State of oregon enterprise security office jan 14 th 2010
Download
1 / 26

Security Strategies for Mobile Devices - PowerPoint PPT Presentation


  • 287 Views
  • Updated On :

State of Oregon Enterprise Security Office Jan. 14 th , 2010. Security Strategies for Mobile Devices. Welcome. John Ritchie, CISSP State of Oregon Enterprise Security Office Information Security Analysis and Consultation. Introduction. Enterprise Security Office (ESO)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security Strategies for Mobile Devices' - MartaAdara


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
State of oregon enterprise security office jan 14 th 2010 l.jpg

State of Oregon

Enterprise Security Office

Jan. 14th, 2010

Security Strategies for Mobile Devices


Welcome l.jpg
Welcome

  • John Ritchie, CISSP

    • State of Oregon Enterprise Security Office

    • Information Security Analysis and Consultation


Introduction l.jpg
Introduction

  • Enterprise Security Office (ESO)

    • State Enterprise Perspective

      • Multi-Agency, Cross-Agency

    • Enterprise Policy and Oversight

    • Not Operations


Agenda l.jpg
Agenda

  • Overview of Issues

  • Strategies For Developing Solutions

  • Future Trends


Issue portable storage l.jpg
Issue: Portable Storage

  • Storage, Storage and more Storage

    • Easy Data Sharing

    • Small, Smaller, Smallest, Lost

  • Data Loss Prevention

  • Bypass Security Controls


Issue mobile workforce l.jpg
Issue: Mobile Workforce

  • Culture Change

    • Can’t Be Ignored

    • Huge Benefits

  • Technical Challenges

    • Porous Perimeter

      • Firewalls?

    • Personal Devices


Issue mobile workforce7 l.jpg
Issue: Mobile Workforce

  • Everything Connects

  • Hostile Environments


Strategies for coping l.jpg
Strategies For Coping

  • Step By Step

  • Define Business Needs

  • Develop Policy

  • Technical Implementation

  • Audit Device Use and Compliance

  • Step By Step (Refrain)


Strategy step by step l.jpg
Strategy: Step By Step

  • Start Somewhere

  • Develop A Plan

  • Something Is Better Than Nothing

  • It All Costs Money


Strategy business needs l.jpg
Strategy: Business Needs

  • Define Benefits

    • What Are Your Goals?

  • Data Classification – Task #1

    • Where’s Your Sensitive Data?

    • What Will Your Employees Store On Mobile Devices?


Strategy policy l.jpg
Strategy: Policy

  • Decision Points

    • Strict Or Lenient?

    • Device Ownership Decision

    • Device Management Decisions

    • Security


Policy l.jpg
Policy

  • Device Ownership

    • Company-owned (stricter)

      • Control and Security

      • Responsibility (mostly) company’s

      • Separation of Church and State

    • Personal Devices (more lenient)

      • Flexibility

      • Employee Satisfaction

      • Cost?


Policy13 l.jpg
Policy

  • Device Management

    • Corporate vs. Personal Management

    • Supported Models vs. All Models

    • Standard Configuration

    • Lost/Stolen/Sold Devices

    • Employee Termination


Policy14 l.jpg
Policy

  • Security

    • Data At Rest

    • Data In Transit

    • Access To Device

    • Access to Enterprise Assets

Comic by XKCD.com


Policy15 l.jpg
Policy

  • Responsibility

    • Should Employee Share Responsibility?

  • Policy Education

    • Critical Component


Strategy technical controls l.jpg
Strategy: Technical Controls

  • Intersect With Policy And Security

  • Policy Without Controls Is…

  • Integrate Solutions With Architecture

  • Don’t Forget About Existing Policies

    • Acceptable Use


Strategy audit device use l.jpg
Strategy: Audit Device Use

  • Education

  • Visual Audits

    • Manager drive-by

  • Technical Audits

    • Logging

  • “Lessons Learned” Audits

    • After-the-fact


Strategy step by step refrain l.jpg
Strategy: Step By Step (Refrain)

  • Start Somewhere

  • Develop A Plan

  • Something Is Better Than Nothing

  • It All Costs Money


Trends for the future l.jpg
Trends For the Future

  • Increasingly Mobile Workforce

  • Better Tools

    • Current: Remote Access, Minimize Local Storage

    • Developing Market for Tools

  • Increasing Risk

    • Targets For Attack

  • Increasing Awareness?

    • History of PC Security Awareness


State reference material l.jpg
State Reference Material

  • Policies http://www.oregon.gov/DAS/EISPD/ESO/Policies.shtml

  • Statewide Information Security Plan and Standards http://www.oregon.gov/DAS/EISPD/ESO/SW_Plan_Standards.shtml


Questions l.jpg
Questions?

John Ritchie

(503) 378-3910

john.ritchie@state.or.us


Drive encryption tools l.jpg
Drive Encryption Tools

  • Pointsec: http://www.checkpoint.com/products/datasecurity/pc/index.html

  • CREDANT: http://www.credant.com/products.html

  • GuardianEdge: http://www.guardianedge.com/products/guardianedge-hard-disk-encryption.php

  • PGP: http://www.pgp.com/products/wholediskencryption/index.html

  • McAfee Endpoint Encryption: http://www.mcafee.com/us/enterprise/products/data_protection/data_encryption/endpoint_encryption.html

  • Microsoft BitLocker: http://technet.microsoft.com/en-us/windows/aa905065.aspx


Drive encryption tools23 l.jpg
Drive Encryption Tools

  • Mobile Armor: http://www.mobilearmor.com/dataarmor.php

  • SafeNet: http://www.safenet-inc.com/products/data_protection/disk_and_file_encryption/protectdrive.aspx

  • SecurStar: http://www.securstar.com/products.php

  • Utimaco Software: http://www.sophos.com/products/enterprise/encryption/safeguard-enterprise/device-encryption/

  • WinMagic: http://www.winmagic.com/products


Remote device wipe l.jpg
Remote Device Wipe

  • BlackBerry Enterprise Server

  • Microsoft’s System Center Mobile Device Manager

  • Apple’s iPhone 3.0 (with MobileMe)


Lost device tracking l.jpg
Lost Device Tracking

  • Adeona Project (Open Source): http://adeona.cs.washington.edu/

  • Absolute Software: http://www.absolute.com/

  • zTrace Technologies: http://www.ztrace.com/


Presentation desktop virtualization l.jpg
Presentation, Desktop Virtualization

  • Citrix XenDesktop: http://www.citrix.com/english/ps2/products/product.asp?contentID=163057

  • Citrix XenApp: http://www.citrix.com/english/ps2/products/product.asp?contentid=186

  • VMware View: http://www.vmware.com/products/view/

  • Microsoft’s Remote Desktop Services: http://www.microsoft.com/windowsserver2008/en/us/presentation-terminal.aspx?pf=true


ad