Presentation is loading. Please wait.

Presentation is loading. Please wait.

The IT Manager’s Nightmare... “Good morning, the board decided last night that we need to have iPads in order to do our work properly. Can you please.

Published byMiles Wyche Modified over 9 years ago

Similar presentations

Presentation on theme: "The IT Manager’s Nightmare... “Good morning, the board decided last night that we need to have iPads in order to do our work properly. Can you please."— Presentation transcript:

1

2 The IT Manager’s Nightmare... “Good morning, the board decided last night that we need to have iPads in order to do our work properly. Can you please have these set up for us by next Friday so that we can read the board minutes, … oh, and I decided I couldn’t wait, so here is mine so that you can get me connected today”

3 Disruptive Technologies  1980’sThe Microcomputer  1980’sThe Network  1990’sPersonal Email  1990’sThe Web  2000’sSmart Phones  2010’sMobile Computing Devices

4 Mobile Computing Security Challenges  What ever happened to the network perimeter?  Is that one of our devices?  Is that really one of our users?  Where is our data?  No, I said it’s our data, not your data  Yes, I know that it’s a clever app  Who’s in charge of these !@(*#^)* things anyway?

5 Security Taxonomy Physical Security Storage Security Perimeter Security Identity Management Internal Security Security Management Encryption Mobile Device Security Mobile Device Policy

6 Best Practices for Policy  Engage the business Understand their mobile computing requirements Survey your workforce Establish a corporate strategy based on requirement vs risk

7 Best Practices for Policy  Establish levels of ‘service’ Tier 1 ○ Corporate owned devices ○ PIM and business applications Tier 2 ○ Corporate or user owned devices ○ Lightly managed and supported (eg mail/calendar) Tier 3 ○ User owned devices ○ Web based access only ○ Unsupported

8 Best Practices for Policy  Reserve to right to manage ALL devices with access to corporate resources Includes connections to internal wireless LANs and connections to PC’s. Require installation of your security profile on all devices as a condition of access.

9 Best Practices for Policy  Isolate corporate data from private data Sandboxing Policy compliance Application publication (no data at rest)

10 Best Practices for Policy  Enforce strong security controls Passwords Auto lock Remote wipe Certificates Encryption Enforced device policy

11 Best Practices for Policy  Consider disabling device functions that conflict with business activities Camera App stores Cloud storage services YouTube Explicit content

12 Best Practices for Policy  Enforce acceptable use policy Cover current and future devices “everywhere” access means wiping a device when the employee leaves the organisation... And that may include their own personal device if it has been used to access corporate systems.

13 Best Practices for Policy  Determine how users with be provisioned with applications The use of ‘app’ stores is fine with only a few users but can become unwieldy with many users Start with basic applications (email, collaboration, productivity) Layer on advanced applications

14 Best Practices for Policy  Proactively monitor voice and data usage Implement ongoing recording of usage

15 Best Practices for Policy  Require users to backup their own data If it’s their information, they are responsible for it. Assert the right to wipe the device if it is lost or stolen Assert the right to wipe the device when the employee leaves

16 Best Practices for Policy  Teach Users about ‘Stranger Danger’ No reading of sensitive information in uncontrolled areas... ○ Aircraft ○ Trains ○ Supplier offices  Close/lock the devices when not in use.  Beware of theft

17 Best Practices for Policy  Require users to understand and agree with policy Security policies don’t belong in a book Publish policies for all users to read Review the policies annually

18 Best Practices for Policy  Address the ramifications of non compliance to policy Usage infractions Unauthorised application installation Inappropriate material Not reporting lost devices Excessive personal use

19 OK, So You’ve Got Your New Toys, Now What?  Learn to walk before you can fly!  Implement a mobile device management system  Establish a base device policy  Enforce that policy

20 Device Policy #1 Enable Password Protection  Require a PIN code after power on  Require a PIN code after auto lock  Minimum of 4 digits Preferably longer if the device supports it

21 Device Policy #2 Lock the Device  Always enable auto- lock on mobile devices  Keep the lock period to as short as possible

22 Device Policy #3 Enable Wiping  Wipe on more than five invalid PIN code entries  Remote wipe in the event of loss or theft Easily implemented in Exchange, Keriomail and BES  Setup a lost device hotline  Wipe devices prior to disposal

23 Device Policy #4 Turn on Device Encryption  IOS4.x, 5.x All user data is automatically encrypted  Android Information on removable media is not encrypted by default.  Windows Mobile 7 Encryption not supported ○ “It's important to note that Windows Phone 7 (WP7) primarily was developed as a consumer device and not an enterprise device”.  Windows 8 Expected to be supported when it is released

24 Device Policy #5 Encrypt Data in Transit  Enable SSL encryption  Use digital certificates

25 Device Policy #6 Update Frequently  Keep the operating system and applications up to date  Enable auto update if available

26 Device Policy #7 Control Network Connections  Disable network services if not required ○ Wifi ○ Bluetooth ○ Infrared  Restrict WiFi Connections to authorised networks

27 Device Policy #8 Install AntiVirus Software  Install AntiVirus software wherever practical  Controlled and scrutinised application release minimises the threat

28 Strategy Decisions: BYOD  Bring Your Own Device  Your data, their device, your risk  Firmly establish a data centric security strategy before even considering a BYOD strategy

29 Strategy Decisions: Application Publication Model  Securely publish applications to mobile devices from your data centre  Removes data at rest risk  Device agnostic approach  Requires good data centre bandwidth  Enabler for BYOD strategy

30 Going Full Circle?

31

32 Conclusion  Mobile devices/tablets are a game changing technology  Successful (and secure) deployment requires an effective policy and an effective strategy

33 Tony Krzyzewski Kaon Technologies Ltd tonyk@kaon.co.nz www.kaon.co.nz www.kaonsecurity.co.nz

Download ppt "The IT Manager’s Nightmare... “Good morning, the board decided last night that we need to have iPads in order to do our work properly. Can you please."

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.

Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Rider Universitys BYOD Story. First two short films…… Dilbert Humorous skit about an employee, desperate to get his work done more efficiently tries to.

Rider Universitys BYOD Story. First two short films…… Dilbert Humorous skit about an employee, desperate to get his work done more efficiently tries to.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Security for Mobile Devices

Security for Mobile Devices
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.

Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.
Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.

Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.

Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.
Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.

Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.
1 © Copyright 2013 EMC Corporation. All rights reserved. Online File Synchronization and Sharing for the Enterprise.

1 © Copyright 2013 EMC Corporation. All rights reserved. Online File Synchronization and Sharing for the Enterprise.
IPads Everywhere! Management Considerations for the Enterprise Bill Morrison Director of Technology, Rapides Parish School District

IPads Everywhere! Management Considerations for the Enterprise Bill Morrison Director of Technology, Rapides Parish School District
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT Christopher P. Buse Assistant Commissioner and CISO State of Minnesota Mobile Device Management Assessing.

INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT Christopher P. Buse Assistant Commissioner and CISO State of Minnesota Mobile Device Management Assessing.
Meraki Mobile Device Management

Meraki Mobile Device Management

Similar presentations

Ads by Google