Top 5 Things Learned at the SANS Mobile Device Security Summit

Monday, March 19, 2012

Tom Eston


This is a quick post about the SANS Mobile Device Security Summit that I participated in last week. I presented the latest version of my ever evolving “Attacking and Defending Apple iOS Devices” presentation.  

Kudos go out to Kevin Johnson and Tony DeLaGrange from Secure Ideas for helping organize and lead the event.  They did a great job!  If you’ve been to SANS events in the past, I assure you that this was much different.  

First, there was a great line up, highlighted by:  

  • Rafal Los (HP)
  • Jack Mannino (nVisium Security) 
  • Chris Cuevas (Secure Ideas) 
  • John Sawyer (InGuardians) 
  • Josh Feinblum (The Advisory Board Company) 
  • Daniel Miessler (HP ShadowLabs)

Having a lineup of great speakers really made the summit flow as well as it did. What I liked most about this event was that there were plenty of “real world” talks on how enterprises are setting up and managing mobile deployments…real “in the trenches” types of talks.  

Here are some of the themes that I heard throughout all the talks:  

  • Jailbreaking and Rooting is BAD for the security of the device.
  • Mobile Threats are an evolving, moving target.  Security teams have to be quick to adapt to new mobile technology.
  • Mobile Device Management (MDM) solutions are a requirement for any deployment.
  • Apple iOS devices are preferred over Android in the enterprise (seriously, that was the consensus).  No one seems to care about BlackBerry or Windows Mobile devices.  I think only one speaker mentioned Windows Mobile.

I find this last point pretty interesting. Especially given the fact that Android seems to be beating Apple in regards to market share of devices and app store apps.  

I also enjoyed hearing about some of the challenges and pitfalls real IT and security departments are facing.  Many of the speakers talked about some best practices they've developed and problems they've had.  

One of the highlights for me was a talk by Det. Cindy Murphy from the Madison, WI Police Department Computer Forensics Unit.  She shared some of her experiences with mobile device forensics and how this evidence holds up in court.

I highly recommend you check out this summit next year, it's one not to miss!  

Cross-posted from the SecureState Blog

Possibly Related Articles:
PDAs/Smart Phones
Information Security
OWASP SANS Application Security Mobile Devices Smart Phone Android Jailbreaking Conferences iOS
Post Rating I Like this!
joe jenk Good article!
is their a link to the talks online yet?
also...older people are using the ipad in the enterprise because they dont know much about android as a brand...and its accepted because of the advertisements. android will dominate the phone, ipad will dominate the tablet.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.