksJames1280
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYODK Singh
 
IBM Connect 2013: BYOD at IBM
IBM Connect 2013: BYOD at IBMIBM Connect 2013: BYOD at IBM
IBM Connect 2013: BYOD at IBM
Chris Pepin
 
Scot Hull with Cisco - Beyond BYOD -- Stalwart Executive Briefing 2012
Scot Hull with Cisco - Beyond BYOD -- Stalwart Executive Briefing 2012Scot Hull with Cisco - Beyond BYOD -- Stalwart Executive Briefing 2012
Scot Hull with Cisco - Beyond BYOD -- Stalwart Executive Briefing 2012
StalwartAcademy
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
Barry Caplin
 
CIO Mobility Playbook
CIO Mobility PlaybookCIO Mobility Playbook
CIO Mobility Playbook
Juniper Networks
 

Recommended

Managing BYOD in Corporate Environments
Managing BYOD in Corporate EnvironmentsManaging BYOD in Corporate Environments
Managing BYOD in Corporate Environments
Osterman Research, Inc.
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityТранслируем.бел
 
Security that works
Security that worksSecurity that works
Security that worksJames1280
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYODK Singh
 
IBM Connect 2013: BYOD at IBM
IBM Connect 2013: BYOD at IBMIBM Connect 2013: BYOD at IBM
IBM Connect 2013: BYOD at IBM
Chris Pepin
 
Scot Hull with Cisco - Beyond BYOD -- Stalwart Executive Briefing 2012
Scot Hull with Cisco - Beyond BYOD -- Stalwart Executive Briefing 2012Scot Hull with Cisco - Beyond BYOD -- Stalwart Executive Briefing 2012
Scot Hull with Cisco - Beyond BYOD -- Stalwart Executive Briefing 2012
StalwartAcademy
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
Barry Caplin
 
CIO Mobility Playbook
CIO Mobility PlaybookCIO Mobility Playbook
CIO Mobility Playbook
Juniper Networks
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile Security
Rogers Communications
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
Chris Pepin
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiMasha Geller
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreIBM Software India
 
IBM Connect 2013 BP210 Using a Mobile Approach
IBM Connect 2013 BP210 Using a Mobile ApproachIBM Connect 2013 BP210 Using a Mobile Approach
IBM Connect 2013 BP210 Using a Mobile Approach
Graham Acres
 
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
UL Transaction Security
 
Mti byod wp_uk
Mti byod wp_ukMti byod wp_uk
Mti byod wp_uk
J
 
2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer Privacy2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer Privacy
Raj Goel
 
BlackBerry Enterprise of Things presentation - Gartner IT Expo
BlackBerry Enterprise of Things presentation - Gartner IT ExpoBlackBerry Enterprise of Things presentation - Gartner IT Expo
BlackBerry Enterprise of Things presentation - Gartner IT Expo
BlackBerry
 
Andrew Jaquith SOURCE Boston 2011
Andrew Jaquith SOURCE Boston 2011Andrew Jaquith SOURCE Boston 2011
Andrew Jaquith SOURCE Boston 2011
Source Conference
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Jim Kaplan CIA CFE
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File Virtualization
FindWhitePapers
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final ResultsCIONET
 
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
BlackBerry
 
IS3101 Tutorial Task 2
IS3101 Tutorial Task 2IS3101 Tutorial Task 2
IS3101 Tutorial Task 2J M
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clintonCIONET
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD Worldmkeane
 
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protection
FindWhitePapers
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devices
iSSAL
 
Enterprise it consumerization survey
Enterprise it consumerization surveyEnterprise it consumerization survey
Enterprise it consumerization surveyAndrew Wong
 
Expanding APIs beyond the Web
Expanding APIs beyond the WebExpanding APIs beyond the Web
Expanding APIs beyond the Web
Tim Messerschmidt
 
B2 2-albert chen
B2 2-albert chenB2 2-albert chen
B2 2-albert chenAlbert Chen
 

More Related Content

What's hot

White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile Security
Rogers Communications
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
Chris Pepin
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiMasha Geller
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreIBM Software India
 
IBM Connect 2013 BP210 Using a Mobile Approach
IBM Connect 2013 BP210 Using a Mobile ApproachIBM Connect 2013 BP210 Using a Mobile Approach
IBM Connect 2013 BP210 Using a Mobile Approach
Graham Acres
 
