Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.appmobi.com The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

Published byMarion Armstrong Modified over 7 years ago

Similar presentations

Presentation on theme: "Www.appmobi.com The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World."— Presentation transcript:

1 www.appmobi.com The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World

2 Presenters www.appmobi.com Mark Stutzman CEO, Appmobi Ben Webster Director Engineering, Appmobi

3 A History of Groundbreaking Ideas Appmobi Launched XDK Hybrid app dev platform XDK acquired by Intel Mobile cloud services launched Secure Mobile Dev Platform launched

4 Who we are? Mobile Security software and services company Security Kit: Our SDK that simplifies the development of end-to-end encryption and security for new and existing apps Protection Center: Automates the detection and remediation of mobile threats in real time Professional Services: Security consulting, secure app architecture and development, platform support and installation. www.appmobi.com

5 The Problem Apps today are insecure Devices and OS’s are insecure Users are even more insecure HIPAA and other laws require protected data All data needs to be encrypted – everywhere! www.appmobi.com We are Responsible for our User’s Privacy and Our Data!

6 www.appmobi.com By the numbers… 375 security vulnerabilities found in iOS 85% of all Android devices have at least 25 vulnerabilities Average mobile devices connect to 160 unique servers each day 37M Malware issues detected over a 6 month period 75% of all mobile apps fail basic security tests 43% of mobile users do NOT use a passcode! 9M suspicious apps in the app store 52M smartphones lost or stolen in 2014

7 www.appmobi.com Secure Development Challenges Improper Platform Usage Insecure Data Store Insecure Communication Insecure Authentication Time Pressure Budget Constraints Insufficient Cryptography Code Tampering Reverse Engineering Extraneous Functionality Feature Creep Poor Testing

8 www.appmobi.com Um…This Is Not the Solution.

9 Healthcare App – Use Case www.appmobi.com The most complete and flexible mobile security available A simple HIPAA compliant app for Patients to review their Electronic Medical Records and chat with their Physician. It should also enable Dr. to Dr. chat.

10 www.appmobi.com Healthcare App Architecture

11 HIPAA Core Compliance www.appmobi.com Strong encryption mechanisms to protect data Identity controls to enforce user authorization and policies Data integrity and auditing tools

12 3 Key Areas to Cover www.appmobi.com 1.Access Control Requirements: Deals with user identification, authentication controls, access to information, and protection of data on all points of transmission 2.Transmission Security: Both encryption of data over the wire and validation of data sent 3.Audit & Integrity: Recording access to data and validates data is not improperly modified or destroyed

13 Protecting Our Data www.appmobi.com Unique User Identification: All users accessing the system must be uniquely identifiable and trackable Authentication: Implement procedures to verify that a person or entity seeing access to ePHI is the one claimed Encryption & Decryption: Mechanisms must be in place to encrypt and decrypt ePHI Secure Transmission: ePHI data must be appropriately encrypted when transmitting Auditing: Implement mechanisms that record and examine activity in systems that contain or use ePHI

14 Development & Release Process www.appmobi.com Dev Sandbox - mock data, never include ePHI in any dev or staging environment Test & Debug - protect against common pitfalls such as unintended data leakage, client side injection, proper session handling, etc. Enforce strict data policies - only allow access to the bare minimum required Session timeouts - Automatically log off users after a predetermined window of time Password policy - Enforce length, complexity, and rotation Log application activity - User authentications, access to ePHI, emergency access procedures

15 www.appmobi.com But wait, there’s more! Appmobi can help - our solutions solve this problem.

16 Remember who we are! Mobile Security software and services company Security Kit: Our SDK that simplifies the development of end-to-end encryption and security for new and existing apps Protection Center: Automates the detection and remediation of mobile threats in real time Professional Services: Security consulting, secure app architecture and development, platform support and installation. www.appmobi.com

17 Security Kit End-to-end encryption and full security solutions for any mobile app – existing or new, native or hybrid Encryption Toolkit Secure Data Store Secure Push Messaging Secure Live Update Secure Analytics All provided via secure cloud, private stack or on premise

18 www.appmobi.com Protection Center 1st of its kind mobile threat detection and remediation platform Monitors and resolves security issues automatically App level threat event monitoring Real time, rule based resolutions (protections) User behavior profiles Launching with predefined “Protections” – events and rule mapping with action choices Easily add custom events and new rules and actions

19 www.appmobi.com Professional Services We can help with all of your secure app needs We are experts at building secure apps Software Installation, training, support App security consulting, planning, & strategy Application architecture, development, & testing

20 Summary www.appmobi.com Apps, Devices, and OS’s are insecure Users are even more insecure! All data needs to be encrypted – everywhere! Its not an option with regulations such as HIPAA Appmobi can help!

21 Let’s Talk www.appmobi.com Mark Stutzman CEO, Appmobi mark@appmobi.com 845-218-1096 Ben Webster Director Engineering, Appmobi bwebster@appmobi.com 845-218-1107

22 www.appmobi.com The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World

Download ppt "Www.appmobi.com The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
HIPAA, Computer Security, and Domino/Notes Chuck Connell, www.chc-3.comwww.chc-3.com.

HIPAA, Computer Security, and Domino/Notes Chuck Connell,
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
XProtect® Expert 2013 Product presentation

XProtect® Expert 2013 Product presentation
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
The Right Choice for Call Recording WWW.OAISYS.COM OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.

The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Similar presentations

Ads by Google