Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Mobile Working Group Session.

Similar presentations


Presentation on theme: "Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Mobile Working Group Session."— Presentation transcript:

1 Copyright © 2011 Cloud Security Alliance Mobile Working Group Session

2 Copyright © 2011 Cloud Security Alliance Dan Hubbard Guido Sanchidrian Mark Cunningham Nadeem Bhukari Alice Decker Satheesh Sudarsan Matt Broda Randy Bunnell Megan Bell Jim Hunter Pam Fusco Tyler Shields Jeff Shaffer Govind Tatachari Ken Huang Mats Näslund Giles Hogben Eric Fisher Sam Wilke Steven Michalove Allen Lum Girish Bhat Warren Tsai Jay Munsterman Initiative Leads/Contributors Co-chairs David Lingenfelter Cesare Garlati Freddy Kasprzykowski CSA Staff Luciano Santos John Yeoh Aaron Alva Evan Scoboria Kendall Scoboria

3 Copyright © 2011 Cloud Security Alliance Security Guidance for Critical Areas of Mobile Computing Published Nov Mobile Computing Definition Threats to Mobile Computing Maturity of the Mobile Landscape BYOD Policies Mobile Authentication App Stores Mobile Device Management

4 Copyright © 2011 Cloud Security Alliance Authentication Apps MDM BYOD

5 Copyright © 2011 Cloud Security Alliance

6 Copyright © 2011 Cloud Security Alliance 1. Data loss from lost, stolen or decommissioned devices. 2. Information-stealing mobile malware. 3. Data loss and data leakage through poorly written third-party apps. 4. Vulnerabilities within devices, OS, design and third-party applications. 5. Unsecured Wi-Fi, network access and rogue access points. 6. Unsecured or rogue marketplaces. 7. Insufficient management tools, capabilities and access to APIs (includes personas). 8. NFC and proximity-based hacking.

7 Copyright © 2011 Cloud Security Alliance …theres room for improvement 78% Have Mobile Policy 86% Allow BYOD 47% Utilize MDM 36% Have App Restriction 41% Have Security Controls

8 Copyright © 2011 Cloud Security Alliance Jay Munsterman

9 Copyright © 2011 Cloud Security Alliance Analyze new challenges of: Policy Privacy Device and Data Segmentation Delivered Policy Guidance for v1 Guidance

10 Copyright © 2011 Cloud Security Alliance Need more team members!! Help us out! Conference call late March Decide on next steps, consider: Policy Templates Policy Examples Evaluation of emerging containerization options

11 Copyright © 2011 Cloud Security Alliance David Lingenfelter

12 Copyright © 2011 Cloud Security Alliance Increase security and compliance enforcement Reduce the cost of supporting mobile assets Enhance application and performance management Ensure better business continuity Increase productivity and employee satisfaction Beyond Simple MDM

13 Copyright © 2011 Cloud Security Alliance Mark Cunningham

14 Copyright © 2011 Cloud Security Alliance

15 Copyright © 2011 Cloud Security Alliance

16 Copyright © 2011 Cloud Security Alliance

17 Copyright © 2011 Cloud Security Alliance

18 Copyright © 2011 Cloud Security Alliance Ease of Use Future Authentication Technologies

19 Copyright © 2011 Cloud Security Alliance What you download may be compromised! James Hunter

20 Copyright © 2011 Cloud Security Alliance Apple and Google control 80% of the App Market By the end of 2013 an estimated 50 Billion downloads There are over 1 million different Apps The summary doesn't consider Amazon and Samsung. Corporate sites offering downloads for their flavor Apps, Developers, in all sizes and Apps Distributors. We have a chaotic marketplace depending on the participants "best efforts", to insure the end user privacy and security, as well as that of others (Companies who employ them, even ones they visit and use WiFi service).

21 Copyright © 2011 Cloud Security Alliance How trustworthy is the App Store? How trustworthy is the Developer? Can the user report issues found in the App? Who should get the report? Does the App use more permissions than needed? Does the App make connections to the Internet? Does the user need anti-virus, malware, etc.? Will this be an issue with BYOD?

22 Copyright © 2011 Cloud Security Alliance Initial draft of the policy guideline submitted in late October-early November 2012, for Orlando. November 2012 decision made to develop a stand- alone document. December 2012 received updated peer review info from J. Yeoh. January 2013 started efforts to recruit more volunteers for App Store Security working group? February 2013 re-started efforts to make contact with App Store Management at Microsoft.

23 Copyright © 2011 Cloud Security Alliance March 2013 start update of draft guideline to a stand alone document. March 2013 continue efforts to recruit several volunteers to work on the stand alone document. March 2013 request CSA Global support for contacts with Apple, Google, Amazon, Samsung Appstore contacts. April-June 2013 pursue App Store management contacts, involvement and support.

24 Copyright © 2011 Cloud Security Alliance Thanks to the following individuals: John Yeoh, Research Analyst, Global CSAAuthors/Contributors Group Lead James Hunter, Net Effects Inc. Peer Reviewers Tom Jones; Ionnis Kounelis; Sandeep Mahajan; Henry St. Andre, InContact Co Chair, Mobile Security, Cesare Garlati Trend Micro

25 Copyright © 2011 Cloud Security Alliance Moving at the speed of mobile!

26 Copyright © 2011 Cloud Security Alliance Charter review Cooperation Between Working Groups New Mobile Controls In CCM Maturity questionnaire v2.0 Top Threats Review Stand Alone App Store Document Stand Alone Authentication Document New Section On Data Protection

27 Copyright © 2011 Cloud Security Alliance Securing public and private application stores Analysis of mobile security features of key mobile operating systems Mobile device management, provisioning, policy, and data management Guidelines for the mobile device security framework Scalable authentication for mobile Best practices for secure mobile application Identification of primary risks related BYOD – Bring Your Own Device Solutions for resolving multiple usage roles related to BYOD

28 Copyright © 2011 Cloud Security Alliance Information sharing across working groups Already working with CCM More guidance and input from Corporate, GRC and SME Timeframes/Deadlines/Review Periods

29 Copyright © 2011 Cloud Security Alliance Create more material people will want to use to develop their mobile business plans Baseline Controls Policy Templates App Security Guidelines Threats and Risks

30 Copyright © 2011 Cloud Security Alliance BlackHat (July 27-Aug1) EMEA Congress (September) ASIAPAC Events (Congress, May 14-17) CSA Congress Orlando (November) https://cloudsecurityalliance.org/events/

31 Copyright © 2011 Cloud Security Alliance Chapter meetings every other 9:00am PST LinkedIn: Cloud Security Alliance: Mobile Working Group Basecamp


Download ppt "Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Mobile Working Group Session."

Similar presentations


Ads by Google