SlideShare a Scribd company logo

Securing mobile devices in the business environment

K
K Singh

This document discusses securing mobile devices in the business environment. It notes that mobile devices are increasingly being used for both personal and work purposes. While this brings advantages like increased productivity, it also poses security risks if not properly addressed. The document outlines various security threats to mobile devices like loss/theft, malware, spam, phishing, and issues with Bluetooth/Wi-Fi. It recommends developing a mobile security strategy that addresses data access, platform support, management, and best practices. The strategy should apply controls across identity/access, data protection, applications, and other areas based on IBM's security framework.

TechnologyBusiness
1 of 12
Download to read offline
IBM Global Technology Services October 2011 Thought Leadership White Paper Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services
2 Securing mobile devices in the business environment As the world becomes more interconnected, integrated and ● Improved client services—Sales or support employees who intelligent, mobile devices are playing an ever-increasing role in regularly interface with customers may respond more effi- changing the way people live, work and communicate. But it is ciently, directly increasing customer satisfaction. not just happening in personal life: Smartphones and tablets are ● Reduced IT cost—By allowing employees to use, and often also being rapidly adopted by enterprises as new work tools, pay for, their own mobile devices and wireless services, compa- joining existing laptops and desktops. The use of mobile devices nies potentially save IT spending on device purchases as well for business has experienced an explosive growth in the past few as management and communication services. years and will only accelerate in the near future. There are some cautions, however. Companies need to fully rec- And while the BlackBerry® has been the de facto mobile device ognize that when employees connect mobile devices to the for business for many years, the availability of other smartphones enterprise and merge both business and personal data, those and tablets with broader consumer appeal, such as iPhone® and mobile devices must be treated just like any other IT equipment, Android™ devices, is fundamentally changing the game. with appropriate security controls. If security is not addressed at Employees are now bringing their own mobile devices to the the outset, these mobile devices may become a point of security workplace and asking companies to support them. These new weakness that threatens to disclose business information or devices offer improved hardware performance, a more robust become a new channel to introduce security threats to the com- platform feature set and increased communication bandwidth, pany’s IT infrastructure and business resources. Many IT depart- expanding their capabilities beyond voice and email. As a result, ments are finding significant challenges in securing mobile however, this increased access to enterprise systems can also devices, for a variety of reasons: bring an increased security risk to the organization. ● A range of mobile device platforms, such as BlackBerry, This paper explores how companies can more safely introduce Symbian®, IOS®, Android and Windows Mobile, needs to be employee- or corporate-owned mobile devices into the work- supported, and each platform brings with it a unique security place, identify the risks inherent in their broader access to corpo- model. Other than the BlackBerry platform, most started rate data, and derive enhanced business value. as consumer platforms and lack enterprise-strength security controls. Mobility brings both advantages and risks ● Business and personal data now coexist on the same device. to the enterprise Finding a balance between strict security control and privacy As employees bring mobile devices into the workplace, many of personal data, particularly when the device is no longer a organizations are motivated to encourage their use for business corporate-issued asset, can be challenging. purposes, because they tend to drive: ● Unauthorized or non-business oriented applications have the potential to spread malware that affects the integrity of the ● Increased employee productivity—Mobile devices can give device and the business data residing upon it. employees access to corporate resources and enable continu- ● Mobile devices are prone to loss and theft, due to their small- ous collaboration with colleagues or business partners. size and high-portability. Whenever a device is lost, corporate data is at risk both on the mobile device and within the corpo- rate network.
IBM Global Technology Services 3 ● Many mobile devices are always on and connected, so vulnera- bility to malicious attacks increases through different commu- Mobile operating system exploits 2006-2011 (Projected) nication channels. 40 ● Mobile technology is advancing quickly and becoming increas- 35 ingly complex. Many companies do not have enough resources 30 or skills in house to fully embrace mobile technology in 25 the workplace. 20 Security threats to mobile devices 15 The security of mobile devices has become a top concern for 10 many IT executives. Hackers are discovering the benefits of 5 compromising both business and personal data contained within mobile devices. Because many mobile platforms are not natively 0 2006 2007 2008 2009 2010 2011 designed to provide comprehensive security, hackers have a Mobile OS exploits strong incentive to develop new techniques or create mobile- centric malware specifically for these devices. In a recent IBM X-Force® security research report, mobile operating sys- Figure 2: Mobile operating system exploits. tem vulnerabilities have increased significantly (see Figure 1) and exploits of vulnerabilities are also on the rise (see Figure 2).1 The latest smartphones are designed to provide broad Internet and network connectivity through varying channels, such as 3G Total mobile operating system vulnerabilitiees or 4G, Wi-Fi, Bluetooth or a wired connection to a PC. Security 2006-2011 (Projected) threats may occur in different places along these varying paths 200 where data can be transmitted (see Figure 3). When a device 180 downloads a new mobile application from any online application 160 store, the software may contain malware that can steal or dam- 140 120 age data on the device and, in some cases, even disable the 100 mobile device itself. Most mobile devices now have Internet 80 connections, so common web-based threats that have attacked 60 laptops or desktops may also apply to mobile devices. A device 40 connected through Wi-Fi or Bluetooth is at greater risk 20 because the Wi-Fi source or the other Bluetooth-enabled 0 2006 2007 2008 2009 2010 2011 device may have been compromised and can play a role in a “man-in-the-middle” attack (when a hacker configures a laptop, Mobile OS vulnerabilites server or mobile device to listen in on or modify legitimate communications) or other attack type. Figure 1: Total mobile operating system vulnerabilities.
4 Securing mobile devices in the business environment Wi-Fi device App store Internet Mobile Telco service Web site device provider Mobile Corporate Corporate device VPN Gateway intranet (Bluetooth enabled) Mobile device A threat can occur Figure 3: Flow of data transmission. Because of the variety of communication mechanisms available No matter what the threats are, the targets that hackers try to and increasing use of business applications on mobile devices, access and exploit typically consist of one or several of the the security threats to mobile devices have evolved to all the following: threats applicable to desktops or laptops, plus new threats that are truly unique to mobile devices. Therefore, mobile devices ● Credentials to access business or personal accounts need to be protected with an even broader set of security tech- ● Confidential business or personal information niques than those employed for traditional desktop or laptop ● Phone or data communication services operating environments. ● The mobile device itself
