data security in a mobile world emmitt wells – getronics
TRANSCRIPT
Data Security in a Mobile World
Emmitt Wells – Getronics
3
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
www.ITEXPO.com
Hitting Close to Home
If you think mobile security isn’t a real subject, just consider the possibility that there is someone out there right now with your name, email, phone number, and birth date and more stored on a digital device that was just left in a taxi cab – not a comforting thought.
4
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
www.ITEXPO.com
View of Endpoint Security…
http://www.jacobsen.no/anders/blog/archives/images/project.jpghttp://www.jacobsen.no/anders/blog/archives/images/project.jpg
5
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
www.ITEXPO.com
• All Sectors
– SOX, Combined Code, Companies Bill, IAS
– Privacy, Data Protection, Human Rights • Finance Sector
– Basel II, FSA, SEC Act 17a-3/4, NASD Rules 3010/3110• Retail Sector
– Payment Card Industry (PCI) Security Standard
• Health Sector
– HIPAA
• Interception legislation
– RIPA, European Data Retention Directive
• Local legislation with Global consequences
– Californian Law SB 1386
Compliance Demands are Mounting
6
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
www.ITEXPO.com
Securing Data in Motion
7
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
www.ITEXPO.com
Ensuring Data Integrity
8
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
www.ITEXPO.com
Data Theft
9
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
www.ITEXPO.com
Policy
Establish
10
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
www.ITEXPO.com
Technology Available
• Endpoint Products– Anti-virus, anti-spam, Message
Cleaning, HIDS for the desktop
• Controlling Access– Identity Management and
Authentication
• External Protection– Firewalls and NIDS
• Data Protection– Policy Enforcement Tools
• Backup and Retrieval– Secure Archival
• Stolen Equipment– Data low-jack
11
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
www.ITEXPO.com
What if I do nothing?
• “Gartner estimates cleanup costs for any data loss to be $90 per customer record when you calculate notification, legal expenses, and the damage done to a corporate brand."
= =+
12
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
www.ITEXPO.com
How do I convince my executives of the need?
DiscussTechnology
DiscussBusinessImpact
13
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
www.ITEXPO.com
Balanced Security
14
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
www.ITEXPO.com
• Policy – Define rules, promote best practices and minimize risks
• Technology – Enforce policies, detect violations of policy, and deliver evidence
of compliance with corporate policy and regulatory requirements
• Education – Equip employees to recognize potential sources of risk and to
safeguard information and transactions in hostile environments
• Management– Setup reactive and proactive management to help measure how
your endpoints are performing against the policy you have established
Requirements for Mobile Endpoint Security
15
September 10-12, 2007 • Los Angeles Convention Center • Los Angeles, California
www.ITEXPO.com
Keep it Simple
"Aye sir, the more they over-tech "Aye sir, the more they over-tech the plumbing, the easier it is to the plumbing, the easier it is to stop up the drain." – Mr. Scot, stop up the drain." – Mr. Scot, Star Trek III: The Search For Star Trek III: The Search For SpockSpock
Thank you