Download presentation
Presentation is loading. Please wait.
Published byKarla Gladen Modified over 9 years ago
1
MOBILE DEVICE MANAGEMENT IN THE REAL WORLD! JOE ATNIP, CONCEPT TECHNOLOGY INCORPORATED JAMES BOCK, COMMUNITY BANK & TRUST JUDY LONG, FIRST CITIZENS NATIONAL BANK TOM PAYNE, TENNESSEE TECHNOLOGICAL UNIVERSITY
2
MDM CHALLENGES SECURITY & COMPLIANCE ENFORCEMENT REDUCE SUPPORT COST OF MOBILE ASSETS PROVIDE APPLICATION & PERFORMANCE MANAGEMENT PROVIDE BETTER BUSINESS CONTINUITY MAKE EMPLOYEES MORE PRODUCTIVE & MORE SATISFIED
3
TO BYOD OR NOT TO BYOD? THAT IS THE QUESTION EACH BANK HAS TO DECIDE THIS FOR THEMSELVES WHILE WEIGHING THE PROS AND CONS OF EACH. MAKE SURE THAT YOUR POLICIES & PROCEDURES ADDRESS BYOD WHETHER OR NOT YOUR INSTITUTION SUPPORTS IT! IF YOU HAVE A GUEST WIRELESS NETWORK & YOU DON’T ALLOW BYOD…. GUESS WHAT? YOU WILL VERY LIKELY HAVE EMPLOYEES USE THEIR PERSONAL DEVICES FOR BANKING PURPOSES. AT LEAST IF YOU ALLOW BYOD, YOU CAN MAKE THE RULES SURROUNDING IT!
4
THE MAAS360 10 COMMANDMENTS OF BYOD 1. CREATE THY POLICY BEFORE PROCURING TECHNOLOGY 2. SEEK THE FLOCK’S DEVICES 3. ENROLLMENT SHALL BE SIMPLE 4. THOU SHALT CONFIGURE DEVICES OVER-THE-AIR 5. GIVE THY USERS SELF-SERVICE 6. HOLD SACRED PERSONAL INFORMATION 7. PART THE SEAS OF CORPORATE & PERSONAL DATA 8. MONITOR THY FLOCK – HERD AUTOMATICALLY 9. MANAGE THY DATA USAGE 10. DRINK FROM THE FOUNTAIN OF ROI
5
ROI CONSIDERATIONS CORPORATE-OWNED MODELBYOD DEVICE COSTCOST OF SUBSIDIZING DATA PLAN DATA PLAN COSTELIMINATED DEVICE COST REPLACING DEVICES EVERY FEW YEARSCOST OF MOBILE MANAGEMENT WARRANTY PLANS BOTH OPTIONS TAKE IT TIME & EFFORT TO MANAGE
6
WHAT DOES A GOOD MDM PROGRAM CONTAIN FROM A BANKERS PROSPECTIVE? MOBILE DEVICE RISK ASSESSMENT GOOD POLICY FRAMEWORK ACCEPTABLE USE POLICY BYOD POLICY MOBILE DEVICE POLICY INFORMATION SECURITY POLICY DATA CLASSIFICATION POLICY
7
MDM FROM A TECHNOLOGY PERSPECTIVE: SOLUTIONS THAT PROVIDE COORDINATED VISIBILITY & CONTROL OVER ALL DEVICES & OPERATING SYSTEMS. ENFORCE PASSCODE PROTECTION, ENCRYPTION, & SECURITY UPDATES CONTROL NETWORK & APPLICATION SETTINGS REMOTELY LOCATE, BLOCK, OR WIPE (FULL & SELECTIVE) DEVICES THAT HAVE BEEN LOST, STOLEN, OR ARE NO LONGER AUTHORIZED. SECURE EMAIL, MESSAGING, & BROWSING WHITELISTING & BLACKLISTING BE EASY TO USE, CENTRALLY MANAGED, AND QUICK TO DEPLOY
8
INTEGRATION IS KEY A GOOD MDM SOLUTION WILL INTEGRATE WITH ACTIVE DIRECTORY, EMAIL PLATFORMS (EXCHANGE, OFFICE 365,ETC.), SHAREPOINT, INTRANET, WEB APPLICATIONS, AND ALL OF YOUR EXISTING INFRASTRUCTURE. SINGLE SIGN ON ACROSS APPLICATIONS FOR AUTHENTICATION.
