©2013 check point software technologies ltd. | [unrestricted] for everyone best practices to secure...

©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone

Best Practices to Secure the Mobile Enterprise

Macy Torrey

[email protected]

22©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |

Early year’s solutions


… and then it became easier Laptops brought freedom…


Mobile Workforce Challenges

Access from anywhere…

While maintaining security


Keep communication privateKeep communication private

The Security Challenges

Protected device access(passcode, encryption, etc.)

Protected device access(passcode, encryption, etc.)

Allow access only to the needed information Allow access only to the needed information

Allow access only to device ownerAllow access only to device owner


Four Scenarios for Mobile Security

Background | Challenges | Needs | Best PracticesCheck Point Solution

BetMore• Gaming

Equipment Company

• Personal Mobile and portable devices

YourRHired

• Human Resources Company

• Personal PC’s and Contractors

OnTheGo • High Tech

Company

• Many managed laptops

• Roadwarriors

LotsToMake • Manufacturing

Company

• Managed laptops

• Little travel


OnTheGo High Tech Company

Background– Large mobile workforce– Employees issued company owned laptops– Employees work from home, coffee shops and travel frequently– Users need to access corporate resources at any given time– Employees shares fair amount of sensitive data

Challenges– Employees let their kids play with computers, a number of unauthorized apps are

downloaded– IT must manage security policy on 10,000 laptops– Sensitive data has found it’s way into competitor’s hands lately

Needs– Access to native applications (like SAP and a homegrown application)– Keep employees productive– Ensure only endpoints that comply with security policy are able to access corporate

resources– Protect corporate data


OnTheGo High Tech Company

Best Practices– Encrypt laptop in case of theft or loss during travel– Ensure any data leaving the laptop is encrypted– Control programs allowing only authorized apps to be run– Protect the laptop from malware– Firewall the road warriors– Protect from drive-by downloads– Use an always-on IPSec VPN solution for access to native applications


Solution for OnTheGo

Protect against drive-by-downloads, phishing sites and zero-day attacks

Stop unwanted traffic, prevent malware and block targeted attacks

Automatically and transparently secure all information on endpoint hard drives

Centrally enforceable encryption of removable media and port control

Protects your endpoint from unsecure, malicious and unwanted applications

Provide secure, seamless access to corporate networks remotely


LotsToMake Hardware Manufacturing Company

Background– Employees issued company owned laptops– Employees occasionally work from home and travel – Users need to access corporate resources sometimes– Has a firewall today but no remote access– Existing AV and File based Encryption solution

Challenges– Travel and working from home occasional, but happens often enough to worry– Small IT group must manage security too

Needs– Occasional access to native applications (Oracle)– Keep employees productive, no matter where they are– Protect corporate resources


LotsToMake Hardware Manufacturing Company

Best Practices– Encrypt laptop in case of theft or loss during travel– Ensure any data leaving the laptop is encrypted– Control programs allowing only authorized apps to be run– Protect the laptop from malware– Firewall the road warriors– Protect from drive-by downloads– Use an always-on IPSec VPN solution for access to native applications– Continue using current Endpoint Protection Solution

Even though occasionally mobile, security is still key


Solution for LotsToMake

Endpoint Security client: VPN, FDE, Compliance, Anti-Malware

Managed VPN access from central Gateway Includes a Desktop Firewall


YouRHired Human Resources Company

Background– Employees use desktops at work and personal PC’s or Macs at home– Some Contractors are used as sales force– Users occasionally need to access corporate resources from home– Have a Check Point Gateway

Challenges– Employees complain that they need access to intranet and internal applications

(Inventory Application)– Contractors need access to some web-based applications (SalesForce)– Company is cutting budget on IT spending

Needs– Secure access to corporate data from unmanaged employee and contractor computers– Employees need access to network based, home-grown application– Protect corporate resources


YouRHired Human Resources Company

Best Practices– Allow Contractors secure access to web-based applications through browser-based

secure encrypted connection – Allow Employees secure access to network-based applications with browser plug-in– Check compliance of any endpoint accessing your network or specific applications– Train and encourage secure home use of PC’s


Solution for YouRHired

SSL VPN Web Portal Easy and secure access to critical resources Connect through a standard Web browser

SSL VPN Web Portal Easy and secure access to critical resources Connect through a standard Web browser

Shared files

Web Portal for PC and Mac using SSL VPN

Web apps

Web mail On-demand, dissolvable SSL VPN agent for non-web-application access (SSL Network Extender)

Endpoint Security On-demand

Secure Workspace


BetMoreGaming Manufacturing Company

Background– Large mobile workforce– Employees want access from their own personal mobile devices (iPhones, iPads,

Android devices, etc.)– Users want to access corporate resources at any given time

Challenges– Securing the enterprise being accessed by unmanaged devices– Difficult to manage unmanaged devices– Employees are concerned of losing personal freedom of their device

Needs– Keep communication private– Verified access for employees only (2-factor authentication)– Allow access only to authorized applications


BetMoreGaming Manufacturing Company

Best Practices– Allow corporate access only through encrypted communication– Create policy of Remote-Wipe if user’s device is lost or stolen– Choose a solution that increases productivity for employees, but easy to support

– Easy for end user– Don’t end up supporting user-owned devices– Minimize corporate “intrusion” on the employee owned device


Solution for BetMore

Certificate and username/password

Pair device with its owner for a safer connection

Two-factor authentication

for safe connectivity


User and Device Access Control

Personalized portal, based on identity

Set up device security features

Control data access by user

and device settings Remote-wipe device upon loss


Protect Your Internal Servers

Shield your mail and web servers

All Active Sync & Web traffic is secured by SSL VPN technology


Simple for the End User

Download AppEnter your password

Gain secure access to your

data!


Simple for the Administrator

Enable Mobile Access Blade on

your gateway

Set access policies for users

Generate and send an activation key to the users


Mobile Client for Android

Full VPN client (Layer 3 IPSec)

Web application access via SSL VPN

Strong authentication – two factor User/Pass and Certificate

Device-to-user pairing

Automatic certificate enrollment

Easy access to application

Concurrent users license


Remote Access Strategy

Remote access solutions for a variety of endpoint scenarios

©2013 check point software technologies ltd. | [unrestricted] for everyone best practices to secure...

Documents

security slide

occasional access

seamless access

laptops employees

corporate data slide

security challenges

freedom slide

corporate resources