©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Best Practices to Secure the Mobile Enterprise
Macy Torrey
22©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Early year’s solutions
33©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
… and then it became easier Laptops brought freedom…
44©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Mobile Workforce Challenges
Access from anywhere…
While maintaining security
55©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Keep communication privateKeep communication private
The Security Challenges
Protected device access(passcode, encryption, etc.)
Protected device access(passcode, encryption, etc.)
Allow access only to the needed information Allow access only to the needed information
Allow access only to device ownerAllow access only to device owner
66©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Four Scenarios for Mobile Security
Background | Challenges | Needs | Best PracticesCheck Point Solution
BetMore• Gaming
Equipment Company
• Personal Mobile and portable devices
YourRHired
• Human Resources Company
• Personal PC’s and Contractors
OnTheGo • High Tech
Company
• Many managed laptops
• Roadwarriors
LotsToMake • Manufacturing
Company
• Managed laptops
• Little travel
77©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
OnTheGo High Tech Company
Background– Large mobile workforce– Employees issued company owned laptops– Employees work from home, coffee shops and travel frequently– Users need to access corporate resources at any given time– Employees shares fair amount of sensitive data
Challenges– Employees let their kids play with computers, a number of unauthorized apps are
downloaded– IT must manage security policy on 10,000 laptops– Sensitive data has found it’s way into competitor’s hands lately
Needs– Access to native applications (like SAP and a homegrown application)– Keep employees productive– Ensure only endpoints that comply with security policy are able to access corporate
resources– Protect corporate data
88©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
OnTheGo High Tech Company
Best Practices– Encrypt laptop in case of theft or loss during travel– Ensure any data leaving the laptop is encrypted– Control programs allowing only authorized apps to be run– Protect the laptop from malware– Firewall the road warriors– Protect from drive-by downloads– Use an always-on IPSec VPN solution for access to native applications
99©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Solution for OnTheGo
Protect against drive-by-downloads, phishing sites and zero-day attacks
Stop unwanted traffic, prevent malware and block targeted attacks
Automatically and transparently secure all information on endpoint hard drives
Centrally enforceable encryption of removable media and port control
Protects your endpoint from unsecure, malicious and unwanted applications
Provide secure, seamless access to corporate networks remotely
1010©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
LotsToMake Hardware Manufacturing Company
Background– Employees issued company owned laptops– Employees occasionally work from home and travel – Users need to access corporate resources sometimes– Has a firewall today but no remote access– Existing AV and File based Encryption solution
Challenges– Travel and working from home occasional, but happens often enough to worry– Small IT group must manage security too
Needs– Occasional access to native applications (Oracle)– Keep employees productive, no matter where they are– Protect corporate resources
1111©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
LotsToMake Hardware Manufacturing Company
Best Practices– Encrypt laptop in case of theft or loss during travel– Ensure any data leaving the laptop is encrypted– Control programs allowing only authorized apps to be run– Protect the laptop from malware– Firewall the road warriors– Protect from drive-by downloads– Use an always-on IPSec VPN solution for access to native applications– Continue using current Endpoint Protection Solution
Even though occasionally mobile, security is still key
1212©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Solution for LotsToMake
Endpoint Security client: VPN, FDE, Compliance, Anti-Malware
Managed VPN access from central Gateway Includes a Desktop Firewall
1313©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
YouRHired Human Resources Company
Background– Employees use desktops at work and personal PC’s or Macs at home– Some Contractors are used as sales force– Users occasionally need to access corporate resources from home– Have a Check Point Gateway
Challenges– Employees complain that they need access to intranet and internal applications
(Inventory Application)– Contractors need access to some web-based applications (SalesForce)– Company is cutting budget on IT spending
Needs– Secure access to corporate data from unmanaged employee and contractor computers– Employees need access to network based, home-grown application– Protect corporate resources
1414©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
YouRHired Human Resources Company
Best Practices– Allow Contractors secure access to web-based applications through browser-based
secure encrypted connection – Allow Employees secure access to network-based applications with browser plug-in– Check compliance of any endpoint accessing your network or specific applications– Train and encourage secure home use of PC’s
1515©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Solution for YouRHired
SSL VPN Web Portal Easy and secure access to critical resources Connect through a standard Web browser
SSL VPN Web Portal Easy and secure access to critical resources Connect through a standard Web browser
Shared files
Web Portal for PC and Mac using SSL VPN
Web apps
Web mail On-demand, dissolvable SSL VPN agent for non-web-application access (SSL Network Extender)
Endpoint Security On-demand
Secure Workspace
1616©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
BetMoreGaming Manufacturing Company
Background– Large mobile workforce– Employees want access from their own personal mobile devices (iPhones, iPads,
Android devices, etc.)– Users want to access corporate resources at any given time
Challenges– Securing the enterprise being accessed by unmanaged devices– Difficult to manage unmanaged devices– Employees are concerned of losing personal freedom of their device
Needs– Keep communication private– Verified access for employees only (2-factor authentication)– Allow access only to authorized applications
1717©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
BetMoreGaming Manufacturing Company
Best Practices– Allow corporate access only through encrypted communication– Create policy of Remote-Wipe if user’s device is lost or stolen– Choose a solution that increases productivity for employees, but easy to support
– Easy for end user– Don’t end up supporting user-owned devices– Minimize corporate “intrusion” on the employee owned device
1818©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Solution for BetMore
Certificate and username/password
Pair device with its owner for a safer connection
Two-factor authentication
for safe connectivity
1919©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
User and Device Access Control
Personalized portal, based on identity
Set up device security features
Control data access by user
and device settings Remote-wipe device upon loss
2020©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Protect Your Internal Servers
Shield your mail and web servers
All Active Sync & Web traffic is secured by SSL VPN technology
2121©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Simple for the End User
Download AppEnter your password
Gain secure access to your
data!
2222©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Simple for the Administrator
Enable Mobile Access Blade on
your gateway
Set access policies for users
Generate and send an activation key to the users
2323©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Mobile Client for Android
Full VPN client (Layer 3 IPSec)
Web application access via SSL VPN
Strong authentication – two factor User/Pass and Certificate
Device-to-user pairing
Automatic certificate enrollment
Easy access to application
Concurrent users license
2424©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Remote Access Strategy
Remote access solutions for a variety of endpoint scenarios
©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Thank You!
Top Related