Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION TECHNOLOGIES DEPARTMENT

 Introduction  Security risks and threats  Security Enforcement  Conclusion OUTLINE

INTRODUCTION – PURPOSE Mobile devices & Applications Risks & Threats Secure Mobile platforms Essential Security Mechanisms

 Fastest growing sector  Calls + SMS  Fully fledged mobile computing platform  1G Analogue cellular network  2G Digital Cellular network  3G Broadband data services-  4G native IP networks INTRODUCTION – MOBILE TECHNOLOGY

 Smartphones, tablets, PDAs  High Processing power  High Storage Capacity  Easy Usability - touch screens, voice, QWERTY keyboards INTRODUCTION – MOBILE TECHNOLOGY Cont.

High capabilities has led to fast & high penetration and adoption Mobile payments & banking  Income & Property Tax, Utility bills (LUKU, DSTV & Water)– MPESA, NMB mobile Business operations - Complete Office Software INTRODUCTION – MOBILE APPLICATION IN PUBLIC SECTOR

Information security Mainly focused in protecting Information and Information systems from threats and risks that may result in unauthorized disclosure, interruption, modification and destruction. SECURITY RISKS AND THREATS

Security principle for ensuring non-disclosure of Information to unauthorized users  Small size – Easily misplaced, left unattended, stolen  Vulnerabilities in mobile applications - Malicious Code embedded in mobile apps  Wireless Technology – Bluetooth & Wi-Fi SECURITY RISKS AND THREATS - CONFIDENTIALITY

Data integrity refers to the accuracy and consistency of stored or data in transit, which is mainly indicated by the absence of data alteration in an unauthorized way or by unauthorized person  Weak protection mechanisms  Turning off security features  Intentional hacking of the traffic through sniffing and spoofing SECURITY RISKS AND THREATS - INTEGRITY

Availability is a security attribute of ensuring that a system is operational and functional at a given moment of time  Compromised devices causing downtime to the connected infrastructure  DOS attacks targeting mobile devices battery SECURITY RISKS AND THREATS - AVAILABILITY

Secure Information while optimize Key requirements of security solution ENFORCE SECURITY Protection ManagementSupport Detection

 Discover devices’ protection mechanisms  availability of antivirus  remote sanitization & encryption capabilities  authentication strength  Block unprotected /compromised devices based on Security policy set ENFORCE SECURITY - DETECTION MECHANISMS

 Effective Authentication methods – avoid plain, weak passwords  Access Control - Limit what attacker can do  Encryption  Protect stored information – even when device is lost  Protect transmitted data  Block unused, vulnerable communication ports  Disable wireless communication (Bluetooth, Wi-Fi) while not in use ENFORCE SECURITY – PROTECTION MECHANISMS

Centrally managing all devices  Security Administration  Control  Audit  Report Security Policies - Digital Policy Certificate ENFORCE SECURITY - MANAGEMENT

Support when devices are lost  Remote Sanitization  GPS Locator Education and Security awareness  Simple Steps to reduce risks  Trusted sites for downloading applications  Proper security settings  Use of strong password  Regular updating devices ENFORCE SECURITY - SUPPORT

Ratings by Security Mechanisms Category Enterprise Readiness of Consumer mobile platforms by Cesare Garlati of Trend Micro Security Mechanisms in Mobile Platforms

 Usage of mobile applications is inevitable  Organizations’ commitment  Investment in security solutions - Means for enforcing, monitoring and auditing protection mechanisms  Users Security Awareness CONCLUSION

Q & A THANK YOU