Best Practices for Securing Mobile Content
Mike Brannon, National Gypsum
Ojas Rege, MobileIron
Best Practices Conference (May 17, 2013)

22

3

4

5
Definition…
Mobile First organizations
embrace mobility as their primary
IT platform in order to transform
their businesses and increase their
competitiveness
Content of all types is
easily and securely
available on any device
CONTENT
End users choose their
devices
Security is invisible
to end users
User experience is the
#1 design criteria
USER EXPERIENCES
New apps are
developed and delivered
to mobile devices first
Core business
processes can be
performed on any
device
APPLICATIONS
In a Mobile First Company…

66
Traditional enterprise security
6
Firewall
& VPN

77
The perimeter is gone
Copy/Paste
Open-in
Forward

88
The more the CIO says no,
the less secure the organization becomes.
Vivek Kundra, Former U.S. Federal CIO
Responsible, not restrictive
Mike Brannon, National Gypsum

99
Securing data-at-rest

1010
Open
In
Copy
SaveView
SharePoint documents
Open
In
Copy
SaveView
Email attachments
MobileIron Confidential10
Two primary document repositories
• Solve “open in” problem
• Store documents securely on device
• Control cut / copy / paste actions
• Selectively wipe documents
• Prevent unauthorized distribution
• Control end-to-end with policy
• Leverage existing content repositories

1111
Securing email attachments
11
Email App Secure Content Viewer
Email with
Attachment
REMOVE

1212
Secure Content Viewer
Securing SharePoint
12
REMOVE
Sharepoint

1313
Closed-loop actions when compromised
13
Remediation
Notify
Block
Quarantine
Closed-loop actions
• Notify user and admin
• Prevent access
• Remove saved files
• Remove SharePoint config
• Protect enterprise persona
MobileIron Confidential

National Gypsum Company is a fully integrated building products manufacturer
Headquartered in Charlotte, NC with
mines and quarries, and
manufacturing plants across North
America

1515
National Gypsum Implementation
• Risks / Threats Addressed:
– Loss of Company Data / Lost Devices / Departing Employees
– All Devices and Users Registered / Security Policies Enforced
– Ease of Use for Employees AND Improved Security & Efficiency
• What We Deployed (And Timeline)
– MobileIron device (VSP) and support (Sentry) – All Smartphones
– Blackberry (now gone), Apple iOS and Android Devices
– Push Secure WiFi Config to Minimize Data Use On Premise
– Rush To Adopt iPads – From 0 to 100’s of Devices!
– More than email access! Apps for SharePoint and Data!
– Manage “Allowed” and “Disallowed” Settings / Apps (DropBox)
– Leverage Internal PKI and Push Webclips – Deliver Data

1616
• Where Are We Now?
– BES Retired – 70% iOS, 25% Android, 5% Windows Devices
– iPad is currently only supported Tablet – Testing others (Surface?)
– Plans to allow Windows 8 and MAC OS/X BYOD
– Colligo Briefcase for SharePoint Document Access
– Two Apps Deployed on iOS with “One Tap For Data”
National Gypsum Implementation

1717
National Gypsum Implementation

1818
Best practices for mobile content DLP
18
Closed-loop compliance
Continuous
management
OS integrity
OS versioning
Passcode / encryption
Auto-wipe
Identity
Secure tunnel
Attachment protection
Secure content hub
Role of cloud
Credible ecosystem
MobileIron Confidential

1919
Security considerations 2013+ …
“No” not a sustainable option -> provide credible alternatives
Massive content ecosystem -> crowd-source but don’t lock-in
Uncertain economics -> establish “help-yourself-desk”
Dynamic risk at endpoint -> automate your mobile trust model
Content always one-click from cloud -> co-habitate responsibly
Blurring between content and app -> explore new forms

2020
Content doesn’t exist in isolation
Enterprise
Mobile Persona
Native experience
Data separation
Shared policy Selective wipe
Secure communications
Email
Apps Certs
Policy
Content
Federated identity

2121
Journey to the Mobile First Enterprise
Device Security
BYOD (user choice)
Email access (secure ActiveSync)
Multi-OS security (BlackBerry replacement)
App & Content
Enablement
1st gen of mobile apps
Mobile docs (SharePoint)
Cloud protections
Business
Transformation
New user & business experiences

222222
First
Enterprise app store
BYOD privacy
Selective wipe
Jailbreak detection
Email attachment DLP
97% Customer support
satisfaction
4500+ Customers globally
(3000 in last 15 months)
8 of top 10 global automotive
7 of top 10 global pharma
5 of top 10 global banks
Strongest mobile ecosystem
Recognized
Gartner: Leaders Quadrant
IDC: #1 growth and share
Deployed
Security and management for mobile
enterprise apps, documents, and devices
Innovation and
Customer Success
Best mobile enterprise service

Thank you
Mike Brannon (mebrannon@nationalgypsum.com
Ojas Rege (ojas@mobileiron.com, twitter @orege)