9
WHAT KIND OF ACTIONS WILL AN MDM SOLUTION PERFORM? REFRESH DEVICE DETAILS IN REAL-TIME INCLUDING LOCATION. PERFORM HELP DESK OPERATIONS LIKE LOCKING A DEVICE OR RESETTING A FORGOTTEN PASSCODE. PERFORM A FULL WIPE OF A LOST DEVICE OR A SELECTIVE WIPE OF ONLY THE CORPORATE DATA WHILE MAINTAINING PERSONAL DATA OF AN EMPLOYEE OWNED DEVICE. CHANGE IOS POLICY. REMOTELY PUSH APPS TO DEVICES INCLUDING “HOME GROWN” APPS & PUBLISHED UPDATES. PREVENT DATA LEAKAGE – KEEP PERSONAL DATA SEPARATE FROM COMPANY DATA
10
SET & DISTRIBUTE POLICIES ENFORCE PASSCODE REQUIREMENTS CONFIGURE RESTRICTIONS ENFORCE ENCRYPTED DEVICE BACKUPS RESTRICT USE OF CAMERA, FACETIME, & SCREEN CAPTURES RESTRICT APPLICATION INSTALLATION RESTRICT SAFARI, YOUTUBE, ETC… (BUILT IN APPLICATIONS) DISTRIBUTE WI-FI, VPN, PROXY, & EMAIL PROFILES/SETTINGS MANAGE ICLOUD CONTROLS AND SETTINGS EMAIL SECURITY – RESTRICT USERS FROM MOVING EMAILS BETWEEN ACCOUNTS AND RESTRICT 3 RD PARTY APPS FROM SENDING EMAILS DETECTION OF JAIL BROKEN AND ROOTED DEVICES COMPLIANCE REPORTING
11
SECURE BROWSING A GOOD SOLUTION WILL PROVIDE: URL FILTERING BASED ON CATEGORIES AND INCLUDE THE ABILITY TO CUSTOMIZE WHITELISTS AND BLACKLISTS BLOCK KNOWN MALICIOUS WEBSITES RESTRICT COOKIES, DOWNLOADS, COPY, PASTE, & PRINTING FUNCTIONALITY NOTIFY USERS & ADMINISTRATORS OF VIOLATIONS PROVIDE DETAILED REPORTING WITH AN AUDIT TRAIL
12
SECURE DOCUMENT SHARING A GOOD MDM SOLUTION SHOULD ALSO PROVIDE A SECURE CONTAINER FOR DOCUMENTS THAT CAN BE EDITED ON THE DEVICE THIS WILL REDUCE THE RISK OF DATA LEAKAGE SET TIME BASED EXPIRATIONS FOR AUTOMATIC DOCUMENT DELETION WORK WILL ALL COMMON FILE TYPES SUCH AS MICROSOFT OFFICE & PDF FORMATS ENFORCE USER AUTHENTICATION
13
BOARD MINUTE PORTAL BEST PRACTICES CHOOSE DEVICE CAREFULLY. IOS IS RECOMMENDED BECAUSE OF SECURITY. CORPORATE OWNED DEVICE MANAGED SETTINGS USER FRIENDLY SOLUTION FULL CONTROL OF DATA ON DEVICE DISABLE SCREEN SHOT LOCATE LOST DEVICE ENABLE ENCRYPTION DEVICE BACKUP DEVICE WIPE RISK ASSESSMENT IPAD POLICY / AGREEMENT
14
USING MDM FOR BOARD MINUTES USING AN APP FORM AN MDM SOLUTION PROVIDES DEVICE MANAGEMENT ALLOWS FOR FULL CONTROL OF DATA ON DEVICE ALLOWS FOR DEVICE WIPE ALLOWS TO ENCRYPT DATA ALLOWS FOR OPENING, DOWNLOADING, PRINTING RESTRICTIONS ALLOW OPENING IN SPECIFIED GEOGRAPHICAL RANGE USING AN MDM SOLUTION WILL COMBINE TWO SOLUTIONS IN ONE
