2014 - dss - mobile devices & security overview
DESCRIPTION
Short overview of security issues regarding mobile phone usage. Examples of mobile threats, common mistakes of users, sophistication of cyber criminals and some futuristic vision of mobility development in technology era.TRANSCRIPT
Innovations in data security
Mobile Security Basics
Andris Soroka
09.04.2014
The Saga Begins – Scared vs. Informed
Some words about history…
PHONE Elisha Gray & Alexander Granham Bell
2013Xperia Z UltraSONY
What this is not about (left side)...
What this is about..
What is all about
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
“Data Security Solutions” business card
Specialization – IT Security
IT Security services (consulting, audit, pen-testing, market analysis, system testing and integration, training and technical support)
Solutions and experience portfolio with more than 20 different technologies – cyber-security global market leaders from more than 10 countries
Trusted services provider for banks, insurance companies, government and private companies (critical infrastructure etc.)
Role of DSS in Cyber-security Development in Baltics
Cyber-Security Awareness Raising
Technology and knowledge transfer
Most Innovative Portfolio
Trusted Advisor to its Customers
Cybersecurity Awareness Raising
Own organized conference “DSS ITSEC”5th annual event this yearMore than 400 visitors + more than 250 online live streaming watchers from LV, EE, LT4 parallel sessions with more than 40 international speakers, including Microsoft, Oracle, Symantec, IBM, Samsung and many more – everything free of charge
Participation in other events & sponsorshipCERT & ISACA conferences & eventsRIGA COMM, HeadLight, IBM Pulse Las vegasRoadshows and events in Latvia / Lithuania / Estonia (f.i. Vilnius Innovation Forum, Devcon, ITSEC HeadLight, SFK, business associations)
Participation in cyber security discussions, strategy preparations, seminaries, publications etc.
Innovations – technology & knowledge transfer
Innovative Technology Transfer Number of unique projects done with different technology global leadership vendorsKnowledge transfer (own employees, customers – both from private & public, other IT companies in LV, EE, LT) Specialization areas include:
Endpoint SecurityNetwork SecuritySecurity ManagementApplication SecurityMobile SecurityData SecurityCyber-securitySecurity Intelligence
Some just basic ideas
Agenda
Prologue
Digital world 2014
Threats & Security
Recommendations
Exit scene
Prologue: The Digital World 2014 & future
Fastest technology development in time..
Prologue: Some new technologies
3D PrintersGoogle Glasses (“glassh**es)Cloud ComputingBig Data & SupercomputersMobile Payment & Virtual MoneyRobotics and Intraday DeliveriesInternet of thingsAugmented RealityExtreme development of ApsDigital prototypingGadgets (devices) & MobilityTechnology replaced jobs (automation)
Geo-location powerBiometricsHealth bands and mHealthElectronic carsAvegant Glymph and much, much more
Prologue: Mobility & Gadgets
Prologue: Mobility & Gadgets
Prologue: Mobility & Gadgets
21st Century – Mobility century
PC era Mobile era
Prologue: Mobility & Gadgets
Multi-OS
Tablets now and future of tablets
Mobility future forecast
1 Cisco IBSG Horizons Study of 600 U.S. IT and business leaders
“Globally in 2013 an average economically active person owns 2.8 mobile devices. In 2014 it is forecasted that such person will own 3.3 devices. Forecast is giving taking in mind also that population increases.” 1
Millions of mobile applications
Mobility & Security
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
Digital Agenda for European Union
Mobility & Security
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
Privacy is gone?
What exactly phone can collect...
- Emails & other data- Location- Social Media data- Personal information- Degrees of contact- Web-based data
Mobility & Security...
Mobility & Security
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
Governments as malware writers
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
Mobility & Security
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
Mobility & Security
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
Mobility & Security – Use cases
We give mobile devices to children or any other friendly souls (multiuser factor)
We install as many differerent applications as possible - games, social media etc. (apps vulnerability factor)
We experience lost or stolen devices & mostly those won’t be returned
We don’t care about securty basics (updates, security programms, encryption, passwords etc.)
We connect to anything that is FREE
We open EVRYTHING
We give 3rd party apps any possible rights
We don’t make «seasonal» clearings of our devices
Mobile device as entry point
Mobility for enterprise
M - the need for mobility O - the need to improve operations B - the need to break business barriers I - the need to improve information quality L - the need to decrease transaction lag E - the need to improve efficiency
Mobility and enterprises (cont.)
ITMobile
2-3x as many employees using mobile
Devices not Windows-based
>50% owned by employees
>50 apps per device
Most mobile apps built outside IT
Constant OS migration
Mobility & Security
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
Mobility & Security
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
Mobility & Security
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
Mobility & Security
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
Mobility & Security
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
Mobility & Security
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
Mobility & Security
“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1
4 Roll out at scale
Group-basedUser self-service
Multi-tier management
EmailAD/LDAP
CertificatesBES
2 Integrate tightly
Email and appsPolicy and identity
Connectivity (Wi-Fi, VPN)By group, individual, or ownership
1 Configure securely
3 Protect privacy
BYOD programsRegional regulations
Across OSFor apps and devices
For BYOD and corporate programs
5 Manage inventory
Wipe corporate data15 Limit roaming costs14
Deliver apps at scale
Protect app container12
11
Tunnel app data13Apps
6 Monitor risk
8 Enforce identity
9 Automate workflow
7 Control access
Security
Access and protect docs10Docs
Korporatīvā vide
Drošu pašu veidoto mobīlo aplikāciju izveide
Pilnvērtīgi ieviest un izmantoto korporatīvajā vidē tā saucamo «Nāc ar savu ierīci» («BYOD») tendenci
Mobīlo ierīču pārvaldība un drošībaMobīlo aplikāciju pārvaldības politika
Datu nošķirtības sasniegšanaPrivātie datiKorporatīvie dati
Nodrošināt drošu piekļuvi pie korporatīvajiem datiem un darba aplikācijām
Drošs savienojums (šifrēts)Identitātes kontrole, autentifikācija un autorizācija, arī auditsDroša pašmāju aplikāciju izstrāde un testēšana