BYOD – Enterprise Mobile Data Protection

MSIT 458 – Information Security

November 23, 2013

Techmasters - Rohit Gupta | Aman Sardana | Sean Saager | Xiaofeng Zhu | Zhenyu Zhang
1
 Agenda

Introduction and Mobility Environments

BYOD Data Challenges and Strategies

Vendor Comparison and Recommendations

The Proposed Solution

2
 Introduction

The Good Old Days of Mobility…

 Fully integrated security, encryption

and policy stacks.
 Business Email, Calendar and Contacts
only on BlackBerry.
 IT command-and-control, no personal
apps allowed.
 Predictable and controlled

3
 The New Enterprise Mobility
End User Business

“Give me the apps and “We need productive

data I need on the devices I employees and maximum
want. Without restricting my returns on mobility without
personal use.” sacrificing security and
IT Organization
compliance!”

“How do we protect our assets if we can’t trust or control the

4
device? How do we manage compliance?”
 BYOD

Bring your own device

“Bring your own device (BYOD) means the policy of permitting

employees to bring personally owned mobile devices (laptops,
tablets, and smart phones) to their workplace, and use those
devices to access privileged company information and applications.

5
 DATA CHALLENGES

6
 Protecting data from internal and external threats
Data Requires protection on devices, In transmission and when
taken outside the network.

Mobile data protection is an important issue as many enterprise

continue to address regulatory requirements and consequences
from lost and stolen laptops and other mobile devices.

7
 Risking data loss

The consequences can be

extreme

One office data breach can incur

 Legal fees
 Disclosure expenses
 Consulting fees
 Remediation expenses

One retail data breach can incur

 Credit monitoring expenses

 Legal settlements
8
 Information control audits
 Risking viruses & malware

Mobile devices offer little protection with the risk from

hackers and intrusions.
 Enter workplace via consumer devices.
 Access to other devices and data.
 Potential for company-wide infections.

9
 Policy enforcement

IT is challenged by a BYOD workplace.

 Creating device-specific policies is difficult

 We’ve given up some direct control

 Solutions for these mobile platforms are immature

10
 Challenges to productivity

Adopting & enforcing a BYOD strategy.

 Younger employees collaborate in new ways

 Employees want freedom to use mobile

devices at work.

 Secure access solutions are necessary for

empowering employees to work anywhere.

11
 The Trust GAP – BYOD World

Organizations and their employees are

eager to reap the benefits of BYOD
programs, but despite their desire to
embrace the BYOD model, both groups
have lingering concerns about BYOD.

While businesses are mainly concerned

with maintaining security, employees
are worried about preserving the
convenience they need in order to work
from their mobile device, and the
privacy they expect regarding the
personal information on the device.
12
 The Trust GAP (cont’d)

13
Source: The MobileIron Trust GAP Survey
 The Trust GAP (cont’d)
The Employees are confused about what employers can and can’t
see on their mobile devices.

PERCEPTION REALITY

14
 STRATEGIES

15
 BYOD Strategy A 5-step guide
“BYOD strategies are the most radical change to the economics and
the culture of client computing in business in decades. The benefits
of BYOD include creating new mobile workforce opportunities,
increasing employee satisfaction, and reducing or avoiding costs.”
Source: David Willis, vice president at Gartner, 2013

1. Consider a Mobile Device Management tool

2. Create a BYOD Policy

3. Manage expectations, and manage applications

4. Update your IT department

5. Incorporate BYOD in your company’s HR strategy

16
 BYOD Policy

Policy = Simplicity
Focusing on policy is the first step.

 Determine which devices are allowed to access the network.

 Determine which devices you will support.

 Do we require certain software on personal devices before it can

join the network.

17
 Manage Applications

Protect corporate data with limit access using VPN

For high-level protection, limit access to devices that support

VPN connectivity and require a secure connection.

Best practices and policy enforcement are essential

 Are you subject to controls such as HIPAA or PCI DSS?

 If a device is lost, can you wipe the data?

 Do employees know what rights they give up when using

a mobile device?
18
 Developing the Solution

Many organizations want to support personally-owned mobile

devices for business use to drive employee satisfaction and
productivity (Bring Your Own Device or BYOD), while reducing mobile
expenses.

“A successful BYOD program requires a clear separation of

corporate and personal information, apps, and content ad”
19
 Solution Requirements
Security

 All devices should be enrolled into corporate network

 Provisioning of mobile devices should be secure
 Security policies should be targeted to right groups/employees
 Restriction of some/all mobile applications
 Complex/multi-character passwords required
 Updates of mobile OS required
 Encryption of all forms of corporate data
 Tracking and inventory of all devices
 Access control over corporate email system
 Sanction and disconnect modified devices or rouge device
20  Selective/full remote wipe of device
 Solutions Requirements (cont’d)
 Storage Encryption
Focuses on protecting data at rest and stored on the
user’s device.

 Network-level Traffic Encryption

It is implemented as a VPN. For personal devices allowed to
connect to an enterprise network, such VPNs take the form
of host-to-gateway architectures.