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
UL Transaction Security
 
Mti byod wp_uk
Mti byod wp_ukMti byod wp_uk
Mti byod wp_uk
J
 
2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer Privacy2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer Privacy
Raj Goel
 
BlackBerry Enterprise of Things presentation - Gartner IT Expo
BlackBerry Enterprise of Things presentation - Gartner IT ExpoBlackBerry Enterprise of Things presentation - Gartner IT Expo
BlackBerry Enterprise of Things presentation - Gartner IT Expo
BlackBerry
 
Andrew Jaquith SOURCE Boston 2011
Andrew Jaquith SOURCE Boston 2011Andrew Jaquith SOURCE Boston 2011
Andrew Jaquith SOURCE Boston 2011
Source Conference
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Jim Kaplan CIA CFE
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File Virtualization
FindWhitePapers
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final ResultsCIONET
 
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
BlackBerry
 
IS3101 Tutorial Task 2
IS3101 Tutorial Task 2IS3101 Tutorial Task 2
IS3101 Tutorial Task 2J M
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clintonCIONET
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD Worldmkeane
 
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protection
FindWhitePapers
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devices
iSSAL
 
Enterprise it consumerization survey
Enterprise it consumerization surveyEnterprise it consumerization survey
Enterprise it consumerization surveyAndrew Wong
 

What's hot (20)

White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile Security
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
 
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare GarlatiAPPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
APPNATION IV - The State of Security in the Mobile Enterprise - Cesare Garlati
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangalore
 
IBM Connect 2013 BP210 Using a Mobile Approach
IBM Connect 2013 BP210 Using a Mobile ApproachIBM Connect 2013 BP210 Using a Mobile Approach
IBM Connect 2013 BP210 Using a Mobile Approach
 
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
Mobility & BYOD: Leveraging Best Practices and Latest Technologies for Compre...
 
Mti byod wp_uk
Mti byod wp_ukMti byod wp_uk
Mti byod wp_uk
 
2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer Privacy2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer Privacy
 
BlackBerry Enterprise of Things presentation - Gartner IT Expo
BlackBerry Enterprise of Things presentation - Gartner IT ExpoBlackBerry Enterprise of Things presentation - Gartner IT Expo
BlackBerry Enterprise of Things presentation - Gartner IT Expo
 
Andrew Jaquith SOURCE Boston 2011
Andrew Jaquith SOURCE Boston 2011Andrew Jaquith SOURCE Boston 2011
Andrew Jaquith SOURCE Boston 2011
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File Virtualization
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results
 
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
 
IS3101 Tutorial Task 2
IS3101 Tutorial Task 2IS3101 Tutorial Task 2
IS3101 Tutorial Task 2
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD World
 
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protection
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devices
 
Enterprise it consumerization survey
Enterprise it consumerization surveyEnterprise it consumerization survey
Enterprise it consumerization survey
 

Viewers also liked

Expanding APIs beyond the Web
Expanding APIs beyond the WebExpanding APIs beyond the Web
Expanding APIs beyond the Web
Tim Messerschmidt
 
B2 2-albert chen
B2 2-albert chenB2 2-albert chen
B2 2-albert chenAlbert Chen
 
Blanca nelly diaz
Blanca nelly diaz Blanca nelly diaz
Blanca nelly diaz
Katterin Castillo
 
____
____ ____
____
lubov17
 
Nytenkning på bygda - erfaringer fra Steinkjer kommune
Nytenkning på bygda - erfaringer fra Steinkjer kommuneNytenkning på bygda - erfaringer fra Steinkjer kommune
Nytenkning på bygda - erfaringer fra Steinkjer kommune
Grete Waaseth
 
The Connected Company - Event Anders Vergaderen
The Connected Company - Event Anders VergaderenThe Connected Company - Event Anders Vergaderen
The Connected Company - Event Anders Vergaderen
Joris Poelmans
 
MobileDiagnosis 2013
MobileDiagnosis 2013 MobileDiagnosis 2013
MobileDiagnosis 2013
MobileDiagnosis Non Profit Association
 
