Transcription
Solving the Business ProblemofProtecting Sensitive DataResiding on Mobile DevicesMike Raab,Partner Directormraab@credant.comApril 29, 2006
Background: Who is CredantFounded — September 17, 2001To enable enterprises to control and protect all mobile data with security that“follows the data” across all endpointsFinancial and Strategic InvestorsAustin Ventures, Menlo Ventures & Crescendo VenturesCisco Systems & IntelProduct — CREDANT Mobile Guardian (CMG)First mobile data security solution that aligns security with the type of user, device,and locationThe only centrally managed solution that addresses the complete mobile datasecurity life cycle across the broadest number of platformsAccomplishments 200 customers on 4 continents and 1.8ML licenses sold21 Fortune 100 customersVisionary Leader2
Why are Companies Going Mobile?Increases the Speed of Business ExecutionInsurance Services:7.4 additional claims per week –field claims repsAnnual savings of 6.35% per adjuster – improved payout ratiosHealthcare and Pharmaceutical8.3 additional physician visits per week – field sales repsFinancial Services11.4% more trade options – financial services agents3.1% nominal average portfolio performance improvementSource: Omni Consulting Group Economic Appraisal sponsored by Cisco Systems Feb 20053
Learning From the Past Embracing the future .And its challengesData Center 1975LAN 1985Internet 1995DisconnectedPervasive 20054
Corporate Mobility Issues:Key IT ChallengesDo you know how many smartphones, handhelds, PDAs, and Laptops arebeing used in your organization?Can you control who is synchronizing data and where that data is stored?Can you enforce corporate security policies on remote devices/users(whether they like it or not)?Can you enforce encryption of sensitive data on mobile and removablestorage devices?Can sensitive data on the devices be destroyed when lost or stolen?Do your users have easy access to recover their password without calling ahelp desk?5
Market Inhibitor:Mobile Data Loss of ControlLack of data protection control leads to liability and brand damage2005:152 Data Breaches affecting 57.7 million individuals2006: 41 Data Breaches affecting 3.2 million individualsCompanies must prominently display potential data thefts on their websitesDisclosures negatively impact the bottom line, investors, and customersCost of Notification: 10- 15/customer plus fines (Wholesale Club 13M)Shareholder Confidence: An average 5% market cap decline Source: University of Maryland Study, June 2005Customer Confidence: Typical 'churn after a breach 10%-12% (vs 1%-2% normal churn)Data breaches can occur at any point within the life cycle of mobile data(www.attrition.org/errata/dataloss)Employees lose dataGMAC (200K customers); UC Berkeley (100K customers); San Jose Medical Group (110Kcustomers)And increasingly .Affiliates lose dataCA Dept of Health Services (21K Medi-Care customers); Omega World Travel (80K DOJemployees); Hewitt Associates (6K Kodak employees); Fidelity (80K HP Employees)6
It’s About the Protecting Data where ever it residesEmployeeUserAffiliateAnyoneYou have to considerwho the user isDeviceWhat type ofcomputing deviceLocationWhere they areaccessing the lSS#HRInventory7
Solving the Business ProblemAligning Security with Mobile User, Device & LocationProvideCentralized Security Managementcentrally managed mobiledata security solution that“follows the data”Detection, Audit & Control,Access Control, AuthenticationEncryption, Key Management, Data RecoveryUsage ControlsDelivera security platform thatenables business processesto easily and safely “gomobile” across all users,devices and locationsLocal Policy EnforcementCREDANT Mobile GuardianExtendWM5security enforcement andcompliance controls tomobile endpointsMS VistaCustomerXP/W2KPPCPalm Symbian lectualProperty8
Breaking Down The Business ProblemAddressing the Mobile Data Security Life CycleDETECTSUPPORTPROTECTMANAGE9
Breaking Down The Business ProblemAddressing the Mobile Data Security Life CycleDETECT: Continuously monitor end-points for un-protecteddevices and unauthorized users.PROTECT: Eliminate risk of data breach if mobile device is lost,stolen or attacked; meet regulatory and audit requirements.MANAGE: Reduce burden on IT staff and leverage existinginvestment in enterprise by providing centralized managementSUPPORT: Maintain positive user experience if they've,forgotten passwords, have issues accessing their data, etc.10
DETECT:What's connecting Problem: Need to determine risk and establish controlsHow to Solve:Detect, audit, and control: Automatic detection and identification of connected devicesPersonal Handheld computers, PDAs3rd party application blockingAutomate software provisioning & local enforcement11
CREDANT Mobile GuardianDETECT – Example User ScenarioDetect, audit, and control 3rd party applications suchas mail synch, iTunesDetect, audit, and control personal handheldcomputers brought in and synchronized withworkstations or notebooksCMG Gatekeeper detects and takes action:Report only, block, provision software and securitypoliciesUser is forced to authenticate and security policy isretrievedCMG Shield and security policies automaticallytransmitted to device12
PROTECT:How is it controlled Problem: Limit risk of data breach if mobile device is lost,stolen or attacked and meet regulatory and audit requirementsHow to SolveAccess Control, Authentication, Encryption, Controls, Key Management& Recovery Data synchronization across all endpointsEnforced PIN/Password controls access to dataEnable authorized access with Two-factor authenticationProtect sensitive data with event-driven and OTA data wipeIntelligent Encryption – multiple level for defense in depth1st Level – Volume: protect all business data2nd Level – File type; protect existing and application-independent data3rd Level – Application Data: protect against user error or malicious user4th Level – Use: protect against unauthorized access during repair or schedulemaintenance and on shared computersEnsure data on USB Thumb drives is secured and contained within thecompany with roaming credentialsAutomated key escrow ensures encrypted data is always recoverable13