IBM Global Technology Services 5 The most frequently seen mobile device security threats are: malware developers in the past few years, the Google Android platform is leading in new malware development, primarily due ● Loss and theft to its popularity and open software distribution model. The ● Malware mobile threat research report from Juniper Networks also states ● Spam that malware on Android grew 400 percent from June 2010 to ● Phishing January 2011.3 ● Bluetooth and Wi-Fi Malware can cause a loss of personal or confidential data, Loss and theft additional service charges (for example, some malware can send Small size and high portability make loss and theft top security premium Short Message Service (SMS) text messages or make concerns when a mobile device is used in the workplace. phone calls in the background) and, even worse, make the device According to a mobile threat study by Juniper Networks, unusable. Although quickly removed, numerous malicious appli- 1 in 20 mobile devices was stolen or lost in 2010.2 When devices cations recently found their way onto the Android marketplace. are lost or stolen, all of the data stored on or accessible from the Some of these were legitimate applications that had been repack- mobile device may be compromised if access to the device or the aged with a Trojan designed to gain root access or additional data is not effectively controlled. privileges to users’ devices. Unsuspecting users may have had malicious code or additional malware installed in that single While not foolproof, some techniques can help reduce the risk download from the applications store. Malware can then spread of data compromise, such as using a complex password to access quickly through a wired or wireless connection to another device the device or critical data, remotely locating the device on a map or a company’s intranet. using global positioning services (GPS), remotely locking the device to render it useless, or remotely wiping data on the Companies can significantly reduce the malware risk by adopting device. Some mobile platforms natively provide these tech- a similar approach to be used for both mobile devices as well as niques, and in the event they do not, basic platform capabilities the desktop and laptop environment. In addition to advising can often be augmented by functionality available in third party employees to only download and install trusted applications and mobile device management or mobile security solutions. take appropriate actions when suspicious applications are identi- fied, a company should run antimalware software on each Malware employee’s device to detect malware in real-time and scan the Mobile device malware—viruses, worms, Trojans, spyware—has entire device periodically. been on the rise over the past few years because most mobile platforms do not yet have native mechanisms to detect malware. Virtually no mobile platform available today is immune to malware. Although more established mobile platforms such as Symbian and Windows Mobile have been a proving ground for
6 Securing mobile devices in the business environment Spam application. Two-factor authentication is also useful to thwart With the growth of text messaging, spam—unsolicited commu- phishing: First, a user enters a static password, then a nication sent to a mobile device from a known or unknown second authentication factor, such as a one-time password or a phone number—is also on the rise. Spam is not only a big con- device fingerprint, is dynamically generated to further authenti- cern for mobile service providers because it wastes a significant cate the user. So even if a user’s static password is stolen by a amount of bandwidth, but it is also a growing security issue for hacker using a phishing technique, the hacker cannot login to mobile device users. According to the recent Global System for the genuine site without the user’s second authentication factor. Mobile Communications Association (GSMA) pilot of the GSMA Spam Reporting Service (SRS), the majority of spam Bluetooth and Wi-Fi attacks are for financial gain, with 70 percent of reports of spam Bluetooth and Wi-Fi effectively increase the connectivity of being for fraudulent financial services rather than the traditional mobile devices within a certain range, but they can be easily advertising scenarios found in email spam.4 exploited to infect a mobile device with malware or compromise transmitted data. A mobile device may be lured to accept a We feel that the most effective method to thwart spam is to Bluetooth connection request from a malicious device. In a define a blacklist to block spam messages either by using the “man-in-the-middle” attack, when mobile devices connect, the functions of an antispam solution or by turning on the antispam hacker can intercept and compromise all data sent to or from the feature on the device if it is available. connected devices. Phishing Setting the device’s Bluetooth to an undiscoverable mode and “Phishing” is an email or an SMS text message (dubbed, turning off the device’s automatic Wi-Fi connection capability, “SMiShing”) sent to trick a user into accessing a fake website, especially in public areas, can help reduce risks. To completely sending a text message or making a phone call to reveal personal block incoming connection requests from unknown devices, a information (such as a Social Security number in the United local firewall should be installed and run on the mobile device— States) or credentials that would allow the hacker access to finan- another traditional security practice that can be extended to the cial or business accounts. Phishing through mobile browsers is mobile environment. more likely to succeed because the small screen size of mobile devices does not allow for some protection features used on the Establishing a mobile security strategy PC, like web address bars or green warning lights. Creating a stringent strategy that defines guidelines and policies helps lay the foundation for a more security-rich mobile envi- The most effective antiphishing approach helps a user recognize ronment. This strategy should focus on several key areas: Data a fraudulent website when it is presented. Some financial institu- and resources accessible from mobile devices, platform support, tions have deployed “site authentication” to confirm to users that management methodology and best practices. they are communicating with a genuine website before they enter account credentials from either a web browser or a mobile
IBM Global Technology Services 7 Initially, your organization should identify which business data it need to be employed to provide comprehensive security controls will allow to be stored and processed on which mobile devices. for mobile devices. As such, depending on how these security This helps determine what needs to be protected and to what solutions are delivered (on-premise or from the cloud), a degree. Many enterprises only permit employee email, contact company may choose to use a hybrid model for device and calendar information. Others allow access, through a security management. browser or native mobile application, to other business-critical applications such as enterprise resource systems (ERP) or cus- No matter what the mobile environment, a number of mobile tomer relationship management (CRM). Different degrees of security policies and best-practice procedures need to be put in access from mobile devices require varying levels of security con- place and should also be identified in the company’s mobile secu- trols. However, it should be noted when business data flows rity strategic plan. Fortunately, many best practices that have from a more strictly controlled location (for example, a database been exercised for desktops and laptops can be duplicated for or a file server) to a less protected device, the risk of losing the mobile devices, such as: data becomes greater. ● Specification of roles and responsibilities in managing and You may also need to determine which mobile device platforms securing the devices will be allowed in the business environment and, thus, need to ● Registration and inventory of mobile devices be supported in the mobile security strategy and plan. Different ● Efficient installation and configuration of security applications mobile platforms have different native security mechanisms that on devices need to be outlined and understood, although applying a set of ● Automatic update of security patches, polices and settings security controls to all supported platforms in a consistent man- ● Reporting of security policy enforcement status ner is desirable. ● Employee education on securing mobile devices Another important decision is the responsibility for mobile secu- Applying security controls based on a rity management work, whether using the current IT security framework team to handle mobile devices, or outsourcing to a managed Taking a broad look across the IT and business environment, security service provider. Multiple security technologies may IBM has developed a well-defined framework that specifies security domains and levels for applying various security technologies.