36448696 alege-jucariile-potrivite-bebelusului-tau
36448696 alege-jucariile-potrivite-bebelusului-tau36448696 alege-jucariile-potrivite-bebelusului-tau
36448696 alege-jucariile-potrivite-bebelusului-tauHentea Mariana
 
Giornalino COE Settembre 2012
Giornalino COE Settembre 2012Giornalino COE Settembre 2012
Giornalino COE Settembre 2012
MobileDiagnosis Non Profit Association
 
Apps for health mohawk college presentation
Apps for health mohawk college presentationApps for health mohawk college presentation
Apps for health mohawk college presentation
Zakir Hussain
 
The Colours of Pollution 2 - the second attempt
The Colours of Pollution 2 - the second attemptThe Colours of Pollution 2 - the second attempt
The Colours of Pollution 2 - the second attemptAlessio Cuccu
 
9M 2012 Consolidated Results
9M 2012 Consolidated Results9M 2012 Consolidated Results
9M 2012 Consolidated ResultsTerna SpA
 
A-TDD workshop Testnet
A-TDD workshop Testnet A-TDD workshop Testnet
A-TDD workshop Testnet
Pascal Dufour
 
THE FACES of the RAILWAY STATIONS / I VOLTI DELLE STAZIONI FERROVIARIE
THE FACES of the RAILWAY STATIONS / I VOLTI DELLE STAZIONI FERROVIARIETHE FACES of the RAILWAY STATIONS / I VOLTI DELLE STAZIONI FERROVIARIE
THE FACES of the RAILWAY STATIONS / I VOLTI DELLE STAZIONI FERROVIARIE
Alessio Cuccu
 
Motivation & importance of higher studies and practical knowledge
Motivation & importance of higher studies and practical knowledgeMotivation & importance of higher studies and practical knowledge
Motivation & importance of higher studies and practical knowledge
Ashish Dubey
 
Utvikling av bygder og landbruk i Steinkjer
Utvikling av bygder og landbruk i SteinkjerUtvikling av bygder og landbruk i Steinkjer
Utvikling av bygder og landbruk i Steinkjer
Grete Waaseth
 

Viewers also liked (20)

Expanding APIs beyond the Web
Expanding APIs beyond the WebExpanding APIs beyond the Web
Expanding APIs beyond the Web
 
B2 2-albert chen
B2 2-albert chenB2 2-albert chen
B2 2-albert chen
 
Blanca nelly diaz
Blanca nelly diaz Blanca nelly diaz
Blanca nelly diaz
 
Blanca nelly diaz
Blanca nelly diaz Blanca nelly diaz
Blanca nelly diaz
 
Photos
PhotosPhotos
Photos
 
prova
provaprova
prova
 
____
____ ____
____
 
Nytenkning på bygda - erfaringer fra Steinkjer kommune
Nytenkning på bygda - erfaringer fra Steinkjer kommuneNytenkning på bygda - erfaringer fra Steinkjer kommune
Nytenkning på bygda - erfaringer fra Steinkjer kommune
 
The Connected Company - Event Anders Vergaderen
The Connected Company - Event Anders VergaderenThe Connected Company - Event Anders Vergaderen
The Connected Company - Event Anders Vergaderen
 
MobileDiagnosis 2013
MobileDiagnosis 2013 MobileDiagnosis 2013
MobileDiagnosis 2013
 
36448696 alege-jucariile-potrivite-bebelusului-tau
36448696 alege-jucariile-potrivite-bebelusului-tau36448696 alege-jucariile-potrivite-bebelusului-tau
36448696 alege-jucariile-potrivite-bebelusului-tau
 
Giornalino COE Settembre 2012
Giornalino COE Settembre 2012Giornalino COE Settembre 2012
Giornalino COE Settembre 2012
 
Apps for health mohawk college presentation
Apps for health mohawk college presentationApps for health mohawk college presentation
Apps for health mohawk college presentation
 
The Colours of Pollution 2 - the second attempt
The Colours of Pollution 2 - the second attemptThe Colours of Pollution 2 - the second attempt
The Colours of Pollution 2 - the second attempt
 
9M 2012 Consolidated Results
9M 2012 Consolidated Results9M 2012 Consolidated Results
9M 2012 Consolidated Results
 
A-TDD workshop Testnet
A-TDD workshop Testnet A-TDD workshop Testnet
A-TDD workshop Testnet
 
