Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will...

20
Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and service innovation. But first, they have to address the security challenges associated with this new model of work. Singtel Business Product Factsheet Mobile Management & Security Suite

Transcript of Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will...

Page 1: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Mitigate Risks. Maximise Rewards.Mobility will enable enterprises to raise the bar in productivity, efficiency and service innovation. But first, they have to address the security challenges associated with this new model of work.

Singtel Business

Product FactsheetMobile Management & Security Suite

Page 2: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role
Page 3: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Preface

The Role of Security in Enterprise Mobility

Balancing Act - How enterprises can reap the benefits of BYOD without compromising security

Countering the Costs - How enterprises can stay ahead of threat players in the cybersecurity curve.

What’s Up with WhatsApp? - How enterprises can deliver the ease of use that employees love while reining in security risks.

Antidote for App-tampering - How enterprises can protect their mobile apps from malware.

1

2-4

5-6

7-9

10-12

13-15

Contents

Page 4: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role
Page 5: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Singtel Mobile Management & Security Suite

Preface Today, more and more people are using their mobile devices to access corporate applications and data as they carry out their work on-the-go and try to respond more quickly to their customers.

This, however, also means that the mobile device has become a prime target for hackers, malware and other forms of cyber attacks.

Enterprises need to be prepared for these threats and understand that mobile security is now a “must-have” for the business. It cannot be an afterthought, but has to be considered up-front when planning the mobility strategy for the enterprise.

In this mobile security supplement, we bring you insights from Singtel and our partners in the mobile security ecosystem to help you understand the challenges surrounding mobile security and the solutions that are available to protect your enterprise. Through this series of articles, we will:

Lee Han KhengVice President, Global ProductsSingtel

01 Preface

The BYOD/CYOD (bring your own device/choose your own device) era has arrived, and it is being embraced by businesses as a way of empowering employees, driving productivity and enhancing customer engagement.

Examine the developments that are shaping the mobility landscape and how enterprises can address the security challenges that they are facing in the mobile era.

Explain the role of mobile device management and what else is needed to address the security requirements of a “Mobile First” enterprise.

Shed light on the nature of mobile threats and the cost that they inflict on the enterprise.

Discuss how enterprises can balance the need for flexible and easy-to-use mobile apps against concerns over security.

Share how enterprises can future-proof their applications and prevent app tampering.

We hope that these insights will help you plan your mobile security journey and enable your enterprise to leverage the benefits of mobility with peace of mind.

Page 6: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Singtel Mobile Management & Security Suite

02 The Role of Security in Enterprise Mobility

In today's fast-moving, and highly-competitive business landscape, mobility has not only changed employees’ work habits; it has also forced enterprises to adjust their IT and business strategy to cater to the new wave of devices trying to access corporate data. Apart from looking at the bring-your-own-device (BYOD) phenomenon as a means of increasing mobile workforce productivity, it is important to realise that security is the other piece of the puzzle that has to be in place in order for the enterprise to roll out an effective mobile strategy.

Wong Loke Yeow, Director of Security Services at Singtel, discusses the developments that are shaping the mobility landscape, how these affect the evolution of cyber threats, and how enterprises can address the security challenges that they are facing in the mobile era.

Q: What does the mobile landscape look like for the enterprise now, and how will it change in the near future?

Many mobile security solutions are relatively untested and the time, effort and resources required to plan a security strategy, assess multiple solution vendors and carry out the actual procurement is prohibitive for most business organisations. On top of this, the need to manage integration between various solutions and vendors, and to understand the compatibility and synergy between various products, can be overwhelming.The adoption of mobility has long passed the tipping point. Innovation in mobile apps is driving new ways of using mobile devices; the devices themselves are becoming increasingly powerful and versatile; and we are now about to cross the chasm that separates handhelds and wearables.

In the near future, as Smart Cities start to develop, we will see greater connectivity between mobile/wearable devices and the ubiquitous network of sensors in buildings and on the streets, exchanging data and delivering services to end users on-the-go.

Q: What impact does an increasingly mobile workforce have on enterprise IT security?

With more and more employees using their devices to carry out work-related tasks, the line between what is “corporate use” and what is “personal use” is rapidly evaporating. From a security perspective, the attack surface of the enterprise has expanded significantly as a result of this. Cyber criminals and state-sponsored attackers have shifted their focus to attacking “softer” mobile targets which are more open and vulnerable, and at the same time more prevalent. Recognising this, the more forward-looking enterprises have begun adapting a “mobile first” strategy which includes a main focus on mobile security in their IT support and security controls.

