OneBridge Mobile Secure

1
OneBridge Mobile Secure Overview on Security 25th
February 2005
2
Agenda

• Overview of Market
• Product Offering
• Upcoming Releases
• OBMS 1.5
• OBMS 2.0
• OBMS 2.5
• Credant Relationship
• Competitive Differentiators

3
Device trends

• Stand alone devices
• The GPS market is powering standalone PDA sales
  in Europe, and it's a market that is driven by
  price. Medion has been very successful in this
  arena, and it's now joined by Mitac and, more
  recently, Yakumo and Anubis. PalmOne is
  attempting to fight back with Zire 72- and Zire
  31-based GPS bundles. Latest devices from
  PalmOne is the treo 650 T5
• smart phones.
• Shipments totalled 1.85m units during the same
  period, up 38 per cent on Q3 2003's 1.34m total,
  info from IDC
• RIM's Blackberry managed to grab almost seven per
  cent of the smart phone market, this is up by
  300 percent due an order in the UK from Vodafone.
• Applications
• More than email, Service management, Sales
  management, Bespoke Healthcare etc

4
Why do Organisations protect data ?
Can you keep a Secret ?
5
_at_RISK The Consensus Security Vulnerability
AlertFebruary 24, 2005 Vol. 4.
Week 8

• -- Third Party Windows Apps
• 05.8.1 - fallback-reboot Remote Denial of Service
• 05.8.2 - WebConnect Multiple Remote
  Vulnerabilities
• 05.8.3 - SD Server Directory Traversal
  Vulnerability
• 05.8.4 - Bontago Game Server Remote Nickname
  Buffer Overrun
• 05.8.5 - Xinkaa WEB Station Directory Traversal
• 05.8.6 - Arkeia Network Backup Agent Remote
  Unauthorized Access
• 05.8.7 - PuTTY, PSFTP and PSCP Multiple Remote
  Integer Overflow Vulnerabilities
• 05.8.8 - TrackerCam Multiple Remote
  Vulnerabilities
• -- Linux
• 05.8.9 - OpenLDAP SlapD Remote Denial of Service
• -- Unix
• 05.8.10 - Information Resource Manager
  Authentication Unspecified Vulnerability
• 05.8.11 - Arkeia Type 77 Request Remote Buffer
  Overrun
• 05.8.12 - GProFTPD GProstats Remote Format
  String Vulnerability
• 05.8.13 - glFTPD ZIP Plugins Directory Traversal
• -- Cross Platform
• 05.8.14 - UnAce Archive Directory Traversal
• 05.8.15 - Mono Multiple Cross-Site Scripting
  Vulnerabilities

6
Why we use security!!!!!!!
--University of California at San Diego
Computers Compromised Again (18 January 2005) For
the third time in one year, computers containing
information belonging to at University of
California San Diego students and alumni have
been breached. The university has been phasing
out the use of Social Security numbers as
identifiers, but these computers were among the
last that still contained this data. While there
is no evidence that the data has been used to
steal identities, those whose personal information
was compromised have been informed in compliance
with California law. The intruder used the
servers to store music and video files. http//www
.nbcsandiego.com/education/4103051/detail.html
SANS NewsBites Vol. 7 Num. 4
7
Ebay- in the news again
--eBay Sellers Offering eMail Addresses, Spam
Tools (20 January 2005) Despite eBay's recent
effort to protect its customers from spam,
sellers on the auction site are offering millions
of email addresses and spamming tools. Certain
lots have been removed from the site, but
Steve Linford of anti-spam organization Spamhaus
believes eBay should pay closer attention to what
is sold on its site and be a leader in the fight
against spam.
SANS NewsBites Vol. 7 Num. 4
8
USA rules OK!
--US Considers Reviewing IBM/Levono Deal for
National Security Risks (25 January 2005) The
Committee on Foreign Investments in the United
States is considering launching an investigation
into whether IBM's proposed sale of IBM's PC
business to Chinese computer manufacturer Levono
Group Ltd. poses a threat to national security.
Some have expressed concern that Chinese computer
experts could use an IBM facility to
conduct industrial espionage.
SANS NewsBites Vol. 7 Num. 4
9
Stolen?

