tackling mobile security with a layered defense
DESCRIPTION
Mobile technology has introduced significant risks, and the threats reach far beyond lost and stolen devices. While bring-your-own-device (BYOD) programs are popular for their promise of increased productivity, organizations must also secure the mobile interactions of employees, contract or temporary workers and business partners. In this session David Lingenfelter, Information Security Officer at MaaS360 by IBM, discusses best practices you can use to implement a layered approach using the cloud to protect corporate data and enable opportunity, while adapting to this new model.TRANSCRIPT
Protecting Data in a Mobile World
Tackling Mobile Security with a Layered Defense
David Lingenfelter | [email protected] | www.maas360.com
Mobility Challenges Continue to Accelerate
60% of employees
use personal devices for work
iOS dominates in the
enterprise, but Android is catching up
By 2017, Half of
employers will require BYOD
By 2014, 90% of organizations will support
corporate applications on personal devices
Scale Mobile To Every Part of Your Business
SALES
SALES
FINANCE
MARKETING
SALES
FINANCE
MARKETING
FACILITIES
ENGINEERING
HR
R&D
ENTERPRISE & GLOBAL LOCATIONS
EXECUTIVES
WANT THE LATEST DEVICES & APPS
?
PROBLEM SOLVED IN MINUTES OR HOURS
SINGLE DEPARTMENT & LOCATION
MULTIPLE DEPARTMENTS & LOCATIONS
ENTERPRISE & GLOBAL LOCATIONS ENABLED
MULTIPLE DEPARTMENTS & LOCATIONS ENABLED
SINGLE DEPARTMENT & LOCATION ENABLED
Easily start with one team
Deploy across your organization
So Many Use Cases To Enable and Secure
Many different use cases within a single company
Corporate Owned
BYOD
Shared Devices
Cart Devices
Kiosk Devices
Data Leakage
Apps
Blacklisting
URL filtering
SharePoint/EFSS
Intranet Access
4
These Don’t Help…
5
Mobile Security Trend – Layered Security
6
Layered Security Approaches
7
Don’t forget to “Secure the Network”
Secure The Device
Dynamic security and compliance features continuously monitor devices and take action.
– Specify passcode policies – Enforce encryption settings – Detect and restrict jailbroken and
rooted devices – Remotely locate, lock and wipe
lost or stolen devices – Selectively wipe corporate data
leaving personal data intact
8
Location-based policies
Device Enrollment, Acceptable Use
OTA Configuration
Secure The Container - Mail
An office productivity app with email, calendar and contacts
9
– Contains emails and attachments to prevent data leakage
– FIPS 140-2 compliant, AES-256 bit encryption for data at rest
– Restrict forwarding, moving, cut/paste and screen captures
– Conduct on-line and off-line compliance checks prior accessing email
Secure The Container - Content
A secure content container
Providing ways to push and pull content with security controls and collaboration tools
– Enforce user authentication
– Allow users to edit and share attachments
– Add, sync, and remove documents
– Protect sensitive documents with DLP controls
– Integrates with SharePoint and other file stores
10
Secure The App
Operational and security management to protect against data leaks
11
– Enable user authentication
– Prevent access from compromised devices
– Alert administrators of violations
– Take automated actions
– Restrict cut/copy/paste
– Enforce file protection
– Limit data backup to iTunes
Enhancing private and public app manageability and security through MaaS360 supplied (SDK or wrapping) code libraries and policies
Secure The Browser
A fully-functional web browser to enable secure access to corporate intranet sites and enforce compliance of policies
12
– Allow access to corporate intranet sites and network without VPN (e.g. JIRA)
– Define URL filters and security policies based on categories
– Block known malicious websites
– Enforce whitelist exceptions to some sites
– Restrict cookies, downloads, copy, paste, and print features to prevent data leaks
– Disable native and 3rd party web browsers
Remember – A Single Approach Will NOT Work…
13
IBM MaaS360 Delivers an Integrated Approach
14
Secure Content Collaboration
Secure Mobile Containers
Comprehensive Mobile Management
Seamless Enterprise Access
One Platform for All Your Mobile Assets
Embrace The New Normal
15
Mobile is becoming THE IT platform
Go beyond enabling these new devices Mobile utilization of corporate network/resources
Separation of corporate & personal apps/data
App management & security (and app dev assist)
Identity, context and more sophisticated policy
OTA Configuration Security Policies Compliance Engine
IBM MaaS360 Platform Overview
Cloud Extender™
Identity Access Controls Discovery
App Tunnel Proxy Security
Intranet
Apps
SharePoint
Data
Exchange
AD/LDAP
Lotus
BES
Certs
Mobile Enterprise Gateway™
Secure Productivity Suite
Docs
Web
Apps
Workplace™
Ente
rpri
se
Inte
rnet
EMM Platform
AP
Is
Doc Sharing & Editing
Mail, Calendar, Contacts
Web & Intranet
App SDK/ Wrapping
APIs
Diverse Enterprise Customer Base
Others Manufacturing Consumer Financial Healthcare Public
17
Why Customers Choose MaaS360
Easiest to Deploy and Scale Mobile Device, App, and Content Management & Security platform For organizations that are…
• Embracing multi-OS environments (iOS, Android, Windows Phone) • Allowing Bring-Your-Own-Device (BYOD) programs • Developing and deploying mobile apps (public and private) • Enabling corporate content on mobile devices securely (push and pull) • AND MORE….
18
What’s to Come?
We shall be able to communicate with one another instantly, irrespective of distance. Not only this, but through television and
telephony we shall see and hear one another as perfectly as though we were face to face, despite intervening distances of thousands of miles; and the instruments through which we shall be able to do this will be amazingly simple compared with our present telephone. A
man will be able to carry one in his vest pocket.
- Nikola Tesla
19
“
”