Q: What are the main challenges that chief information officers (CIOs) face in implementing enterprise-wide mobile security solutions?

Mobile platforms are changing at a very rapid pace – possibly four to eight times the rate of change as compared to traditional computing platforms. At the same time, the mobile security industry is in a nascent state compared to their counterparts in the more mature and commoditised network security space.

The Role of Security in Enterprise Mobility

Page 7: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

03

Control - We need to know what assets we have, and control on who can access what, and limit the features of the devices that are allowed to access the corporate network.

Protect - We need an effective way to ensure that only authorised access to applications and content are permitted, and that content encryption is in place in case of data leakage.

Prevent - In the event of a cyber attack, it is important to know exactly how the malware behaves and how to prevent it from doing more harm.

React - Once the malware behaviour is understood, we need to be able to respond in a timely manner to critical cybersecurity incidents in the environment. When security breaches do occur, business systems and processes need to be resilient and bounce back quickly so that there is minimal disruption to business operations.

MULTI LAYERS OF SECURITYAnti-App Tampering

SIEM / Professional Services

Mobile Threat PreventionEndpoint Threat Prevention

Comms (Voice/ Message) ManagementMobile App ManagementMobile Content Management

ContainerisationMobile Device Management

Q: What is Singtel’s approach in helping enterprises to address these security threats and challenges?

Singtel understands the advanced and continuously-evolving landscape of mobile threats and the fact that the usual security solutions are not effective anymore against the new and more intelligent malware that are emerging.

We believe for businesses to successfully address these challenges, there needs to be an integrated, multi-layered approach that cuts across the enterprise security life cycle.

Many mobile security solutions are relatively untested and the time, effort and resources required to plan a security strategy, assess multiple solution vendors and carry out the actual procurement is prohibitive for most business organisations. On top of this, the need to manage integration between various solutions and vendors, and to understand the compatibility and synergy between various products, can be overwhelming.

Developing an end-to-end security solution, therefore, presents a formidable challenge to CIOs. It can be costly and complex, especially for companies that do not have dedicated resources to look after security or do not have the expertise to identify all possible attack vectors.

Page 8: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Singtel Mobile Management & Security Suite

04 The Role of Security in Enterprise Mobility

Having control over the devices that access corporate information is only the first step. To deliver an effective end-to-end security solution, enterprises need to look beyond devices and develop a strategy for protecting the applications and content. They may even have to go one step further to look at the consumers that the enterprise is extending its applications to. They will also have to build up security preparedness and response capabilities with the mindset that breaches are inevitable and imminent.

When it comes to cybersecurity, and especially with the advent of mobility, the adversary has an unfair advantage. It is eminently easier for an attacker to find vulnerability in the applications that we have painstakingly written, or a gap in the well-documented set of “best practices” that we follow, than it is for us to make our systems attack-proof.

Enterprises will do well to invest in capabilities to detect successful breaches and the means to contain

This is the era of the “post-breached world” where it is no longer a matter of “if” one gets compromised, but “when” and “where”.

such breaches in order to minimise the loss of data, damage to systems, and disruption to business operations. Singtel works with an ecosystem of top-tier partners to deliver end-to-end, multi-layered security solutions architected to meet the unique needs of each business environment. Our team of experts will help ensure that these security products are integrated to work seamlessly together as part of a comprehensive suite of security services, delivering enterprise-class protection at a fraction of the cost of an equivalent internal solution.

Singtel Security Services

We bring together an ecosystem of top-tier partners to deliver end-to-end, multi-layered security solutions integrated to meet the unique needs of each business.

We keep a close watch on the security of your enterprise by providing robust real-time monitoring services that encompass both physical and cybersecurity.

Our intelligent processing and real-time correlation technology anticipates emerging threats while round-the-clock monitoring ensures timely response to alerts and their rapid resolution.

Our security services are run and managed from a world-class Security Operations Centre, allowing enterprises to tap on best-of-breed solutions to secure their IT infrastructure.

Our service delivery approach is based on the NCS IT Service Management (ITSM) Framework and aligned with the IT Infrastructure Library (ITIL) best practices. Our services are also certified under the IT security management standard ISO/IEC 20000-1.

