Mobil säkerhet & hantering Magnus We5ainen Endpoint Management and Mobility 1
För inte så länge sedan... 2
Just nu hos en användare nära dig... e- post Känsligt data personlig data pengar 3
Revolu@on eller evolu@on? Fler Smarta telefoner än dumma telefoner köps i år, 2011 Fler Smarta telefoner än datorer köptes 2010 70 miljoner plaeor beräknas säljas 2012 OmsäEning bland marknadsledarna 4
Val av plaeorm och säkerhet går hand i hand ios 4 Android 2.3 Android 2.1 Phone 7 5
Symantec SMB undersökning (Maj 2011) 63% av företagen låter anställda välja mobil själva varav 75% inte tror det påverkar säkerheten 91% svarar ae företaget inte har några restriknoner för hur telefonen används privat Bara hälpen har fåe säkerhetsinstruknoner, oklart vilken typ 73% bär med sig hemlig informanon, 40% finansiell informanon hep://www.zoomerang.com/shared/sharedresultssurveyresultspage.aspx?id=l26b6qz2qqqz 6
iphone eller Android? Overall, Symantec considers ios s security model to be well designed and thus far it has proven largely resistant to aeack http://bit.ly/izceu4 Androids permission system, while extremely powerful, ulnmately relies upon the user to make important security decisions 7
Företagets riskanalys Förlust av data, boreappad eller stulen telefon Oavsiktligt läckage av data, felakng inställning av appar Elak kod, medvetna aeacker för ae stjäla data Falska WLAN hot- spots Spionprogram som utnyejar mikrofon, kamera, GPS m.m Diallerware, högkostnadssamtal och SMS Botnets, telefonen används för SMS Spam och DDoS aeacker Skrotade telefoner innehåller känslig data 8
Personlig riskanalys? 9
Din VD skickade just e5 SMS @ll alla sina kontakter! 10
Mobilitet Möjlig källa @ll dataförlust 47% av företagets data finns på mobila enheter 43% av de anställda har förlorat en enhet med företagsinformanon 32% rapporterade inte in förlusten inom rimlig @d e[er det inträffade Källa: Ponemon Ins*tute 11
Smarta mobiler skapar nya utmaningar Explosion av nya typer av enheter Ökad risk för dataförluster Nya applika@oner Integra@on Hur aknverar jag nya enheter? Hur skyddar jag företagets informanon och säkerställer policies? Hur hanterar jag applikanoner Hur får jag deea ae fungera med övriga lösningar? Messaging Security Ops 1B+ SmartPhones / Tablets by 2014 Business Apps IT Ops Info Security 12
Symantec s Enterprise Mobilitetslösningar Enterprise Policy Secure Access Information Protection Security & Compliance ApplicaNon Mgt ConfiguraNon Mgt User AuthenNcaNon (OTP) Device AuthenNcaNon (PKI) Embedded Auth for Apps Enterprise Integration Messaging Security Email DLP& EncrypNon Threat ProtecNon Endpoint Management Help Desk Business Processes 13
Informa@on and Iden@ty Protec@on The core ques@ons Who owns the data? How is data transferred between authorized users? How is that data protected when it is at rest. How can we ensure that authorized people have access to data? What IS the data and how can we keep it safe? 14
Data Loss PrevenNon EncrypNon User AuthenNcaNon 15
Near- term Security DLP for Apple ios Devices Security & Data Protec@on Using Na@ve Device Features Enforce Security, Usage Controls & DLP on mobile interac@ons Pin/Passcode Configure Built- in Encryp@on Web proxy VPN Remote wipe Selec@ve wipe Monitor applica@ons installed Mobile security Encrypted backups Internal Wi- Fi External VPN and/or Proxy From 3G & WiFi/Internet Local Tethering Symantec Web Gateway & Network DLP Symantec Endpoint Protec@on Endpoint DLP http://www.symantec.com/business/solutions/solutiondetail.jsp?solid=sol_info_risk_comp&solfid=sol_data_loss_prevention 16
Symantec PGP Viewer for ios Provides access to encrypted mail and aeachments on mobile devices Extends the Symantec encrypnon plaporm coverage Apple ios RIM BlackBerry Windows Mobile Addresses enterprise deployment concerns Complements Symantec Mobile Security & Management solunons hep://www.symantec.com/business/theme.jsp?themeid=pgp 17
Solu@on At- A- Glance VIP Authen@ca@on Service Cloud- based one- Nme- password validanon service Wide OTP credennal support 700+ mobile phones Enterprise integranon Popular enterprise applicanons, such as VPNs, SSO solunons Custom app integranon via API hep://www.symantec.com/business/verisign/vip- authenncanon- service/?inid=us_bizbanner_hero1_vip 18