THE FACES of the RAILWAY STATIONS / I VOLTI DELLE STAZIONI FERROVIARIE
THE FACES of the RAILWAY STATIONS / I VOLTI DELLE STAZIONI FERROVIARIETHE FACES of the RAILWAY STATIONS / I VOLTI DELLE STAZIONI FERROVIARIE
THE FACES of the RAILWAY STATIONS / I VOLTI DELLE STAZIONI FERROVIARIE
 
Motivation & importance of higher studies and practical knowledge
Motivation & importance of higher studies and practical knowledgeMotivation & importance of higher studies and practical knowledge
Motivation & importance of higher studies and practical knowledge
 
Utvikling av bygder og landbruk i Steinkjer
Utvikling av bygder og landbruk i SteinkjerUtvikling av bygder og landbruk i Steinkjer
Utvikling av bygder og landbruk i Steinkjer
 
Rockstar Iced Tea!
Rockstar Iced Tea!Rockstar Iced Tea!
Rockstar Iced Tea!
 

Similar to Mobile Workplace Risks

Mobile Security in 2013
Mobile Security in 2013 Mobile Security in 2013
Mobile Security in 2013
Troy C. Fulton
 
Aisha visram presentacion bmobilew 2015 rev 2
Aisha visram presentacion bmobilew 2015 rev 2Aisha visram presentacion bmobilew 2015 rev 2
Aisha visram presentacion bmobilew 2015 rev 2Aisha Visram
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...
Chris Pepin
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
OracleIDM
 
Wso2 con byod-shan-ppt
Wso2 con byod-shan-pptWso2 con byod-shan-ppt
Wso2 con byod-shan-pptWSO2
 
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 
Rochester Security Event
Rochester Security EventRochester Security Event
Rochester Security Eventcalebbarlow
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
Denim Group
 
Five Common Causes of Data Breaches
Five Common Causes of Data Breaches Five Common Causes of Data Breaches
Five Common Causes of Data Breaches
Seclore
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
 
NorDigi mobile process analyst white paper
NorDigi mobile process analyst white paperNorDigi mobile process analyst white paper
NorDigi mobile process analyst white paper
NorDigi
 
Social mobile usage Don't Leave Social at the Office
Social mobile usage Don't Leave Social at the Office Social mobile usage Don't Leave Social at the Office
Social mobile usage Don't Leave Social at the Office
Heath McCarthy
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
Murray Security Services
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
Marie-Michelle Strah, PhD
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing InvestmentsCaston Thomas
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 Risks
Santosh Satam
 
Mobile trends and academic opportunities presented at Strathmore and JKUAT Un...
Mobile trends and academic opportunities presented at Strathmore and JKUAT Un...Mobile trends and academic opportunities presented at Strathmore and JKUAT Un...
Mobile trends and academic opportunities presented at Strathmore and JKUAT Un...
Jeremy Siewert
 

Similar to Mobile Workplace Risks (20)

Mobile Security in 2013
Mobile Security in 2013 Mobile Security in 2013
Mobile Security in 2013
 
Aisha visram presentacion bmobilew 2015 rev 2
Aisha visram presentacion bmobilew 2015 rev 2Aisha visram presentacion bmobilew 2015 rev 2
Aisha visram presentacion bmobilew 2015 rev 2
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
 
Wso2 con byod-shan-ppt
Wso2 con byod-shan-pptWso2 con byod-shan-ppt
Wso2 con byod-shan-ppt
 
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
 
Rochester Security Event
Rochester Security EventRochester Security Event
Rochester Security Event
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
 
Five Common Causes of Data Breaches
Five Common Causes of Data Breaches Five Common Causes of Data Breaches
Five Common Causes of Data Breaches
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
 
NorDigi mobile process analyst white paper
NorDigi mobile process analyst white paperNorDigi mobile process analyst white paper
NorDigi mobile process analyst white paper
 
Social mobile usage Don't Leave Social at the Office
Social mobile usage Don't Leave Social at the Office Social mobile usage Don't Leave Social at the Office
Social mobile usage Don't Leave Social at the Office
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 Risks
 
Mobile trends and academic opportunities presented at Strathmore and JKUAT Un...
Mobile trends and academic opportunities presented at Strathmore and JKUAT Un...Mobile trends and academic opportunities presented at Strathmore and JKUAT Un...
Mobile trends and academic opportunities presented at Strathmore and JKUAT Un...
 