We provide enterprises with immediate and easy access to certified, highly-skilled personnel as well as qualified expert witnesses for complex litigation cases involving infocomm security breaches.

For organisations that are looking to leverage expertise, capabilities and best-in-class technologies in security, Singtel Managed Security Service (MSS) presents an “extended security arm” designed to provide businesses with a comprehensive network security monitoring and management solution and a suite of security capabilities for uninterrupted protection of critical enterprise IT and information assets against malicious network traffic.

24

Page 9: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Jon Andresen, Director of Marketing and Products, Asia Pacific and Japan, MobileIron, shares his views on how Mobile Device Management (MDM) has become the go-to solution for resolving BYOD challenges, and whether MDM can adequately address all the concerns surrounding enterprise security in the age of BYOD.

Q: What constitutes the “bare minimum” in mobile security for the enterprise?

Today, the security challenges associated with mobility have only increased with the surge in cyber crimes, widespread data leakage and rampant identity theft. At the same time, users are increasingly using their personal mobile devices for work - whether they are allowed to by enterprise IT or not – creating a form of “shadow IT” that is problematic as neither the device nor the data is secure.

The minimum level of security required today is to secure the device itself, and this is where MDM comes in. However, the challenge here is to find an MDM solution that truly embraces the native mobile OS experience that users have come to expect.

Q: What is MDM and how does it address the BYOD challenges?

MDM aims to empower IT to manage the devices that access corporate information, regardless of the device’s OS platform. It also enables IT to seamlessly control the types of data that can be accessed by a particular device, and to secure and wipe company information on the device if the device has been compromised. MDM is the first layer of security in mitigating the risks of BYOD.

Q: How has MDM changed the world of BYOD and CYOD (choose-your-own-device) for companies?

MDM has become a critical technology for enterprises as they struggle to embrace mobility while extending the IT security perimeter to remote devices. The enterprise world is changing from a PC/desktop-led world to a newer and faster-moving mobile world. We are now seeing one of the largest shifts in enterprise IT in many years as enterprises increasingly embrace mobility over static desktop computing and in so doing dramatically increase workforce productivity and the effectiveness with which they serve their customers.

Balancing ActHow enterprises can reap the benefits of BYOD without compromising security.

Balancing Act 05

The boundaries of the enterprise are being extended as more and more employees use their personal tablets and smartphones for work. While this promotes productivity by empowering employees to access corporate data using familiar devices and enabling them to respond faster to work-related matters, we cannot turn a blind eye to the glaring security risks the bring-your-own-device (BYOD) phenomenon has introduced to the enterprise.

CIOs and IT departments have to prepare to face this new era of work by creating a mobility strategy for the enterprise - setting policies, ensuring compliance and implementing restrictions where needed.

With the shift to BYOD/CYOD, it is imperative that enterprises have a mobility strategy, and a big chunk of this involves having end-to end security in place.

Page 10: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Singtel Mobile Management & Security Suite

06 Balancing Act

As you open access to corporate data to more devices, the enterprise needs to have a way to manage and control those devices. MDM has made this possible. At the same time, enterprises should be aware of the other risks associated with mobility and the need to have a more comprehensive security solution in place.

Q: Why isn’t MDM enough to secure your company and mobile workforce?

MDM is a first step toward embracing mobility, but it addresses only one aspect of the security requirements of a “Mobile First” enterprise. The focus of MDM is to have control over the device – what gets in and what gets out. But to truly leverage the transformative value of mobility, IT also needs to allow users to access enterprise apps and content that are designed to support a mobile workforce, while maintaining control and security. MDM and device security form only one out of the three platform pillars that are required for end-to-end security.

The second pillar is Mobile Applications Management (MAM). After putting in place a secure solution for rolling out mobile devices and for privileged identity management (PIM), enterprises have to turn their attention to the

applications that will unlock the human potential at work and enable end users to be more productive. MAM enables IT to distribute company applications and productivity tools seamlessly to employees, while ensuring that access is protected by wrapping the apps and tools in a security layer. This ensures that the applications cannot be launched unless the user passes an authorisation check.