15
AIRWATCH SECURE CONTENT LOCKER BY VMWARE FOUNDED IN 2003, AIRWATCH IS AN ATLANTA BASED ENTERPRISE, MOBILE DEVICE, MOBILE APPLICATION AND MOBILE CONTENT MANAGEMENT COMPANY. IN FEB 2014 VMWARE AQUIRED AIRWATCH IT PROVIDES SOLUTIONS THAT ARE COMPATIBLE WITH A VARIETY OF DEVICES INCLUDING IOS, ANDROID, BLACKBERRY AND WINDOWS PHONE. WON THE 2013 CLOUD STORAGE EXCELLENCE AWARD
16
AIRWATCH SECURE CONTENT LOCKER BY VMWARE Flexible Content Storage Hosted in Cloud On Premise Hybrid Device Wipe Set Time Limits on Data Set Data to be Viewed Online Only Password Protected Device Location Geographical Range Limits Disable Screen Shots Specify Wi-Fi Hotspot Disable Browser
17
MOBILE BEST PRACTICES 1. LOCK THE DEVICE WITH A PASSWORD OR PERSONAL IDENTIFICATION 2. NUMBER (PIN) 3. INSTALL APPS ONLY FROM TRUSTED SOURCES 4. BACK UP YOUR DATA 5. KEEP YOUR SYSTEM UPDATED 6. DO NOT HACK (JAIL-BREAK) YOUR DEVICE
18
MOBILE BEST PRACTICES (CONTINUED) 7. TURN OFF WI-FI AND BLUETOOTH SERVICES WHEN NOT IN USE 8. DO NOT AUTOMATICALLY CONNECT TO WI-FI HOT SPOTS 9. DO NOT USE UNTRUSTED HOT SPOTS PUBLIC OR PRIVATE. UNTRUSTED WI-FI HOT SPOTS ARE SUSCEPTIBLE TO MAN-IN-THE- MIDDLE ATTACKS. 10. AVOID SENDING PERSONAL INFORMATION VIA TEXT OR EMAIL 11. BE CAREFUL WHAT YOU CLICK 12. INSTALL A MOBILE SECURITY APP
19
HOW FCNB ENABLES BYOD FCNB CURRENTLY ONLY ALLOWS ACCESS TO EMAIL. FCNB SELECTED MOBILE IRON AS IT MOBILE DEVICE MANAGEMENT SYSTEM. EMPLOYEE MUST SIGN AND AGREE TO MOBILE POLICY. IN THE FUTURE FCNB WILL ALLOW ACCESS VIA SECURE CITRIX CONNECTION THE BANK IS NOT OBLIGATED OR RESPONSIBLE FOR PERSONAL EMAIL, TEXTS, ETC... THE BANK CONTROLS THE CORPORATE E-MAIL PROFILE FCNB RESTRICTS FORWARDING OF E-MAIL THROUGH PERSONAL ACCOUNTS.
20
HOW FCNB ENABLES BYOD (CONTINUED) CURRENTLY FIRST CITIZENS ONLY SUPPORTS IOS (IPHONE AND IPADS) AND SUPPORTED LEVELS OF THAT SOFTWARE. EMPLOYEES WILL BE HELD PERSONALLY RESPONSIBLE FOR ANY PROBLEMS CAUSED BY THEIR NEGLIGENCE AS DEEMED BY BANK MANAGEMENT. EMAIL HISTORY AVAILABLE ON THE MOBILE SMARTPHONES AND TABLETS WILL BE LIMITED. A “JAIL BROKE” OPERATING SYSTEM WILL AUTOMATICALLY BE WIPED BY MOBILE IRON.