 Application-level Encryption
Application-level traffic encryption can be used instead of a
VPN when the traffic to be protected involves particular
applications.

 Multifactor Authentication
21
Involves two or more types of authentication factors.
 Vendor selection/comparison
Huawei Samsumg MobileIron Symantec
Knox
Platform Supported Android, Android only Android, iOS, Android,
iOS, iOS, Windows and
Windows Windows Blackberry devices
Remote locking Yes Yes Yes No

SIM Card change notification Yes No Yes No

Remote data wipe Yes Yes Yes Yes

GPS Positioning Yes No Yes Yes

Data backup and Restoration Yes Yes No yes

File Encryption Yes Yes Yes Yes

Virtual Private Network Yes Yes Yes Yes

22
 Chosen solution
Huawei Mobile Device Management Platform offers a good choice for
enterprises to have a efficient security management system without worrying
about mobile service deployment and helps enterprises improve the return on
investment (ROI).

Provide E2E ability to guard against the disclosure of sensitive data while data is at
1 a standstill, in motion, being used, or being stored.

Creates a secure zone where an enterprise environment and a personal

2 environment are isolated from each and helps remove the “Trust Gap”.

3 Exercise deep security management and control of devices and applications.

Provide lifecycle-based mobile device management and a complete security

4 management process covering Acquire, Deploy, Run, and Retire phases.

Provide a consistent, and secure access means for endpoints, and a unified security
5 policy management platform.
23
 Huawei supported client platforms

Device Platform Version

iPhone 3G/3Gs iOS 3.1.3 or above
iPhone 4/4s iOS 4.0 or above
iPad iOS 3.2.2 or above
Android (such as Huawei & Android 2.2 or above
Samsung)
Windows XP, Vista, Windows 7
24
Windows Phone Windows Phone 8
Huawei Data Privacy

 Data transmission

Data encryption to guarantee data confidentiality and

security to prevent malicious data sniffing or tampering

 Data security on the server side

Remote locking, remote data wipe, and data backup and

restoration through interaction with a backend management
system.
Anti-theft functions with such as global positioning system
(GPS) and automatic alarms, ensure that data is not disclosed
even when devices are lost
Huawei
HuaweiSolution Architecture
Architecture

Smart
Carrier-Class
Mobile
Secure
Consistent
Simple Platform for Remote
Access
Mobile
Network
Releasing Client
VPN
Threat
Mobile Access
— Defense
Access AnyOffice
Control
Enterprise Applications

Huawei
SSL
Firewalls
SACG VPN
Providesis BYOD
agateway
integrates
security
dedicated
an is based
thesolution
cutting-edge
access
industry-leading on a Huawei
provides
control
mobile intrusion
high-reliability
gatewaya unified
enterprise prevention
secure
developed hardware
mobile
and
based
application onantivirus
platform
client
platform known
a Huawei technologies
(MEAP) and toas
asmoothly
dedicated
the of
carrier-class
AnyOffice
real-time
Symantec,
firewall
migrate operating
client.
and anAsplatform.
hardware
enterprise industry-leading
asystem.
simpleItmobile
applications. hasIt the
deep
client,
cooperates
has following
thepacket
the AnyOffice
with features:
inspection
the
following AnyOfficeclient
features:(DPI) provides
technology.
client and an unique
It also
interaction
admission provides
control
•professional
interfaces
serverProvidesbetween
aindustry-leading
to providecontent users,
security
unified
simple networks,
system
protection
network
integrated and
performance,
access
developmentcapability,
applications.
control andsecurity,
including
It enables
guarantee
environment and
network
(IDE). management
reliability.
antivirusand
consistent (AV)
•function,
maintenance
policyOffers intrusion
a flexible,
enforcement
Supports to be prevention
HTML5, much
secure,
in easier.
and
different
native, andsystem
controllable
(IPS),
environments,
hybrid distributed
E2E linkaswhich
such
applications, encryption
denialcanofbe
corporate mechanism
service
LANs, (DDoS),
WLANs,
developed for
inorusers.
and content
remote
one step
•filtering.
accessProtects
and security
environments.
released timeduring remote
and again VPNthe
across access.
platform, obviously reducing development
complexity and saving costs for enterprises.
Privacy – AnyOffice Client
 Cost Benefit Analysis

To measure the ROI of BYOD, the researchers recommended that

companies do a cost-benefit analysis in six areas:

 The cost of devices

 Voice and data costs
 Helpdesk costs
 Mobile developer expenses
 Mobility management software costs
28  Productivity gained
 The ROI Advantage
For employees, BYOD programs often improve productivity and
increase job satisfaction. They can also save businesses money by
allowing employees to use their personal mobile devices, but it also
spends about an equal amount on Data protection software’s and
employees’ monthly data plans.

From an overall company standpoint, the Huawei solution will

provide a good return on investment. The technology also protects
the company from data breaches and possible lost business that
could result from them.

More important is the impact on your company reputation; you

can’t put a price on that.”

Ultimately, the company implemented BYOD not to save money but

29
to give employees the flexibility to use devices of their choice.
 Thank You

30