November monthly chapter meeting

No food or drinks in the meeting room.

Bio, Cesare Garlati

http://photos3.meetupstatic.com/photos/event/7/c/8/a/event_177991882.jpegAs Vice President of Mobile Security at Trend Micro, Cesare Garlati serves as the evangelist for the enterprise mobility product line. Cesare is responsible for raising awareness of Trend Micro’s vision for security solutions in an increasingly consumerized IT world, as well as ensuring that customer insights are incorporated into Trend solutions. Prior to Trend Micro, Mr. Garlati held director positions within leading mobility companies such as iPass, Smith Micro and WaveMarket. Prior to this, he was senior manager of product development at Oracle, where he led the development of Oracle’s first cloud application and many other modules of the Oracle E-Business Suite. Cesare has been frequently quoted in the press, including such media outlets as The Economist, Financial Times, The Register, The Guardian, Le Figaro, El Pais, Il Sole 24 Ore, ZD Net, SC Magazine, Computing and CBS News. An accomplished public speaker, Cesare also has delivered presentations and highlighted speeches at many events, including the Mobile World Congress, Gartner Security Summits, IDC CIO Forums, CTIA Applications and the Mobile Computing Summit. Cesare holds a Berkeley MBA, a BS in Computer Science and numerous professional certifications from Microsoft, Cisco and Sun. Cesare is the chair of the Consumerization Advisory Board at Trend Micro and Co-Chair of the CSA Mobile Working Group - Cloud Security Alliance.

Smartphone Security Winners & Losers
Short Abstract

Android is the most popular mobile platform in the world. It is also the most vulnerable to attack and the most exploited. Contrary to common perception, Apple mobile devices are not immune to security flaws. And in fact less secure than Android if users “jail break” their devices - to escape Apple’s control. Find out who the winners and losers are based on a study of mobile platform security.
BYOD, MDM, etc. may be also be discussed.

Cesare Garlati's slides are available under the more tab-files on this site.

Long Abstract

In the mobile space the BYOD trend is becoming a minefield for IT administrators. Many companies have experienced a data breach as a result of an employee owned device accessing the corporate network. When the stakes are this high, IT needs to know which platforms to allow and which to refuse. A recent independent study commissioned by Trend Micro assessed the enterprise readiness of the major consumer platforms – iOS, Android, BlackBerry and Windows Phone – appraising them in over 40 categories. Unsurprisingly, BlackBerry came out top by far, but the truth is that it is the remaining consumer platforms where most challenges lie, and where most user requests are focused. The speaker will review the research and explain why each platform received the security rating it did. He will also describe how the landscape could shift in the future based on each company’s reaction.Apple came top of the bunch, excelling in areas such as application security and support for corporate managed email, with the platform also offering ISVs a large range of APIs to provide device management capabilities. Windows Phone also fared well, considering it’s a relative newcomer, particularly impressing with its Active Sync support, device wipe and authentication functionality. Android was rated least secure, despite featuring capabilities including VPN support and mandated code signing for all installed applications, and there are signs that it will get better as it matures.

Despite enterprise-grade security and management capabilities creeping into some of these platforms the target for all manufacturers is the consumer. Their focus is clearly on attributes like design, form factor and social networking support, not encryption, VPN, or MDM support. To understand the perception of all four companies within enterprise IT circles, we need to look at the application ecosystems for both.

Apple has complete control over its ecosystem because it makes the hardware and the operating system and vets any third party applications incredibly rigorously. Google on the other hand only makes the OS. Unfortunately this one large homogenous platform makes a potentially profitable target for cyber criminal gangs. Also, the very control which Apple applies so rigorously to its ecosystem could be its undoing. Their uncompromising philosophy has driven many to jailbreak their phone with a “my device, my rules” kind of attitude. And a jailbroken phone is not a secure phone.