8 Securing mobile devices in the business environment When applied to mobile devices, the framework suggests the following security controls, with actual requirements varying by deployment: IBM Security Framework ● Identity and access SECURITY GOVERNANCE, RISK MANAGEMENT ● Data protection AND COMPLIANCE ● Application security ● Fundamental integrity control PEOPLE AND IDENTITY ● Governance and compliance Identity and access DATA AND INFORMATION ● Enforce strong passwords to access the device ● Use site authentication or two-factor user authentication to APPLICATION AND PROCESS help increase the trustworthiness between a user and a website ● If virtual private network (VPN) access to corporate intranet is allowed, include capability to control what IP addresses can be NETWORK, SERVER AND END POINT accessed and when re-authentication is required for accessing critical resources PHYSICAL INFRASTRUCTURE Data protection ● Encrypt business data stored on the device and during transmission Common Policy, Event Handling and Reporting ● Include capability to wipe data locally and remotely Professional Managed Hardware ● Set timeout to lock the device when it is not used services services and software ● Periodically back up data on the device so data restore is possi- ble after the lost device has been recovered ● Include capability to locate or lockout the device remotely Figure 4: IBM Security Framework.
IBM Global Technology Services 9 Application security ● Platform support—The solution should support a variety of ● Download business applications from controlled locations mobile device platforms with a consistent, easy-to-manage ● Run certified business applications only administration console that is platform-agonistic to help ● Monitor installed applications and remove those identified to reduce security policies across different devices. be untrustworthy or malicious ● Feature expandability—Mobile device technology advances very rapidly and new mobile threats are evolving all the time. Fundamental integrity control The solution must be flexible enough to accommodate future ● Run antimalware software to detect malware on storage technology changes and incorporate more advanced capabili- and in memory ties to counter new threats. ● Run a personal firewall to filter inbound and outbound traffic ● Usability—Features that are easy to use and require little user ● Integrate with the company’s VPN gateway so a device’s secu- intervention can help drive acceptance by end users and rity posture becomes a dependency for intranet access increase the effectiveness of security control. ● Reporting and analysis—The solution needs to contain Governance and compliance reporting and analysis capabilities, with information that helps ● Incorporate mobile security into the company’s overall risk the company to support policy and regulation compliance, rec- management program ognize the mobile threat landscape and evaluate the solution’s ● Maintain logs of interactions between mobile devices and the effectiveness in countering threats. company’s VPN gateway and data transmission to and from ● Deployment and management—No matter how capable a servers within the intranet security solution is, its value is greatly diminished if it cannot ● Include mobile devices in the company’s periodic security audit be efficiently deployed or easily managed. The company needs to carefully assess the overall efforts required for initial roll- Choosing the right solution out and ongoing management of a solution. When choosing a mobile security solution, several factors need to be taken into consideration: Another important decision in the solution choice is who will be responsible for the overall mobile security implementation effort ● Solution architecture—The solution should be built on a and subsequent ongoing management. Although it is possible to sound client-server architecture in which the server centrally have the current IT team responsible for desktop and laptop controls and manages security policies and settings for various management and security also handle mobile devices, resource security features. The client should be installed on the mobile or skills constraints could prove challenging, particularly in a device and regularly communicate with the server to enforce global, heterogeneous environment. policies, execute commands and report status.
10 Securing mobile devices in the business environment Outsourcing is another option. Leveraging the industry- wide IBM Security Services provides a wide set of managed mobile security expertise of a managed service provider can not services, including: only free up in-house IT resources, but also inject policies and procedures that can, down the road, build up internal skills ● Requirement assessment and policy design without putting the enterprise at risk. In addition, an outside ● Training and providing knowledge assets provider may have the ability to provide a range of delivery ● Guidance for production roll-out options, from on-premise to in the cloud, or even a hybrid ● Monitoring, alerting and reporting solution that may better fit the enterprise’s changing needs. ● Policy maintenance and calibration ● Threat intelligence sharing IBM hosted mobile device security solution provides security from the cloud The solution combines industry-leading mobile security To help organizations embrace both company- and employee- technologies with IBM’s deeper security knowledge and owned mobile devices in a security-rich environment, highly skilled technical professionals around the world to help IBM Security Services offers a robust mobile device security reduce risks and better manage regulatory compliance. With management solution. The solution, built on a client-server IBM Security Services, companies can benefit from improved architecture, helps efficiently deliver mobile security services operational, financial and strategic efficiencies across the enter- from the IBM Cloud to mobile devices on a variety of platforms. prise, and, most importantly, can enhance their overall security postures to increase their business competitiveness. These services can help companies address the major mobile security issues discussed in this paper with a single solution. For more information By both leveraging existing mobile devices owned by branches To learn more about IBM Managed Security Services (Cloud and employees in different groups or geographies, and avoiding Computing)—hosted mobile device security management, con- the purchase of additional hardware or software, companies can tact your IBM marketing representative, IBM Business Partner, reduce capital and operational costs. or visit the following website: ibm.com/services
Notes
© Copyright IBM Corporation 2011 IBM Global Services Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America October 2011 All Rights Reserved IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corporation in the United States, other countries or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Other company, product or service names may be trademarks or service marks of others. 1 IBM X-Force 2011 Mid-year Trend and Risk Report, September 2011 2 Juniper Networks Malicious Mobile Threats Report 2010/2011, May 2011 3 Juniper Networks Malicious Mobile Threats Report 2010/2011, May 2011 4 GSMA Outlines Findings from Spam Reporting Service Pilot press release, February 10, 2011 Please Recycle SEW03027-USEN-00

