secure your mobile content!
DESCRIPTION
Embrace BYOD - Help your customers be more productive and use their mobile device of choice. At the same time be VERY SECURE - manage your mobile content!TRANSCRIPT
Best Practices for Securing Mobile ContentMike Brannon, National Gypsum
National Gypsum Company is a fully integrated building products manufacturer
Headquartered in Charlotte, NC with mines and quarries, and manufacturing plants across North America
Charlotte Metro ISSA
Email us at [email protected]
Twitter: @cltissa
http://www.charlotteissa.org/
ISSA local chapter delivers excellent and low cost Security Training, hosts an annual Summit event and sponsors UNCC scholarships
Quarterly gatherings to share practices and network – support from sponsor / partners for meetings
Please Join Us!
44
5
Definition…Mobile First organizations
embrace mobility as their primary IT platform in order to transform
their businesses and increase their competitiveness
Content of all types is easily and securely
available on any device
CONTENT
End users choose their devices
Security is invisible to end users
User experience is the #1 design criteria
USER EXPERIENCES
New apps are developed and delivered
to mobile devices first
Core business processes can be performed on any
device
APPLICATIONS
In a Mobile First Company…
66
Traditional enterprise security
6
Firewall& VPN
77
The perimeter is gone
Copy/Paste
Open-in
Forward
88
The more the CIO says no, the less secure the organization becomes.
Vivek Kundra, Former U.S. Federal CIO
Responsible, not restrictive
Mike Brannon, National Gypsum
99
Securing data-at-rest
1010
Open In
Copy
SaveView
SharePoint documents
Open In
Copy
SaveView
Email attachments
MobileIron Confidential10
Secure your document repositories
• Solve “open in” problem • Store documents securely on device• Control cut / copy / paste actions• Selectively wipe documents• Prevent unauthorized distribution
• Control end-to-end with policy• Leverage existing content repositories• Prevent use of unauthorized tools –
– DropBox for example
Open In
Copy
SaveView
Box shared documents
1111
Securing email attachments
11
Email App Secure Content Viewer
Email with Attachment
REMOVE
1212
Colligo App Viewer
Securing SharePoint
12
REMOVE
Sharepoint
1313
Closed-loop actions when compromised
13
Remediation
Notify
BlockQuarantine
Closed-loop actions
• Notify user and admin• Prevent access• Remove saved files• Remove SharePoint config• Protect enterprise persona
MobileIron Confidential
1414
National Gypsum Implementation
• Risks / Threats Addressed:– Loss of Company Data / Lost Devices / Departing Employees– All Devices and Users Registered / Security Policies Enforced– Ease of Use for Employees AND Improved Security & Efficiency
• What We Deployed (And Timeline)– MobileIron device (VSP) and support (Sentry) – All Smartphones– Blackberry (now gone), Apple iOS and Android Devices– Push Secure WiFi Config to Minimize Data Use On Premise– Rush To Adopt iPads – From 0 to 100’s of Devices!– More than email access! Apps for SharePoint and Data!– Manage “Allowed” and “Disallowed” Settings / Apps (DropBox)– Leverage Internal PKI and Push Webclips – Deliver Data
1515
• Where Are We Now?– BES Retired – 70% iOS, 25% Android, 5% Windows Devices– iPad is currently only supported Tablet – Testing others (Surface?)– Plans to allow Windows 8 and MAC OS/X BYOD – Colligo Briefcase for SharePoint Document Access– BOX for External Data Sharing with Partners– Two Apps Deployed on iOS with “One Tap For Data”
• Certificates delivered to Device and to User (SCEP/MobileIron)• Invisible Authentication via Juniper Secure Access• IIS Web Server & Application Configuration – “Last Seen User State”• HTML5 / JavaScript to deliver SQL and Mainframe Data
National Gypsum Implementation
1616
National Gypsum Implementation
1717
Best practices for mobile content DLP
17
Closed-loop compliance
Continuous management
OS integrity
OS versioning
Passcode / encryption
Auto-wipe
Identity
Secure tunnel
Attachment protection
Secure content hub
Role of cloud
Credible ecosystem
MobileIron Confidential
1818
Security considerations 2013+ …
“No” not a sustainable option -> provide credible alternatives
Massive content ecosystem -> crowd-source but don’t lock-in
Uncertain economics -> establish “help-yourself-desk”
Dynamic risk at endpoint -> automate your mobile trust model
Content always one-click from cloud -> co-habitate responsibly
Blurring between content and app -> explore new forms
1919
Content doesn’t exist in isolation
Enterprise Mobile Persona
Native experience
Data separation
Shared policy Selective wipe
Secure communications
Apps Certs
Policy
Content
Federated identity
2020
Journey to the Mobile First Enterprise
Device SecurityBYOD (user choice)Email access (secure ActiveSync)Multi-OS security (BlackBerry replacement)
App & Content Enablement
1st gen of mobile appsMobile docs (SharePoint)Cloud protections
Business Transformation
New user & business experiences
Thank you Mike Brannon ([email protected]
http://www.charlotteissa.org/
ISSA local chapter delivers excellent and low cost Security Training, hosts an annual Summit event and sponsors UNCC scholarships
Please Join Us!