Enforcing Cyber security in Mobile Applications – Public Sector Use Case

1. Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION TECHNOLOGIES DEPARTMENT Emailsmchome@tra.go.tz: vrukiza@tra.go.tz;

2. OUTLINE Introduction Security risks and threats Security Enforcement Conclusion

3. INTRODUCTION – PURPOSE Mobile devices & Applications Risks & Threats Essential Security Mechanisms Secure Mobile platforms

4. INTRODUCTION – MOBILE TECHNOLOGY Fastest growing sector Calls + SMS  Fully fledged mobile computing platform 1G Analogue cellular network 2G Digital Cellular network  3G Broadband data services-  4G native IP networks

5. INTRODUCTION – MOBILE TECHNOLOGY Cont. Smartphones, tablets, PDAs High Processing power High Storage Capacity Easy Usability - touch screens, voice, QWERTY keyboards

6. INTRODUCTION – MOBILE APPLICATION IN PUBLIC SECTOR High capabilities has led to fast & high penetration and adoption Mobile payments & banking Income & Property Tax, Utility bills (LUKU, DSTV & Water)– MPESA, NMB mobile Business operations - Complete Office Software

7. SECURITY RISKS AND THREATS Information security Mainly focused in protecting Information and Information systems from threats and risks that may result in unauthorized disclosure, interruption, modification and destruction.

8. SECURITY RISKS AND THREATS - CONFIDENTIALITY Security principle for ensuring non-disclosure of Information to unauthorized users Small size – Easily misplaced, left unattended, stolen Vulnerabilities in mobile applications - Malicious Code embedded in mobile apps Wireless Technology – Bluetooth & Wi-Fi

9. SECURITY RISKS AND THREATS - INTEGRITY Data integrity refers to the accuracy and consistency of stored or data in transit, which is mainly indicated by the absence of data alteration in an unauthorized way or by unauthorized person Weak protection mechanisms Turning off security features Intentional hacking of the traffic through sniffing and spoofing

10. SECURITY RISKS AND THREATS - AVAILABILITY Availability is a security attribute of ensuring that a system is operational and functional at a given moment of time Compromised devices causing downtime to the connected infrastructure DOS attacks targeting mobile devices battery

11. ENFORCE SECURITY Secure Information while optimize Key requirements of security solution

12. ENFORCE SECURITY - DETECTION MECHANISMS • Discover devices’ protection mechanisms • availability of antivirus • remote sanitization & encryption capabilities • authentication strength • Block unprotected /compromised devices based on Security policy set

13. ENFORCE SECURITY – PROTECTION MECHANISMS • Effective Authentication methods – avoid plain, weak passwords • Access Control - Limit what attacker can do • Encryption • Protect stored information – even when device is lost • Protect transmitted data • Block unused, vulnerable communication ports • Disable wireless communication (Bluetooth, Wi-Fi) while not in use

14. ENFORCE SECURITY - MANAGEMENT Centrally managing all devices Security Administration Control Audit Report Security Policies - Digital Policy Certificate

15. ENFORCE SECURITY - SUPPORT Support when devices are lost • Remote Sanitization • GPS Locator Education and Security awareness • Simple Steps to reduce risks • Trusted sites for downloading applications • Proper security settings • Use of strong password • Regular updating devices

16. Security Mechanisms in Mobile Platforms Ratings by Security Mechanisms Category Enterprise Readiness of Consumer mobile platforms by CesareGarlati of Trend Micro

17. CONCLUSION Usage of mobile applications is inevitable Organizations’ commitment Investment in security solutions - Means for enforcing, monitoring and auditing protection mechanisms Users Security Awareness

18. THANK YOU Q & A