Mobile Field Worker Security Advocate Series: Customer Conversation Guide Research by IDC, 2015
Agenda 1. Security Requirements for Mobile Field Workers 2. Key Mobile Security Challenges Companies Face Today 3. How the Mobile Threat Landscape is Evolving 4. How Intel Can Help Organizations Address Critical Mobile Security Concerns 1. Data Protection Capabilities 2. Identity and Access Management 3. Threat Prevention 5. Key Intel Differentiators to Underscore with Customers Placeholder Footer Copy / BU Logo or Name Goes Here Research by IDC Health Insights 2015 2
Security Requirements for Mobile Field Workers Key Industries with Mobile Field Workers: Transportation and Logistics, Utilities, Oil and Gas, Retail, Healthcare, Government 1. Mobile field workers need security made simple; entering numeric passwords several times a day is cumbersome 2. They need security solutions with low power consumption as they need the device to last through the entire day 3. Native encryption is key as mobile devices are more easily lost or stolen than the average computing device Placeholder Footer Copy / BU Logo or Name Goes Here Research by IDC, 2015 3
Security is the Greatest Enterprise Mobility Challenge In IDC s Annual Enterprise Mobility report, respondents cite security as the number one challenge to adopting mobility year after year The number one risk mobile devices pose is data loss. This can happen through: Lost or stolen devices Stolen or compromised credentials Malicious applications that steal data and send it to 3 rd party servers Employees sharing corporate data with consumer applications Balancing usability and security is crucial message to convey: Large-scale cyberattacks make the nightly news, but nearly 1/3 of all breaches involve human error If security technology, along with policies and procedures, are considered to be too onerous by end-users, they will seek ways to circumvent them In fact, 50% of surveyed healthcare professionals admitted to using workarounds daily thus putting the institution at risk Placeholder Footer Copy / BU Logo or Name Goes Here Research by IDC, 2015 4
Mobile Devices Introduce Additional Risk Breaches from unprotected data: According to Virtru, In 2014, there were a total of 783 data breaches in the United States alone, an increase of over 20 percent from the previous year. US Healthworks fell victim to a data breach in April as the direct result of a stolen laptop that was not encrypted. Unencrypted personally identifiable information (PII) was on this laptop. Breaches from stolen credentials: The latest Verizon Data Breach Investigations Report (DBIR) show that two out of three breaches involved attackers using stolen or misused credentials. The retail chain Sally Beauty was attacked last year when intruders gained access through a Citrix remote access portal set up for use by employees who needed access to company systems while on the road. The biggest source of credential theft is through spear-phishing. Spear-phishing is a more targeted form of phishing where the attacker develops a personalized lure by leveraging information found on individuals or groups within social media or cloud based documents. These attacks may come in the form of email attachments, URLs, and websites. Adding a second factor of authentication is one way to lower the incidence rate of such breaches Placeholder Footer Copy / BU Logo or Name Goes Here Research by IDC Health Insights 2015 5
Mobile Threat Landscape is Expanding As mobile device shipments have outpaced PC shipments for many years now, hackers are increasingly targeting mobile platforms for malicious activity. The operating systems behind most smartphones and tablets use application sandboxing to isolate mobile applications from critical resources on the device so it is more difficult to attack these devices with traditional malware. However, hackers are finding new ways to exploit devices by aiming their efforts at the operating system. Recent examples include: StageFright: Vulnerability in the Android media player that can be exploited via MMS or video. The flaw would most likely be exploited via the Web browser after an attacker convinced an unsuspecting user to visit a malicious URL, such as a mobile spear phishing site or malicious ad campaign. Xcode Ghost: Xcode is the programming language used to build ios apps. A fake version of the software was available for a faster download in China, and these developers unknowingly developed and distributed apps with malicious code in them. XcodeGhost sits in the background of legitimate apps and mines them for data. And, any devices that have been rooted or jailbroken have broken the security architecture of the OS and are especially vulnerable to attack. Placeholder Footer Copy / BU Logo or Name Goes Here Research by IDC, 2015 6
How Intel Can Help Organizations Address Critical Mobile Security Concerns Today s businesses face several IT challenges to find devices that fit the productivity and collaboration needs of business users while defending devices and personal and business data from threats. Intel vpro technology is core to Intel s strategy to provide security for Mobile Field workers. This processor architecture addresses threat prevention, data protection, identity and access management and monitoring and remediation at the chip level In addition to hardware-based security, Intel offers software solutions to help IT administrators provision and manage devices and apps in a secure fashion and protect against threats Placeholder Footer Copy / BU Logo or Name Goes Here Research by IDC, 2015 7
Intel Mobile Security: Threat Management Intel Core vpro technology helps prevent malware by creating a trusted environment before the OS is allowed to boot. Intel Virtualization Technology (VT) works below the operating system to validate the behavior of key client system components during boot-up and ongoing operations. It is used by Windows 10 Virtual Secure Mode to protect critical Windows processes Intel OS Guard protects against escalation-of-privilege attacks by working constantly with automated protection that prevents viruses from taking hold deep in the system McAfee Complete Endpoint Protection suite of software protects client devices from a broad range of threats Placeholder Footer Copy / BU Logo or Name Goes Here Research by IDC, 2015 8
