Post on 13-Apr-2017
Build Your Own Defense
Abbas Ali Khumanpur, CISSPSecurity Consultant, STARLINK
ISC2 Kuwait ChapterMeet
13th May 2015
AGENDA
• Evolution of Computing Space
• Why BYOD Matters
• Threat Vectors on Mobile
• BYOD Strategy
• Multiple OS & Platforms• IOS• Android• Microsoft 10
Evolution of Computing Space
SOURCES: Asymco.com, Public Filings, Morgan Stanley Research, Gartner, IDC
The PC/Web Era The Post-PC EraThe Mobile/BYOD Era
Mainframe EraApplications and Data…
behind a Glass Wall.
PC EraApplications and data on our desks…trapped at work.
Web EraAll-access, apps and content…
everywhere
BYOD EraAny app and data
For personal and work
On a device we love
Wherever we are
Mobile will unlock human potential in the Workplace
Why BYOD Matters &Should you be worried?
• Smartphone and Tablet Technologies evolving and changing very rapidly.
• Empower Workforce through “Consumerisation of IT”• Ultimate goal: Increased Productivity with reduced costs.
BYOD DARK SIDE:• If BYOD not understood & regulated correctly, it THREATENS IT
Security
Threat Vectors on Mobile are Different from PC
Building a Successful BYOD Strategy
• According to Gartners, 90% of Enterprises (with >500 Employees) have already deployed Mobile Devices and many don’t have a STRATEGY.
• BYOD is more than just shifting ownership of device to the employee.
• It has complex and hidden implications.
Sustainability
• Secure corporate data• Minimize cost to implement and enforce• Preserve user experience• Stay up-to-date with user preference and technology
innovation
“User experience is the litmus test for policy sustainability”
Device Choice
BYOD Policy needs to be built around Device Choice
• Analyzing employee preference
• Define an Acceptable Baseline: Security and supported features
• Establishing clear communication to users about which devices are allowed or not, and why
• Ensuring the IT team has the bandwidth to stay up-to-date:
Trust Model
“The trust level of a mobile device is dynamic”
• Identifying and assessing risk for common security posture issues on personal devices
• Defining remediation options (notification, access control, quarantine, selective wipe):
• Setting tiered policy: “Based on Ownership”
User Experience & Privacy
The core tenet of successful BYOD deployments is preservation of user experience.
• User experience should not be compromised
• Identifying the activities and data IT will monitor
• Clarifying the actions IT will take and under what circumstances
Transparency will create trust
Liability• Important Considerations around BYOD liability
include:
• Assessing liability for personal web and app usage
• Evaluating the nature of BYOD reimbursement
• Assessing the risk and resulting liability of accessing and damaging personal data.
(for example, doing a full instead of selective wipe by mistake)
Managing OS & Platforms
Apple IOS
Android
Lollipop was clearly designed to change perceptions of vulnerability and fragmentation.
Android Lollipop
Android For Work
Android For Work
• Securely Deploying Enterprise Apps
• New APIs that Support Android for Work
• Separate Encryption Layer
• Separate Android for Work App Screenlock
Thank You !!!