Upload
aisha-visram
View
31
Download
4
Embed Size (px)
Citation preview
Enterprise Mobile: Solving the ChallengesAisha Visram
Three Key Take-Aways
• Mobile access transforms the way we think about work, And, its not going away.
• Unmanaged personal devices at work is the major cause of security risk
• There is no single, unicorn solution
Agenda
• The Mobile landscape: consumer vs. enterprise
• Creating a Mobility Program
• The challenges
• The role of EMM
• Final conclusions
The Mobile Landscape
Everyone has a Smartphone: 64% vs. 18% in 2009
Smartphones are already Replacing Desktop/Laptops
Millennials = Largest Generation in the Workforce this Year
What does that Mean?
87% - Smartphone never leaves their side
34% - Prefer to collaborate online than in person
45% -Use Personal Smartphones for work purposes
Enterprise Mobility
• IT spending for iPad® tablets - $16 billion in 2013
• 87% of global smartphone market is Android
• Average US employee carries 3 devices
• 70% of users doing work on personal devices, regardless of company policy
InformationWeek Jan 2014
Mobile Landscape
Remarkably, only 14% of companies have instituted a mobile device security policy.
Creating a Mobility Program
CIO Mandate
• Increase IT efficiency• Improve Employee Productivity• Help Customers Succeed
Measures of Success“ All employees accessing data they need to do their job from any mobile device.”
Mobility Program Objectives
• Mobilize processes for smartphones/tablets
• Ensuring corporate data is protected on any device
• Balancing usability and security: “secure-able”
• Making users happy and productive
What do employees/users want?
• Not to be a dinosaur! Employees are more productive on mobile devices they choose.
Measures of Success
What do employees/users want?
• Increasing productivity without interrupting usability
• Easy access to company data and documents
• Manage both corporate and personal data
• Ambient security - it runs in the background if it needs to
• Privacy is protected
Measures of Success
The Challenges
• BYOD
• Which Mobile Apps to allow?
• Mobile Security
• Do we need an Enterprise Mobile Management Solution?
• Others?
Measures of SuccessWhat you Don’t Know CAN Hurt You…
Ponemon Institute March 2013
Are we supposed to go BYOD?
62% of companies to allow BYOD by year’s end, more than 44% of organizations already allow BYOD.
Employee-owned smartphones and tablets used in the enterprise will exceed 1 billion by 2018 due to BYOD.
ComputerWorld, Aug 2013
Are we supposed to go BYOD?
65% of employees said:
- Nothing has been communicated about BYOD- No official policy guidelines - Employees are not allowed to use their own
devices at work
ComputerWorld, Aug 2013
Most Organizations underestimate Cloud App Usage by 90%
Top 20 Cloud Apps in Enterprise
Top apps used Globally - Messaging
An example - Slack
Risks to Enterprise
• Lost or stolen devices • Unauthorized access• Compromised device
• Malware
• Exposure of confidential information
Measures of SuccessMobility Security Incidents: Do the Benefits Outweigh the Risk?
21%• Perform data wipes
on personal devices when employees leave company
Ponemon Institute March 2013
Breaches are due to compromised credentials
Mobile Devices are Harvesting your Data
• Adware grew to 136% to 410,000 apps between 2013 to 2014, giving attackers access to personal information such as contacts
InformationWeek Jan 2014
Can you trust your apps?
AppThority, 2014
Mobile Malware
Mobile Malware
• 97% of mobile malware coming from third-party Android app stores in Asia and Middle East
• Apps carrying malware in Google Play Store is 0.1% (short shelf life if encountered)
Forbes, March 2014
The Role of EMM
Device Management BlueprintMeasures of Success
Privacy Protection
Security Management
Secure Configurations
Remote Wipe
Device Protection
App Management
Corp Integration
Device Management
Mobile Device Management• Ease of deployment: 1000’s of mobile devices can be
remotely provisioned with corporate data and managed
• Selective wipe: removing corporate data, leaving the personal data on the device
• Enforcing device passcode and hardware encryption
• Device posture: if device is jailbroken/rooted, unencrypted, doesn’t have min OS, IT can prevent device from connecting to corporate network
• Disallow Screen Capture/Roaming/iCloud
Mobile Device Management• Application Control: Requiring apps to be installed/removed, prevent app from being
backed up to iCloud/Google Cloud
• Securing email and attachments
– Protect email attachments: personal apps
– ActiveSync is not enough• Policies can be circumvented• Device posture is not detected and enforced
– Protect email attachments from being shared with personal applications
– Detect + block jailbreak/root devices– Cert-based authentication for email
Mobile Application Management
• Per App VPN: • Apps can be automatically configured to
connect to VPN when they are launched• Not exposing entire device to the
corporate network• Improves performance• Privacy
• “Open In”
Mobile Application Management
• Share data between: • Secure apps (Secure Secure)• Whitelist apps (Secure Secure & Managed)• With personal apps (Personal Secure)
Final Conclusions
• Figuring this out is critical to the success of your business
• Risk has to be balanced with usability
• Approach mobility as any other mission critical project – process, policy and accountability
QUESTIONS?
PARKING LOT
Are we supposed to go BYOD?
• Should you go BYOD? • IT Leaders (60%): BYOD does not deliver on higher
customer satisfaction• Assessing the cost/benefit• IT Leaders (62%): BYOD does not lower IT expenses• Lowers capital expenditure, but may increase support
costs• BYOD for corporate-issued devices• Improve access and re-evaluate restrictive security
policies
ComputerWorld, Aug 2013
What do we make of conflicting data?
Are we supposed to go BYOD?
1. Employees need to choose any mobile device/OS
2. Make sure access is easy for authorized users
My Top 11 for a Successful BYOD Program
Are we supposed to go BYOD?
3. Pay attention to mobile use cases and LOB
My Top 11 for a Successful BYOD Program
Are we supposed to go BYOD?
4. Communication plan. Be transparent with employees.
5. Manage data and not devices: • Mobile Application Management policies• Data and User classification• Isolate network• Detect and Contain• Unsecure networks and multi-auth
67% do not have policies in place that address sharing of corporate files in third-party cloud storage services.
Acronis, July 2013
My Top 11 for a Successful BYOD Program
Are we supposed to go BYOD?
6. Separate personal data from corporate data
7. Don’t forget the basics: password protection & encryption!
8. Lost/stolen device? Wipe corp data and block
My Top 11 for a Successful BYOD Program
Are we supposed to go BYOD?
6. Reduce corporate liability with private data
7. Involve stakeholders
8. Run a BYOD pilot!
My Top 11 for a Successful BYOD Program
Mobile Corp Data Leakage
• Identify which mobile apps put corporate data at risk vs. which apps are benign
• Risky app behaviours• Transferring Contacts• Cloud-based file storage • Uses microphone• Accesses IMEI/UDID• Single Sign on (social networking)• Location tracking
• Mobile malware and spyware
Saves password on device in clear text
Links to credit card for auto-load
App Reputation – Identifying the Bad Guys