Upload
smilee4
View
240
Download
0
Embed Size (px)
Citation preview
8/6/2019 McAfee Mobility&Security
1/12
Mobility and SecurityDazzling Opportunities, Profound ChallengesWritten by Carnegie Mellon University
Dr. David Goldschlag, VP of Mobility, McAfeeMr. Richard Power, Distinguished Fellow, CyLab
8/6/2019 McAfee Mobility&Security
2/12
Confidential McAfee Internal Use Only
Report Background
In collaboration with Carnegie Mellon University, McAfee took a hard look at
the topic of mobile security and the consumerization of IT. Mobility andSecurity: Dazzling Opportunities, Profound Challenges, is based on asurvey of more than 1500 information technology and end user respondentsfrom 14 countries and was commissioned by McAfee and produced byCarnegie Mellons CyLab.
The online surveys were administered by international research firm VansonBourne. Businesses in Australia, Brazil, Canada, China, France, Germany,India, Japan, Mexico, the Netherlands, Spain, Switzerland, the U.K., and theU.S., participated in the survey.
We examined the current state of mobile security, some common problemsand offered some recommendations that all businesses and consumers
should consider.
What we found is that there is a serious disconnect between businesses andmobile users. While an increasing number of consumers use mobile devicesfor both business and personal activities, large numbers are not familiar withtheir employers corporate policy on the use of mobile devices.
8/6/2019 McAfee Mobility&Security
3/12
Confidential McAfee Internal Use Only
Mobility in Twenty-First Century Computing and theConsumerization of IT
Recent advances in computing technology have resulted in greatly
increased speed and storage capacity for mobile computing devices This shift to mobile computing hasnt just changed users personal
lives, it is changing their work lives too. More users are finding thattheir employers are not keeping pace with changing mobiletechnologies.
Apple iPhones, Droids, Apple iPads, and other mobile platforms areinvading corporations worldwide. According to Apples chief operatingofficer, 65 percent of Fortune 100 firms are already deploying the iPador piloting projects, and many analyst firms are predicting an explosionof tablet devices in the enterprise in 2011
According to the Gartner report, Forecast: Mobile Application Stores,Worldwide, 2008-2015, May 18, 2011 (G00212661), 17.7 billionmobile apps are estimated to be downloaded in 2011 (a 115%increase from 2010). By 2012, mobile apps are projected to generatemore than $15 billion in app store revenues from end-users alone.
3
8/6/2019 McAfee Mobility&Security
4/12
Confidential McAfee Internal Use Only
Security Implications of Mobility in Twenty-FirstCentury Computing
Attacks against mobile devices will escalate in 2011as criminals seek to tap into fragile cellularinfrastructure to access often unencrypted businessand corporate communications.
The contact list on a smartphone containsintelligence on who the company does business
with, including current clients, prospects, criticalsuppliers, influential analysts and reporters, andothers
What if a remote attacker turned a smartphone orlaptop into a tape recorder concealed in plain
sight, and was carried into the enterprise?
Most information is vulnerable, not because
of attacks, but because they are accidentally
left somewhere
June 1, 20114
95 percent of
organizations havepolicies in place formobile devices.However, less thanone in threeemployees arevery aware of theircompanys mobilesecurity policy.
8/6/2019 McAfee Mobility&Security
5/12
Confidential McAfee Internal Use Only
Lost and Stolen Devices
Lost and stolen mobile devices are
seen as the greatest securityconcern in the mobile computingenvironment.
Loss of a device and the theft of adevice are the two most commonly
reported concerns of users of mobiledevices.
Loss and theft are also the securityissues that worry the most ITdirectors.
Mobile devices are almost
universally used for email, followedby contacts, web access andcalendaring, with 93 percent usingthem for email, 77 percent managingcontacts, 75 percent web access,and 72 percent calendaring.
8/6/2019 McAfee Mobility&Security
6/12
Confidential McAfee Internal Use Only
Security Policy Versus Mobile Reality
There is a serious disconnect
between policy and reality andbetween policy awareness andadherence. Both IT directors andusers are dissatisfied with the statusquo.