Recommended

Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveIcomm Technologies
 
BlackBerry Enterprise of Things presentation - Gartner IT Expo
BlackBerry Enterprise of Things presentation - Gartner IT ExpoBlackBerry Enterprise of Things presentation - Gartner IT Expo
BlackBerry Enterprise of Things presentation - Gartner IT ExpoBlackBerry
 
how_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxhow_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxMarta Kusinska
 
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityWEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityMobileIron
 
ILTA Mobile Security Gap
ILTA Mobile Security GapILTA Mobile Security Gap
ILTA Mobile Security GapGes Ray
 
Mobile Device Management Service: Yamana
Mobile Device Management Service: YamanaMobile Device Management Service: Yamana
Mobile Device Management Service: YamanaSoftweb Solutions
 
MobileIron Presentation
MobileIron PresentationMobileIron Presentation
MobileIron PresentationWing Venture Capital
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01ijmnct
 

Recommended

Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveIcomm Technologies
 
BlackBerry Enterprise of Things presentation - Gartner IT Expo
BlackBerry Enterprise of Things presentation - Gartner IT ExpoBlackBerry Enterprise of Things presentation - Gartner IT Expo
BlackBerry Enterprise of Things presentation - Gartner IT ExpoBlackBerry
 
how_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxhow_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxMarta Kusinska
 
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityWEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityMobileIron
 
ILTA Mobile Security Gap
ILTA Mobile Security GapILTA Mobile Security Gap
ILTA Mobile Security GapGes Ray
 
Mobile Device Management Service: Yamana
Mobile Device Management Service: YamanaMobile Device Management Service: Yamana
Mobile Device Management Service: YamanaSoftweb Solutions
 
MobileIron Presentation
MobileIron PresentationMobileIron Presentation
MobileIron PresentationWing Venture Capital
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01ijmnct
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
Why Managing Mobility Matters
Why Managing Mobility MattersWhy Managing Mobility Matters
Why Managing Mobility MattersDan Sharoni, MSTC, CSM
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010thaiantivirus
 
Mobile security - Intense overview
Mobile security - Intense overviewMobile security - Intense overview
Mobile security - Intense overviewPrivateWave Italia SpA
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeBlackBerry
 
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERIntegrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERMobiloitte
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsMubashir Ali
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileEnabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileNuno Alves
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security SuiteCharles McNeil
 
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...BlackBerry
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile SecurityRogers Communications
 
50320140501003
5032014050100350320140501003
50320140501003IAEME Publication
 
MobileIrn Presentation
MobileIrn PresentationMobileIrn Presentation
MobileIrn PresentationWing Venture Capital
 
Rochester Security Event
Rochester Security EventRochester Security Event
Rochester Security Eventcalebbarlow
 
Mti byod wp_uk
Mti byod wp_ukMti byod wp_uk
Mti byod wp_ukJ
 
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...BlackBerry
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environmentIBM Software India
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET Journal
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurityGary Sandoval
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 

More Related Content

What's hot

2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010thaiantivirus
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeBlackBerry
 
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERIntegrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERMobiloitte
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsMubashir Ali
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileEnabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileNuno Alves
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security SuiteCharles McNeil
 
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...BlackBerry
 
Rochester Security Event
Rochester Security EventRochester Security Event
Rochester Security Eventcalebbarlow
 
Mti byod wp_uk
Mti byod wp_ukMti byod wp_uk
Mti byod wp_ukJ
 
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...BlackBerry
 

What's hot (18)

2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
Why Managing Mobility Matters
Why Managing Mobility MattersWhy Managing Mobility Matters
Why Managing Mobility Matters
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010
 
Mobile security - Intense overview
Mobile security - Intense overviewMobile security - Intense overview
Mobile security - Intense overview
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic Workforce
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat Landscape
 
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERIntegrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPER
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure Components
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileEnabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security Suite
 
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile Security
 
50320140501003
5032014050100350320140501003
50320140501003
 
MobileIrn Presentation
MobileIrn PresentationMobileIrn Presentation
MobileIrn Presentation
 
Rochester Security Event
Rochester Security EventRochester Security Event
Rochester Security Event
 
Mti byod wp_uk
Mti byod wp_ukMti byod wp_uk
Mti byod wp_uk
 
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...
 