More from Parag Deodhar

Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function
Parag Deodhar
 
Cloud computing risk & challenges
Cloud computing risk & challengesCloud computing risk & challenges
Cloud computing risk & challenges
Parag Deodhar
 
Securing the mobile enterprise - Sydney 24 Mar 2014
Securing the mobile enterprise - Sydney 24 Mar 2014Securing the mobile enterprise - Sydney 24 Mar 2014
Securing the mobile enterprise - Sydney 24 Mar 2014
Parag Deodhar
 
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
Parag Deodhar
 
How to implement and align Technology within your GRC Framework
How to implement and align Technology within your GRC FrameworkHow to implement and align Technology within your GRC Framework
How to implement and align Technology within your GRC Framework
Parag Deodhar
 
BCM Continuous improvement - Audit & Assessment
BCM Continuous improvement - Audit & AssessmentBCM Continuous improvement - Audit & Assessment
BCM Continuous improvement - Audit & Assessment
Parag Deodhar
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right posture
Parag Deodhar
 
Scouting For Fraud - Parag Deodhar
Scouting For Fraud - Parag DeodharScouting For Fraud - Parag Deodhar
Scouting For Fraud - Parag Deodhar
Parag Deodhar
 
The Social Media Bait - Fraud & Cybercrime
The Social Media Bait - Fraud & CybercrimeThe Social Media Bait - Fraud & Cybercrime
The Social Media Bait - Fraud & Cybercrime
Parag Deodhar
 
Defining effective governance structures and nurturing collaboration
Defining effective governance structures and nurturing collaborationDefining effective governance structures and nurturing collaboration
Defining effective governance structures and nurturing collaboration
Parag Deodhar
 
Frauds making fs companies uncompetitive parag deodhar
Frauds making fs companies uncompetitive parag deodharFrauds making fs companies uncompetitive parag deodhar
Frauds making fs companies uncompetitive parag deodhar
Parag Deodhar
 
Acfe bangalore pdm 2 fraud risk - parag deodhar
Acfe bangalore pdm 2 fraud risk - parag deodharAcfe bangalore pdm 2 fraud risk - parag deodhar
Acfe bangalore pdm 2 fraud risk - parag deodhar
Parag Deodhar
 

More from Parag Deodhar (12)

Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function
 
Cloud computing risk & challenges
Cloud computing risk & challengesCloud computing risk & challenges
Cloud computing risk & challenges
 
Securing the mobile enterprise - Sydney 24 Mar 2014
Securing the mobile enterprise - Sydney 24 Mar 2014Securing the mobile enterprise - Sydney 24 Mar 2014
Securing the mobile enterprise - Sydney 24 Mar 2014
 
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
 
How to implement and align Technology within your GRC Framework
How to implement and align Technology within your GRC FrameworkHow to implement and align Technology within your GRC Framework
How to implement and align Technology within your GRC Framework
 
BCM Continuous improvement - Audit & Assessment
BCM Continuous improvement - Audit & AssessmentBCM Continuous improvement - Audit & Assessment
BCM Continuous improvement - Audit & Assessment
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right posture
 
Scouting For Fraud - Parag Deodhar
Scouting For Fraud - Parag DeodharScouting For Fraud - Parag Deodhar
Scouting For Fraud - Parag Deodhar
 
The Social Media Bait - Fraud & Cybercrime
The Social Media Bait - Fraud & CybercrimeThe Social Media Bait - Fraud & Cybercrime
The Social Media Bait - Fraud & Cybercrime
 
Defining effective governance structures and nurturing collaboration
Defining effective governance structures and nurturing collaborationDefining effective governance structures and nurturing collaboration
Defining effective governance structures and nurturing collaboration
 
Frauds making fs companies uncompetitive parag deodhar
Frauds making fs companies uncompetitive parag deodharFrauds making fs companies uncompetitive parag deodhar
Frauds making fs companies uncompetitive parag deodhar
 
Acfe bangalore pdm 2 fraud risk - parag deodhar
Acfe bangalore pdm 2 fraud risk - parag deodharAcfe bangalore pdm 2 fraud risk - parag deodhar
Acfe bangalore pdm 2 fraud risk - parag deodhar
 

