Presentation is loading. Please wait.

Presentation is loading. Please wait.

BYOD Enterprise Mobile Security for IOS Devices

Similar presentations


Presentation on theme: "BYOD Enterprise Mobile Security for IOS Devices"— Presentation transcript:

1 BYOD Enterprise Mobile Security for IOS Devices
Justin Griffin Cybersecurity Analyst DSA Inc. The global Market for Bring your own device and enterprise mobility is expected to quadruple in size over the next 4 years. Hitting 284 billion by BYOD software is used by some of the largest organizations and governments around the world. Barclays, Walmart, AT&T, Vodafone, DHS, Army, Australian department of environment and numerous other organizations, big and small. All over the world.

2 Agenda iOS Applications in General
What is BYOD? Why BYOD? Who uses BYOD? Protection Claims iOS Jailbreaks and other Exploits What can you do\Best Practices Take Aways

3 Ios Applications > 1.4m Applications in iOS App Store
~10% in Business Category 35% of Enterprises have an Enterprise App Store Simple vs Complex Functionality Mobile application capabilities have not caught up with device capabilities Maybe 10% of apps have advanced functionality MDM, Soft Tokens, Payment Applications, HomeKit.

4 Survey on what people thought they should be most concerned with
The one that should concern most of us is the bottom one that is circled, think of security risk management framework. Heading off threats before they happen, decreasing the attack vectors a head of time. This is hard when using 3rd party applications, devices, and tools.

5 This allows companies to reduce overhead. BYOD Adoption
What and Why? Bring Your Own Device This allows companies to reduce overhead. BYOD Adoption 74% using or adopting BYOD Enterprise Mobile Security (Terms) MAM (Mobile Application Management) MIM ( Mobile Information Management) MDM (Mobile Device Management) According to industry. EMS (Enterprise Mobile security) is a component of BYOD solutions that promises data, device and communications security for enterprises.

6 Protection Claims “Prevent employees from opening files in unsecured apps, backing up business data to personal cloud-based services, or coping and pasting business” “Detect OS tampering and other policy violations” “Remotely lock or wipe devices” “Protect mobile apps and servers from being hacked” Things we want our solution to address\what people are saying.

7 Leaders in BYOD technology
Top 5 EMS Solution Providers VMware AirWatch MobileIron Citrix IBM Blackberry These are the leaders in Mobile device security. Gant Chart

8 Ios jailbreak Example below of how the iPhone iOS has been broken into and by who

9 What about root? Physical Access DROPOUTJEEP
Lost devices / Stolen Devices Remote Attacks (TS//SI//REL) DROPOUTJEEP will have future release for close access methods. (TS//SI//REL) DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voic , geolocation, hot mic, camera capture, cell tower location, etc. Command, control, and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted. (TS//SI//REL) The initial release of DROPOUTJEEP will focus on installing the implant via close access methods. A remote installation capability will be pursued for a future release.

10 Threat Model Using Mobile Enterprise Management software can with implementing the mitigating controls. Threat Modelling is an approach for analyzing the security of an application. It is a structured approach that enables you to identify, quantify, and address the security risks associated with an application. Another term or practice that should be used and learned. Helps identify risk

11 What Can you do?? Best Practices: Employee Education
Be careful of USB chargers (Exploit BadUSB) Implement VPN connections for mobile devices More vetting of apps that are accepted to run. Best Practices: Determine Organizational Requirements Polices Must be for Everyone Get buy in for your Polices (People agree with them) Restrict mobile resources and applications Implement usage limits Segregation of personal Data Use Enterprise Management Software for real-time compliance Monitoring Use remote lock or wipe features to prevent data leakage due to lost or stolen devices Turn on Geo-location services BACK UP CORPORATE DATA!! BadUSB writes -- or overwrites -- a USB device’s firmware code to carry out malicious actions. First announced in July 2014, BadUSB was discovered by a pair of computer researchers at Security Research Labs in Berlin, who then demoed their discovery at the Black Hat Conference. The attack is feared because all the traditional methods of checking for malice on a USB storage device do not work. The malicious code is planted in the USB’s firmware, which is executed when the device is plugged into a host. The host can’t detect the firmware code, but the firmware’s code can interact with and modify software on the host computer. While adopting BYOD, consider work culture in the organization, habits of mobile users, and even the applicable laws to address legal issues. Think about the scenarios where the users prefer to access corporate data on personal devices, and common habits of users when accessing sensitive data. For instance, a sales manager might prefer to take down the orders on a tablet instead of carrying a laptop. Identifying these types of organizational requirements or restrictions can help in building a standard structure for BYOD adoption in organizations -Separation of duties – even on Mobile devices

12 Take aways! Train your users!!!
BYOD Policy helps to a certain extent, but such attacks will always be possible. Do not blindly trust what the vendors sell you Train your users!!!

13 Questions?


Download ppt "BYOD Enterprise Mobile Security for IOS Devices"

Similar presentations


Ads by Google