OneBridge Mobile Secure - PowerPoint PPT Presentation

1 / 39
About This Presentation
Title:

OneBridge Mobile Secure

Description:

05.8.22 - Yahoo! Messenger Download Dialogue Box File Name Spoofing ... OBMS Version 2.5. Key Features. Features. Full Encryption on Symbian. Windows 32 Client ... – PowerPoint PPT presentation

Number of Views:101
Avg rating:3.0/5.0
Slides: 40
Provided by: timpe6
Category:

less

Transcript and Presenter's Notes

Title: OneBridge Mobile Secure


1
OneBridge Mobile Secure Overview on Security 25th
February 2005
2
Agenda
  • Overview of Market
  • Product Offering
  • Upcoming Releases
  • OBMS 1.5
  • OBMS 2.0
  • OBMS 2.5
  • Credant Relationship
  • Competitive Differentiators

3
Device trends
  • Stand alone devices
  • The GPS market is powering standalone PDA sales
    in Europe, and it's a market that is driven by
    price. Medion has been very successful in this
    arena, and it's now joined by Mitac and, more
    recently, Yakumo and Anubis. PalmOne is
    attempting to fight back with Zire 72- and Zire
    31-based GPS bundles. Latest devices from
    PalmOne is the treo 650 T5
  • smart phones.
  • Shipments totalled 1.85m units during the same
    period, up 38 per cent on Q3 2003's 1.34m total,
    info from IDC
  • RIM's Blackberry managed to grab almost seven per
    cent of the smart phone market, this is up by
    300 percent due an order in the UK from Vodafone.
  • Applications
  • More than email, Service management, Sales
    management, Bespoke Healthcare etc

4
Why do Organisations protect data ?
Can you keep a Secret ?
5
_at_RISK The Consensus Security Vulnerability
AlertFebruary 24, 2005 Vol. 4.
Week 8
  • -- Third Party Windows Apps
  • 05.8.1 - fallback-reboot Remote Denial of Service
  • 05.8.2 - WebConnect Multiple Remote
    Vulnerabilities
  • 05.8.3 - SD Server Directory Traversal
    Vulnerability
  • 05.8.4 - Bontago Game Server Remote Nickname
    Buffer Overrun
  • 05.8.5 - Xinkaa WEB Station Directory Traversal
  • 05.8.6 - Arkeia Network Backup Agent Remote
    Unauthorized Access
  • 05.8.7 - PuTTY, PSFTP and PSCP Multiple Remote
    Integer Overflow Vulnerabilities
  • 05.8.8 - TrackerCam Multiple Remote
    Vulnerabilities
  • -- Linux
  • 05.8.9 - OpenLDAP SlapD Remote Denial of Service
  • -- Unix
  • 05.8.10 - Information Resource Manager
    Authentication Unspecified Vulnerability
  • 05.8.11 - Arkeia Type 77 Request Remote Buffer
    Overrun
  • 05.8.12 - GProFTPD GProstats Remote Format
    String Vulnerability
  • 05.8.13 - glFTPD ZIP Plugins Directory Traversal
  • -- Cross Platform
  • 05.8.14 - UnAce Archive Directory Traversal
  • 05.8.15 - Mono Multiple Cross-Site Scripting
    Vulnerabilities

6
Why we use security!!!!!!!
--University of California at San Diego
Computers Compromised Again (18 January 2005) For
the third time in one year, computers containing
information belonging to at University of
California San Diego students and alumni have
been breached. The university has been phasing
out the use of Social Security numbers as
identifiers, but these computers were among the
last that still contained this data. While there
is no evidence that the data has been used to
steal identities, those whose personal information
was compromised have been informed in compliance
with California law. The intruder used the
servers to store music and video files. http//www
.nbcsandiego.com/education/4103051/detail.html
SANS NewsBites Vol. 7 Num. 4
7
Ebay- in the news again
--eBay Sellers Offering eMail Addresses, Spam
Tools (20 January 2005) Despite eBay's recent
effort to protect its customers from spam,
sellers on the auction site are offering millions
of email addresses and spamming tools. Certain
lots have been removed from the site, but
Steve Linford of anti-spam organization Spamhaus
believes eBay should pay closer attention to what
is sold on its site and be a leader in the fight
against spam.
SANS NewsBites Vol. 7 Num. 4
8
USA rules OK!
--US Considers Reviewing IBM/Levono Deal for
National Security Risks (25 January 2005) The
Committee on Foreign Investments in the United
States is considering launching an investigation
into whether IBM's proposed sale of IBM's PC
business to Chinese computer manufacturer Levono
Group Ltd. poses a threat to national security.
Some have expressed concern that Chinese computer
experts could use an IBM facility to
conduct industrial espionage.
SANS NewsBites Vol. 7 Num. 4
9
Stolen?
  • Somebody placed an advertisement on eBay that
    advertised a Blackberry    RIM "sold as is." A
    Seattle computer consultant sent in a bid of
    US15.50. His bid was accepted, making him the
    new owner of the pager-size wireless pocket
    communicator with 4 MB of memory.
  • He soon discovered that he was the of a Senior
    Vice Presidents of a Merchant Banks Blackberry.
    It contained a hoard of corporate data, names
    addresss, phone numbers, and other very
    confidential information.
  • It was then auctioned on Ebay for an serious
    amount of cash..