Similar to Securing mobile devices in the business environment

Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environmentIBM Software India
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET Journal
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurityGary Sandoval
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx1SI19IS064TEJASS
 
Good Security Whitepaper
Good Security WhitepaperGood Security Whitepaper
Good Security Whitepapergenasun
 
Ibm Mobile Device Security Datasheet V2.0
Ibm Mobile Device Security Datasheet V2.0Ibm Mobile Device Security Datasheet V2.0
Ibm Mobile Device Security Datasheet V2.0wendyking63
 
I Brought My Own Device. Now What?
I Brought My Own Device. Now What?I Brought My Own Device. Now What?
I Brought My Own Device. Now What? Array Networks
 
3 data leak possibilities that are easy to overlook
3 data leak possibilities that are easy to overlook3 data leak possibilities that are easy to overlook
3 data leak possibilities that are easy to overlookPeter Hewer
 
271 Information Governance for Mobile Devices .docx
271 Information Governance for Mobile Devices .docx271 Information Governance for Mobile Devices .docx
271 Information Governance for Mobile Devices .docxlorainedeserre
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
 
Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy onijmnct
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Chris Pepin
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USUdløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USIBM Danmark
 
Trends in Cybersecurity that Businesses Need to Look Out for in 2023.pptx
Trends in Cybersecurity that Businesses Need to Look Out for in 2023.pptxTrends in Cybersecurity that Businesses Need to Look Out for in 2023.pptx
Trends in Cybersecurity that Businesses Need to Look Out for in 2023.pptxMetaorange
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityarms8586
 
10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop VirtualizationCitrix
 

Similar to Securing mobile devices in the business environment (20)

Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurity
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
 
Good Security Whitepaper
Good Security WhitepaperGood Security Whitepaper
Good Security Whitepaper
 
Ibm Mobile Device Security Datasheet V2.0
Ibm Mobile Device Security Datasheet V2.0Ibm Mobile Device Security Datasheet V2.0
Ibm Mobile Device Security Datasheet V2.0
 
I Brought My Own Device. Now What?
I Brought My Own Device. Now What?I Brought My Own Device. Now What?
I Brought My Own Device. Now What?
 
3 data leak possibilities that are easy to overlook
3 data leak possibilities that are easy to overlook3 data leak possibilities that are easy to overlook
3 data leak possibilities that are easy to overlook
 
271 Information Governance for Mobile Devices .docx
271 Information Governance for Mobile Devices .docx271 Information Governance for Mobile Devices .docx
271 Information Governance for Mobile Devices .docx
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
 
Protecting Mobile
Protecting MobileProtecting Mobile
Protecting Mobile
 
CS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptxCS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptx
 
Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy on
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USUdløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
 
Trends in Cybersecurity that Businesses Need to Look Out for in 2023.pptx
Trends in Cybersecurity that Businesses Need to Look Out for in 2023.pptxTrends in Cybersecurity that Businesses Need to Look Out for in 2023.pptx
Trends in Cybersecurity that Businesses Need to Look Out for in 2023.pptx
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile security
 
10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization
 

More from K Singh

9767410 - Index
9767410 - Index9767410 - Index
9767410 - IndexK Singh
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYODK Singh
 
Gapps connector guide_for _bes
Gapps connector guide_for _besGapps connector guide_for _bes
Gapps connector guide_for _besK Singh
 
Byod four steps to enabling your network michael greco
Byod four steps to enabling your network michael grecoByod four steps to enabling your network michael greco
Byod four steps to enabling your network michael grecoK Singh
 
Exchange active sync for developers
Exchange active sync for developersExchange active sync for developers
Exchange active sync for developersK Singh
 
Exchange Active Sync Troubleshooting
Exchange Active Sync TroubleshootingExchange Active Sync Troubleshooting
Exchange Active Sync TroubleshootingK Singh
 
Exchange 2010 e_book
Exchange 2010 e_bookExchange 2010 e_book
Exchange 2010 e_bookK Singh
 
Database mirroring setup
Database mirroring setupDatabase mirroring setup
Database mirroring setupK Singh
 

More from K Singh (8)

9767410 - Index
9767410 - Index9767410 - Index
9767410 - Index
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYOD
 
Gapps connector guide_for _bes
Gapps connector guide_for _besGapps connector guide_for _bes
Gapps connector guide_for _bes
 
Byod four steps to enabling your network michael greco
Byod four steps to enabling your network michael grecoByod four steps to enabling your network michael greco
Byod four steps to enabling your network michael greco
 
Exchange active sync for developers
Exchange active sync for developersExchange active sync for developers
Exchange active sync for developers
 
Exchange Active Sync Troubleshooting
Exchange Active Sync TroubleshootingExchange Active Sync Troubleshooting
Exchange Active Sync Troubleshooting
 
Exchange 2010 e_book
Exchange 2010 e_bookExchange 2010 e_book
Exchange 2010 e_book
 
Database mirroring setup
Database mirroring setupDatabase mirroring setup
Database mirroring setup
 

Recently uploaded

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 

Recently uploaded (20)

