state of oregon enterprise security office jan 14 th 2010 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security Strategies for Mobile Devices PowerPoint Presentation
Download Presentation
Security Strategies for Mobile Devices

Loading in 2 Seconds...

play fullscreen
1 / 26

Security Strategies for Mobile Devices - PowerPoint PPT Presentation


  • 301 Views
  • Uploaded on

State of Oregon Enterprise Security Office Jan. 14 th , 2010. Security Strategies for Mobile Devices. Welcome. John Ritchie, CISSP State of Oregon Enterprise Security Office Information Security Analysis and Consultation. Introduction. Enterprise Security Office (ESO)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Security Strategies for Mobile Devices


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. State of Oregon Enterprise Security Office Jan. 14th, 2010 Security Strategies for Mobile Devices

    2. Welcome • John Ritchie, CISSP • State of Oregon Enterprise Security Office • Information Security Analysis and Consultation

    3. Introduction • Enterprise Security Office (ESO) • State Enterprise Perspective • Multi-Agency, Cross-Agency • Enterprise Policy and Oversight • Not Operations

    4. Agenda • Overview of Issues • Strategies For Developing Solutions • Future Trends

    5. Issue: Portable Storage • Storage, Storage and more Storage • Easy Data Sharing • Small, Smaller, Smallest, Lost • Data Loss Prevention • Bypass Security Controls

    6. Issue: Mobile Workforce • Culture Change • Can’t Be Ignored • Huge Benefits • Technical Challenges • Porous Perimeter • Firewalls? • Personal Devices

    7. Issue: Mobile Workforce • Everything Connects • Hostile Environments

    8. Strategies For Coping • Step By Step • Define Business Needs • Develop Policy • Technical Implementation • Audit Device Use and Compliance • Step By Step (Refrain)

    9. Strategy: Step By Step • Start Somewhere • Develop A Plan • Something Is Better Than Nothing • It All Costs Money

    10. Strategy: Business Needs • Define Benefits • What Are Your Goals? • Data Classification – Task #1 • Where’s Your Sensitive Data? • What Will Your Employees Store On Mobile Devices?

    11. Strategy: Policy • Decision Points • Strict Or Lenient? • Device Ownership Decision • Device Management Decisions • Security

    12. Policy • Device Ownership • Company-owned (stricter) • Control and Security • Responsibility (mostly) company’s • Separation of Church and State • Personal Devices (more lenient) • Flexibility • Employee Satisfaction • Cost?

    13. Policy • Device Management • Corporate vs. Personal Management • Supported Models vs. All Models • Standard Configuration • Lost/Stolen/Sold Devices • Employee Termination

    14. Policy • Security • Data At Rest • Data In Transit • Access To Device • Access to Enterprise Assets Comic by XKCD.com

    15. Policy • Responsibility • Should Employee Share Responsibility? • Policy Education • Critical Component

    16. Strategy: Technical Controls • Intersect With Policy And Security • Policy Without Controls Is… • Integrate Solutions With Architecture • Don’t Forget About Existing Policies • Acceptable Use

    17. Strategy: Audit Device Use • Education • Visual Audits • Manager drive-by • Technical Audits • Logging • “Lessons Learned” Audits • After-the-fact

    18. Strategy: Step By Step (Refrain) • Start Somewhere • Develop A Plan • Something Is Better Than Nothing • It All Costs Money

    19. Trends For the Future • Increasingly Mobile Workforce • Better Tools • Current: Remote Access, Minimize Local Storage • Developing Market for Tools • Increasing Risk • Targets For Attack • Increasing Awareness? • History of PC Security Awareness

    20. State Reference Material • Policies http://www.oregon.gov/DAS/EISPD/ESO/Policies.shtml • Statewide Information Security Plan and Standards http://www.oregon.gov/DAS/EISPD/ESO/SW_Plan_Standards.shtml

    21. Questions? John Ritchie (503) 378-3910 john.ritchie@state.or.us

    22. Drive Encryption Tools • Pointsec: http://www.checkpoint.com/products/datasecurity/pc/index.html • CREDANT: http://www.credant.com/products.html • GuardianEdge: http://www.guardianedge.com/products/guardianedge-hard-disk-encryption.php • PGP: http://www.pgp.com/products/wholediskencryption/index.html • McAfee Endpoint Encryption: http://www.mcafee.com/us/enterprise/products/data_protection/data_encryption/endpoint_encryption.html • Microsoft BitLocker: http://technet.microsoft.com/en-us/windows/aa905065.aspx

    23. Drive Encryption Tools • Mobile Armor: http://www.mobilearmor.com/dataarmor.php • SafeNet: http://www.safenet-inc.com/products/data_protection/disk_and_file_encryption/protectdrive.aspx • SecurStar: http://www.securstar.com/products.php • Utimaco Software: http://www.sophos.com/products/enterprise/encryption/safeguard-enterprise/device-encryption/ • WinMagic: http://www.winmagic.com/products

    24. Remote Device Wipe • BlackBerry Enterprise Server • Microsoft’s System Center Mobile Device Manager • Apple’s iPhone 3.0 (with MobileMe)

    25. Lost Device Tracking • Adeona Project (Open Source): http://adeona.cs.washington.edu/ • Absolute Software: http://www.absolute.com/ • zTrace Technologies: http://www.ztrace.com/

    26. Presentation, Desktop Virtualization • Citrix XenDesktop: http://www.citrix.com/english/ps2/products/product.asp?contentID=163057 • Citrix XenApp: http://www.citrix.com/english/ps2/products/product.asp?contentid=186 • VMware View: http://www.vmware.com/products/view/ • Microsoft’s Remote Desktop Services: http://www.microsoft.com/windowsserver2008/en/us/presentation-terminal.aspx?pf=true