state of oregon enterprise security office jan 14 th 2010
Download
Skip this Video
Download Presentation
Security Strategies for Mobile Devices

Loading in 2 Seconds...

play fullscreen
1 / 26

Security Strategies for Mobile Devices - PowerPoint PPT Presentation


  • 287 Views
  • Uploaded on

State of Oregon Enterprise Security Office Jan. 14 th , 2010. Security Strategies for Mobile Devices. Welcome. John Ritchie, CISSP State of Oregon Enterprise Security Office Information Security Analysis and Consultation. Introduction. Enterprise Security Office (ESO)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security Strategies for Mobile Devices' - MartaAdara


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
state of oregon enterprise security office jan 14 th 2010
State of Oregon

Enterprise Security Office

Jan. 14th, 2010

Security Strategies for Mobile Devices
welcome
Welcome
  • John Ritchie, CISSP
    • State of Oregon Enterprise Security Office
    • Information Security Analysis and Consultation
introduction
Introduction
  • Enterprise Security Office (ESO)
    • State Enterprise Perspective
      • Multi-Agency, Cross-Agency
    • Enterprise Policy and Oversight
    • Not Operations
agenda
Agenda
  • Overview of Issues
  • Strategies For Developing Solutions
  • Future Trends
issue portable storage
Issue: Portable Storage
  • Storage, Storage and more Storage
    • Easy Data Sharing
    • Small, Smaller, Smallest, Lost
  • Data Loss Prevention
  • Bypass Security Controls
issue mobile workforce
Issue: Mobile Workforce
  • Culture Change
    • Can’t Be Ignored
    • Huge Benefits
  • Technical Challenges
    • Porous Perimeter
      • Firewalls?
    • Personal Devices
issue mobile workforce7
Issue: Mobile Workforce
  • Everything Connects
  • Hostile Environments
strategies for coping
Strategies For Coping
  • Step By Step
  • Define Business Needs
  • Develop Policy
  • Technical Implementation
  • Audit Device Use and Compliance
  • Step By Step (Refrain)
strategy step by step
Strategy: Step By Step
  • Start Somewhere
  • Develop A Plan
  • Something Is Better Than Nothing
  • It All Costs Money
strategy business needs
Strategy: Business Needs
  • Define Benefits
    • What Are Your Goals?
  • Data Classification – Task #1
    • Where’s Your Sensitive Data?
    • What Will Your Employees Store On Mobile Devices?
strategy policy
Strategy: Policy
  • Decision Points
    • Strict Or Lenient?
    • Device Ownership Decision
    • Device Management Decisions
    • Security
policy
Policy
  • Device Ownership
    • Company-owned (stricter)
      • Control and Security
      • Responsibility (mostly) company’s
      • Separation of Church and State
    • Personal Devices (more lenient)
      • Flexibility
      • Employee Satisfaction
      • Cost?
policy13
Policy
  • Device Management
    • Corporate vs. Personal Management
    • Supported Models vs. All Models
    • Standard Configuration
    • Lost/Stolen/Sold Devices
    • Employee Termination
policy14
Policy
  • Security
    • Data At Rest
    • Data In Transit
    • Access To Device
    • Access to Enterprise Assets

Comic by XKCD.com

policy15
Policy
  • Responsibility
    • Should Employee Share Responsibility?
  • Policy Education
    • Critical Component
strategy technical controls
Strategy: Technical Controls
  • Intersect With Policy And Security
  • Policy Without Controls Is…
  • Integrate Solutions With Architecture
  • Don’t Forget About Existing Policies
    • Acceptable Use
strategy audit device use
Strategy: Audit Device Use
  • Education
  • Visual Audits
    • Manager drive-by
  • Technical Audits
    • Logging
  • “Lessons Learned” Audits
    • After-the-fact
strategy step by step refrain
Strategy: Step By Step (Refrain)
  • Start Somewhere
  • Develop A Plan
  • Something Is Better Than Nothing
  • It All Costs Money
trends for the future
Trends For the Future
  • Increasingly Mobile Workforce
  • Better Tools
    • Current: Remote Access, Minimize Local Storage
    • Developing Market for Tools
  • Increasing Risk
    • Targets For Attack
  • Increasing Awareness?
    • History of PC Security Awareness
state reference material
State Reference Material
  • Policies http://www.oregon.gov/DAS/EISPD/ESO/Policies.shtml
  • Statewide Information Security Plan and Standards http://www.oregon.gov/DAS/EISPD/ESO/SW_Plan_Standards.shtml
questions
Questions?

John Ritchie

(503) 378-3910

john.ritchie@state.or.us

drive encryption tools
Drive Encryption Tools
  • Pointsec: http://www.checkpoint.com/products/datasecurity/pc/index.html
  • CREDANT: http://www.credant.com/products.html
  • GuardianEdge: http://www.guardianedge.com/products/guardianedge-hard-disk-encryption.php
  • PGP: http://www.pgp.com/products/wholediskencryption/index.html
  • McAfee Endpoint Encryption: http://www.mcafee.com/us/enterprise/products/data_protection/data_encryption/endpoint_encryption.html
  • Microsoft BitLocker: http://technet.microsoft.com/en-us/windows/aa905065.aspx
drive encryption tools23
Drive Encryption Tools
  • Mobile Armor: http://www.mobilearmor.com/dataarmor.php
  • SafeNet: http://www.safenet-inc.com/products/data_protection/disk_and_file_encryption/protectdrive.aspx
  • SecurStar: http://www.securstar.com/products.php
  • Utimaco Software: http://www.sophos.com/products/enterprise/encryption/safeguard-enterprise/device-encryption/
  • WinMagic: http://www.winmagic.com/products
remote device wipe
Remote Device Wipe
  • BlackBerry Enterprise Server
  • Microsoft’s System Center Mobile Device Manager
  • Apple’s iPhone 3.0 (with MobileMe)
lost device tracking
Lost Device Tracking
  • Adeona Project (Open Source): http://adeona.cs.washington.edu/
  • Absolute Software: http://www.absolute.com/
  • zTrace Technologies: http://www.ztrace.com/
presentation desktop virtualization
Presentation, Desktop Virtualization
  • Citrix XenDesktop: http://www.citrix.com/english/ps2/products/product.asp?contentID=163057
  • Citrix XenApp: http://www.citrix.com/english/ps2/products/product.asp?contentid=186
  • VMware View: http://www.vmware.com/products/view/
  • Microsoft’s Remote Desktop Services: http://www.microsoft.com/windowsserver2008/en/us/presentation-terminal.aspx?pf=true
ad