10
Security Policies the Options !
  • Trust Everyone all of the Time
  • Easiest to in force but impractical
  • One bad apple can ruin the whole barrel
  • Trust No One at Any Time
  • Most restrictive, but also impractical
  • Difficult for staff positions
  • Trust some of the people some of the time!
  • Exercise caution on the amount of trust given
  • Access is given out as needed
  • Technical controls need to ensure trust is not
    violated

11
The need for a Win-Win policy
People view policies as An impediment to
productivity Measures to control behaviour People
have different views about needs for security
controls People fear policies will be difficult
to follow implement Policies will affect
everyone within the organisation Tension!!! Users
its stopping me working! Systems support how
do the controls work, will we be
effected? Management concerned about costs v
protection!
12
what customers are experiencing
  • Explosive growth of mobile computing has
    increased productivity and introduced new
    opportunities for business
  • New threats and management issues abound lack
    of tools to manage and secure
  • Difficult to determine who is using mobile
    devices
  • Priceless enterprise data is being synchronized
    and stored on devices
  • Data travels well beyond the safety of the
    firewall
  • Sensitive information travels over public
    networks
  • Mobile devices are too easily lost or stolen

13
why be concerned aboutdata security?
  • PDAs are very prone to loss and theft. Gartner
    estimates more than 250,000 cell phones and PDAs
    were lost at airports alone last year.
  • SANS Institute reports studies show up to 30
    loss rate for PDAs.
  • Tom Walsh of Enterprise Security says, "Robbers
    net about 85 per holdup and are caught 80 of
    the time. Information thefts average 800,000 in
    value and are caught 2 of the time.
  • Information on employee PDAs can often provide
    access to your network, customers and
    confidential information.
  • Company reputation responsibility to
    customers/clients.

14
1995 EU Data Protection Act Directive 95/46/EC
  • Multinationals operating across the EU cannot
    assume the native individual Countries Data
    Protection laws will be mirrored across Europe.
  • Not all fifteen Member States, (for example
    Belgium), have instated a "Data Protection
    Officer / Commissioner" to help ensure data
    protection law compliance,
  • One theme consistent throughout the survey was
    that all countries have the capability to impose
    sanctions for non compliance.
  • Germany Italy (started Jan 2004), stricter than
    the main directive.
  • Initial requirement All fifteen member states to
    implement by 25th October 1998

15
what kind of data are your employees likely to
keep on their devices?
  • Enterprises cannot control what data the users
    can sync onto their device
  • According to a recent PDA usage survey on mobile
    technologies
  • 85 Business Calendar
  • 80 Business Contacts
  • 35 Documents
  • 33 Passwords
  • 32 E-mail

16
Addressing Business Mandates
Business Mandates
Benefits
  • Enable secure access anytime, anywhere
  • Maximizes the protection of mobile
    information and limits legal exposure

Limit risk from device loss, theft or attack
Reduces threat of unauthorized access to
business information
Control mobile device usage and synchronization
Easily detects and governs diverse mobile
devices
Secure priceless enterprise mobile data
Protects the enterprise, wireless access and
mobile devices
Meet regulatory and audit requirements
Maximizes the protection of mobile
information and limits legal exposure
Deploy new solutions that address mobile device
disconnected mode
Architected to address the unique
requirements of mobile computing
Deliver cost-effective solution to deploy,
support and manage diverse types of mobile
devices
Reduces cost of ownership by securing the
mobile enterprise with centrally managed,
policy-based security
17
business imperative secure the mobile ecosystem
Protect Wireless Access
Protect Mobile Devices
Protect the Enterprise

