What is “mobile security?” Seriously, what is it? Is it hardening controls, policy enforcement, knowing how to test mobile apps, mobile antivirus? And how do I map mobile security into an enterprise security strategy? A year later, it’s still as ubiquitous as it has ever been. However with the sophistication of device-based attacks and with the sheer volume of mobile malware exploding, mobile security maintains its status as a major pain point and a critical element you have to consider when building a security program. Given the research available and the increasing threatscape, mobile security preparedness predicated on managing the strategy is a better option than reactionary measures. What’s new in 2015 is there is more sufficient evidence that mobile attacks will further penetrate enterprise systems based on the increase of mobile device ‘involvement’ in many major hacks (not necessarily root cause traced to devices or compromised mobile apps) This presentation will discuss the key trends impacting mobile security and will lay out an updated set of building blocks to produce a holistic mobile security model: from BYOD to mobile policy development to MDM; common and emerging exploits and targeted malware; the myriad of possible mitigations; and the notion of trusted software vs device-specific consideration. Additionally, before we look at policy implementation best practices, we’ll look at a few key use cases and review a few sample enterprise models to learn how some of top organizations are managing mobile security. Finally, the presentation will take a five-year look outward to determine what impact mobile security will have long-term.