Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Device Security MSIT 458 - Information Security December 4, 2010 Team Magic: Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kantanka.

Published byJerry Hebb Modified over 10 years ago

Similar presentations

Presentation on theme: "Mobile Device Security MSIT 458 - Information Security December 4, 2010 Team Magic: Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kantanka."— Presentation transcript:

1 Mobile Device Security MSIT 458 - Information Security December 4, 2010 Team Magic: Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kantanka

2 Agenda The Problem Existing mobility solution Developing the new solution Explanation of solution 2

3 Introduction 3 “By 2014, 90 per cent of firms will support corporate applications on personal devices” - The Economic Times, Nov. 30 th, 2010 "For many professionals, the mobile phone has become a mobile office,“ - Mike Jones, Symantec "There is no question that mobile security will eventually equal – if not surpass – PC security as a threat to IT departments," - Denise Culver, Heavy Reading Mobile Networks Insider

4 Problem Statement With the explosive growth of smartphones, tablets and mobile devices, companies must find a means of providing access to their internal systems and information to their mobile workforce securely and seamlessly. 4

5 Existing Enterprise Blackberry solution Microsoft Exchange 2003 Blackberry Enterprise Server 4.1 SP7 10,000 email boxes 2,000 using mobile devices Only company provided Blackberry devices are supported 5

6 Key Mobile Device Security Concerns Confidentiality Commercial Data Ex: Financial, IP, etc. Personal Data Ex: Customer, Employee records, PCI, etc. User Personal Data Diplomatic cables Accessibility Resource uptime High Availability / Recoverability Archive Maintain device flexibility while protecting against security risks 6

7 Current Needs of the Business and Solution Approach Business users today are more mobile than ever before and are looking to access the enterprise from multiple devices: –Apple iOS –Android –Blackberry –Windows Mobile Users today are more technically skilled than before and are unfortunately able to develop “Business Managed Solutions” which may not meet the security requirements of the enterprise –Must securely support users on the 4 identified leading mobile platforms –Must leverage the significant existing Exchange and Blackberry investment High Level Requirements & Solution Approach The answer – A Mobile Device Management (MDM) Solution

8 DEVELOPING THE SOLUTION 8

9 Solution Requirements MS Exchange Exchange 2003 or Exchange 2007 SP2 ActiveSync (EAS) enabled Enterprise Certificate services / certificate based authentication Mobile Device support Support latest Mobile OS’s Employee-provided device Support for VPN, Wi-Fi, ActiveSync and encryption Centralized IT management & control Support for common file attachments 9

10 Solution Requirements (cont’d) Security All devices should be enrolled into corporate network Provisioning of mobile devices should be secure Security policies should be targeted to right groups/employees Restriction of some/all mobile applications Complex/multi-character passwords required Updates of mobile OS required Encryption of all forms of corporate data Tracking and inventory of all devices Access control over corporate email system Sanction and disconnect modified devices or rouge device Selective/full remote wipe of device 10

11 MDM vendor selection/comparison 11

12 Chosen Solution Good Technology Manage & Protect access to vital company information Without imprisoning the user or their device With flexibility… Manage the entire device OR Manage the Good application Plays nice in the mobile sandbox! 12 "Corporate policies should focus on regulating behavior, rather than devices..." — Gartner, May 2010

13 Making a Good device 13

14 Security Architecture 14

15 Operational Architecture 15

16 Cost Comparison Good Technology Solution CapitalExpense Software (2000 licenses)$140,468- Hardware$178,801$34,410 Maintenance-$57,775 Sub Total$319,269$92,185 TOTAL 2 year capacity$411,454 16 Per Device Comparison Blackberry Enterprise Server Good Technology Annual data plan service$504$0* Annual Inclusive maintenance & support$4$159 Total annual cost$508$159

17 Business/Legal Consequences Financial Liability May be required to pay stipend for device/usage Additionally corporate data plans apply in some instances Employee may be taxed for fringe benefit Nonexempt employees create issues Legal Liability Evidence of illegal activity must not go unreported Archiving may be required 17

18 Consequences to Privacy While some employees will only need access to PIM-data, many will need full device management. In these cases, all data must be subject to review and/or archive by the company Email, SMS/MMS, IM, music, etc. All activity (applications, browser, peripheral control, etc.) must be subject to audit and control at any time. How to handle all of this?? 18

19 Education! Most people will agree to any ToS without second thoughts. Acceptance of the restrictions rely completely on employees’ understanding them Rewards are worth the risks … 19

20 Consequences Despite shared liability, employee-provided cell phones for business purposes are extremely popular. Conveniences for employee Savings for employer Trend will continue 20

21 Conclusion Employee-owned mobile phones provide risks, challenges. However, benefits are great to both company and employees. Our provided solution, leveraging Good Technology, is the most efficient and feasible way to implement a corporate private mobile device policy. 21

Download ppt "Mobile Device Security MSIT 458 - Information Security December 4, 2010 Team Magic: Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kantanka."

Similar presentations

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.
National Infrastructure – Citizen’s Account

National Infrastructure – Citizen’s Account
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
A Media Subscription Service By Peter Kriens CEO aQute OSGi Technology Officer www.aQute.se.

A Media Subscription Service By Peter Kriens CEO aQute OSGi Technology Officer
Addition Facts 1 - 20.

Addition Facts
Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Broadband Wireless Applications for the Mining Industry.

Broadband Wireless Applications for the Mining Industry.
Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?

Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?
Govern the Flow of Data: Moving from Chaos to Control

Govern the Flow of Data: Moving from Chaos to Control
Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.

Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.
©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Visions for 2010 Anna Russell & Andy Clark.

©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Visions for 2010 Anna Russell & Andy Clark.
©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Best Practices to Secure the Mobile Enterprise Macy Torrey

©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Best Practices to Secure the Mobile Enterprise Macy Torrey
MANAGING AND SECURING BYOD Legal ITs Next Great Challenge.

MANAGING AND SECURING BYOD Legal ITs Next Great Challenge.
Security for Mobile Devices

Security for Mobile Devices
November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.

November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Copyright Critical Software S.A. 1998-2008 All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.

Copyright Critical Software S.A All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.
1 1 March 20, 2014 A SIMPLE APPROACH TO BYOD. WHAT THEY DONT WANT IS: Company monitoring of their personal activities or restriction of the apps they.

1 1 March 20, 2014 A SIMPLE APPROACH TO BYOD. WHAT THEY DONT WANT IS: Company monitoring of their personal activities or restriction of the apps they.
IBM Endpoint Manager for Mobile Devices Mobile Device Management

IBM Endpoint Manager for Mobile Devices Mobile Device Management
Copyright - 2008 Movidan, Inc. All rights reserved. 1 Dont think, however, that we have lost our taste for risk. We remain prepared to lose $6 billion.

Copyright Movidan, Inc. All rights reserved. 1 Dont think, however, that we have lost our taste for risk. We remain prepared to lose $6 billion.

Similar presentations

Ads by Google