Www.appmobi.com The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA, Computer Security, and Domino/Notes Chuck Connell,

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

XProtect® Expert 2013 Product presentation

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Chapter 7 Database Auditing Models

OWASP Mobile Top 10 Why They Matter and What We Can Do

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.

Information Security Technological Security Implementation and Privacy Protection.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

HIPAA Compliance. What is it? The federal Health Insurance Portability and Accountability Act of Ensures the privacy rights of patients.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Geneva, Switzerland, September 2014 Considerations for implementing secure enterprise mobility Eileen Bridges Aetna GIS Director.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

The IT Vendor: HIPAA Security Savior for Smaller Health Plans?

Teamplay Connect, compare, collaborate.

Wireless and Mobile Security

 Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

HIPAA Requirements for Computer-based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.

© 2012 IBM Corporation IBM Worklight Overview Martin Triska – IBM Worklight specialist (420) July 2012.

 1- Definition  2- Helpdesk  3- Asset management  4- Analytics  5- Tools.

The time to address enterprise mobility is now

iSecurity Compliance with HIPAA

Hydromet Cloud Presentation

DATA SECURITY FOR MEDICAL RESEARCH

Encrypted from CDS Office Technologies

Hybrid Management and Security

Video Media Management Integrated Workflows

Secure Software Confidentiality Integrity Data Security Authentication

Active Cyber Security, OnDemand

Power BI Security Best Practices

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

BOMGAR REMOTE SUPPORT Karl Lankford

Securing Cloud-Native Applications Jason Schmitt CEO

The Privacy Cycle A Five-Step Process to Improve Your Privacy Culture

Final HIPAA Security Rule

ideas to mobile apps in record time,

Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.

Lesson 16-Windows NT Security Issues

IS4680 Security Auditing for Compliance

Telecom Software & VoIP Communication Platforms Provider.

Windows 10 Enterprise subscriptions in CSP – Messaging Summary

K!M SAA LOGICAL SECURITY Strong Adaptive Authentication

HIPAA Security Standards Final Rule

Drew Hunt Network Security Analyst Valley Medical Center

Giovanni Carnovale – Regional Sales Manager Central & Eastern Europe

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Cisco Meraki Digital Solutions for K-12 Education

Microsoft Data Insights Summit

Introduction to the PACS Security

Modern benefits administration and HR software, supported by us.

OU BATTLECARD: Oracle Identity Management Training

Presentation transcript:

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World

Presenters Mark Stutzman CEO, Appmobi Ben Webster Director Engineering, Appmobi

A History of Groundbreaking Ideas Appmobi Launched XDK Hybrid app dev platform XDK acquired by Intel Mobile cloud services launched Secure Mobile Dev Platform launched

Who we are? Mobile Security software and services company Security Kit: Our SDK that simplifies the development of end-to-end encryption and security for new and existing apps Protection Center: Automates the detection and remediation of mobile threats in real time Professional Services: Security consulting, secure app architecture and development, platform support and installation.

The Problem Apps today are insecure Devices and OS’s are insecure Users are even more insecure HIPAA and other laws require protected data All data needs to be encrypted – everywhere! We are Responsible for our User’s Privacy and Our Data!

By the numbers… 375 security vulnerabilities found in iOS 85% of all Android devices have at least 25 vulnerabilities Average mobile devices connect to 160 unique servers each day 37M Malware issues detected over a 6 month period 75% of all mobile apps fail basic security tests 43% of mobile users do NOT use a passcode! 9M suspicious apps in the app store 52M smartphones lost or stolen in 2014

Secure Development Challenges Improper Platform Usage Insecure Data Store Insecure Communication Insecure Authentication Time Pressure Budget Constraints Insufficient Cryptography Code Tampering Reverse Engineering Extraneous Functionality Feature Creep Poor Testing

Um…This Is Not the Solution.

Healthcare App – Use Case The most complete and flexible mobile security available A simple HIPAA compliant app for Patients to review their Electronic Medical Records and chat with their Physician. It should also enable Dr. to Dr. chat.

Healthcare App Architecture

HIPAA Core Compliance Strong encryption mechanisms to protect data Identity controls to enforce user authorization and policies Data integrity and auditing tools

3 Key Areas to Cover 1.Access Control Requirements: Deals with user identification, authentication controls, access to information, and protection of data on all points of transmission 2.Transmission Security: Both encryption of data over the wire and validation of data sent 3.Audit & Integrity: Recording access to data and validates data is not improperly modified or destroyed

Protecting Our Data Unique User Identification: All users accessing the system must be uniquely identifiable and trackable Authentication: Implement procedures to verify that a person or entity seeing access to ePHI is the one claimed Encryption & Decryption: Mechanisms must be in place to encrypt and decrypt ePHI Secure Transmission: ePHI data must be appropriately encrypted when transmitting Auditing: Implement mechanisms that record and examine activity in systems that contain or use ePHI

Development & Release Process Dev Sandbox - mock data, never include ePHI in any dev or staging environment Test & Debug - protect against common pitfalls such as unintended data leakage, client side injection, proper session handling, etc. Enforce strict data policies - only allow access to the bare minimum required Session timeouts - Automatically log off users after a predetermined window of time Password policy - Enforce length, complexity, and rotation Log application activity - User authentications, access to ePHI, emergency access procedures

But wait, there’s more! Appmobi can help - our solutions solve this problem.

Remember who we are! Mobile Security software and services company Security Kit: Our SDK that simplifies the development of end-to-end encryption and security for new and existing apps Protection Center: Automates the detection and remediation of mobile threats in real time Professional Services: Security consulting, secure app architecture and development, platform support and installation.

Security Kit End-to-end encryption and full security solutions for any mobile app – existing or new, native or hybrid Encryption Toolkit Secure Data Store Secure Push Messaging Secure Live Update Secure Analytics All provided via secure cloud, private stack or on premise

Protection Center 1st of its kind mobile threat detection and remediation platform Monitors and resolves security issues automatically App level threat event monitoring Real time, rule based resolutions (protections) User behavior profiles Launching with predefined “Protections” – events and rule mapping with action choices Easily add custom events and new rules and actions

Professional Services We can help with all of your secure app needs We are experts at building secure apps Software Installation, training, support App security consulting, planning, & strategy Application architecture, development, & testing

Summary Apps, Devices, and OS’s are insecure Users are even more insecure! All data needs to be encrypted – everywhere! Its not an option with regulations such as HIPAA Appmobi can help!

Let’s Talk Mark Stutzman CEO, Appmobi Ben Webster Director Engineering, Appmobi

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World