Thirdly, it is important to focus on Mobile Content Management (MCM). Besides securing enterprise applications and critical data on the devices, it is important to have MCM to prevent data loss. Aside from providing secured access to corporate content that is distributed via applications such as SharePoint or email, MCM provides an additional layer of protection for intranet browsing and can selectively wipe a device that is accessing corporate data if it is found to be compromised.

This multilayer protection, from MDM to MAM to MCM, constitutes the full Enterprise Mobility Management (EMM) suite.

Q: What are things to look for in an EMM partner?

Several factors are important when evaluating an EMM solution. Firstly, it is important look beyond typical MDM capabilities and go with a multi-layer solution that includes MAM and MCM on top of MDM.

The EMM software must also be able to support multiple operating systems such as Android, Google, Windows, and now Amazon Fire. This is important because the new devices are consumer-driven and IT is no longer making the decision as to which devices should be used. IT must be prepared to secure the devices that are chosen by the end user based on their particular preferences. It is also important to look at the application programming interfaces (APIs) provided by the EMM vendor as well. For example, having server-side APIs integrated with existing network access systems will deliver incremental value. It is equally important to have APIs on the client side to provide integration with business applications from leading vendors such as SAP, IBM and Accellion. Therefore enterprises should be looking not just at functionality but also at ecosystems. An example is MobileIron’s AppConnect, which is the biggest mobile IT platform ecosystem in the market.

Lastly, the EMM vendor should have the expertise to integrate the EMM solution with existing or new services and be able to offer maintenance and support. In this respect, MobileIron is partnering Singtel and tapping on the latter’s vast regional coverage and experience in integrating solutions from top-tier partners to offer seamless EMM deployments to customers.

Page 11: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Countering the CostsHow enterprises can stay ahead of threat players in the cybersecurity curve.

Countering the Costs 07

Cyber attackers are proficient at exploiting vulnerabilities in mobile applications. Downloading an innocent-looking app embedded with malware allows these attackers to gain control of the device and get hold of the user’s personal details such as corporate username and password.

Attacks are increasing in the mobile workspaceBy 2015, the world’s mobile worker population will reach 1.3 billion or 37.2% of the total workforce. The Asia Pacific will account for half of the mobile phones shipped globally. But what has been growing even faster is the occurrence of mobile malware attacks. According to FireEye user data , the number of malicious Android applications designed to steal financial data rose almost fivefold in the second half of 2013, from 265 samples in June to 1,321 in December.

Based on 2013 figures, the overall cost of cyber crimes was estimated to be S$1.25 billion (US$1 billion) in Singapore, US$1 billion in Japan and US$37 billion in China. Figures from the Hong Kong government indicated that while the number of cyber crimes doubled between 2009 and 2012, financial losses suffered by affected companies more than tripled.

Asian countries are now seen as the most likely targets of cyber attacks in the world. Recent research by FireEye Labs identified South Korea, Japan, Hong Kong, India and Singapore as the most targeted countries in the region. FireEye Labs also discovered that within Asia, the industries that experienced the highest number of advanced persistent cyber attacks in 2013 were, in order:

Once they breach an organisation’s defences, attackers have unfettered access to its resources and are able to penetrate deep into its network. It could take months to clean up after a single breach. Companies using traditional signature-based security tools such as antivirus software and intrusion detection/prevention systems would not be protected against this new breed of cyber threats.

Addressing these challengesToday, it is no longer enough to block known threats. The rate at which new malware is being developed and spread throughout the cyber world means that it is impossible to update the database of known malware signatures in real time. It is important, therefore, to also find a way to identify and block new, unknown threats.

Scott McCrady, Senior Director, Channel and Alliances – Asia Pacific and Japan, FireEye

While cyber crimes and hacktivism are growing threats, companies must also deal with the risk of security breaches as a direct result of the evolving technologies. Today, many companies are using mobile applications to enhance productivity. Mobile workers bring their own devices to the office and access company resources such as financial records, medical records, and other private business data while on the move.

