The IT Manager’s Nightmare... “Good morning, the board decided last night that we need to have iPads in order to do our work properly. Can you please.

Slides:

Advertisements

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Advertisements

Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Rider Universitys BYOD Story. First two short films…… Dilbert Humorous skit about an employee, desperate to get his work done more efficiently tries to.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

Security for Mobile Devices

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.

Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.

Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.

1 © Copyright 2013 EMC Corporation. All rights reserved. Online File Synchronization and Sharing for the Enterprise.

IPads Everywhere! Management Considerations for the Enterprise Bill Morrison Director of Technology, Rapides Parish School District

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT Christopher P. Buse Assistant Commissioner and CISO State of Minnesota Mobile Device Management Assessing.

Meraki Mobile Device Management

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

SAM for Mobile Device Management Presenter Name. of employees spend at least some portion of their time working outside their office. Mobility is the.

IOS 8 for MDM/EMM Greg Elliott Shiv Chandra Kumar.

Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

New Data Regulation Law 201 CMR TJX Video.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Supporting BYOD Dennis Cromwell Supporting BYOD  CISCO Study – 15B devices capable of connecting to a network by 2015  The Consumerization.

BRING YOUR OWN DEVICE. BYOD AND THE IMPACT ON IT SECURITY BYOD and pressure employees put on IT organization to supply or allow consumer mobility devices.

Cyber Security. Security – It’s About Layers There’s no one stop solution to protection Each layer you add, an additional tool will be needed to pierce.

DISCOVER IT PEACE OF MIND Staying HIPAA-Compliant Revised: April 13, 2015.

Security considerations for mobile devices in GoRTT

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

OCR Cambridge National ICT Mr Conti 10X 25 th April 2014.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Secure Data Sharing What is it Where is it What is the Risk – Strategic > What Policy should be enforced > How can the process be Audited > Ongoing Process.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.

MOBYLLA 2012 Mobylla Hellas – InfocomAPPs, ATHENS, Feb.21 st, 2012.

Imagine a health system that focuses on health, not just health care. Imagine a sustainable health system with one goal: to improve the lives of the people.

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

Chapter 2 Securing Network Server and User Workstations.

- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.

KTAC Security Task Force Superintendents Update April 23, 2015.

Toolooa SHS BYOD Parent Information Night. Why is BYOD (Bring Your Own Device)happening? The current hire devices were Federally funded and the funding.

James Lewis and Simon Waight Office 365 security: everywhere you need it to be PRD33 1.

Sophos EndUser Protection Complete endpoint, mobile, web and data security licensed by the user – not the device.

User and Device Management

Craig Pringle & Derek Moir

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.

Equipping Your Mobile Workforce for a Seamless Customer Experience in an Unsecured Wireless World Dr. Simon Blake-Wilson Chief Security Advisor.

Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.

BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.

Technical and organisational measures for protecting data and ensuring data security Simon Rice Group Manager (Technology) 29 May 2014.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

Mobile Device Security Management Leyna Belinsky.

Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.

The time to address enterprise mobility is now

MICROSOFT AZURE ISV PROFILE: ONEBE

12 STEPS TO A GDPR AWARE NETWORK

Microsoft 365 Business Technical Fundamentals Series

Personal Mobile Device Acceptable Use Policy Training Slideshow

Microsoft Virtual Academy

Presentation transcript:

The IT Manager’s Nightmare... “Good morning, the board decided last night that we need to have iPads in order to do our work properly. Can you please have these set up for us by next Friday so that we can read the board minutes, … oh, and I decided I couldn’t wait, so here is mine so that you can get me connected today”

Disruptive Technologies  1980’sThe Microcomputer  1980’sThe Network  1990’sPersonal  1990’sThe Web  2000’sSmart Phones  2010’sMobile Computing Devices

Mobile Computing Security Challenges  What ever happened to the network perimeter?  Is that one of our devices?  Is that really one of our users?  Where is our data?  No, I said it’s our data, not your data  Yes, I know that it’s a clever app  Who’s in charge of these things anyway?