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 

Securing mobile devices in the business environment

  • 1. IBM Global Technology Services October 2011 Thought Leadership White Paper Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services
  • 2. 2 Securing mobile devices in the business environment As the world becomes more interconnected, integrated and ● Improved client services—Sales or support employees who intelligent, mobile devices are playing an ever-increasing role in regularly interface with customers may respond more effi- changing the way people live, work and communicate. But it is ciently, directly increasing customer satisfaction. not just happening in personal life: Smartphones and tablets are ● Reduced IT cost—By allowing employees to use, and often also being rapidly adopted by enterprises as new work tools, pay for, their own mobile devices and wireless services, compa- joining existing laptops and desktops. The use of mobile devices nies potentially save IT spending on device purchases as well for business has experienced an explosive growth in the past few as management and communication services. years and will only accelerate in the near future. There are some cautions, however. Companies need to fully rec- And while the BlackBerry® has been the de facto mobile device ognize that when employees connect mobile devices to the for business for many years, the availability of other smartphones enterprise and merge both business and personal data, those and tablets with broader consumer appeal, such as iPhone® and mobile devices must be treated just like any other IT equipment, Android™ devices, is fundamentally changing the game. with appropriate security controls. If security is not addressed at Employees are now bringing their own mobile devices to the the outset, these mobile devices may become a point of security workplace and asking companies to support them. These new weakness that threatens to disclose business information or devices offer improved hardware performance, a more robust become a new channel to introduce security threats to the com- platform feature set and increased communication bandwidth, pany’s IT infrastructure and business resources. Many IT depart- expanding their capabilities beyond voice and email. As a result, ments are finding significant challenges in securing mobile however, this increased access to enterprise systems can also devices, for a variety of reasons: bring an increased security risk to the organization. ● A range of mobile device platforms, such as BlackBerry, This paper explores how companies can more safely introduce Symbian®, IOS®, Android and Windows Mobile, needs to be employee- or corporate-owned mobile devices into the work- supported, and each platform brings with it a unique security place, identify the risks inherent in their broader access to corpo- model. Other than the BlackBerry platform, most started rate data, and derive enhanced business value. as consumer platforms and lack enterprise-strength security controls. Mobility brings both advantages and risks ● Business and personal data now coexist on the same device. to the enterprise Finding a balance between strict security control and privacy As employees bring mobile devices into the workplace, many of personal data, particularly when the device is no longer a organizations are motivated to encourage their use for business corporate-issued asset, can be challenging. purposes, because they tend to drive: ● Unauthorized or non-business oriented applications have the potential to spread malware that affects the integrity of the ● Increased employee productivity—Mobile devices can give device and the business data residing upon it. employees access to corporate resources and enable continu- ● Mobile devices are prone to loss and theft, due to their small- ous collaboration with colleagues or business partners. size and high-portability. Whenever a device is lost, corporate data is at risk both on the mobile device and within the corpo- rate network.
  • 3. IBM Global Technology Services 3 ● Many mobile devices are always on and connected, so vulnera- bility to malicious attacks increases through different commu- Mobile operating system exploits 2006-2011 (Projected) nication channels. 40 ● Mobile technology is advancing quickly and becoming increas- 35 ingly complex. Many companies do not have enough resources 30 or skills in house to fully embrace mobile technology in 25 the workplace. 20 Security threats to mobile devices 15 The security of mobile devices has become a top concern for 10 many IT executives. Hackers are discovering the benefits of 5 compromising both business and personal data contained within mobile devices. Because many mobile platforms are not natively 0 2006 2007 2008 2009 2010 2011 designed to provide comprehensive security, hackers have a Mobile OS exploits strong incentive to develop new techniques or create mobile- centric malware specifically for these devices. In a recent IBM X-Force® security research report, mobile operating sys- Figure 2: Mobile operating system exploits. tem vulnerabilities have increased significantly (see Figure 1) and exploits of vulnerabilities are also on the rise (see Figure 2).1 The latest smartphones are designed to provide broad Internet and network connectivity through varying channels, such as 3G Total mobile operating system vulnerabilitiees or 4G, Wi-Fi, Bluetooth or a wired connection to a PC. Security 2006-2011 (Projected) threats may occur in different places along these varying paths 200 where data can be transmitted (see Figure 3). When a device 180 downloads a new mobile application from any online application 160 store, the software may contain malware that can steal or dam- 140 120 age data on the device and, in some cases, even disable the 100 mobile device itself. Most mobile devices now have Internet 80 connections, so common web-based threats that have attacked 60 laptops or desktops may also apply to mobile devices. A device 40 connected through Wi-Fi or Bluetooth is at greater risk 20 because the Wi-Fi source or the other Bluetooth-enabled 0 2006 2007 2008 2009 2010 2011 device may have been compromised and can play a role in a “man-in-the-middle” attack (when a hacker configures a laptop, Mobile OS vulnerabilites server or mobile device to listen in on or modify legitimate communications) or other attack type. Figure 1: Total mobile operating system vulnerabilities.
  • 4. 4 Securing mobile devices in the business environment Wi-Fi device App store Internet Mobile Telco service Web site device provider Mobile Corporate Corporate device VPN Gateway intranet (Bluetooth enabled) Mobile device A threat can occur Figure 3: Flow of data transmission. Because of the variety of communication mechanisms available No matter what the threats are, the targets that hackers try to and increasing use of business applications on mobile devices, access and exploit typically consist of one or several of the the security threats to mobile devices have evolved to all the following: threats applicable to desktops or laptops, plus new threats that are truly unique to mobile devices. Therefore, mobile devices ● Credentials to access business or personal accounts need to be protected with an even broader set of security tech- ● Confidential business or personal information niques than those employed for traditional desktop or laptop ● Phone or data communication services operating environments. ● The mobile device itself