• Somebody placed an advertisement on eBay that
  advertised a Blackberry    RIM "sold as is." A
  Seattle computer consultant sent in a bid of
  US15.50. His bid was accepted, making him the
  new owner of the pager-size wireless pocket
  communicator with 4 MB of memory.
• He soon discovered that he was the of a Senior
  Vice Presidents of a Merchant Banks Blackberry.
  It contained a hoard of corporate data, names
  addresss, phone numbers, and other very
  confidential information.
• It was then auctioned on Ebay for an serious
  amount of cash..

10
Security Policies the Options !

• Trust Everyone all of the Time
• Easiest to in force but impractical
• One bad apple can ruin the whole barrel
• Trust No One at Any Time
• Most restrictive, but also impractical
• Difficult for staff positions
• Trust some of the people some of the time!
• Exercise caution on the amount of trust given
• Access is given out as needed
• Technical controls need to ensure trust is not
  violated

11
The need for a Win-Win policy
People view policies as An impediment to
productivity Measures to control behaviour People
have different views about needs for security
controls People fear policies will be difficult
to follow implement Policies will affect
everyone within the organisation Tension!!! Users
its stopping me working! Systems support how
do the controls work, will we be
effected? Management concerned about costs v
protection!
12
what customers are experiencing

• Explosive growth of mobile computing has
  increased productivity and introduced new
  opportunities for business
• New threats and management issues abound lack
  of tools to manage and secure
• Difficult to determine who is using mobile
  devices
• Priceless enterprise data is being synchronized
  and stored on devices
• Data travels well beyond the safety of the
  firewall
• Sensitive information travels over public
  networks
• Mobile devices are too easily lost or stolen

13
why be concerned aboutdata security?

• PDAs are very prone to loss and theft. Gartner
  estimates more than 250,000 cell phones and PDAs
  were lost at airports alone last year.
• SANS Institute reports studies show up to 30
  loss rate for PDAs.
• Tom Walsh of Enterprise Security says, "Robbers
  net about 85 per holdup and are caught 80 of
  the time. Information thefts average 800,000 in
  value and are caught 2 of the time.
• Information on employee PDAs can often provide
  access to your network, customers and
  confidential information.
• Company reputation responsibility to
  customers/clients.

14
1995 EU Data Protection Act Directive 95/46/EC

• Multinationals operating across the EU cannot
  assume the native individual Countries Data
  Protection laws will be mirrored across Europe.
• Not all fifteen Member States, (for example
  Belgium), have instated a "Data Protection
  Officer / Commissioner" to help ensure data
  protection law compliance,
• One theme consistent throughout the survey was
  that all countries have the capability to impose
  sanctions for non compliance.
• Germany Italy (started Jan 2004), stricter than
  the main directive.
• Initial requirement All fifteen member states to
  implement by 25th October 1998

15
what kind of data are your employees likely to
keep on their devices?

• Enterprises cannot control what data the users
  can sync onto their device
• According to a recent PDA usage survey on mobile
  technologies
• 85 Business Calendar
• 80 Business Contacts
• 35 Documents
• 33 Passwords
• 32 E-mail

16
Addressing Business Mandates
Business Mandates
Benefits

• Enable secure access anytime, anywhere

• Maximizes the protection of mobile
  information and limits legal exposure

Limit risk from device loss, theft or attack
Reduces threat of unauthorized access to
business information
Control mobile device usage and synchronization
Easily detects and governs diverse mobile
devices
Secure priceless enterprise mobile data
Protects the enterprise, wireless access and
mobile devices
Meet regulatory and audit requirements
Maximizes the protection of mobile
information and limits legal exposure
Deploy new solutions that address mobile device
disconnected mode
Architected to address the unique
requirements of mobile computing
Deliver cost-effective solution to deploy,
support and manage diverse types of mobile
devices
Reduces cost of ownership by securing the
mobile enterprise with centrally managed,
policy-based security
17
business imperative secure the mobile ecosystem
Protect Wireless Access
Protect Mobile Devices
Protect the Enterprise

Limit risk from loss, theft and attack
Take control of mobile device usage
Enable productivity from anywhere
18
Why do customers choose to encrypt?

