Best Practices for Securing Mobile ContentMike Brannon, National GypsumOjas Rege, MobileIron

Best Practices Conference (May 17, 2013)

22

3

4

5

Definition…Mobile First organizations

embrace mobility as their primary IT platform in order to transform

their businesses and increase their competitiveness

Content of all types is easily and securely

available on any device

CONTENT

End users choose their devices

Security is invisible to end users

User experience is the #1 design criteria

USER EXPERIENCES

New apps are developed and delivered

to mobile devices first

Core business processes can be performed on any

device

APPLICATIONS

In a Mobile First Company…

66

Traditional enterprise security

6

Firewall& VPN

77

The perimeter is gone

Copy/Paste

Open-in

Forward

88

The more the CIO says no, the less secure the organization becomes.

Vivek Kundra, Former U.S. Federal CIO

Responsible, not restrictive

Mike Brannon, National Gypsum

99

Securing data-at-rest

1010

Open In

Copy

SaveView

SharePoint documents

Open In

Copy

SaveView

Email attachments

MobileIron Confidential10

Two primary document repositories

• Solve “open in” problem • Store documents securely on device• Control cut / copy / paste actions• Selectively wipe documents• Prevent unauthorized distribution

• Control end-to-end with policy• Leverage existing content repositories

1111

Securing email attachments

11

Email App Secure Content Viewer

Email with Attachment

REMOVE

1212

Secure Content Viewer

Securing SharePoint

12

REMOVE

Sharepoint

1313

Closed-loop actions when compromised

13

Remediation

Notify

BlockQuarantine

Closed-loop actions

• Notify user and admin• Prevent access• Remove saved files• Remove SharePoint config• Protect enterprise persona

MobileIron Confidential

National Gypsum Company is a fully integrated building products manufacturer

Headquartered in Charlotte, NC with mines and quarries, and manufacturing plants across North America

1515

National Gypsum Implementation

• Risks / Threats Addressed:– Loss of Company Data / Lost Devices / Departing Employees– All Devices and Users Registered / Security Policies Enforced– Ease of Use for Employees AND Improved Security & Efficiency

• What We Deployed (And Timeline)– MobileIron device (VSP) and support (Sentry) – All Smartphones– Blackberry (now gone), Apple iOS and Android Devices– Push Secure WiFi Config to Minimize Data Use On Premise– Rush To Adopt iPads – From 0 to 100’s of Devices!– More than email access! Apps for SharePoint and Data!– Manage “Allowed” and “Disallowed” Settings / Apps (DropBox)– Leverage Internal PKI and Push Webclips – Deliver Data

1616

• Where Are We Now?– BES Retired – 70% iOS, 25% Android, 5% Windows Devices– iPad is currently only supported Tablet – Testing others (Surface?)– Plans to allow Windows 8 and MAC OS/X BYOD – Colligo Briefcase for SharePoint Document Access– Two Apps Deployed on iOS with “One Tap For Data”

National Gypsum Implementation

1717

National Gypsum Implementation

1818

Best practices for mobile content DLP

18

Closed-loop compliance

Continuous management

OS integrity

OS versioning

Passcode / encryption

Auto-wipe

Identity

Secure tunnel

Attachment protection

Secure content hub

Role of cloud

Credible ecosystem

MobileIron Confidential

1919

Security considerations 2013+ …

“No” not a sustainable option -> provide credible alternatives

Massive content ecosystem -> crowd-source but don’t lock-in

Uncertain economics -> establish “help-yourself-desk”

Dynamic risk at endpoint -> automate your mobile trust model

Content always one-click from cloud -> co-habitate responsibly

Blurring between content and app -> explore new forms

2020

Content doesn’t exist in isolation

Enterprise Mobile Persona

Native experience

Data separation

Shared policy Selective wipe

Secure communications

Email

Apps Certs

Policy

Content

Federated identity

2121

Journey to the Mobile First Enterprise

Device SecurityBYOD (user choice)Email access (secure ActiveSync)Multi-OS security (BlackBerry replacement)

App & Content Enablement

1st gen of mobile appsMobile docs (SharePoint)Cloud protections

Business Transformation

New user & business experiences

222222

First

Enterprise app storeBYOD privacySelective wipeJailbreak detectionEmail attachment DLP

97% Customer support satisfaction

4500+ Customers globally (3000 in last 15 months)

8 of top 10 global automotive

7 of top 10 global pharma

5 of top 10 global banks

Strongest mobile ecosystem

RecognizedGartner: Leaders QuadrantIDC: #1 growth and share

Deployed

Security and management for mobile enterprise apps, documents, and devices

Innovation and Customer Success

Best mobile enterprise service

Thank you Mike Brannon (mebrannon@nationalgypsum.com

Ojas Rege (ojas@mobileiron.com, twitter @orege)