21
HOW FCNB ENABLES BYOD (CONTINUED) THE BANK IS NOT RESPONSIBLE FOR THAT EMPLOYEE DATA. CORPORATE EMAIL AND DATA THAT IS MANAGED BY THE BANK’S MOBILE MANAGEMENT SYSTEM IS PROTECTED AND SEPARATED IN ITS OWN CONTAINER. EACH ATTACHMENT IS PROTECTED BY A SECURE GATEWAY AND CAN ONLY BE READ BY A TRUSTED READER. MOBILE IRON AUTOMATICALLY PROTECTS AGAINST MAN–IN–MIDDLE ATTACKS.
22
HOW FCNB ENABLES BYOD CONT. THE BANK CAN CHOOSE AT ANY TIME TO DO A SELECTIVE WIPE OF THE CORPORATE EMAIL AND DATA ON SMARTPHONES AND TABLETS. THE BANK WILL AUTOMATICALLY QUARANTINE A SMARTPHONE OR TABLET THAT HAS NOT CHECKED IN TO THE BANK’S MOBILE MANAGEMENT SYSTEM. THE BANK WILL AUTOMATICALLY COMPLETE A FULL WIPE OF THE SMARTPHONE OR TABLET IF THE DEVICE HAS NOT CHECKED IN AFTER THIRTY DAYS. THIS PREVENTS DATA COMPROMISE IN CASE THE MOBILE DEVICE HAS BEEN STOLEN AND TAKEN OFF LINE (I.E. SIM CARD SWAP).
23
WHY FCNB SELECTED APPLE IOS EVERY IOS APP CAN ONLY ACCESS ITS OWN DATA CONTAINER: THERE IS NO GENERAL ACCESS TO THE FILE SYSTEM. AS A RESULT, APPS CAN ONLY DAMAGE THEIR OWN DATA, UNLESS IT IS A “JAIL BROKEN” DEVICE. THE APP STORE IS TIGHTLY CURATED: APPS ARE TESTED BY APPLE BEFORE BEING MADE AVAILABLE TO THE PUBLIC SO INCIDENCES OF MALWARE ARE RARE. APPLE CONTROLS THE DISTRIBUTION OF NEW OPERATING SYSTEM UPGRADES: APPLE CAN QUICKLY MAKE UPGRADES AVAILABLE FOR THE ENTIRE IPHONE, IPAD, AND IPOD DEVICE COMMUNITY. IF A SECURITY ISSUE IS IDENTIFIED, IT FIXES IT AND ENSURES THAT ALL DEVICES HAVE EASY ACCESS TO THE NEWLY-PATCHED IOS VERSION. THE TIMING OF THE FIX AND DISTRIBUTION IS ENTIRELY UNDER APPLE’S CONTROL.
24
WHY FCNB SELECTED APPLE IOS (CONTINUED) PASSCODE ENFORCEMENT PREVENTS UNAUTHORIZED ACCESS TO THE DEVICE. IT ALSO ACTIVATES IOS DATA PROTECTION TO ENHANCE BUILT-IN HARDWARE ENCRYPTION IN ORDER TO PROVIDE ADDITIONAL SECURITY FOR EMAIL MESSAGES, EMAIL ATTACHMENTS. MOBILE IRON SUPPORTS MULTIPLE DEVICES, SO IN THE FUTURE FCNB CAN ADD OTHER DEVICES AS NEEDED.
25
FCNB MOBILE BANKING MOBILE BANKING REQUIRES USER TO HAVE ONLINE BANKING ACCESS TWO FACTOR AUTHENTICATION IS NEEDED FOR ONLINE BANKING MOBILE DEVICE REQUIRES OUT-OF-BAND AUTHENTICATION
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.