1. Financial Services 2. Federal Government 3. High-Tech 4. Chemicals/Manufacturing/Mining 5. Services/Consulting

6. Higher Education 7. Telecom (Internet, Phone and Cable) 8. Energy/Utilities/Petroleum 9. Entertainment/Media 10. State and Local Government

Page 12: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Singtel Mobile Management & Security Suite

08 Countering the Costs

Sources: 1 Juniper Networks’ Trusted Mobility Index2 IDC (http://cdn.idc.asia/files/5a8911ab-4c6d-47b3-8a04-01147c3ce06d.pdf)3 FireEye User Data4 Kaspersky(http://media.kaspersky.com/en/Kaspersky-Lab-KSN-report- Financial-cyber-threats-in-2013-eng-final.pdf)

5 http://www.symantec.com/content/en/us/about/presskits/b-norton-report-2013-china.pdf, http://www.symantec.com/content/en/us/about/presskits/b-norton-report-2013-Japan.pdf, http://www.symantec.com/content/en/us/about/presskits/b-norton-report-2013-singapore.pdf

access critical work data from

personal devices1

use their personal devices for work without the company knowing1

of total workforce will be mobile

by 2015 2

of mobile malware is on

Android 3

increase in the number of applications which target

your financial data 4

Overall cost of cyber crimes in 2013 was estimated to be

S$1.25 billion (US$1 billion) in Singapore, US$1 billion in

Japan and US$37 billionin China 5

37.2% 41%

of popular Google Play apps may have

crypto weaknesses3

60%

89%

96%

5,000,000,000downloaded Android apps may bevulnerable to remote attacks 3

498% 498%

1.25b 1.25b

37b

Page 13: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

09

The new forms of malware are also advanced and sophisticated, and reside in seemingly harmless mobile apps. Once the app is launched, the malware can, for instance, access other apps on the device such as the calendar to spy on the user's appointments. It can also trigger the microphone and voice recorder to listen in to meetings scheduled on the calendar.

Rather than relying on signatures which are powerless against poly-morphing threats, FireEye Mobile Threat Prevention (MTP) executes applications within its purpose-built, patented Multi-Vector Virtual Execution (MVX) engine to detect unknown threats and prevent mobile devices from being compromised. It displays play-by-play analysis of suspicious applications, provides an index of pre-analysed applications, and generates threat assessments for custom applications.

FireEye MTP Analysis allows applications to be submitted individually for detailed analysis and application threat assessment, while FireEye MTP Management is a hybrid cloud offering that provides real-time, enterprise-wide visibility into threats residing on mobile devices.

FireEye MTP also leverages the FireEye ecosystem by exchanging threat intelligence through the FireEye Dynamic Threat Intelligence cloud. This gives access to intelligence and analysis to help understand cyber

threats, identify and stop attacks, and reduce the impact of compromise. Through a FireEye partnership with Singtel, FireEye Mobile Threat Prevention can also be integrated with the Singtel Security Operations Centre for centralised control and monitoring.

Singtel Security Services

FireEye Mobile Threat Prevention (MTP) uses the Mobile MVX engine to perform contextual correlation - connecting disparate actions for a full picture of the app’s intent - to uncover malicious and unwanted behaviours embedded deep within an app.

FireEye MTP Management is a hybrid cloud offering that provides real-time visibility into threats on mobile devices. It enables security administrators to gain an enterprise-wide view into mobile device compromise while offering a customisable enforcement option. It works in conjunction with the FireEye MTP App to assimilate and disperse threat information from the MVX engine to mobile endpoints via the FireEye MTP App.

FireEye MTP Analysis uses a combination of semantic, dynamic and behavioural analysis to give comprehensive on-demand threat assessments and provide an encyclopaedia of pre-analysed apps from Google Play and third-party app stores. It includes a live-analysis mode where organisations can visually see the impact of malicious and unwanted behaviour.

Leverage FireEye MTP for: • BYOD deployments • Mobile forensics • Enterprise app stores • App development

Detects malicious app behaviour - FireEye MTP provides concise assessment of an app’s behaviour to detect hidden malicious or unwanted functionality.

Delivers on-demand threat assessment - FireEye MTP provides real-time threat assessment reports for both custom and public apps.

Offers real-time visibility into mobile threats - FireEye MTP provides an enterprise-wide view of compromised mobile devices.

Provides access to multi-vector threat intelligence - FireEye MTP integrates with the FireEye Threat Intelligence cloud to share and leverage threat intelligence collected from other FireEye deployments.

THREATDATA

Page 14: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Singtel Mobile Management & Security Suite

10 What’s Up with WhatsApp?

Firstly, where enterprises used to issue approved devices for use by their employees, today’s employees are making their own choices with regards to their preferred mobile devices and are using them in the workplace.