PROTECT– Intelligence-based Encryption at Maximize DataProtection14
PROTECT– Intelligence-based Encryption at workHow it works:Encrypt data anywhere on the diskSimple configuration with Intelligent Encryption: Automatically encrypt user data anywhere on the disk(s) Provide appropriate access to shared and application data stored instandard locations Automatically encrypt everything on the hard disk except Windows OSand program files Optionally encrypt by file type, folder or application Automatically apply encryption policies to external media– USB Drive, iPod, floppy disk15
PROTECT- Port and Application ControlsControlCamerasAnd more16
MANAGE:Centralized Security Policy ManagementProblem: Reduce burden on IT staff and leverage existinginvestment in enterprise directory; ensure data is secured “atrest” as it moves from platform to platformHow to SolveFully integrated, centralized management and policy-basedadministrationCross platform policy enforcementSeamless enterprise directory integration with Active DirectoryComprehensive audit and reporting17
MANAGE– One Web ConsoleWeb-based administration for all mobiledevicesWindows notebooks, tablets, desktopsUSB devices, iPods & moreWindows Mobile PDAs and smartphonesWindows SmartphonePalm PDAs and smartphonesRIM BlackberrySymbianGroup-based policy administration reducesmanagement complexityIntegrates with Microsoft AD and other LDAPdirectories to maximize investment inexisting infrastructureSeparation of administrative duties18
MANAGE– Centralized Audit and Reporting19
SUPPORT:Security AND UsabilityProblem: Mobile users increase help desk calls to activatehandheld computers, forgotten passwords, issues accessingtheir data, etc.How to SolveFlexible deployment and support options Over-the-air deployment, activation and updates IT imaged security “In-the-field” data recoveryInteroperable with 3rd party device management and synchronizationproviders to deploy Shield (SMS, Altiris, Intellisync, Good, RIM, etc.)Self-service password management20
SUPPORT– Scenario Self-service Password ResetUser has multiple ways tosecurely login to device:PIN (except Windows)PasswordQuestion/AnswerIf all attempts fail, user can calldesignated helpdesk torecover deviceFailed recovery attempts canwipe device or just lock it out21
CREDANT Mobile GuardianArchitecture Example – How It WorksBroadbandCMG RemoteGatekeeperOver the AirMSSQLCMGEnterpriseServerWeb BasedCMG ShieldInstallationOver the AirLaptop orTablet PC withCMG ShieldandGatekeeperSync Cradle(USB, Serial,etc)WindowsMobile 5withCMG ShieldActiveDirectoryCMG WebBasedAdministrationConsole822
Choosing the right security solution– Key Considerations for SuccessSecurity is a new habit for most usersIt has to become mandatory . but it also has to be transparent, easy-to-useFull SecurityEmerging implementation 'Best Practice'Roll-out solution quickly with zero securityGradually turn on various security featuresEliminates 'Day 1' support and user frustrationNo Security0Days Æ900Days Æ90Help Desk & Support considerationsHow are keys centrally managed on Day 1How are faults (ie disk errors) handled?How are OS and application patches handled?Are special (non-standard) tools needed?How secure is data during fault diagnosis?Full SecurityNo Security23
Customer Case StudiesUS Federal GovernmentIMF, FDIC, DoD, VA, US Navy, DHS/TSA, US ArmyHealthcareHIPPA compliance; protect confidential patient information on Laptops & HandheldsHP OEMCMG Personal Edition re-branded as HP ProtectTools on iPAQsFortune 25 Consumer GoodsSecurely enable new direct store delivery business process resulting in enhanced productivityof 16,000 route driversFortune 25 Global Network Services ProviderProtect data and enforce corporate security policy for mobile knowledge workers usinghandheld devices- 35,000 licenses deployedTop 5 Financial Services Mortgage LenderProtect privacy of client information on 70,000 mortgage consultant laptopsTool for SOX, GLB and California SB1386 regulatory complianceTop 5 InsuranceEnforce company standards, enable agent productivity and protect policyholder information onagent-owned mobile devices- 75,000 deployed24
Summary– Solving the Business ProblemCredant BenefitsOne solution to control andprotect all mobile data withsecurity that “follows the data”across all endpointsExtends compliance controls tomobile endpointsEnables business processesquickly to safely “go mobile”Business BenefitsCloses security gaps created bymobilityPreserves customer brand andreduces the cost of complianceIncreases the speed of businessexecution with secure mobility25
CREDANT ResourcesResource Center: Visit our website to download:http://www.credant.comWhitepapersData SheetsCustomers Case StudiesPresentationsAnalyst ReportsEmail: Europe, Middle East & Africa: emeasales@credant.comContacts: Paul HuntingtonEMEA Sales DirectorEmail: phuntington@credant.comPhone: 44 7900 907325 Mike RaabDirector of ChannelsEmail: mraab@credant.comPhone: 1 512.331.836826
Background: Who is Credant Founded — September 17, 2001 To enable enterprises to control and protect all mobile data with security that "follows the data" across all endpoints Financial and Strategic Investors Austin Ventures, Menlo Ventures & Crescendo Ventures Cisco Systems & Intel Product — CREDANT Mobile Guardian (CMG)
