Considerations for implementing secure enterprise mobility

1. ITU Workshop on “ICT Security Standardizationfor Developing Countries” (Geneva, Switzerland, 15-16 September 2014) Considerations for implementing secure enterprise mobility Eileen Bridges BridgesE@Aetna.com Aetna GIS Director Mobile Security Advisor

2. Secure Enterprise Mobility Abstract Mobility is forcing enterprises to migrate from current secure mobile solutions to newer offerings historically developed for consumer use. Enterprises face various risks, compliance and privacy decisions. Enterprises need to properly design mobile security solutions for both corporate, personal and consumer devices. Each solution presents unique challenges requiring the appropriate mobile security architecture and framework to protect user and consumer data.

3. Enterprise Mobile Security Threats Mobile usage is increasing. So are threats. • Lost/stolen devices • Data storage and sharing including cloud • Mobile devices • Insecure network connections • Malware and viruses • Mobile apps • Application distribution ecosystem challenges • Lack of standards with app stores • Lack of developer standards • Authentication • Strong/known assurance levels

4. Protection against Enterprise Mobile Security Threats • Clarity regarding corporate mobile policies • Personally (BYOD) owned • Corporate owned • Consumer owned • Create enterprise mobile security strategy • Comprehensive mobile initiatives list • Mobile ecosystem controls • Mobile app governance • Standard libraries/APIs across development teams • Implement strong/multi authentication options • Develop best practices for mobile • Create Mobile Center of Excellence or Enterprise Mobile Security Forum to collaborate across teams