information risk management.
Smart Phone Security:
Large threats come in little packages.
An investigation into the risks of allowing smart phones on to the corporate network environment and what can be done to minimise the potential for real world attacks.
Date: 11:00am on the 9th of November, 2010
Registration: This event has concluded.
Presentation Synopsis: Modern smart phone devices allow any staff member to receive and send emails, access core enterprise systems and applications, surf the web and listen to music all on one easy to use handset.
There is an ever increasing pressure on IT departments to allow the use of such personal devices within their work environments. The ease at which functionality such as push email can be achieved is proving to be a nightmare scenario to enterprise IT and security departments. Users are demanding instant email access, the ability to surf the web on your company's wireless network and do as they please with the handset at home... and they want it NOW!
Why should the enterprise care? Why not just give the users what they want?
Our research shows that there are many questions that need to be answered before turning on the mobile switch. Quite rightly so - modern smart phones are fundamentally fully operational computers:
- What are the risks of allowing personal smart phones into the enterprise environment (data leakage, malware)?
- What are the risks when a smart phone is lost or stolen (regulatory requirements)?
- Is your environment adequately protected from compromised smart phones?
While there are a number of platforms in the market place, this presentation will concentrate on the risks of introducing iPhones (and iPads) in to the enterprise environment. Although it must be noted that many of the issues are not restricted solely to this platform, with Android based handsets being vulnerable to similar attacks.
In this presentation, we will provide real-life demonstrations on the security implications of smart phones and mobile technology. We will show how sensitive information and functionality may be gathered by a malicious 3rd party. In addition, we will also discuss some of the methods that can be used to protect your environment from these attacks, while allowing users the freedom to bring their own mobile device. This will include mobile device management and commentary on the effectiveness of the vendor’s native security capabilities.
About the Presenter:
Kaan Kivilcim is a Security Consultant with information security firm Sense of Security. He has over five years experience with web technologies, in particular the development and security assessment of web-based applications. Prior to joining Sense of Security, Kaan was the Technical Lead for start-up online publisher and has been involved in various application development projects across several different industries.
Kaan has dealt with the design and implementation of security infrastructure on various platforms in high performance and mission critical environments. He has in-depth experience with current and emerging web and mobile platform technologies. He also holds a Bachelor of Engineering degree in Electrical Engineering.
Webinar Recording:
If you have missed the webinar, you may still access to the archived content below: