Build Your Own Defense Abbas Ali Khumanpur, CISSP Security Consultant, STARLINK ISC2 Kuwait Chapter Meet 13 th May 2015
Build Your Own Defense
Abbas Ali Khumanpur, CISSPSecurity Consultant, STARLINK
ISC2 Kuwait ChapterMeet
13th May 2015
AGENDA
• Evolution of Computing Space
• Why BYOD Matters
• Threat Vectors on Mobile
• BYOD Strategy
• Multiple OS & Platforms• IOS• Android• Microsoft 10
Evolution of Computing Space
SOURCES: Asymco.com, Public Filings, Morgan Stanley Research, Gartner, IDC
The PC/Web Era The Post-PC EraThe Mobile/BYOD Era
Mainframe EraApplications and Data…
behind a Glass Wall.
PC EraApplications and data on our desks…trapped at work.
Web EraAll-access, apps and content…
everywhere
BYOD EraAny app and data
For personal and work
On a device we love
Wherever we are
Mobile will unlock human potential in the Workplace
Why BYOD Matters &Should you be worried?
• Smartphone and Tablet Technologies evolving and changing very rapidly.
• Empower Workforce through “Consumerisation of IT”• Ultimate goal: Increased Productivity with reduced costs.
BYOD DARK SIDE:• If BYOD not understood & regulated correctly, it THREATENS IT
Security
Threat Vectors on Mobile are Different from PC
Building a Successful BYOD Strategy
• According to Gartners, 90% of Enterprises (with >500 Employees) have already deployed Mobile Devices and many don’t have a STRATEGY.
• BYOD is more than just shifting ownership of device to the employee.
• It has complex and hidden implications.
Sustainability
• Secure corporate data• Minimize cost to implement and enforce• Preserve user experience• Stay up-to-date with user preference and technology
innovation
“User experience is the litmus test for policy sustainability”
Device Choice
BYOD Policy needs to be built around Device Choice
• Analyzing employee preference
• Define an Acceptable Baseline: Security and supported features
• Establishing clear communication to users about which devices are allowed or not, and why
• Ensuring the IT team has the bandwidth to stay up-to-date:
Trust Model
“The trust level of a mobile device is dynamic”
• Identifying and assessing risk for common security posture issues on personal devices
• Defining remediation options (notification, access control, quarantine, selective wipe):
• Setting tiered policy: “Based on Ownership”
User Experience & Privacy
The core tenet of successful BYOD deployments is preservation of user experience.
• User experience should not be compromised
• Identifying the activities and data IT will monitor
• Clarifying the actions IT will take and under what circumstances
Transparency will create trust
Liability• Important Considerations around BYOD liability
include:
• Assessing liability for personal web and app usage
• Evaluating the nature of BYOD reimbursement
• Assessing the risk and resulting liability of accessing and damaging personal data.
(for example, doing a full instead of selective wipe by mistake)
Managing OS & Platforms
Apple IOS
Android
Lollipop was clearly designed to change perceptions of vulnerability and fragmentation.
Android Lollipop
Android For Work
Android For Work
• Securely Deploying Enterprise Apps
• New APIs that Support Android for Work
• Separate Encryption Layer
• Separate Android for Work App Screenlock
Thank You !!!