Limit risk from loss, theft and attack
Take control of mobile device usage
Enable productivity from anywhere
18
Why do customers choose to encrypt?
  • To gain a benefit
  • Faster and more confident technology deployment
  • Compliance with legislation or tendering
    requirement
  • To win customer confidence and maintain privacy
  • Or to mitigate a risk
  • Commercial risk from theft of proprietary
    information
  • Reputation risk from bad publicity
  • Legal risk from litigation and compliance failure

19
OneBridge Security Evolution
  • Multi-tier Public Keys to authenticate users
  • Power-On Password to provide basic security to
    devices
  • Over-the-Air Security to protect data
    transmission enables via RSA
  • On-Device Encryption to lock down data enabled
    via Credant

20
Architecture OneBridge Mobile Secure
Security Policy Editor
Tablet PC with CMG Shield OneBridge Client
OneBridge Helpdesk Console
OneBridge Admin Console
SQL or Advantage Server
SSL
Wired or Wireless connection (128 Bit RSA
Encryption)
OneBridge Server
LDAP, AD, NT, DB, Lotus, Radius, RSA
On WAN or LAN
Palm with CMG Shield OneBridge Client
PPC with CMG Shield OneBridge Client
Sync Cradle (USB, Serial, etc.)
OneBridge Desktop Connector (PC)
128 Bit RSA Encryption
21
Architecture OneBridge Mobile Secure
  • OBMS Shield
  • Provides robust on-device policy enforcement -
    access control, data encryption and user
    authorizations.
  • Maximizes the protection of mobile business
    information.
  • OBMS Administration
  • Centralized specification of policy for your PDAs
  • Save and load different policy sets for different
    groups within your organization
  • Create installable Shield images for PPC, Palm,
    Smartphone or Symbian
  • Integrated in OneBridge Software Deployment
    functionality
  • Designate corporate security policy for mobile
    Devices

LAN/WAN
22
OneBridge Mobile Secure overview
  • Robust on-device encryption of corporate data on
    the device
  • Centralized management of devices and data
    security policies
  • Ability to receive updated email and data even
    while device is locked via our LiveConnect
    functionality
  • Self-service and administrator-assisted password
    recovery options available

23
What is OBMS?
  • Protects mobile devices and applications
  • Authentication required to access data on device
  • data encryption
  • on-device restrictions
  • administrator device and data recovery
  • Broad platform support for diverse mobile
    hardware and operating systems for PDAs and
    smartphones
  • Easy to administer centrally-defined security
    policies for consistency across all mobile users
  • Shield provides industry-leading depth of
    security policies
  • Flexible and cost-effective implementation with
    upgrade paths to enterprise-wide solutions
  • Ease of implementation
  • Multiple deployment options

24
OneBridge Mobile Secure Features
  • Centrally-defined user authentication provides
  • Pin, Password and Question/Answer length,
    strength, number of retries, expiry, history
  • Timeouts inactivity
  • Self-service password reset via question/answer
  • Administrator recovery different between Group
    and Enterprise
  • Fail-safe action if under attack - extend retry
    timeout or wipe device (remove all data)
  • On-device data encryption
  • Built in PIM applications email (including
    attachments), calendar, contacts
  • Other applications, including custom applications
  • Blowfish 128, 3DES, AES128, AES256
    (notebook/tablet)
  • Port Controls
  • Infrared
  • Bluetooth
  • External Storage
  • Network
  • Application Controls
  • Any application can be disabled , including
    cameras
  • Useful for customizing devices for specific
    business applications

25
OneBridge Mobile Securekey differentiators
  • Ease of implementation and support
  • Easily map security, management and control to
    meet diverse IT and regulatory compliance
    requirements
  • Minimize costs and maximize existing investments
    by integrating with existing enterprise
    directories
  • Over-the-air distribution of shield and policies
    for mobile devices
  • Reduced cost of ownership
  • Single administrative package to centrally manage
    all mobile devices
  • Self-service password reset
  • Best of breed solution
  • Ability to push data to the device even when
    locked
  • Leverages Credant Mobile Security Platform
  • Robust security
  • Policy-based on-device security enforcement
  • Mutually authenticated synchronization
  • Automatic fail-safe action if mobile device is
    lost or stolen ensures valuable information is
    protected

