SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE

CLICK TO EDIT MASTER SUBTITLE STYLE

SECURITY OF HANDHELD DEVICES

– TAKE CONTROL OF THE MOBILE DEVICE

Driven by changing trends and increasing globalization,

the needs of the workforce are constantly evolving.

Today’s mobile workforce needs:

Follows consumerization of IT / Bring Your Own Device (BYOD) trends

With the explosion in smartphone use, employees are

increasingly using personal mobile devices to access

corporate data.

 Smartphone sales now exceed the sales of personal computers.*

 Mobile devices are being increasingly used by employees, whether sanctioned or not.

 Empowering employees to work at any time and anywhere is a strategic opportunity for

companies.

 However, companies need to demonstrate due

diligence in securing corporate data on

company-owned and employee-owned smartphones and tablets.

*_{Source:http://www.computerworld.com/s/article/9208478/Android_drives_big_smartphone_growth_in_2010_IDC_says;}

Organizational policies are changing toward personal devices,

resulting in the need to address the challenge of securing

these devices.

“Select five of the top challenges you will face over the next six months.”*

*Source: “Executive Spotlight: Top Priorities for Security and Risk Leaders, 1H 2011” Forrester, April 2011

“

By 2014, 90 percent of organizations will support corporate

applications on personal device

…

The main driver … individuals

who prefer to use private consumer smartphones or notebooks for

business … ”

Are your data

protected?

Which apps

are safe?

Is the connection

secure?

On Any Device

VP Lands in China

Accessing M&A

Documents from

Dropbox on Personal

iPhone

CEO at Starbucks

Viewing Corporate Data

on Personal iPad via

Unrestricted WiFi

Employee at Office

Loading Photos to

Facebook on Corporate

Android

App Explosion

Device Proliferation

$

Mobility Power

Sources: Asymco and Aberdeen

Mobility Rapidly Coming of Age

2010

“Gotta Have It!”

Devices Eclipse PCs

How do we manage

all these devices?

2011

“That’s Cool!”

60 Apps Per iOS Device

How do we protect our

data and network?

Future

“That’s Productive”

Best-in-Class Companies

3x Likely to

Have Mobility Strategy

How can we transform

our business?



Mobile Devices Bypass Existing Security Protections



Any Breach Can Have Major Business Consequences

Foundation for Any Mobility Strategy:

Security and Risk Management

Device Overload

OSs and Security Features

Network Risk

 Usage of Many Secure and Unsecure Networks

 Lack of Mobile Network Visibility  Corporate Network Vulnerability to Mobile Threats

App Risk

User Risk

Data Risk

 Sensitive Data Leakage  Device Lost or Employee

8

The threat to mobile devices is real, and it is

growing at a rapid pace.

Draw Slasher, a legitimate game that requires minimal permissions

Blood versus Zombie, a malicious copy of Draw Slasher that contains more permissions than a game should need— including GPS1 _and

SMS2 _access.

1_{GPS – Global Positioning System} 2_{SMS – Short Message Service}

Data protection mandates are among the main reasons

why your business should care about mobile device

security.

Example of an internal standard:

Mobile computing devices such as smartphones, mobile phones with data access, etc. require physical and logical access controls if business sensitive data is stored by the device or the device is used to access corporate infrastructure.

The following actions are required:

 Activate a power-on password with a compliant password

 Activate a password controlled time-out or lock-out feature with a period of no more than 30 minutes  Configure the device so that any data stored on the device is removed after ten failed access attempts

and it is managed by a service with the ability to remotely wipe any data stored on device  Install and run an antivirus program on any device that has access to the internal network or

data centers

Example of an

external mandate:

Sarbanes-Oxley Act (SOX) not only requires security controls but also requires that companies be able to

Differentiated Value:

Protection At All Layers

DEVICES

Any and All

APPLICATIONS

Ever Increasing

NETWORK

Any Connection

to Enterprise

Board of Directors

CEO

Employee

+

+

DATA

Repository

Integration

+

Real-Time Security At All Layers

DATA (IP, non-public financial,

BI, customer data, employee data)

Enabling Enterprise Mobility

Provision

Devices

 Data over Insecure

Networks  Corporate Network Protection  Mobile Security Intelligence  SIEM Integration

Protect

Network

 Data in Motion and

at Rest  Mobile DLP Solution

Secure

Data

Manage

Apps

Easy Integration with Existing Enterprise Infrastructure

The IBM solution helps protect mobile devices used by

employees to access corporate data.

Our solution can provide the most important security controls:  Mobile Device Management cross platforms

 Device wipe - Lost or stolen

 spyware and viruses

 Apps blocking / controlling

 Investigation tools

 Encrypted connectivity

 Remote access VPN client

 Device security settings enforcement

 Restrictions (for example, disable camera, USB)

 User tracking and monitoring

Michael Albek

Partner at SecureDevice

Email. [email protected]

Phone: +45 51551724