enterprise mobile security
TRANSCRIPT
© Copyright 2010 Hewlett-Packard Development Company, L.P. 1©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Enterprise Mobile Security
HP Enterprise Security ServicesPaul SchwarzenbergerMSc, M.Inst.ISP, CISSP, CLAS
© Copyright 2010 Hewlett-Packard Development Company, L.P. 2
ENTERPRISE MOBILE SECURITY– Senior executives want to use iPhones, iPads, Androids and
other mobile devices to access corporate data– New business requirements for tablets, e.g. retail, medical – Consumerisation / BYOD – expand mobile workforce cost
effectively
What are the risks?What security can be applied?How to securely enable apps?
Consumerisation
© Copyright 2010 Hewlett-Packard Development Company, L.P. 3
SECURITY RISKS– Malware / malicious apps– No (or poorly implemented) encryption– Jailbroken operating systems– SMS– Data loss – corporate / personal emails– Data loss – email attachments / Dropbox– Sync and backup – to home PC and iCloud– Malicious, compromised, or inappropriate web sites
Fake Netflix analysis by Symantec, October 2011
© Copyright 2010 Hewlett-Packard Development Company, L.P. 4
MOBILE MALWARE - CUMULATIVE
Symbian56%
Android16%
Symbian 3rd Ed.
11%
Java ME9%
Others8%
The continued growth of mobile phone adoption globally is driving growth in the mobile malware sector. While malware targeting the Symbian platform is still the most prevalent, there has been a sea change in top targets in 2011. In Q3 nearly all of the malware samples discovered by McAfee Labs targeted the newer and more popular (now) Android platform.
Q1 09
Q2 09
Q3 09
Q4 09
Q1 10
Q2 10
Q3 10
Q4 10
Q1 11
Q2 11
Q3 11
0200400600800
100012001400
data from McAfee
iOS – two viruses detected to date, both only effective against jailbroken devices
© Copyright 2010 Hewlett-Packard Development Company, L.P. 5
APP REQUIREMENTS
– Personal /corporate apps– Public / in-house apps– Blacklist, Whitelist apps – Prevent data leakage– Secure connectivity– Authentication
© Copyright 2010 Hewlett-Packard Development Company, L.P. 6
ENTERPRISE MOBILE SECURITY MODEL Enable Applications• e-mail, calendar and contacts• Business applications
Sandbox• Protect corporate data• Control Interaction with host
Enforce Mobile Security• Device Password• Encryption• Whitelist or blacklist Apps• Connection methods• Block jailbroken devices• Remote wipe• Control synchronisation• Mobile Anti-Virus• Personal Firewall
Device Management• Monitor and audit• Reporting and alerts• Remote unlock
e-mail and business
application servers
mobile device with optional security
app
© Copyright 2010 Hewlett-Packard Development Company, L.P. 7
ENTERPRISE MOBILE SECURITY - COMPONENTS– Mobile Device Management (Secure Container / Whole
Device)– Anti-Malware– Secure Connectivity– Application control– VPN – Certificates– Data Loss Prevention– URL filtering
© Copyright 2010 Hewlett-Packard Development Company, L.P. 8
EXAMPLE: UK POLICE MOBILE DATA– Balfour Beatty Workplace– Mobile data workflow and information– Police outsource contract– Police / UK Government security
standards– Ease of use – “invisible” security– Solution: SSL VPN / lockdown /
certificate
© Copyright 2010 Hewlett-Packard Development Company, L.P. 9
EXAMPLE: IPAD APPLICATION ACCESS
© Copyright 2010 Hewlett-Packard Development Company, L.P. 10
EXAMPLE: ANDROID MALWARE PROTECTION
– Mobile Device Management
– Anti-Malware Client– App Inventory– App Control Policies
• Disallow malware• Require Anti-Malware client
© Copyright 2010 Hewlett-Packard Development Company, L.P. 1111
CONCLUSIONS
– Strong demand for business use of mobile devices – Multiple security risks– Need to enable enterprise applications– Solutions available– No solution is perfect!
© Copyright 2010 Hewlett-Packard Development Company, L.P. 12©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
thank you
[email protected] 542371