26
OneBridge Mobile Secure Specifications
  • Shield Platforms
  • Pocket PC 2000 with ARM processor, Pocket PC
    2002, Windows Mobile 2003 and Windows Mobile 2003
    Second Edition with 2MB free memory
  • Palm OS 3.5 through 5.x with at least 4MB RAM and
    1.5 MB free storage
  • Smartphone 2003 with 1MB free main memory
  • Policy Editor Platforms
  • Windows 2000 Professional SP3
  • Windows XP Professional SP1
  • Encryption Algorithms
  • AES 128, Triple DES, Blowfish 128, Lite
  • Certifications
  • FIPS 140-2

27
OBMS Version 1.5 New Key Features
  • Features
  • Windows Mobile 2003 (Smartphone) Shield
  • Samsung i600
  • Motorola MPx 220
  • Full Encryption on Palm Shield
  • New Devices
  • PalmOne Treo 650 Support
  • Port and Application Blocking
  • SD Card Encryption
  • French, Italian, German, and Spanish Language
    Support
  • Hotfix for OBMG to provide full functionality on
    Software Distribution.
  • Availability
  • Mid March GA

28
OBMS Version 2.0 Key Features
  • Features
  • Fully integrated into OneBridge Admin Console
    (part of OneBridge Mobile Groupware 4.5)
  • Ability to create Temporary Admin Passwords for
    Support
  • Symbian Shield (Authentication)UIQ and Series 80
    Devices
  • Availability
  • May 2005

29
OBMS Version 2.5 Key Features
  • Features
  • Full Encryption on Symbian
  • Windows 32 Client
  • Availability
  • Summer 2005

30
Device Validation Process

31
Development Details
32
Device Certification Queue
33
Who is Credant?
  • The emergence of a highly competitive new
    vendor, CREDANT Technologies, has raised the
    threshold at which other vendors can
    pursue leadership.
  • CREDANT went furthest by offering the most
    features in the fewest number of products.
  • CREDANTs comprehensiveness of vision
    forced a lower comparative ranking of many
    incumbent vendors.
  • CREDANTs strong first-year sales are a
    prelude to leadership.

34
Relationship Overview
  • Sales model
  • Territory - Global
  • OEM Shield provides on-device core of Mobile
    Secure solution
  • Ability to Resell any Credant products
  • Upgrade pricing available between shield versions
    (e.g. Group Edition to Enterprise Edition)
  • Maintenance Support
  • ESI provides level 1 2 to customers
  • Credant provides level 3 to ESI
  • Sales Support
  • Credant reps are compensated for partner sales

35
Sales Process
  • Credant is already working on a number of sales
    opportunities with ESI
  • Rules of engagement under discussion
  • Goal is for ESI to take the lead with joint
    customers, Credant provide support to close deals
  • Credant will support ESI with prospects, pricing
    information, sales strategies, Webex
    presentations and demos, technical support,
    training, joint marketing, collateral
    development, etc
  • Paul Huntingdon (phuntingdon_at_credant.com) is the
    prime AE contact for ESI EMEA
  • Sean Towns (stowns_at_credant.com) is the prime SE
    contact for ESI EMEA
  • Kevin Burchett (kburchett_at_credant.com) is the
    prime BD contact for ESI EMEA

36
Competitive Comparison
37
Competitive Comparison
38
Mobile Device Check list
  • Security Policy
  • Use Policy
  • Awareness Training
  • Device registration
  • Initial Checklist
  • Employee Termination Procedure
  • Device Authentication
  • Anti Virus Software
  • Theft protection
  • File Encryption
  • Device Firewall
  • Device Integrity
  • Device Management
  • Network Connections
  • Expansion Slots

39
HP raising security profile with HP protect
Tools
  • On a number of new devices HP is supplying as
    part of the on ROM security, a replacement from
    the Microsoft logon password solution.
  • It is also supplied by Credant.
  • Its a personal version only. i.e. no central
    policy management
  • It can be turned off, and replaced by OBMSecure.
  • This is a big opportunity HP are doing all the
    work sell OBMSecure to these users. See the
    following screens..

40
(No Transcript)
41
(No Transcript)
42
(No Transcript)
43
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com