Mobile Security and Management

Mobile Security and Management

Loading
Loading Social Plug-ins...
Language: English
Save to myLibrary Download PDF
Go to Page # Page of 19

Description: New York State Cyber Security Conference, Mobile Threat Landscape, Mobility Trends and Challenges in the Enterprise, Mobile Solution Approach for Enterprises, Smartphone Growth, Mobile Security Risks, critical Smartphone SECURITY, Smartphones Hacker's Next Destination, Mobility Trends in the Enterprise, Evolution of Enterprise Mobile Device Support, Smartphone Device OS Share, Mobile Lifecycle Management, Manage Mobile Devices with Other IT Assets, Enterprise Mobile Security.

 
Author: Khoi Nguyen (Fellow) | Visits: 1662 | Page Views: 1675
Domain:  High Tech Category: Mobile Subcategory: Security 
Upload Date:
Short URL: http://www.wesrch.com/electronics/pdfEL1WSSGWTACCO
Loading
Loading...



px *        px *

* Default width and height in pixels. Change it to your required dimensions.

 
Contents:
New York State Cyber Security Conference y y
Integrating Security and Management of Smartphones Khoi Nguyen, Group Product Manager Mobile Security and Management Group Symantec
Amber Kick-off Meeting

Agenda

1 2 3 4

Mobile Threat Landscape Mobility Trends and Challenges in the Enterprise Mobile Solution Approach for Enterprises pp p Best Practices

Smartphone Growth
Devices IN USE WW (Smartphones = � Number of PCs)
Devices In Use

PC and Smartphone Shipments

3B
2.6B

2.8B

3B

3.25B

2B 1B
893M 1B

Cell Phones In Use 6.6% Growth

PCs In Use 10.7% Growth Smartphones In Use 22.2% 22 2% Growth
** Smartphones Out-shipped laptops in 2008
PC Forecast by IDC, June 2009 Smartphone Forecast by Gartner, Dec 2008

800M 600M 400M 200M
217M 382M 574M

Source: Pryamid Research, Forester, Deutche Bank

2006

2007

2008

2009

Mobile Security Risks on the Rise
Smartphones are business critical Smartphone SECURITY

86%
Of large enterprises believe smartphones are critical or important to their business. 50% of employees use mobile devices at half of all large enterprises.

Only 38%
of enterprises have well defined mobile security and management policies and strategies. li i d i

SMiShing Goes Mainstream

Mobile VIRUSES

1 in 5
Mobile phone users have received a phishing message via SMS, email or other messaging service.

600...
And counting. Number of known mobile viruses and Trojans as of Apr. 2009

Sources: IDC PC Forecast, Jun. 2009; TrendMicro Smartphone Survey, May 2009; Northeastern University, Apr. 2009

4

Smartphones: Hackers' Next Destination e t est at o
1. Device Loss/Theft
� Phones are lost 15X more frequently than PCs
� � � � � Smart phones carry much of the same data as laptops (eMail, Contacts...) Phone theft is the #1 UK personal crime* Enterprise: It's their data and their responsibility Consumer: pictures, contacts, p y p payment credentials Regulations regarding privacy and forcing disclosure of lost laptops apply to smart phones

2. Snoopware... an invasion of Privacy
� � Device always with you, always a risk
� � 70% use their phone as an alarm clock
(ICM Research)

Snoopware... destroys a reputation
Remotely activate the microphone to eavesdrop on conversations (even spy via pictures)

� Data is enterprise & personal �

Examples: flexispy iCam MobileSpy flexispy, iCam,

Put your protection where your data is

Snoopware puts a stranger in your bedroom and a competitor in your boardroom

4. SMS Spam
� � There has been a transition from annoying spam to threatening spam 1.1 billion S S spam messages in the US SMS S in 2007 (up from 800 million in 2006) (Ferris Research) 18% of US mobile users have received SMS spam messages (Pew Research)

3. Pranking4Profit
� � Follows `fame to fortune' trends seen in PC market (source Symantec ISTR X) Mobiles are becoming digital wallets and identities
� Financial risk in mobiles via NFC in Japan & EMEA





Examples: Redbrowser, Webser Bringing PC-level security to the hacker's next destination

Transition from Annoying Spam to Threatening Spam
* Source: ARC, Juniper Research

