Best Practices for Securing Mobile ContentMike Brannon, National Gypsum

National Gypsum Company is a fully integrated building products manufacturer

Headquartered in Charlotte, NC with mines and quarries, and manufacturing plants across North America

Charlotte Metro ISSA

Email us at info@charlotteissa.org

Twitter: @cltissa

http://www.charlotteissa.org/

ISSA local chapter delivers excellent and low cost Security Training, hosts an annual Summit event and sponsors UNCC scholarships

Quarterly gatherings to share practices and network – support from sponsor / partners for meetings

Please Join Us!

44

5

Definition…Mobile First organizations

embrace mobility as their primary IT platform in order to transform

their businesses and increase their competitiveness

Content of all types is easily and securely

available on any device

CONTENT

End users choose their devices

Security is invisible to end users

User experience is the #1 design criteria

USER EXPERIENCES

New apps are developed and delivered

to mobile devices first

Core business processes can be performed on any

device

APPLICATIONS

In a Mobile First Company…

66

Traditional enterprise security

6

Firewall& VPN

77

The perimeter is gone

Copy/Paste

Open-in

Forward

88

The more the CIO says no, the less secure the organization becomes.

Vivek Kundra, Former U.S. Federal CIO

Responsible, not restrictive

Mike Brannon, National Gypsum

99

Securing data-at-rest

1010

Open In

Copy

SaveView

SharePoint documents

Open In

Copy

SaveView

Email attachments

MobileIron Confidential10

Secure your document repositories

• Solve “open in” problem • Store documents securely on device• Control cut / copy / paste actions• Selectively wipe documents• Prevent unauthorized distribution

• Control end-to-end with policy• Leverage existing content repositories• Prevent use of unauthorized tools –

– DropBox for example

Open In

Copy

SaveView

Box shared documents

1111

Securing email attachments

11

Email App Secure Content Viewer

Email with Attachment

REMOVE

1212

Colligo App Viewer

Securing SharePoint

12

REMOVE

Sharepoint

1313

Closed-loop actions when compromised

13

Remediation

Notify

BlockQuarantine

Closed-loop actions

• Notify user and admin• Prevent access• Remove saved files• Remove SharePoint config• Protect enterprise persona

MobileIron Confidential

1414

National Gypsum Implementation

• Risks / Threats Addressed:– Loss of Company Data / Lost Devices / Departing Employees– All Devices and Users Registered / Security Policies Enforced– Ease of Use for Employees AND Improved Security & Efficiency

• What We Deployed (And Timeline)– MobileIron device (VSP) and support (Sentry) – All Smartphones– Blackberry (now gone), Apple iOS and Android Devices– Push Secure WiFi Config to Minimize Data Use On Premise– Rush To Adopt iPads – From 0 to 100’s of Devices!– More than email access! Apps for SharePoint and Data!– Manage “Allowed” and “Disallowed” Settings / Apps (DropBox)– Leverage Internal PKI and Push Webclips – Deliver Data

1515

• Where Are We Now?– BES Retired – 70% iOS, 25% Android, 5% Windows Devices– iPad is currently only supported Tablet – Testing others (Surface?)– Plans to allow Windows 8 and MAC OS/X BYOD – Colligo Briefcase for SharePoint Document Access– BOX for External Data Sharing with Partners– Two Apps Deployed on iOS with “One Tap For Data”

• Certificates delivered to Device and to User (SCEP/MobileIron)• Invisible Authentication via Juniper Secure Access• IIS Web Server & Application Configuration – “Last Seen User State”• HTML5 / JavaScript to deliver SQL and Mainframe Data

National Gypsum Implementation

1616

National Gypsum Implementation

1717

Best practices for mobile content DLP

17

Closed-loop compliance

Continuous management

OS integrity

OS versioning

Passcode / encryption

Auto-wipe

Identity

Secure tunnel

Attachment protection

Secure content hub

Role of cloud

Credible ecosystem

MobileIron Confidential

1818

Security considerations 2013+ …

“No” not a sustainable option -> provide credible alternatives

Massive content ecosystem -> crowd-source but don’t lock-in

Uncertain economics -> establish “help-yourself-desk”

Dynamic risk at endpoint -> automate your mobile trust model

Content always one-click from cloud -> co-habitate responsibly

Blurring between content and app -> explore new forms

1919

Content doesn’t exist in isolation

Enterprise Mobile Persona

Native experience

Data separation

Shared policy Selective wipe

Secure communications

Email

Apps Certs

Policy

Content

Federated identity

2020

Journey to the Mobile First Enterprise

Device SecurityBYOD (user choice)Email access (secure ActiveSync)Multi-OS security (BlackBerry replacement)

App & Content Enablement

1st gen of mobile appsMobile docs (SharePoint)Cloud protections

Business Transformation

New user & business experiences

Thank you Mike Brannon (mebrannon@nationalgypsum.com

http://www.charlotteissa.org/

ISSA local chapter delivers excellent and low cost Security Training, hosts an annual Summit event and sponsors UNCC scholarships

Please Join Us!