Intel Mobile Security: Identity and Access Management Intel Core vpro technology helps simplify the mobile worker experience by offering a streamlined means to access business information. Intel vpro Processor Technology offers two-factor authentication that provides a way for web sites and business networks to validate that an actual user not malware is logging in from a trusted PC Intel Identity Protection Technology (Intel IPT) delivers hardware-secured VPN access by incorporating private keys, one-time password (OTP) tokens, and public key infrastructure (PKI) certificates. Intel Platform Trust Technology (PTT) is used by Windows 10 to secure authentication credentials with Hello and Passport Intel IPT eliminates the need for a separate physical token, therefore streamlining the VPN login process. It also ensures that PCs accessing the VPN are those assigned to the company s employees. Because the credentials are secured inside the platform, the information cannot be compromised or removed from a particular PC Placeholder Footer Copy / BU Logo or Name Goes Here Research by IDC, 2015 9
Intel Mobile Security: Data Protection Intel Core vpro processor technology addresses both security and performance without interfering with user productivity Intel Advanced Encryption Standard New Instructions (Intel AES-NI) uses hardware-based acceleration to encrypt data up to four times faster, and it works quietly in the background without slowing performance. Intel AES-NI combined with Intel Secure Key also deliver stronger protection for online transactions, such as authentication over the Internet or e-commerce activities. Intel Secure Key safely generates highly secure encryption keys via the hardware platform. Placeholder Footer Copy / BU Logo or Name Goes Here Research by IDC Health Insights 2015 10
Intel Mobile Security: Device and App Management Intel Core vpro processors offer comprehensive remote monitoring and remediation capabilities to help maximize mobile worker productivity. Intel Core vpro Architecture offers remote support tools that allow security updates to be pushed to any device at any time. And remote remediation tools make it easier to diagnose and fix mobile PCs, whether it s to identify a minor problem or manage a security breach. Intel Active Management Technology (Intel AMT), allows IT admins to access and control any device and resolve issues through all states of operation, including reboot. Thousands of devices can be tracked to update, disable, lock, wipe, or restore using McAfee epolicy Orchestrator (McAfee epo) Deep Command software. McAfee Complete Endpoint Protection offers capabilities to configure and provision mobile devices and apps so that IT administrators can ensure employees only get access to the appropriate applications for their role. This functionality offers a better end user experience and reduces the threat landscape by disallowing non-essential applications to run on the device. Placeholder Footer Copy / BU Logo or Name Goes Here Research by IDC Health Insights 2015 11
Key Intel Differentiators to Underscore with Customers 1. Intel s vpro Core Processors Enhance Mobile Field Worker Security & Productivity Mobile devices are more easily lost than traditional desktop computing devices, so protecting data at rest is crucial. However, the technology used to encrypt this data is often processing intensive, therefore reducing device battery life. In contrast to other approaches, Intel s vpro Core processors offer Intel Advanced Encryption Standard New Instructions (Intel AES-NI) that use hardware-based acceleration to encrypt data up to four times faster than other solutions, therefore reducing strain on the device battery. 2. Intel s Identity Protection Technology Simplifies Security for Mobile Field Workers Because mobile devices communicate over a variety of wireless networks throughout the day, the data moving through those networks must be protected at all times. Intel s Identity Protection technology offers hardware-secured VPN access that incorporates private keys, one-time password (OTP) tokens, and public key infrastructure (PKI) certificates. This eliminates the need for a separate physical token, therefore simplifying the VPN login process for mobile workers. For more security conscious industries, the Intel vpro processor architecture also offers two-factor authentication. This second factor can also be something the user already carries with them, such as a smartphone or a biometric. Placeholder Footer Copy / BU Logo or Name Goes Here Research by IDC Health Insights 2015 12
Key Intel Differentiators to Underscore with Customers (con t) 3. Intel Differentiates with a Combination of Hardware and Software Based Threat Prevention Intel virtualization technology and and Intel trusted execution technology work below the operating system to validate the behavior of key client system components during boot-up and ongoing operations. If a device has already been compromised, Intel OS Guard protects against escalation-of-privilege attacks by working constantly with automated protection that prevents viruses from taking hold deep in the system. These OS level security mechanisms are enhanced by the McAfee Complete Endpoint Protection (CEP) suite of software that protects client devices from a broad range of threats. McAfee CEP also allows organizations to whitelist a set of applications approved for field worker use, therefore reducing the overall device risk. 4. Intel Offers Superior Experiences for Mobile Field Workers on Windows 10 devices. Intel and Microsoft have been working together to create new experiences on Windows 10 devices. Two examples of this from a security perspective include: 1) Intel s Real Sense camera has been built into Windows 10 devices, allowing for authentication via facial recognition instead of numerical passwords, 2) Intel leverages virtualization to create it s own Trusted Execution Environment on Windows 10, which allows for processes to run faster in this secure environment outside of the OS. Placeholder Footer Copy / BU Logo or Name Goes Here Research by IDC Health Insights 2015 13
Key Intel Differentiators to Underscore with Customers (con t) 5. Intel Offers Security Solutions Across the Compute Continuum. Security is only as strong as it s weakest link. Intel offers security solutions across the compute continuum that protects end-point clients, networks, and servers against security incidents. Organizations need to embrace layered strategies that provide protections from the chipset level on the client device all the way back to the backend servers where data is housed. Intel builds security into the silicon and hardware layers, and security software is vertically integrated with the hardware Placeholder Footer Copy / BU Logo or Name Goes Here Research by IDC Health Insights 2015 14