20
© 2012 S-Generation Co., Ltd. © 2012 S-Generation Co., Ltd. “การรักษาข้อมูลขององค์กรที ่อยู ่ในอุปกรณ์พกพาส่วนตัวของพนักงานby Chaiyakorn Apiwathanokul CISSP, CSSLP, GCFA, (ISC)2:ISLA, (IRCA:ISMS) CEO S-Generation, TISA Committee 31 January 2012 “Unleashing The Power of Mobility Securely”

Unleashing The Power of Mobility Securely

Embed Size (px)

DESCRIPTION

Presentation ของ Chaiyakorn Apiwathanokul งานแถลงข่าว CDIC 2012 วันที่ 31 มกราคม 2555

Citation preview

Page 1: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd. © 2012 S-Generation Co., Ltd.

“การรกษาขอมลขององคกรทอยในอปกรณพกพาสวนตวของพนกงาน” by

Chaiyakorn Apiwathanokul CISSP, CSSLP, GCFA, (ISC)2:ISLA, (IRCA:ISMS)

CEO S-Generation, TISA Committee

31 January 2012

“Unleashing The Power of Mobility Securely”

Page 2: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

Where is your business data?

Personal Devices

Corporate Data/App

Where to draw the line?

76% of smartphone and tablet users access business information on their mobile devices. Source: globalthreatcenter.com

Page 3: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

Mobile Phenomenon

Source: IDC, Gartner, Morgan Stanley Research

Page 4: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

Mobile Phenomenon

Things that you can’t avoid and MUST have strategy to deal with.

• Consumerization [Mobile + Cloud] – Means consumer first then enterprise

– Previously, IT start from IT department and push users to utilize it

– Now, it starts from the users and demand IT department to support it

• BYOD: Bring Your Own Device – Multiple platforms

– Manageability

Page 5: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

Facts about Consumerization

Source: Cesare Garlati @ Trend Micro

600 surveys US, DE, JP June 2011

Does your company allow employees to use their personal devices for work-related activities?

Page 6: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

Facts about Consumerization

Source: Cesare Garlati @ Trend Micro

600 surveys US, DE, JP June 2011

Page 7: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

Personal Devices Used for Work

Page 8: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

Page 9: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

Facts about Consumerization

Source: Cesare Garlati @ Trend Micro

600 surveys US, DE, JP June 2011

Page 10: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

Take The Balance

SECURITY Business

Enablement

Security Risk IT Risk Business Risk

Page 11: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

ตวอยางขอมลส าคญ (สวนตว)

• หมายเลขบตรประจ าตวประชาชน • วน เดอน ป เกด • ทอย/เบอรโทรศพท • สมดโทรศพท • หมายเลขบตรเครดต • วงเงนบตรเครดต • เลขทบญชธนาคาร • ภาพถาย วดโอคลป • ขอมลสขภาพ/ประวตการรกษาพยาบาล • ขอมลการแพยา • Password • Email account • eBanking account • Stock trading account

Page 12: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

ตวอยางขอมลส าคญ (องคกร)

• ขอมลการเงน

• ราคา/ตนทน

• ยอดขายสนคา

• Proposal/Quotation/Order/Invoice

• ฐานขอมลลกคา

• แผนกลยทธ

• แผนการตลาด

• ขอมลโครงการ

• ขอมลเงนเดอน

• ขอมลประวตบคคล

• ทรพยสนทางปญญา

• ความลบทางการคา (Trade secret)

• Corporate user account

Page 13: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

ผลกระทบ

ตนเอง • อบอาย

• เสยชอเสยง

• เสยความเปนสวนตว

• ถกเอาเปรยบ

• ถกกลนแกลง

องคกร • เสยภาพพจนชอเสยง

• เสยประโยชน

• เสยความไดเปรยบทางการคา

• เสยลกคา

• เสยรายได

• ถกปรบ

• เสยความนาเชอถอ

Page 14: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

Risk = Threat x Vulnerability

Threats

• Business competitor

• Intellectual property

• Cyberwarfare

• Intelligence

• Black market

• Politics

• Criminal

• Insider

• BOTNET

• APT

Vulnerabilities

• ORG – No policy

– No standard/guideline

– No control

• Technology – OS

– App • Insecurely developed

• Intentionally malicious

– Retrievable SIM

– Unencrypted data

• Human – Lack of awareness

Page 15: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

Mobile OS Vulnerabilities

Page 16: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

Mobile Spyware Features

• Call Log

• Each incoming and outgoing number is logged along with duration and time stamp. SMS (Text Messages) Log

• Every text message is logged even if the phone's logs are deleted. Includes full text. GPS Locations Log

• GPS postions are uploaded every thirty minutes with a link to a map. Contacts

• Every contact on the phone is logged. New contacts added are also recorded. Tasks

• All personal tasks that are created are logged and viewable. Memos

• Every memo input into the phone is logged and viewable.