  • 5. IBM Global Technology Services 5 The most frequently seen mobile device security threats are: malware developers in the past few years, the Google Android platform is leading in new malware development, primarily due ● Loss and theft to its popularity and open software distribution model. The ● Malware mobile threat research report from Juniper Networks also states ● Spam that malware on Android grew 400 percent from June 2010 to ● Phishing January 2011.3 ● Bluetooth and Wi-Fi Malware can cause a loss of personal or confidential data, Loss and theft additional service charges (for example, some malware can send Small size and high portability make loss and theft top security premium Short Message Service (SMS) text messages or make concerns when a mobile device is used in the workplace. phone calls in the background) and, even worse, make the device According to a mobile threat study by Juniper Networks, unusable. Although quickly removed, numerous malicious appli- 1 in 20 mobile devices was stolen or lost in 2010.2 When devices cations recently found their way onto the Android marketplace. are lost or stolen, all of the data stored on or accessible from the Some of these were legitimate applications that had been repack- mobile device may be compromised if access to the device or the aged with a Trojan designed to gain root access or additional data is not effectively controlled. privileges to users’ devices. Unsuspecting users may have had malicious code or additional malware installed in that single While not foolproof, some techniques can help reduce the risk download from the applications store. Malware can then spread of data compromise, such as using a complex password to access quickly through a wired or wireless connection to another device the device or critical data, remotely locating the device on a map or a company’s intranet. using global positioning services (GPS), remotely locking the device to render it useless, or remotely wiping data on the Companies can significantly reduce the malware risk by adopting device. Some mobile platforms natively provide these tech- a similar approach to be used for both mobile devices as well as niques, and in the event they do not, basic platform capabilities the desktop and laptop environment. In addition to advising can often be augmented by functionality available in third party employees to only download and install trusted applications and mobile device management or mobile security solutions. take appropriate actions when suspicious applications are identi- fied, a company should run antimalware software on each Malware employee’s device to detect malware in real-time and scan the Mobile device malware—viruses, worms, Trojans, spyware—has entire device periodically. been on the rise over the past few years because most mobile platforms do not yet have native mechanisms to detect malware. Virtually no mobile platform available today is immune to malware. Although more established mobile platforms such as Symbian and Windows Mobile have been a proving ground for
  • 6. 6 Securing mobile devices in the business environment Spam application. Two-factor authentication is also useful to thwart With the growth of text messaging, spam—unsolicited commu- phishing: First, a user enters a static password, then a nication sent to a mobile device from a known or unknown second authentication factor, such as a one-time password or a phone number—is also on the rise. Spam is not only a big con- device fingerprint, is dynamically generated to further authenti- cern for mobile service providers because it wastes a significant cate the user. So even if a user’s static password is stolen by a amount of bandwidth, but it is also a growing security issue for hacker using a phishing technique, the hacker cannot login to mobile device users. According to the recent Global System for the genuine site without the user’s second authentication factor. Mobile Communications Association (GSMA) pilot of the GSMA Spam Reporting Service (SRS), the majority of spam Bluetooth and Wi-Fi attacks are for financial gain, with 70 percent of reports of spam Bluetooth and Wi-Fi effectively increase the connectivity of being for fraudulent financial services rather than the traditional mobile devices within a certain range, but they can be easily advertising scenarios found in email spam.4 exploited to infect a mobile device with malware or compromise transmitted data. A mobile device may be lured to accept a We feel that the most effective method to thwart spam is to Bluetooth connection request from a malicious device. In a define a blacklist to block spam messages either by using the “man-in-the-middle” attack, when mobile devices connect, the functions of an antispam solution or by turning on the antispam hacker can intercept and compromise all data sent to or from the feature on the device if it is available. connected devices. Phishing Setting the device’s Bluetooth to an undiscoverable mode and “Phishing” is an email or an SMS text message (dubbed, turning off the device’s automatic Wi-Fi connection capability, “SMiShing”) sent to trick a user into accessing a fake website, especially in public areas, can help reduce risks. To completely sending a text message or making a phone call to reveal personal block incoming connection requests from unknown devices, a information (such as a Social Security number in the United local firewall should be installed and run on the mobile device— States) or credentials that would allow the hacker access to finan- another traditional security practice that can be extended to the cial or business accounts. Phishing through mobile browsers is mobile environment. more likely to succeed because the small screen size of mobile devices does not allow for some protection features used on the Establishing a mobile security strategy PC, like web address bars or green warning lights. Creating a stringent strategy that defines guidelines and policies helps lay the foundation for a more security-rich mobile envi- The most effective antiphishing approach helps a user recognize ronment. This strategy should focus on several key areas: Data a fraudulent website when it is presented. Some financial institu- and resources accessible from mobile devices, platform support, tions have deployed “site authentication” to confirm to users that management methodology and best practices. they are communicating with a genuine website before they enter account credentials from either a web browser or a mobile
  • 7. IBM Global Technology Services 7 Initially, your organization should identify which business data it need to be employed to provide comprehensive security controls will allow to be stored and processed on which mobile devices. for mobile devices. As such, depending on how these security This helps determine what needs to be protected and to what solutions are delivered (on-premise or from the cloud), a degree. Many enterprises only permit employee email, contact company may choose to use a hybrid model for device and calendar information. Others allow access, through a security management. browser or native mobile application, to other business-critical applications such as enterprise resource systems (ERP) or cus- No matter what the mobile environment, a number of mobile tomer relationship management (CRM). Different degrees of security policies and best-practice procedures need to be put in access from mobile devices require varying levels of security con- place and should also be identified in the company’s mobile secu- trols. However, it should be noted when business data flows rity strategic plan. Fortunately, many best practices that have from a more strictly controlled location (for example, a database been exercised for desktops and laptops can be duplicated for or a file server) to a less protected device, the risk of losing the mobile devices, such as: data becomes greater. ● Specification of roles and responsibilities in managing and You may also need to determine which mobile device platforms securing the devices will be allowed in the business environment and, thus, need to ● Registration and inventory of mobile devices be supported in the mobile security strategy and plan. Different ● Efficient installation and configuration of security applications mobile platforms have different native security mechanisms that on devices need to be outlined and understood, although applying a set of ● Automatic update of security patches, polices and settings security controls to all supported platforms in a consistent man- ● Reporting of security policy enforcement status ner is desirable. ● Employee education on securing mobile devices Another important decision is the responsibility for mobile secu- Applying security controls based on a rity management work, whether using the current IT security framework team to handle mobile devices, or outsourcing to a managed Taking a broad look across the IT and business environment, security service provider. Multiple security technologies may IBM has developed a well-defined framework that specifies security domains and levels for applying various security technologies.