Secondly, a growing number of employees are using publicly-available mobile apps to facilitate them in work-related tasks and improve their personal productivity. For example, apps like WhatsApp and Line are widely used for real-time messaging both for personal and work-related communications, while Dropbox has become a popular file-sharing platform.

The line is becoming blurred between the personal and corporate use of mobile apps, and between the personal and corporate data that reside on the employees’ devices.

Employees are using free mobile apps to communicate sensitive corporate information without realising the risks involved. For chief information officers (CIOs), exposure through the use of these unsecured apps can be difficult to contain.

According to a 2014 survey by Infinite Convergence, 70 per cent of companies expressed concern over employees using third-party messaging and chat apps to communicate and send documents internally. At least a quarter of these companies banned some of the most popular apps and chat tools for internal communications. These included Google Chat which was banned by 30 per cent of companies, Whatsapp 29 per cent, WeChat 27 per cent, Skype 26 per cent and iMessage 26 per cent. The survey, which covered 400 CIOs, chief technology officers and IT directors, clearly highlighted the fact that the use of unsecure messaging apps was a major cause for concern.

Delivering a secure enterprise communications solution

TreeBox recognises the need to balance the two different perspectives with regards to mobility. On one hand, the employees like the flexibility and the ease of use of mobile apps. On the other, the enterprise faces a growing security risk surrounding the loss of sensitive corporate information through such channels.

We have partnered Singtel to deliver Secure Enterprise Messenger, a solution that will address both the needs of the employees and the concerns of the enterprise. Based

What’s Up with WhatsApp? How enterprises can deliver the ease of use that employees love while reining in security risks.

Chong Chee Wah, Chief Executive Officer, TreeBox Solutions

The rapid adoption of mobile apps has greatly changed the way we operate and collaborate in today's world. It has also transformed enterprise IT in two critical respects.

Page 15: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

11

on the TreeBox OnTalk - Secure Enterprise Messenger, the solution enables enterprises to deploy “useable security” with apps that are so simple and so easy to use that they will be readily embraced by employees. At the same time, the security overlay will ensure that the communications and information are well protected to meet the enterprise's security requirements.

The state-of-the-art secure mobile communications solution:

The solution can be integrated easily with traditional Mobile Device Management (MDM) software. MDM provides ability to manage the device while OnTalk secures the mobile communications content.

Secures mobile communications. It secures all mobile content such as voice calls, conference calls, instant messages, group chats, attachments and SMSes.

Protects app-generated content. Pictures, audio notes and video recordings are encrypted and stored securely without appearing in the Gallery of the mobile device.

Protects the enterprise contact list. The Real-Time Contact List function enables the enterprise to create automatic access control that can be dynamically configured.

Delivers secure broadcasting capabilities. This allows enterprises to broadcast sensitive information securely to the entire company at a single touch.

Business use cases

> Continued on page 12

Scenario Solution

Incident and crisis management

In a typical incident and crisis management scenario, it is critical to have real-time and secure communications that reaches out to relevant personnel.

With its secure broadcasting capabilities, the Secure Enterprise Messenger enables enterprise to deliver customised alerts to all their employees in an instant, whether there are 10 or 10,000 of them. The messages are encrypted and secured, and prevented from being forwarded to social media or other free messaging apps. This is critical in crisis management as information leakage to the press or social media could exacerbate the crisis.

Page 16: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Singtel Mobile Management & Security Suite

12 What’s Up with WhatsApp?

Secure private communications for C-suite executives and board members

In publicly-listed entities, the regulatory authorities often require sensitive communications between senior management and the board of directors to be kept confidential. Leakage of such communications may have legal and financial implications. For example, if information on sensitive business deals were to be leaked, a company’s stock pricing could be affected.

The solution presents a secure alternative for senior management and board members to communicate, instead of using free messaging apps. It can be deployed as a communications server within the company’s own network, thereby enhancing security controls for sensitive communications. It also provides an alternative channel for secure communications when senior management or board members travel and are out of range of data coverage.

Scenario Solution

Securing patient records in the healthcareindustry

The healthcare industry handles a lot of confidential patient information. At the same time, there is growing adoption of smart mobile devices to increase the productivity of doctors and medical staff. With this development, a secure messaging tool is needed for the sharing of patient information on mobile devices, besides the current practice of using email or physical files.