• To gain a benefit
• Faster and more confident technology deployment
• Compliance with legislation or tendering
  requirement
• To win customer confidence and maintain privacy
• Or to mitigate a risk
• Commercial risk from theft of proprietary
  information
• Reputation risk from bad publicity
• Legal risk from litigation and compliance failure

19
OneBridge Security Evolution

• Multi-tier Public Keys to authenticate users
• Power-On Password to provide basic security to
  devices
• Over-the-Air Security to protect data
  transmission enables via RSA
• On-Device Encryption to lock down data enabled
  via Credant

20
Architecture OneBridge Mobile Secure
Security Policy Editor
Tablet PC with CMG Shield OneBridge Client
OneBridge Helpdesk Console
OneBridge Admin Console
SQL or Advantage Server
SSL
Wired or Wireless connection (128 Bit RSA
Encryption)
OneBridge Server
LDAP, AD, NT, DB, Lotus, Radius, RSA
On WAN or LAN
Palm with CMG Shield OneBridge Client
PPC with CMG Shield OneBridge Client
Sync Cradle (USB, Serial, etc.)
OneBridge Desktop Connector (PC)
128 Bit RSA Encryption
21
Architecture OneBridge Mobile Secure

• OBMS Shield
• Provides robust on-device policy enforcement -
  access control, data encryption and user
  authorizations.
• Maximizes the protection of mobile business
  information.

• OBMS Administration
• Centralized specification of policy for your PDAs
• Save and load different policy sets for different
  groups within your organization
• Create installable Shield images for PPC, Palm,
  Smartphone or Symbian
• Integrated in OneBridge Software Deployment
  functionality
• Designate corporate security policy for mobile
  Devices

LAN/WAN
22
OneBridge Mobile Secure overview

• Robust on-device encryption of corporate data on
  the device
• Centralized management of devices and data
  security policies
• Ability to receive updated email and data even
  while device is locked via our LiveConnect
  functionality
• Self-service and administrator-assisted password
  recovery options available

23
What is OBMS?

• Protects mobile devices and applications
• Authentication required to access data on device
• data encryption
• on-device restrictions
• administrator device and data recovery
• Broad platform support for diverse mobile
  hardware and operating systems for PDAs and
  smartphones
• Easy to administer centrally-defined security
  policies for consistency across all mobile users
• Shield provides industry-leading depth of
  security policies
• Flexible and cost-effective implementation with
  upgrade paths to enterprise-wide solutions
• Ease of implementation
• Multiple deployment options

24
OneBridge Mobile Secure Features

• Centrally-defined user authentication provides
• Pin, Password and Question/Answer length,
  strength, number of retries, expiry, history
• Timeouts inactivity
• Self-service password reset via question/answer
• Administrator recovery different between Group
  and Enterprise
• Fail-safe action if under attack - extend retry
  timeout or wipe device (remove all data)
• On-device data encryption
• Built in PIM applications email (including
  attachments), calendar, contacts
• Other applications, including custom applications
• Blowfish 128, 3DES, AES128, AES256
  (notebook/tablet)
• Port Controls
• Infrared
• Bluetooth
• External Storage
• Network
• Application Controls
• Any application can be disabled , including
  cameras
• Useful for customizing devices for specific
  business applications

25
OneBridge Mobile Securekey differentiators

• Ease of implementation and support
• Easily map security, management and control to
  meet diverse IT and regulatory compliance
  requirements
• Minimize costs and maximize existing investments
  by integrating with existing enterprise
  directories
• Over-the-air distribution of shield and policies
  for mobile devices
• Reduced cost of ownership
• Single administrative package to centrally manage
  all mobile devices
• Self-service password reset
• Best of breed solution
• Ability to push data to the device even when
  locked
• Leverages Credant Mobile Security Platform
• Robust security
• Policy-based on-device security enforcement
• Mutually authenticated synchronization
• Automatic fail-safe action if mobile device is
  lost or stolen ensures valuable information is
  protected