Symantec Mobile Management 7.1 MDM + Enterprise Integra@on Enterprise Policy Secure Access Information Protection Security & Compliance ApplicaNon Mgt ConfiguraNon Mgt User AuthenNcaNon (OTP) Device AuthenNcaNon (PKI) Embedded Auth for Apps Enterprise Integration Messaging Security Email DLP& EncrypNon Threat ProtecNon Endpoint Management Help Desk Business Processes 19
Norton Mobile Security for Android Anti-Malware Auto-Scan of New Apps & Updates On-demand or Scheduled Scans LiveUpdate with Roaming Detection Norton Community Watch Anti-Theft SMS-based Remote Lock & Wipe with Confirmation SMS Remote Passcode Setup & Tutorial SIM Card Removal Lock Call & SMS Blocking Screen Out Unwanted Calls and Texts Add to Blacklist from Call or SMS Log Android OS 2.0 or later http://us.norton.com/mobile-security/ 20 Presentation Identifier Goes Here 20
Symantec Mobile Management Robust policy and compliance control Enable AcNvate enterprise access, apps and data easily and automancally Secure Protect enterprise data and infrastructure from aeack and thep Manage Control inventory and configuranon with massive scalability 21
Enable Key Features Enterprise Ac@va@on On device- agent for self- service Public or In- house agents Enterprise AppStore Distribute internal apps Recommend public apps, must- have apps Mobile Library Distribute acnve content Language & group based updates Configura@on Management Automate Email, VPN, Wi- Fi setngs 22
Agent Types Func@onality/Benefits Public Agent (App Store) Downloaded from public app store Symantec branded Limited agent check- in No app distribunon tab in UI Benefits Easier/faster to deploy no agent build required Easy for end user to locate in app store Verify server configuranon & connecnvity quickly In- house Agent (Enterprise app) Use Apple dev tools to sign a new in- house app using pre- compiled framework Enterprise brand- able (opnonal) Configurable agent check- in Nme App distribunon tab in UI Benefits Much more current device inventory data (e.g. jailbreak, locanon, network, app data) BeEer end user adopnon Can be deployed from internal servers 23
Secure Key Features Security seqngs and controls Passwords, RestricNons Complete and SelecNve Wipe Selec@ve Secure Wipe Wipe only the corporate configured data Personal and Corporate data separanon Compliance Enforcement Jailbreak, EncrypNon, Policy Allow only healthy devices Cer@ficate Management IntegraNon with CerNficate AuthoriNes Strong AuthenNcaNon for VPN and Wi- Fi 24
Manage Key Features Asset Repor@ng & Alerts AcNonable reports on devices, apps, users Alerts/NoNficaNons on all data collected Mail server agnos@c (with agents) Exchange 2003/2007/2010, Lotus, Gmail Provides MDM funcnonality Unified Endpoint Management ios + Android + Windows + Mac + Linux Single console for all compunng devices Scalable Architecture Built on the proven AlNris plaporm MulN- tenancy, Workflow integranon 25
Enterprise Integra@on Single console and infrastructure for desktop, mobile and server management Role based Administration Reports Endpoint Admin Help Desk Enterprise Scalability Business Process Automation Flexibility x 20k+ 26
DEMO Symantec Mobile Management Solu@on 7.1 27
Enterprise Device Enrollment No touch for IT- department User self service enrollment: E- mail profiles VPN setngs WIFI Setngs CerNficates 28
Enterprise Mobile Library 29
Mobile Library Expands Mobility Beyond Apps Documents Media 30
Thank you! magnus_weeainen@symantec.com Copyright 2010 Symantec Corpora@on. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec CorporaNon or its affiliates in the U.S. and other countries. Other names may be trademarks of their respecnve owners. This document is provided for informanonal purposes only and is not intended as advernsing. All warrannes relanng to the informanon in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The informanon in this document is subject to change without nonce. 31