Industry Pundits' Takes on Mobile Security y
"The smartphone OS will become a major security target... Google's openness The Google s gives developers more freedom to innovate, but it can also be misused... Unfortunately this opens us up to malware." � Rich Cannings, Android Security "When you look at the evolution of malware, it never gets worse -- it always gets more sophisticated and more refined. As an industry ... we have to really look at where those trends are going and understand that everything we saw in the last 25 years in the PC world is probably going to happen much faster in the mobile world." � Scott Totzke, VP of Blackberry's security group ""When the market increases, there are generally more people going after it because there's a bigger potential for gain. What we haven't seen is the massive anonymous attacking across all of the smartphone bases -- the attacks we see today on the smartphone market are targeted attacks." � Andrew Storms, nCircle security lead

Mobility Trends in the Enterprise

7

Compare and Contrast p

Dell Latitude CPi RSeries � Released in 1999 � 400 MHz CPU � 64 MB RAM � 6.4 GB Hard Drive � 10/100 Mbps Ethernet 0/ 00 Mbps thernet � Windows 98 or NT 4.0

HTC Touch Pro 2 � Released in 2009 � 528MHz CPU � 288 MB RAM � 512 MB ROM + microSD* � 3G and 802.11 b\g WIFI 3G and 80 . b\g WI FI � Windows Mobile 6.1 Pro *microSD 2.0 supports up to 32 GB cards
8

Evolution of Enterprise Mobile Device Support
Disallowed User owned, user supported Company owned, limited company support Company owned, full company support Employee owned, full company support (Consumerization of IT)
9

Applications are the Tipping Point pp pp g

Smartphone Device OS Share
2008 2013

Windows Mobile, 13.1%

BlackBerry OS, 15.5%

Android, 0.5%

Windows Mobile, 17.5% 17 5%

BlackBerry OS, 9.2% Android, 16.4% Mac OS Mac OS (iPhone), 8.0%

Mac OS (iPhone), 9.0% Linux, 11.7% Symbian, 48.4% Palm, 1.8% Symbian, 39.5%

Linux, 9.4%

Palm, 0.0%

Notes
1. Data based on IDC's Worldwide Converged Mobile Device Forecast 2008-2013.

11

All Endpoints Need to be Secured and Managed...Including Mobile
Mobile Data and Apps: Increased use of mobile devices and apps with confidential business information or access to the corporate network Heterogeneous Deployments: Deployment of different p y devices & applications, increasing cost and complexity Increasing Risk: Increasing risk due to device theft/loss, greater compliancy, malware threats, OS vulnerabilties

Adoption without Planning: Not protecting and managing your mobile d i bil devices could l d ld lead to data loss, decreased productivity, and damage to your business

Secure and Manage Your Mobile Devices
Increase productivity while reducing risk costs and complexity risk, costs, IDC: Single-vendor security, management, & storage can reduce costs by 4X*
*Source: IDC, May 2009, "Containing Vendor Sprawl: Improve Security, Reduce Risk, and Lower Cost

What is the Risk of Not Securing and Managing Smartphones?
� Compliancy Risk
� Not considering mobile devices will put system and regulatory audit results at risk - privacy and disclosure

� Data and Privacy Risk
� Lost phones and mobile threats place customer data, financial data, and other confidential data at risk � Data loss is the biggest risk for smartphones today

� Business and Network Stability Risk
� Left unprotected, smartphones represent the weakest link in an Enterprise's IT infrastructure p � Compromised smartphones can disrupt the network IT operations, and ultimately the business

Key Q y Questions
What is the value of the information on mobile device? What is the impact when a mobile device is down? What are the implications of a lost mobile device? What is my organization's cost to support mobile devices? What is my mobile management and security strategy?

14

Solution Approach

15

The Mobile Lifecycle

Retire

Provision

Mobile Lifecycle Management M t

Manage

Secure

Secure and Manage Mobile Devices with Other IT Assets
Intelligence Automation
Workflows

Analyze

Collect

Publish & Orchestrate

Multitenancy Rolesbased Access Groups/Org Units Alerts/Notifications Manage Connect

17

Enterprise Mobile Security Best Practices
1. Enforce a PIN/Password policy for mobile 2. Enable Remote Wi /L k 2 E bl R t Wipe/Lock 3. Use a mobile security and management solution 4. Integrate your mobile security strategy into your overall 4 I t t bil it t t i t ll Endpoint Security and compliancy strategy 5. 5 Secure and manage your mobile devices throughout the entire mobile device lifecycle

18

Thank You

Khoi Nguyen o guye khoi_nguyen@symantec.com

� 2009 Symantec Corporation. All rights reserved. THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE.

Subscribe
x