Presentation is loading. Please wait.

Presentation is loading. Please wait.

BYOD Enterprise Mobile Security for IOS Devices

Published byCuthbert Fitzgerald Modified over 5 years ago

Similar presentations

Presentation on theme: "BYOD Enterprise Mobile Security for IOS Devices"— Presentation transcript:

1 BYOD Enterprise Mobile Security for IOS Devices
Justin Griffin Cybersecurity Analyst DSA Inc. The global Market for Bring your own device and enterprise mobility is expected to quadruple in size over the next 4 years. Hitting 284 billion by BYOD software is used by some of the largest organizations and governments around the world. Barclays, Walmart, AT&T, Vodafone, DHS, Army, Australian department of environment and numerous other organizations, big and small. All over the world.

2 Agenda iOS Applications in General
What is BYOD? Why BYOD? Who uses BYOD? Protection Claims iOS Jailbreaks and other Exploits What can you do\Best Practices Take Aways

3 Ios Applications > 1.4m Applications in iOS App Store
~10% in Business Category 35% of Enterprises have an Enterprise App Store Simple vs Complex Functionality Mobile application capabilities have not caught up with device capabilities Maybe 10% of apps have advanced functionality MDM, Soft Tokens, Payment Applications, HomeKit.

4 Survey on what people thought they should be most concerned with
The one that should concern most of us is the bottom one that is circled, think of security risk management framework. Heading off threats before they happen, decreasing the attack vectors a head of time. This is hard when using 3rd party applications, devices, and tools.

5 This allows companies to reduce overhead. BYOD Adoption
What and Why? Bring Your Own Device This allows companies to reduce overhead. BYOD Adoption 74% using or adopting BYOD Enterprise Mobile Security (Terms) MAM (Mobile Application Management) MIM ( Mobile Information Management) MDM (Mobile Device Management) According to industry. EMS (Enterprise Mobile security) is a component of BYOD solutions that promises data, device and communications security for enterprises.

6 Protection Claims “Prevent employees from opening files in unsecured apps, backing up business data to personal cloud-based services, or coping and pasting business” “Detect OS tampering and other policy violations” “Remotely lock or wipe devices” “Protect mobile apps and servers from being hacked” Things we want our solution to address\what people are saying.

7 Leaders in BYOD technology
Top 5 EMS Solution Providers VMware AirWatch MobileIron Citrix IBM Blackberry These are the leaders in Mobile device security. Gant Chart

8 Ios jailbreak Example below of how the iPhone iOS has been broken into and by who

9 What about root? Physical Access DROPOUTJEEP
Lost devices / Stolen Devices Remote Attacks (TS//SI//REL) DROPOUTJEEP will have future release for close access methods. (TS//SI//REL) DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voic , geolocation, hot mic, camera capture, cell tower location, etc. Command, control, and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted. (TS//SI//REL) The initial release of DROPOUTJEEP will focus on installing the implant via close access methods. A remote installation capability will be pursued for a future release.

10 Threat Model Using Mobile Enterprise Management software can with implementing the mitigating controls. Threat Modelling is an approach for analyzing the security of an application. It is a structured approach that enables you to identify, quantify, and address the security risks associated with an application. Another term or practice that should be used and learned. Helps identify risk

