Upload
mike-brannon
View
622
Download
0
Embed Size (px)
DESCRIPTION
How can we securely provide access to email and SharePoint content? Can BYOD and Mobility be secure and easily managed?
Citation preview
Best Practices for Securing Mobile ContentMike Brannon, National GypsumOjas Rege, MobileIron
Best Practices Conference (May 17, 2013)
22
3
4
5
Definition…Mobile First organizations
embrace mobility as their primary IT platform in order to transform
their businesses and increase their competitiveness
Content of all types is easily and securely
available on any device
CONTENT
End users choose their devices
Security is invisible to end users
User experience is the #1 design criteria
USER EXPERIENCES
New apps are developed and delivered
to mobile devices first
Core business processes can be performed on any
device
APPLICATIONS
In a Mobile First Company…
66
Traditional enterprise security
6
Firewall& VPN
77
The perimeter is gone
Copy/Paste
Open-in
Forward
88
The more the CIO says no, the less secure the organization becomes.
Vivek Kundra, Former U.S. Federal CIO
Responsible, not restrictive
Mike Brannon, National Gypsum
99
Securing data-at-rest
1010
Open In
Copy
SaveView
SharePoint documents
Open In
Copy
SaveView
Email attachments
MobileIron Confidential10
Two primary document repositories
• Solve “open in” problem • Store documents securely on device• Control cut / copy / paste actions• Selectively wipe documents• Prevent unauthorized distribution
• Control end-to-end with policy• Leverage existing content repositories
1111
Securing email attachments
11
Email App Secure Content Viewer
Email with Attachment
REMOVE
1212
Secure Content Viewer
Securing SharePoint
12
REMOVE
Sharepoint
1313
Closed-loop actions when compromised
13
Remediation
Notify
BlockQuarantine
Closed-loop actions
• Notify user and admin• Prevent access• Remove saved files• Remove SharePoint config• Protect enterprise persona
MobileIron Confidential
National Gypsum Company is a fully integrated building products manufacturer
Headquartered in Charlotte, NC with mines and quarries, and manufacturing plants across North America
1515
National Gypsum Implementation
• Risks / Threats Addressed:– Loss of Company Data / Lost Devices / Departing Employees– All Devices and Users Registered / Security Policies Enforced– Ease of Use for Employees AND Improved Security & Efficiency
• What We Deployed (And Timeline)– MobileIron device (VSP) and support (Sentry) – All Smartphones– Blackberry (now gone), Apple iOS and Android Devices– Push Secure WiFi Config to Minimize Data Use On Premise– Rush To Adopt iPads – From 0 to 100’s of Devices!– More than email access! Apps for SharePoint and Data!– Manage “Allowed” and “Disallowed” Settings / Apps (DropBox)– Leverage Internal PKI and Push Webclips – Deliver Data
1616
• Where Are We Now?– BES Retired – 70% iOS, 25% Android, 5% Windows Devices– iPad is currently only supported Tablet – Testing others (Surface?)– Plans to allow Windows 8 and MAC OS/X BYOD – Colligo Briefcase for SharePoint Document Access– Two Apps Deployed on iOS with “One Tap For Data”
National Gypsum Implementation
1717
National Gypsum Implementation
1818
Best practices for mobile content DLP
18
Closed-loop compliance
Continuous management
OS integrity
OS versioning
Passcode / encryption
Auto-wipe
Identity
Secure tunnel
Attachment protection
Secure content hub
Role of cloud
Credible ecosystem
MobileIron Confidential
1919
Security considerations 2013+ …
“No” not a sustainable option -> provide credible alternatives
Massive content ecosystem -> crowd-source but don’t lock-in
Uncertain economics -> establish “help-yourself-desk”
Dynamic risk at endpoint -> automate your mobile trust model
Content always one-click from cloud -> co-habitate responsibly
Blurring between content and app -> explore new forms
2020
Content doesn’t exist in isolation
Enterprise Mobile Persona
Native experience
Data separation
Shared policy Selective wipe
Secure communications
Apps Certs
Policy
Content
Federated identity
2121
Journey to the Mobile First Enterprise
Device SecurityBYOD (user choice)Email access (secure ActiveSync)Multi-OS security (BlackBerry replacement)
App & Content Enablement
1st gen of mobile appsMobile docs (SharePoint)Cloud protections
Business Transformation
New user & business experiences
222222
First
Enterprise app storeBYOD privacySelective wipeJailbreak detectionEmail attachment DLP
97% Customer support satisfaction
4500+ Customers globally (3000 in last 15 months)
8 of top 10 global automotive
7 of top 10 global pharma
5 of top 10 global banks
Strongest mobile ecosystem
RecognizedGartner: Leaders QuadrantIDC: #1 growth and share
Deployed
Security and management for mobile enterprise apps, documents, and devices
Innovation and Customer Success
Best mobile enterprise service
Thank you Mike Brannon ([email protected]
Ojas Rege ([email protected], twitter @orege)