Mobile Workplace Risks

  • 1. “Crossing the Lakshman Rekha” Mobile Workplace Risks Enterprise Mobility Summit 9th May 2012, Bengaluru Parag Deodhar Chief Risk Officer
  • 2. circa 5000 BC – Treta Yuga One of the first recorded Social Engineering & Spoofing Attack takes place… 9 May 2012 Parag Deodhar 2
  • 3. Raavan = RA.One Sita = Data Lakshman Rekha = CorporateDeodhar 9 May 2012 Parag Firewall & Security Measures 3
  • 4. Crossing the Lakshman Rekha • Mobility is reshaping business worldwide. It's also reshaping how IT operates… • As a CIO / CISO, you like to be in control. • But mobile and wireless devices are bringing an element of lawlessness to your carefully designed architecture. • Data goes outside the walls of the enterprise, and the “Lakshman Rekha” you have drawn – i.e. all the security measures you have designed for your network. 9 May 2012 Parag Deodhar 4
  • 5. Information Security • Concerns are still the same – Confidentiality – Integrity – Availability • But the context has changed… 9 May 2012 Parag Deodhar 5
  • 6. What are we talking about? • 645 mn+ smart phones* • 100 mn+ tablets* • 35 bn+ apps* • 2G/3G/4G internet connectivity * Data as of end 2011 9 May 2012 Parag Deodhar 6
  • 7. The CEO Wants an iPad Have you made provisioning exceptions for “specialized members” (i.e. executives) to set up non-corporate standard mobile devices? The iPass Mobile Enterprise Report ©2011 iPass Inc. 9 May 2012 Parag Deodhar 7
  • 8. Sounds familiar? • CEO comes to the CIO with an “request” to support his shiny new device. • If the CIO chooses not to support the device, well… (is that really a scenario?) • If the CIO chooses to support the device – He opens the floodgates to chaos: COO, CFO, VPs, GMs, are in queue to use the same device for personal use and work too. – One strategy could be to isolate the CEO and his device into a "test group" in order to buy time to create a BYOD strategy and policy. – But ideal strategy would be to bring to notice of CEO - the impact and risks associated with allowing a new device on the network. 9 May 2012 Parag Deodhar 8
  • 9. Once the floodgates are open… • There’s no controlling the demand for these gadgets. – Everyone wants a Wi-Fi-enabled laptop or handheld so they can e-mail their colleagues while sitting in the airport lounge or access critical sales applications on their network while meeting with customers. – Everyone wants a smart phone, a converged device that combines cell phone and handheld functions. – At worst, these gadgets are status symbols. At best, they increase your workforce’s agility and improve productivity. – Can you say no? 9 May 2012 Parag Deodhar 9
  • 10. New challenges… • Consumerisation raises new and significant challenges: – How do we support these devices if we don’t know what they are? – How can we secure our networks and data, if we can’t control the devices? – How do we differentiate between corporate and personal data on employee-owned devices that are accessing the network? 9 May 2012 Parag Deodhar 10
  • 11. Security problems Have you experienced any of the following security problems? 74% The iPass Mobile Enterprise Report ©2011 iPass Inc. 9 May 2012 Parag Deodhar 11
  • 12. B.Y.O.Ds. • "Bring Your Own Device" trend is increasing by the day. • Despite security concerns and manageability challenges, there are positive effects associated with the BYOD trend. • It supposedly lower costs, increases employee satisfaction and brings about better business outcomes. 46% “policy has increased productivity among end users”. “BYOD has improved employee attraction and retention” "We have seen a change in morale" “Increased job satisfaction” “Increased satisfaction with central corporate IT's customer service" “Increased end users' ability to work from home” 47% 9 May 2012 Parag Deodhar 12
  • 13. B.Y.O.D. Challenge • BYOD blurs the lines between work life and personal life. Context changes throughout the day and sometimes during a single session on Facebook. • Compliance mandates such as PCI DSS, HIPAA, or GLBA have certain requirements related to information security and safeguarding specific data. Those rules still must be followed even if the data is on a laptop owned by an employee. • In the event that a worker is let go, or leaves the company of their own accord, segregating and retrieving company data can be a problem. 9 May 2012 Parag Deodhar 13
