Mobile security and application development is new territory for a lot of companies. If your organization is struggling with how to develop and implement a set of policies for managing and securing mobile devices, especially the thorny BYOD (bring your own device) issues around employee-owned smart phones and tablets, you aren’t alone. A recent state of security study by PricewaterhouseCoopers showed that only about 40% of the companies surveyed have mobile device security programs in place.
But harnessing the full power of mobile devices is about more than setting policy on how they can be used. Those organizations that can push custom business applications onto employees’ devices are the ones that will use mobile technology for a competitive advantage.
If you’re look for help, check out the inaugural Mobile Device Security Summit hosted by SANS Institute, March 12-13 in Nashville, Tennessee.. The conference will feature presentations from people who have already tackled mobile management/security issues with success. On March 14 and 15,summit cochair Kevin Johnson of Secure Ideas will teach an in-depth course on mobile device security for those who really want to dig in.
Of special interest at the summit are the sessions designed to educate the developers of mobile apps. As companies push more of their business applications to the mobile devices, they need to know that apps aren’t opening up new threat vectors.
Keynotes and breakout sessions at the summit include:
- Threat Profiling the Mobile Application Ecosystem (keynote)
- Attacking and Defending Apple iOS Devices in the Enterprise
- Securing our Mobile Perimeters: Stories from the Trenches (user panel)
- Hacking a Moving Target - Mobile Application Penetration
- Thinking Inside a Box - Mobile Containers and the Enterprise (panel of experts)
- Smart Bombs: Mobile Vulnerability and Exploitation
- Protecting the Jewels: Mobile Device Segregation
- iOS App Testing 101
- Power to the People: How and Why to Jailbreak Your iOS
- BYOD: Controlled Chaos or Pandora’s Box?
The sessions will be led by mobile security practitioners, consultants, and technical experts from vendor companies. Of course, there’s plenty of time for networking with the presenters and your peers to get a real exchange of ideas going.
More on mobile security: In my next post, I'll talk about a report by business social networking group Wisegate on creating and implementing BYOD policies.