ZIXCORP The BYOD Tug-of-War: Security versus Privacy Neil Farquharson January, 2015 1 ABOUT ZIXCORP Founded in 1998 as an email encryption company More than 11,000 active customers including: Six divisions of the U.S. Treasury All of the FFIEC U.S. federal financial regulators (incl. FDIC and OCC) The U.S. Securities and Exchange Commission 24 U.S. state financial regulators More than 2,000 U.S. financial institutions 25% of all banks in the U.S. 20% of all hospitals in the U.S. 32 Blue Cross Blue Shield organizations 2 3 BYOD REQUIRES… MDM Mobile Device Management = EMM Enterprise Mobility Management MAM Mobile Application Management MCM Mobile Content Management 4 MOBILE DEVICE MANAGEMENT (MDM) Advantages o Device inventory and management capabilities o Access to multiple platforms from personal or corporate devices o Secure access to corporate data o Support for a wide range of wireless vendors and operating systems o Some data protection with wiping capabilities 5 PROLIFERATION OF MDM VENDORS 6 MDM COMPARISON Source: MOBIwm.com 7 HUNDREDS OF APPLICATIONS 8 MOST POPULAR MOBILE BUSINESS APPS EMAIL, CALENDAR AND CONTACTS Source: BYOD and Mobile Security Report, 2014, Holger Schulze, Information Security Community on LinkedIn 9 MARKET RESPONSE TO BYOD Survey results indicate 45% of respondents report that within the previous 12 months, one or more employees lost a mobile device containing company data InformationWeek’s 2014 Mobile Security Report 3.1 Million smartphones were stolen in the USA during 2013 - sixty per minute Consumer Reports’ Annual State of the Net survey, 2014 72% of respondents say their top mobile security concern is data loss from lost or stolen devices InformationWeek’s 2014 Mobile Security Report 10 MOBILE DEVICE USERS’ FRUSTRATION 11 ADDING TO BYOD CHALLENGES 12 MOBILE SECURITY Trust the Platform or Container Example: EMM Security by Management Trust the App Example: App Wrapper Security by Isolation Trust the Viewer Example: Email Streaming Trust Nothing Example: Virtual Security by Abstraction From Gartner Spectrum of Trust for Mobile Enterprise Design, published April 4, 2014 13 TYPICAL MDM SOLUTION EMAILS ARE RETAINED IN PERMANENT MEMORY 14 ZIXONE SOLUTION EMAILS ARE VIEWED ONLY 15 ACCESSIBLE JAILBREAKING SOFTWARE 16 MDM SECURITY DISASTER OFFLINE PREVENTS WIPE 17 ZIXONE A COMPLETELY NEW PHILOSOPHY Mail Server ZixOne 18 ZixONE app that delivers a view of corporate email, calendar and contacts on mobile devices ZixONE server connects to Exchange or Office365 Efficient, secure protocols deliver information quickly 19 SUMMARY Advantages o Device inventory and management capabilities o Access to multiple platforms from personal or corporate devices o Some data protection with wiping capabilities Disadvantages o o o o Leaves data on the device – exposes offline weakness Loss of employee control and privacy Employee acceptance issues Corporate liability 20