  • 14. Concerns with mobile devices • Access Control – Who uses the device? At home? • What is stored on the device? How? – Stored in mobile devices, Cloud storage, sd cards, sim cards – Is data encrypted? – What happens if the device is lost? – Can it be remotely deleted? • How is the data accessed – Is it through encrypted channel? – Over GPRS, wifi, bluetooth… • How is the data shared – social networking on devices; – requests to support new devices: – consumer cloud storage – dropbox, skydrive • Data Leakage Prevention (DLP) – does it work with mobile devices? • Use of Jail-broken devices • What apps are installed on the device? Are these apps certified, tested, malware free? • Device end of life - An exec who sold his dead BlackBerry on eBay for $15.50 after he left the company. Turns out the batteries had just run out, and the new owner found hundreds of confidential e-mails still on the handheld. 9 May 2012 Parag Deodhar 14
  • 15. Unknown risks… What about RIM, bada, symbian – ignorance is bliss! 9 May 2012 Parag Deodhar 15
  • 16. Do you have anti-virus on your mobile? • Symantec says mobile vulnerabilities, almost exclusive to Android, increased by more than 93 percent. More than half of all Android threats collect device data or track users' activities. • A quarter of the mobile threats identified were designed to make money by sending premium SMS messages from infected phones, which could be even more lucrative than stealing your credit card details. Hacked Websites Deliver Android Malware • Websites that have been hacked to deliver malicious software to devices running Android, an apparent new attack vector crafted for the mobile operating system. • The style of attack is known as a drive-by download and is common on the desktop: When someone visits a hacked website, malware can transparently infect the computer if it doesn't have up-to-date patches. • Numerous websites had been compromised to execute the attack. • The malware will automatically start downloading if the hacked website detects an Android device is visiting by looking at the web browser's user-agent string, which specifies the device's operating system. • The hacked websites have an hidden iframe, which is a window that brings other content into the target Web site, at the bottom of a page. The iframe causes the browser to pull content from two other malicious websites hosting the malware. 9 May 2012 Parag Deodhar 16
  • 17. We have content filtering!!! • Religious Sites Carry More Malware Than Porn Sites – Religious and ideological websites can carry three times more malware threats than pornography sites, according to research from security firm Symantec. • Symantec found that the average number of security threats on religious sites was around 115, while adult sites only carried around 25 threats per site – a particularly notable discrepancy considering that there are vastly more pornographic sites than religious ones. Also, only 2.4 percent of adult sites were found to be infected with malware, compared to 20 percent of blogs. 9 May 2012 Parag Deodhar 17
  • 18. Mobile Enterprise Strategy Does your company’s mobility strategy include any of the following?The iPass Mobile Enterprise Report ©2011 iPass Inc. 9 May 2012 Parag Deodhar 18
  • 19. Policy paralysis Do you believe that your company needs to update its IT policies in regards to employee connectivity and mobile device use on any of the iPass Mobile Enterprise Report ©2011 iPass Inc. The following? 9 May 2012 Parag Deodhar 19
  • 20. You need strategy, policy, standards and enforcement • Create a strategy for managing mobile and wireless devices: – identify if there’s a business need for a device – segmenting your employees by job function and requirements – decide on list of devices that IT will (and will not) support – and devising a training plan for users and help desk staffers – enforcement mechanisms that will ensure device security. • Update your security policy and standards – Include mobile device acceptable usage, security standards, provisioning, de-provisioning – all chapters! • Communicate and Train users 9 May 2012 Parag Deodhar 20
  • 21. Enforcement mechanism • Implement a Mobile Device Management solution – Centralize management of mobile platforms – Real-time visibility into mobile environment – Administer consistent policies across devices – Analyze and report critical device information – Ensure compliance with regulations – 2 factor authentication – On BYOD – separate corporate and personal data – use sandbox / containers – Avoid copy / storage on device – if allowed shouldbe encrypted – Install anti-malware – Remote wipe / lock down devices – VPN access – DLP to include mobile devices – Backup critical data – Secure cloud storage – Don’t forget app security 9 May 2012 Parag Deodhar 21
  • 22. Balancing Act! • As enterprise mobility increases… so must security! But… OR • Security should be effective but as transparent as possible – should not hamper user experience and productivity. 9 May 2012 Parag Deodhar 22