infrastructure security of mobile devices in the enterprise by ulrik van schepdael
DESCRIPTION
Seminar by Ulrik van Schepdael during Infosecurity.be 2011TRANSCRIPT
Infrastructure security of mobile devices in the enterprise Ulrik Van Schepdael [email protected]
Ceci n’est pas un téléphone
The user is in control
(WIRED Feb 28 ‘11) -- From the earliest days of
aviation, pilots have relied upon paper maps to
help find their way. Even in an era of GPS and
advanced avionics, you still see pilots lugging
around 20 pounds or more of charts.
But those days are numbered, because maps
are giving way to iPads.
The Federal Aviation Administration is allowing
charter company Executive Jet Management
to use Apple's tablet as an approved
alternative to paper charts.
Professionals with a Smart Phone work 15 hours extra per week,
earn 27% less and they love it!
(Peninsula UK Sept ‘09 - EarlySail picture)
Worldwide Smartphone Sales to End Users in 2Q09 (Thousands of Units)
Work More
New challenges for IT !
• Manage the Multi-OS
• Control the Cost
• Mixed Personal and Corporate content
• Security of data at rest, travel, …
• AppstorM is here
One size does not fit all
(Forrester research) – not one company has the
exact same needs let alone the individual users within
the company
How many profiles do you need ?
1 is enough
3 should do
…
everybody is
different
A mobile profile
contains:
- telecom
- applications
- network access
- support level
- …
Stalin versus Dalai Lama
75% of 1000 interviewed Belgian companies do NOT
agree employees connect their personal smartphone
or tablet to the corporate network.
+50% finds it unacceptable. (Datanews survey November 2010)
More than double of what is thought connects its
own device to the corporate network (IDC 2010)
What’s your style?
Control Choice Innovation Hands-Off
Primary Management goal
Guarantee service level and strictly control risk
Satisfy users without incurring excessive risk
Empower users to develop new techniques and processes
Minimize management responsibility and liability
Responsibility for service Quality
Enterprise IT Enterprise IT and Users
Users and Enterprise IT
Users
Support level Everything All, but limited on device
Self support, limited IT
Self support
Information assurance
Enterprise responsibility
Enterprise and User
User and Enterprise
User
?
What’s your style?
Control Choice Innovation Hands-Off
Primary Management goal
Guarantee service level and strictly control risk
Satisfy users without incurring excessive risk
Empower users to develop new techniques and processes
Minimize management responsibility and liability
Responsibility for service Quality
Enterprise IT Enterprise IT and Users
Users and Enterprise IT
Users
Support level Everything All, but limited on device
Self support, limited IT
Self support
Information assurance
Enterprise responsibility
Enterprise and User
User and Enterprise
User
?
What’s your style?
Control Choice Innovation Hands-Off
Primary Management goal
Guarantee service level and strictly control risk
Satisfy users without incurring excessive risk
Empower users to develop new techniques and processes
Minimize management responsibility and liability
Responsibility for service Quality
Enterprise IT Enterprise IT and Users
Users and Enterprise IT
Users
Support level Everything All, but limited on device
Self support, limited IT
Self support
Information assurance
Enterprise responsibility
Enterprise and User
User and Enterprise
User
?
What’s your style?
Control Choice Innovation Hands-Off
Primary Management goal
Guarantee service level and strictly control risk
Satisfy users without incurring excessive risk
Empower users to develop new techniques and processes
Minimize management responsibility and liability
Responsibility for service Quality
Enterprise IT Enterprise IT and Users
Users and Enterprise IT
Users
Support level Everything All, but limited on device
Self support, limited IT
Self support
Information assurance
Enterprise responsibility
Enterprise and User
User and Enterprise
User
?
What are the consequences ?
Control Choice Innovation Hands-Off
Policy Enforced Applied and Controlled
Applied and Controlled
Checked
Device Ownership
Enterprise Enterprise or User Enterprise or User User
Device choice Limited Medium range Anything Anything
Application portfolio
Clearly defined Managed and limited
Unconstrained Limited enterprise apps
App store policy Forbidden Permitted but following policy
Permitted Permitted
Mobile Expenses Enterprise Mixed Mixed User
MobileIron - Confidential
Audit/ Logging Regulatory
Compliance
Help Desk
Remote Access Trouble Spot Detection Broadcast SMS Recovery/Restore Safety
Asset Management
Operational Status
Connection Status
System Details
Multi-OS Inventory
Security and Policy
Cert distribution
Anti-virus and DLP*
Encryption
Enforcement Provisioning
Over-the-Air
(OTA) Self Service
End of Life
Data Migration
Selective Wipe
Applications
Push and Publish
Enterprise App Store
Internal and 3rd Party
Recommendations*
Content/Files
Push and Publish
Inventory
Mobile Access PC*
Search and Share*
Lost Phone
Lock and Wipe
Location Tracking
Selective Wipe
Content Visibility
Activity
Usage Patterns
Service Quality
Location
Threshold Alerts
Privacy Settings
Enterprise
Voice, SMS
Data
Employee- &
Company-owned
managed life cycle