The solution provides a secure in-app media-capturing capability that allows doctors to take pictures of a patient's condition for collaborative discussion with members of the medical team. This enables doctors to securely exchange information while ensuring that the patient’s information or images do not reside in the personal photo gallery or folders on the doctors’ mobile devices.

Page 17: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Antidote for App-tampering 13

Antidote for App-tamperingHow enterprises can protect their mobile apps from malware.

Over time, phone viruses began evolving in magnitude and severity. Malware such as Zitmo became one of the early “multi-OS” worms that intercepted banking mobile transaction authentication numbers (mTANs). In 2014, the DownAPK malware even forcibly installed a fake banking app that could capture financial-related data from the victim’s phone.

Modern hackers are no longer looking at merely ruining files or annoying victims; they are now exploiting victims and carrying out security exploits for financial gain.

Understanding the risks

It is therefore no longer just about protecting the device. It is also important to understand that the mobile apps themselves are at risk if there is malware on a device.

The malware can access corporate or banking apps to steal transaction histories or even credit card information, and ultimately leverage the app to penetrate the business’s entire information system.

Mobile Device Management (MDM) and Mobile Application Management (MAM) play an important role in helping enterprises to control and manage devices and applications within the internal corporate system. Enterprises need to have a coherent strategy for implementing MDM and MAM in their overall IT infrastructure, as the absence of these tools creates environments which cybercriminals can easily penetrate to launch their attacks.

In addition to this, there is a need to ensure security when the mobile apps are being made available to external parties such as consumers or partners in business-to-consumer and business-to-business scenarios. This is where an additional layer of protection can be added on top of MDM and MAM to secure the apps from vulnerabilities introduced by compromised third-party devices.

Preventing app tampering

V-Key is partnering Singtel to deliver a more effective solution for securing mobile apps. The V-Key solution uses the innovative approach of wrapping a target application in a security layer. This creates a virtual sandbox from which the mobile software can run securely without disrupting the user experience.

Benjamin Mah,Chief Executive Officer, V-Key

In 2004, the first mobile phone virus, the Cabir, infected Symbian-based mobile phones and spread via Bluetooth. Later, the Apple iPhone, particularly those that were “jailbroken”, fell victim to the Ikee and Duh worms.

Page 18: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Singtel Mobile Management & Security Suite

14 Antidote for App-tampering

Only 50% of personally-owned

devices are encrypted

43% of workforce use more than

one device

Only 20% of personally-owned devices are running

anti-malware software

$459,000 is lost a year due to lost/stolen data

and devices

***

DATAENCRYPTION

ANTI-MALWARESOFTWARE

MULTIPLEDEVICE CONTROL

DEVICE/ DATAPROTECTION

50%

43%

20%

$459K

Page 19: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

15

There are four key aspects to the anti-tampering approach:

Having no overview of the devices that download your application can be a big security challenge. The possibility of the device having malware and access mobile apps to get information poses a serious security risk. The V-Key solution provides peace of mind to these enterprises as they extend their business to consumer devices via a securely wrapped mobile application. A mobile application with the anti-app tampering solution will flag any malicious behaviour and lock the wrapped application from being accessed. Now, enterprises can be assured that their information system and application is safe from these lurking mobile threats.

Protecting IP and DataTo prevent criminals from copying the source code and data, V-Key obfuscates the target software code and encrypt the application data. This protects enterprises and ownership rights of the developer, as well as confidential information of the user.

Protecting Application IntegrityBy preventing the app from being tampered by software pirates, V-Key places importance on the integrity of the application using several layers of security checks.

Protecting Run-time IntegrityRuntime exploitations often happen to a tampered app. V-Key prevents this by doing several integrity checks on the mobile app, warning the user and the IT administrator of potential problems before they occur.

Protecting Data in MemoryThe internet environment is often a critical stage when hackers launch their attacks. At this point, V-Key will run parallel to the software in order to look out for dynamic attacks such as debugging and hooking, prevent it from happening and immediately report if any.

***

Page 20: Mitigate Risks. Maximise Rewards. - Singtel · Mitigate Risks. Maximise Rewards. Mobility will enable enterprises to raise the bar in productivity, efficiency and ... 04 The Role

Copyright © 2015 Singapore Telecommunications Ltd (CRN:199201624D). All rights reserved.All other trademarks mentioned in this document are the property of their respective owners.

MA

R 2

015