• Cell ID Locations

• ID information on all cell towers that the device enters into range of is recorded. E-Mail Log

• All inbound & outbound email activity from the primary email account is recorded. Calendar Events

• Every calendar event is logged. Date, time, and locations are recorded. URL (Website) Log

• All URL website addresses visited using the phone's browser are logged. Photo & Video Log

• All photos & videos taken by the phone are recorded & are viewable.

http://www.mobile-spy.com/images/ms5-calls.gif
http://www.mobile-spy.com/images/ms5-sms.gif
http://www.mobile-spy.com/images/ms5-sms.gif
http://www.mobile-spy.com/images/ms5-gps.gif
http://www.mobile-spy.com/images/ms5-gps.gif
http://www.mobile-spy.com/images/ms5-contact.gif
http://www.mobile-spy.com/images/ms5-task.gif
http://www.mobile-spy.com/images/ms5-memo.gif
http://www.mobile-spy.com/images/ms5-cellid.gif
http://www.mobile-spy.com/images/ms5-email.gif
http://www.mobile-spy.com/images/ms5-email.gif
http://www.mobile-spy.com/images/ms5-email.gif
http://www.mobile-spy.com/images/ms5-calendar.gif
http://www.mobile-spy.com/images/ms5-url.gif
http://www.mobile-spy.com/images/ms5-photo.gif
Page 17: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

What researcher said?

In 2012 there will be a rise in targeted attacks, where the mobile device is used as a conduit to steal corporate intellectual property.

Source: BIT9 REPORT THE MOST VULNERABLE SMARTPHONES OF 2011

Page 18: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

Page 19: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd.

You Need …

• Vision

• Knowledge

• Policy

• Strategy

• Technology

It’s not just how to secure it. It’s how to unleash the power of

mobility securely.

Page 20: Unleashing The Power of Mobility Securely

© 2012 S-Generation Co., Ltd. © 2012 S-Generation Co., Ltd.


Scoial Mobility

Scoial Mobility

Documents
Mobility italy

Mobility italy

Documents
Mobility - Canada

Mobility - Canada

Documents
LTE Mobility - Mobility IPP

LTE Mobility - Mobility IPP

Technology
OmniShare: Securely Accessing Encrypted Cloud Storage from … · 2016-12-30 · 1 OmniShare: Securely Accessing Encrypted Cloud Storage from Multiple Authorized Devices Andrew Paverd

OmniShare: Securely Accessing Encrypted Cloud Storage from … · 2016-12-30 · 1 OmniShare: Securely Accessing Encrypted Cloud Storage from Multiple Authorized Devices Andrew Paverd

Documents
Unleashing Growth and Innovation to Move Beyond the Welfare State

Unleashing Growth and Innovation to Move Beyond the Welfare State

Documents
Mobility index

Mobility index

Mobile
Unleashing Kids' Passion for Compassion

Unleashing Kids' Passion for Compassion

Education
Mobility Poland

Mobility Poland

Education
IP Mobility IP Mobility Reti II Stefano Leonardi

IP Mobility IP Mobility Reti II Stefano Leonardi

Documents
UNLEASHING OUR STRENGTH

UNLEASHING OUR STRENGTH

Documents
KNOX Message: Collaborate Securely, Anywhere, Anytime

KNOX Message: Collaborate Securely, Anywhere, Anytime

Business
Brochure Mobility

Brochure Mobility

Documents
MOBILITY MANAGEMENT MOBILITY MANAGEMENT 3M Italia Mobility Management Novembre 2006 XII Osservatorio sulla Mobilità Sostenibile

MOBILITY MANAGEMENT MOBILITY MANAGEMENT 3M Italia Mobility Management Novembre 2006 XII Osservatorio sulla Mobilità Sostenibile

Documents
B'TWIN MOBILITY

B'TWIN MOBILITY

Documents
MICROSOFT Unleashing IT프로세스와 항상 긴밀하게 연계되어 왔습니다. 그러나 이제 애플리케이션은 백 오피스에서 최전선으로 이동하여 단순히

MICROSOFT Unleashing IT프로세스와 항상 긴밀하게 연계되어 왔습니다. 그러나 이제 애플리케이션은 백 오피스에서 최전선으로 이동하여 단순히

Documents
Connect. Communicate. Collaborate. Securely. Connect

Connect. Communicate. Collaborate. Securely. Connect

Documents
Portugal mobility

Portugal mobility

Documents
Europass Mobility

Europass Mobility

Education
sustainable mobility

sustainable mobility

Education
Urban Mobility

Urban Mobility

Education
Health Care Mobility: Staying Securely Connected

Health Care Mobility: Staying Securely Connected

Healthcare
Európske mobility -

Európske mobility -

Documents
Ncp mobility

Ncp mobility

Documents
DAS MUSS five-mobility- STUDIO - five-konzept.de · mobility five-mobility- platzsparend & innovativ DAS MUSS STUDIO

DAS MUSS five-mobility- STUDIO - five-konzept.de · mobility five-mobility- platzsparend & innovativ DAS MUSS STUDIO

Documents
Labor Mobility

Labor Mobility

Documents
Mobility Management

Mobility Management

Documents
Unleashing Efficiency:Unleashing Efficiency: A Vanderbilt ... · Unleashing Efficiency:Unleashing Efficiency: A Vanderbilt University Medical Center ... •Metrics • Impact on

Unleashing Efficiency:Unleashing Efficiency: A Vanderbilt ... · Unleashing Efficiency:Unleashing Efficiency: A Vanderbilt University Medical Center ... •Metrics • Impact on

Documents
Mobility Game

Mobility Game

Business
Max Mobility

Max Mobility

Documents