Security Taxonomy Physical Security Storage Security Perimeter Security Identity Management Internal Security Security Management Encryption Mobile Device Security Mobile Device Policy

Best Practices for Policy  Engage the business Understand their mobile computing requirements Survey your workforce Establish a corporate strategy based on requirement vs risk

Best Practices for Policy  Establish levels of ‘service’ Tier 1 ○ Corporate owned devices ○ PIM and business applications Tier 2 ○ Corporate or user owned devices ○ Lightly managed and supported (eg mail/calendar) Tier 3 ○ User owned devices ○ Web based access only ○ Unsupported

Best Practices for Policy  Reserve to right to manage ALL devices with access to corporate resources Includes connections to internal wireless LANs and connections to PC’s. Require installation of your security profile on all devices as a condition of access.

Best Practices for Policy  Isolate corporate data from private data Sandboxing Policy compliance Application publication (no data at rest)

Best Practices for Policy  Enforce strong security controls Passwords Auto lock Remote wipe Certificates Encryption Enforced device policy

Best Practices for Policy  Consider disabling device functions that conflict with business activities Camera App stores Cloud storage services YouTube Explicit content

Best Practices for Policy  Enforce acceptable use policy Cover current and future devices “everywhere” access means wiping a device when the employee leaves the organisation... And that may include their own personal device if it has been used to access corporate systems.

Best Practices for Policy  Determine how users with be provisioned with applications The use of ‘app’ stores is fine with only a few users but can become unwieldy with many users Start with basic applications ( , collaboration, productivity) Layer on advanced applications

Best Practices for Policy  Proactively monitor voice and data usage Implement ongoing recording of usage

Best Practices for Policy  Require users to backup their own data If it’s their information, they are responsible for it. Assert the right to wipe the device if it is lost or stolen Assert the right to wipe the device when the employee leaves

Best Practices for Policy  Teach Users about ‘Stranger Danger’ No reading of sensitive information in uncontrolled areas... ○ Aircraft ○ Trains ○ Supplier offices  Close/lock the devices when not in use.  Beware of theft

Best Practices for Policy  Require users to understand and agree with policy Security policies don’t belong in a book Publish policies for all users to read Review the policies annually

Best Practices for Policy  Address the ramifications of non compliance to policy Usage infractions Unauthorised application installation Inappropriate material Not reporting lost devices Excessive personal use

OK, So You’ve Got Your New Toys, Now What?  Learn to walk before you can fly!  Implement a mobile device management system  Establish a base device policy  Enforce that policy

Device Policy #1 Enable Password Protection  Require a PIN code after power on  Require a PIN code after auto lock  Minimum of 4 digits Preferably longer if the device supports it

Device Policy #2 Lock the Device  Always enable auto- lock on mobile devices  Keep the lock period to as short as possible

Device Policy #3 Enable Wiping  Wipe on more than five invalid PIN code entries  Remote wipe in the event of loss or theft Easily implemented in Exchange, Keriomail and BES  Setup a lost device hotline  Wipe devices prior to disposal

Device Policy #4 Turn on Device Encryption  IOS4.x, 5.x All user data is automatically encrypted  Android Information on removable media is not encrypted by default.  Windows Mobile 7 Encryption not supported ○ “It's important to note that Windows Phone 7 (WP7) primarily was developed as a consumer device and not an enterprise device”.  Windows 8 Expected to be supported when it is released

Device Policy #5 Encrypt Data in Transit  Enable SSL encryption  Use digital certificates

Device Policy #6 Update Frequently  Keep the operating system and applications up to date  Enable auto update if available

Device Policy #7 Control Network Connections  Disable network services if not required ○ Wifi ○ Bluetooth ○ Infrared  Restrict WiFi Connections to authorised networks

Device Policy #8 Install AntiVirus Software  Install AntiVirus software wherever practical  Controlled and scrutinised application release minimises the threat

Strategy Decisions: BYOD  Bring Your Own Device  Your data, their device, your risk  Firmly establish a data centric security strategy before even considering a BYOD strategy

Strategy Decisions: Application Publication Model  Securely publish applications to mobile devices from your data centre  Removes data at rest risk  Device agnostic approach  Requires good data centre bandwidth  Enabler for BYOD strategy

Going Full Circle?

Conclusion  Mobile devices/tablets are a game changing technology  Successful (and secure) deployment requires an effective policy and an effective strategy

Tony Krzyzewski Kaon Technologies Ltd