Recognizing that mobile devicespose a security risk, 95 percent oforganizations have policies in place
However, less than one in threeemployees are aware of theircompanys mobile security policy.
Worse yet, fewer than half ofcompanies report that all of theiremployees understand their mobiledevice access/permissions.
6
Four in 10 organizations do not have
a policy on the number of devicestheir employees are allowed to sync.
Four in 10 organizations allowemployees to access the Internetand download mobile apps freely,
using their mobile devices. More than a third of businesses
allow mobile device users to connectto the internal network with thosedevices.
8/6/2019 McAfee Mobility&Security
7/12
Confidential McAfee Internal Use Only
Glaring Shortcomings of Mobile Policies
CyLab researcher Patrick Tague addressesseveral aspects of the survey results thatunderscore some glaring shortcomings ofmobile security and policy management:
Lack of separation between devices for
personal and business use Overwhelming lack of awareness of
company policies regarding security andprivacy
Apparent unwillingness of the majority of
administrators to pay for mobile securityproducts or services
I was pleasantlysurprised to see thatadministrators areincreasinglyincorporating locationand other contextualinformation into securitymanagement, saysTague. These sorts ofdata provide usefulsupplements to
traditional access controland authenticationmechanismsthat will undoubtedlyimprove usability.
8/6/2019 McAfee Mobility&Security
8/12
Confidential McAfee Internal Use Only
Types of Smartphones Supported
8
8/6/2019 McAfee Mobility&Security
9/12
Confidential McAfee Internal Use Only
Location-Based Technology Could Improve MobileSecurity
Respondents offered insights into additional
technologies and services that may play agreater role as mobile computingenvironment evolves further.
More than one in five businesses are usinglocation-based technology and almost half
are considering do so.
I find it disturbing that only 22 percent are
using location now, and that 30 percent arenot even considering it,Martin Griss, Director of the CyLab MobilityResearch Center.
8/6/2019 McAfee Mobility&Security
10/12
Confidential McAfee Internal Use Only
Recommendations for Mobile Users
10
You are part of a computing sea of change. With devices eclipsing PCs, and
virtually every app device-ready, mobile computing offers you an opportunityto be entertained, informed and connected wherever you are. Use this toyour advantage to be more productive on the go.
Driven by users desire for device choice and employers need for costsavings, individuals are increasingly bringing their own devices to work.
Take advantage of your employers program and use your technology to bemore nimble in your work.
Familiarize yourself with your employers mobile device policy and the intentbehind it, and decide whether it fits your needs. If so, accept the policy andmove on; if not, use two devicesone for personal use and one for work.
Take steps to secure your device. Install anti-theft technology, and back up
your data. Configure your device to auto-lock after a period of time. Dontstore data you cant afford to lose or have others access on an insecuredevice.
Be aware of mobile device threats. In many ways, they are the same as inthe online world. You can be hacked, infected, or phished on a mobile device
just as easily (and often more easily) as you can online.
8/6/2019 McAfee Mobility&Security
11/12
Confidential McAfee Internal Use Only
Recommendations for Businesses
11
Mobility is ushering a new computing paradigm into the workplace. With
devices eclipsing PCs and virtually every business application beingdevice-ready, mobile computing offers an opportunity to make workersmore productive, competitive, and happy. Mobility done right is a majorcompetitive advantage in the workplace.
Allow, Encourage, and, in some cases, provide a stipend for, employee-owned technology to work.
Enable, secure, and manage employee-owned technology in an optimalway to drive cost savings.
Apply policies in a nuanced, risk-based way that depends on the industry,the role, and the situational context.
Classify data, even at a high level, and apply data leakage processes andmechanisms in order to protect corporate data while respecting usersprivacy.
Apply security and management paradigms from laptops and desktops tomobile devices.
Educate users about the risks and threats through employee agreementsand training.
8/6/2019 McAfee Mobility&Security
12/12