  • 8. 8 Securing mobile devices in the business environment When applied to mobile devices, the framework suggests the following security controls, with actual requirements varying by deployment: IBM Security Framework ● Identity and access SECURITY GOVERNANCE, RISK MANAGEMENT ● Data protection AND COMPLIANCE ● Application security ● Fundamental integrity control PEOPLE AND IDENTITY ● Governance and compliance Identity and access DATA AND INFORMATION ● Enforce strong passwords to access the device ● Use site authentication or two-factor user authentication to APPLICATION AND PROCESS help increase the trustworthiness between a user and a website ● If virtual private network (VPN) access to corporate intranet is allowed, include capability to control what IP addresses can be NETWORK, SERVER AND END POINT accessed and when re-authentication is required for accessing critical resources PHYSICAL INFRASTRUCTURE Data protection ● Encrypt business data stored on the device and during transmission Common Policy, Event Handling and Reporting ● Include capability to wipe data locally and remotely Professional Managed Hardware ● Set timeout to lock the device when it is not used services services and software ● Periodically back up data on the device so data restore is possi- ble after the lost device has been recovered ● Include capability to locate or lockout the device remotely Figure 4: IBM Security Framework.
  • 9. IBM Global Technology Services 9 Application security ● Platform support—The solution should support a variety of ● Download business applications from controlled locations mobile device platforms with a consistent, easy-to-manage ● Run certified business applications only administration console that is platform-agonistic to help ● Monitor installed applications and remove those identified to reduce security policies across different devices. be untrustworthy or malicious ● Feature expandability—Mobile device technology advances very rapidly and new mobile threats are evolving all the time. Fundamental integrity control The solution must be flexible enough to accommodate future ● Run antimalware software to detect malware on storage technology changes and incorporate more advanced capabili- and in memory ties to counter new threats. ● Run a personal firewall to filter inbound and outbound traffic ● Usability—Features that are easy to use and require little user ● Integrate with the company’s VPN gateway so a device’s secu- intervention can help drive acceptance by end users and rity posture becomes a dependency for intranet access increase the effectiveness of security control. ● Reporting and analysis—The solution needs to contain Governance and compliance reporting and analysis capabilities, with information that helps ● Incorporate mobile security into the company’s overall risk the company to support policy and regulation compliance, rec- management program ognize the mobile threat landscape and evaluate the solution’s ● Maintain logs of interactions between mobile devices and the effectiveness in countering threats. company’s VPN gateway and data transmission to and from ● Deployment and management—No matter how capable a servers within the intranet security solution is, its value is greatly diminished if it cannot ● Include mobile devices in the company’s periodic security audit be efficiently deployed or easily managed. The company needs to carefully assess the overall efforts required for initial roll- Choosing the right solution out and ongoing management of a solution. When choosing a mobile security solution, several factors need to be taken into consideration: Another important decision in the solution choice is who will be responsible for the overall mobile security implementation effort ● Solution architecture—The solution should be built on a and subsequent ongoing management. Although it is possible to sound client-server architecture in which the server centrally have the current IT team responsible for desktop and laptop controls and manages security policies and settings for various management and security also handle mobile devices, resource security features. The client should be installed on the mobile or skills constraints could prove challenging, particularly in a device and regularly communicate with the server to enforce global, heterogeneous environment. policies, execute commands and report status.
  • 10. 10 Securing mobile devices in the business environment Outsourcing is another option. Leveraging the industry- wide IBM Security Services provides a wide set of managed mobile security expertise of a managed service provider can not services, including: only free up in-house IT resources, but also inject policies and procedures that can, down the road, build up internal skills ● Requirement assessment and policy design without putting the enterprise at risk. In addition, an outside ● Training and providing knowledge assets provider may have the ability to provide a range of delivery ● Guidance for production roll-out options, from on-premise to in the cloud, or even a hybrid ● Monitoring, alerting and reporting solution that may better fit the enterprise’s changing needs. ● Policy maintenance and calibration ● Threat intelligence sharing IBM hosted mobile device security solution provides security from the cloud The solution combines industry-leading mobile security To help organizations embrace both company- and employee- technologies with IBM’s deeper security knowledge and owned mobile devices in a security-rich environment, highly skilled technical professionals around the world to help IBM Security Services offers a robust mobile device security reduce risks and better manage regulatory compliance. With management solution. The solution, built on a client-server IBM Security Services, companies can benefit from improved architecture, helps efficiently deliver mobile security services operational, financial and strategic efficiencies across the enter- from the IBM Cloud to mobile devices on a variety of platforms. prise, and, most importantly, can enhance their overall security postures to increase their business competitiveness. These services can help companies address the major mobile security issues discussed in this paper with a single solution. For more information By both leveraging existing mobile devices owned by branches To learn more about IBM Managed Security Services (Cloud and employees in different groups or geographies, and avoiding Computing)—hosted mobile device security management, con- the purchase of additional hardware or software, companies can tact your IBM marketing representative, IBM Business Partner, reduce capital and operational costs. or visit the following website: ibm.com/services
  • 11. Notes
  • 12. © Copyright IBM Corporation 2011 IBM Global Services Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America October 2011 All Rights Reserved IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corporation in the United States, other countries or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Other company, product or service names may be trademarks or service marks of others. 1 IBM X-Force 2011 Mid-year Trend and Risk Report, September 2011 2 Juniper Networks Malicious Mobile Threats Report 2010/2011, May 2011 3 Juniper Networks Malicious Mobile Threats Report 2010/2011, May 2011 4 GSMA Outlines Findings from Spam Reporting Service Pilot press release, February 10, 2011 Please Recycle SEW03027-USEN-00