WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security

WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
MobileIron Confidential New Legal Requirements for Mobile Security Ojas Rege Chief Strategy Officer Carl Spataro Chief Privacy Officer August 9, 2016
MobileIron ConfidentialMobileIron Confidential
MobileIron ConfidentialMobileIron Confidential In the past four years, the Attorney General has received reports on 657 data breaches, affecting a total of over 49 million records of Californians. In 2012, there were 131 breaches, involving 2.6 million records of Californians;; in 2015, 178 breaches put over 24 million records at risk. This means that nearly three in five Californians were victims of a data breach in 2015 alone. “2016 California Data Breach Report, February 2016
MobileIron ConfidentialMobileIron Confidential EMM is the recommended approach for implementing the foundational Critical Security Controls for mobile devices as required by California law https://oag.ca.gov/breachreport2016
MobileIron ConfidentialMobileIron Confidential Importance of planning: Citibank breach (2011) IT Compliance Privacy
MobileIron ConfidentialMobileIron Confidential https://www.cisecurity.org/critical-controls.cfm 20 Critical Security Controls from Center for Internet Security (CIS) California’s information security statute (California Civil Code Sec. 1798.81.5) requires that businesses – headquartered anywhere in the world – that own, license or maintain personal information about California residents use “reasonable security procedures and practices appropriate to the nature of the information, to protect personal information from unauthorized access, destruction, use, modification or disclosure.” Data Breach Report defines “minimum level of information security”
MobileIron ConfidentialMobileIron Confidential If you are using ActiveSync for mobile security …. … you will not be able to meet these requirements.
MobileIron ConfidentialMobileIron Confidential Recommended role for MDMApplicability to mobile “One must have knowledge of all devices used to access data and resources in the organization. Mobile devices aren’t perpetually attached to the network like other IT systems, so new methods need to be used to maintain the inventory.” Inventory of authorized and unauthorized devices1 Critical Security Controls “… Mobile Device Management (MDM) can support this by installing agents on the mobile devices to push down configuration and security profiles, monitor devices for configuration changes and provide access controls based on policy.” Device inventory, config, policy, compliance MobileIron Sentry and Access
MobileIron ConfidentialMobileIron Confidential Recommended role for MDMApplicability to mobile “There are millions of mobile apps across dozens of different platforms. Mobile apps can bring risks and threats to data and credentials. Being able to know what is installed, control access to malicious apps and insecure versions of apps is important to protect the organization.” Inventory of authorized and unauthorized software2 Critical Security Controls “MDM tools can inventory apps, and set policies and whitelisting to promote use of secure versions of apps.” App inventory, config, policy, whitelisting AppConnect for containerization
MobileIron ConfidentialMobileIron Confidential Recommended role for MDMApplicability to mobile “Like with PCs, secure configurations and monitoring of these configurations are critical to maintain trust with these devices.” Secure configurations for hardware and software on mobile devices, laptops, workstations and servers 3 Critical Security Controls “MDMs can restrict access to cameras, white-list Wi-Fi networks, apply password policy enforcement, and inventory what apps are installed … and provide the necessary monitoring to be alerted when devices are out of compliance;; for instance, if someone installs an unauthorized application, turns off encryption, or jailbreaks or roots their device.” Lockdown and security policy Compliance notification
MobileIron ConfidentialMobileIron Confidential Recommended role for MDMApplicability to mobile “Mobile vulnerabilities are usually linked to versions of the operating system or malicious apps. Since mobile devices aren’t attached to the network, you can’t identify and manage vulnerabilities like you do on PCs, servers or other networked devices.” Continuous vulnerability assessment and remediation4 Critical Security Controls “One can’t just run vulnerability scans on a network to scrutinize mobile devices. Therefore, mobile vulnerability assessments must incorporate threat modeling, and understanding the devices, data, users and their behaviors. MDMs can play a key role in gathering the information for the “what” and “who” for mobile management.” Compliance monitoring Mobile reporting
MobileIron ConfidentialMobileIron Confidential Recommended role for MDMApplicability to mobile “Many intrusions use valid credentials obtained either through social engineering, or captured by other means. One important risk in mobile is protecting credentials stored on the device because a user’s email account could also be a system or Domain Admin account.” Controlled use of administrative privileges5 Critical Security Controls “It’s dangerous to allow users to root or jailbreak mobile devices, because it opens up risks to vulnerabilities running at that lowest level. MDM and mobile security tools can provide visibility by having agents on phones that send events and alerts to a central server.” Jailbreak / root detection Remediation actions and notifications
MobileIron ConfidentialMobileIron Confidential From discretionary security to necessary compliance
MobileIron ConfidentialMobileIron Confidential Helping compliance team achieve its goals Speaking the language Brand trust Minimum standards Not disruptive to operations Ease and speed of deployment Compliance Privacy IT
MobileIron ConfidentialMobileIron Confidential “The unifying theme is that an enterprise cannot reasonably believe that it is providing adequate security for important data unless it can demonstrate that it has implemented appropriate enterprise mobility management controls and procedures to ensure that the device, application, and user are properly authorized and authenticated before providing access the data and making sure that the data, once on the device, is protected from unauthorized use or disclosure. Carl Spataro, Chief Privacy Officer, MobileIron
MobileIron ConfidentialMobileIron Confidential June 2016: Failure to Manage Mobile Device Results in Action under HIPAA A recent $650,000 settlement agreement under Health Insurance Portability and Accountability Act of 1996 (HIPAA) makes it clear that an effective enterprise mobility management (EMM) solution is a requirement for compliance with the privacy and security rules of HIPAA
MobileIron ConfidentialMobileIron Confidential is the proactive approach to legal compliance EMM is not optional
MobileIron ConfidentialMobileIron Confidential Resources on www.mobileiron.com Blog https://www.mobileiron.com/en/ smartwork-blog/emm-and-law Resources / Blog White paper https://www.mobileiron.com/en/ whitepaper/emm-and-law Resources / White Papers This webinar (on-demand) https://www.mobileiron.com/en/resources/webinars/new -legal-requirements-mobile-security-emm-not-optional Resources / Webinars
MobileIron Confidential

Check these out next

WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security

Recommandé

Contenu connexe

Présentations pour vous(20)

Similaire à WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security(20)

Plus de MobileIron(6)

Dernier(20)

WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security