26
OneBridge Mobile Secure Specifications

• Shield Platforms
• Pocket PC 2000 with ARM processor, Pocket PC
  2002, Windows Mobile 2003 and Windows Mobile 2003
  Second Edition with 2MB free memory
• Palm OS 3.5 through 5.x with at least 4MB RAM and
  1.5 MB free storage
• Smartphone 2003 with 1MB free main memory
• Policy Editor Platforms
• Windows 2000 Professional SP3
• Windows XP Professional SP1
• Encryption Algorithms
• AES 128, Triple DES, Blowfish 128, Lite
• Certifications
• FIPS 140-2

27
OBMS Version 1.5 New Key Features

• Features
• Windows Mobile 2003 (Smartphone) Shield
• Samsung i600
• Motorola MPx 220
• Full Encryption on Palm Shield
• New Devices
• PalmOne Treo 650 Support
• Port and Application Blocking
• SD Card Encryption
• French, Italian, German, and Spanish Language
  Support
• Hotfix for OBMG to provide full functionality on
  Software Distribution.
• Availability
• Mid March GA

28
OBMS Version 2.0 Key Features

• Features
• Fully integrated into OneBridge Admin Console
  (part of OneBridge Mobile Groupware 4.5)
• Ability to create Temporary Admin Passwords for
  Support
• Symbian Shield (Authentication)UIQ and Series 80
  Devices
• Availability
• May 2005

29
OBMS Version 2.5 Key Features

• Features
• Full Encryption on Symbian
• Windows 32 Client
• Availability
• Summer 2005

30
Device Validation Process

31
Development Details
32
Device Certification Queue
33
Who is Credant?

• The emergence of a highly competitive new
  vendor, CREDANT Technologies, has raised the
  threshold at which other vendors can
  pursue leadership.
• CREDANT went furthest by offering the most
  features in the fewest number of products.
• CREDANTs comprehensiveness of vision
  forced a lower comparative ranking of many
  incumbent vendors.
• CREDANTs strong first-year sales are a
  prelude to leadership.

34
Relationship Overview

• Sales model
• Territory - Global
• OEM Shield provides on-device core of Mobile
  Secure solution
• Ability to Resell any Credant products
• Upgrade pricing available between shield versions
  (e.g. Group Edition to Enterprise Edition)
• Maintenance Support
• ESI provides level 1 2 to customers
• Credant provides level 3 to ESI
• Sales Support
• Credant reps are compensated for partner sales

35
Sales Process

• Credant is already working on a number of sales
  opportunities with ESI
• Rules of engagement under discussion
• Goal is for ESI to take the lead with joint
  customers, Credant provide support to close deals
  
• Credant will support ESI with prospects, pricing
  information, sales strategies, Webex
  presentations and demos, technical support,
  training, joint marketing, collateral
  development, etc
• Paul Huntingdon (phuntingdon_at_credant.com) is the
  prime AE contact for ESI EMEA
• Sean Towns (stowns_at_credant.com) is the prime SE
  contact for ESI EMEA
• Kevin Burchett (kburchett_at_credant.com) is the
  prime BD contact for ESI EMEA

36
Competitive Comparison
37
Competitive Comparison
38
Mobile Device Check list

• Security Policy
• Use Policy
• Awareness Training
• Device registration
• Initial Checklist
• Employee Termination Procedure
• Device Authentication
• Anti Virus Software
• Theft protection
• File Encryption
• Device Firewall
• Device Integrity
• Device Management
• Network Connections
• Expansion Slots

39
HP raising security profile with HP protect
Tools

• On a number of new devices HP is supplying as
  part of the on ROM security, a replacement from
  the Microsoft logon password solution.
• It is also supplied by Credant.
• Its a personal version only. i.e. no central
  policy management
• It can be turned off, and replaced by OBMSecure.
• This is a big opportunity HP are doing all the
  work sell OBMSecure to these users. See the
  following screens..

40
(No Transcript)
41
(No Transcript)
42
(No Transcript)
43
(No Transcript)