11 What Can you do?? Best Practices: Employee Education
Be careful of USB chargers (Exploit BadUSB) Implement VPN connections for mobile devices More vetting of apps that are accepted to run. Best Practices: Determine Organizational Requirements Polices Must be for Everyone Get buy in for your Polices (People agree with them) Restrict mobile resources and applications Implement usage limits Segregation of personal Data Use Enterprise Management Software for real-time compliance Monitoring Use remote lock or wipe features to prevent data leakage due to lost or stolen devices Turn on Geo-location services BACK UP CORPORATE DATA!! BadUSB writes -- or overwrites -- a USB device’s firmware code to carry out malicious actions. First announced in July 2014, BadUSB was discovered by a pair of computer researchers at Security Research Labs in Berlin, who then demoed their discovery at the Black Hat Conference. The attack is feared because all the traditional methods of checking for malice on a USB storage device do not work. The malicious code is planted in the USB’s firmware, which is executed when the device is plugged into a host. The host can’t detect the firmware code, but the firmware’s code can interact with and modify software on the host computer. While adopting BYOD, consider work culture in the organization, habits of mobile users, and even the applicable laws to address legal issues. Think about the scenarios where the users prefer to access corporate data on personal devices, and common habits of users when accessing sensitive data. For instance, a sales manager might prefer to take down the orders on a tablet instead of carrying a laptop. Identifying these types of organizational requirements or restrictions can help in building a standard structure for BYOD adoption in organizations -Separation of duties – even on Mobile devices

12 Take aways! Train your users!!!
BYOD Policy helps to a certain extent, but such attacks will always be possible. Do not blindly trust what the vendors sell you Train your users!!!

13 Questions?

Download ppt "BYOD Enterprise Mobile Security for IOS Devices"

Similar presentations

Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.

Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
MANAGING AND SECURING BYOD Legal ITs Next Great Challenge.

MANAGING AND SECURING BYOD Legal ITs Next Great Challenge.
Security for Mobile Devices

Security for Mobile Devices
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
1 1 March 20, 2014 A SIMPLE APPROACH TO BYOD. WHAT THEY DONT WANT IS: Company monitoring of their personal activities or restriction of the apps they.

1 1 March 20, 2014 A SIMPLE APPROACH TO BYOD. WHAT THEY DONT WANT IS: Company monitoring of their personal activities or restriction of the apps they.
Identify risks with mobile devices: Portable data storage Wireless connections 3 rd party applications Data integrity Data availability 2.

Identify risks with mobile devices: Portable data storage Wireless connections 3 rd party applications Data integrity Data availability 2.
Mobile Asset Disposition in a BYOD World Craig Boswell HOBI International, Inc.

Mobile Asset Disposition in a BYOD World Craig Boswell HOBI International, Inc.
Mobile Access: BYOD Trends SCOTT DUMORE - DIRECTOR, TECHNOLOGY, CHANNELS & ALLIANCES AUTONOMY, HP SOFTWARE.

Mobile Access: BYOD Trends SCOTT DUMORE - DIRECTOR, TECHNOLOGY, CHANNELS & ALLIANCES AUTONOMY, HP SOFTWARE.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
SANS Technology Institute - Candidate for Master of Science Degree Design Phase 1 of an iPhone Rollout Mark Baggett, Jim Horwath June 2010.

SANS Technology Institute - Candidate for Master of Science Degree Design Phase 1 of an iPhone Rollout Mark Baggett, Jim Horwath June 2010.
Everything you want to know about managing mobile devices in the enterprise Ivan Hemmans hemmans.com From A to Z.

Everything you want to know about managing mobile devices in the enterprise Ivan Hemmans hemmans.com From A to Z.
Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.

Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.
By: Melissa Varghese Nikhil Madhusudhana Stella Stephens Yang Shi BYOD: Device Management.

By: Melissa Varghese Nikhil Madhusudhana Stella Stephens Yang Shi BYOD: Device Management.
6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,

6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,
Week 9, Network Communication Software, Dept of Informatics, Faculty of Business.

Week 9, Network Communication Software, Dept of Informatics, Faculty of Business.
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT Christopher P. Buse Assistant Commissioner and CISO State of Minnesota Mobile Device Management Assessing.

INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT Christopher P. Buse Assistant Commissioner and CISO State of Minnesota Mobile Device Management Assessing.
BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.

BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.
BYOD: RISKS, MATURITY, AND SOLUTIONS ADAM ELY

BYOD: RISKS, MATURITY, AND SOLUTIONS ADAM ELY

Similar presentations

Ads by Google