1 / 31

Mobile Working Group Session

Mobile Working Group Session. Thank You. Co-chairs David Lingenfelter Cesare Garlati Freddy Kasprzykowski CSA Staff Luciano Santos John Yeoh Aaron Alva Evan Scoboria Kendall Scoboria. Initiative Leads/Contributors. Dan Hubbard Guido Sanchidrian Mark Cunningham

curt
Download Presentation

Mobile Working Group Session

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile Working Group Session

  2. Thank You Co-chairs David Lingenfelter Cesare Garlati Freddy Kasprzykowski CSA Staff Luciano Santos John Yeoh Aaron Alva Evan Scoboria Kendall Scoboria Initiative Leads/Contributors Dan Hubbard Guido Sanchidrian Mark Cunningham Nadeem Bhukari Alice Decker SatheeshSudarsan Matt BrodaRandy Bunnell Megan Bell Jim Hunter Pam Fusco Tyler Shields Jeff Shaffer GovindTatachari Ken Huang Mats Näslund Giles Hogben Eric Fisher Sam Wilke Steven Michalove Allen Lum Girish Bhat Warren Tsai Jay Munsterman

  3. Mobile Guidance v1.0 • Security Guidance for • Critical Areas of Mobile Computing • Published Nov. 2012 • Mobile Computing Definition • Threats to Mobile Computing • Maturity of the Mobile Landscape • BYOD Policies • Mobile Authentication • App Stores • Mobile Device Management

  4. Mobile Guidance Defined

  5. Threats and Maturity

  6. Top Mobile Threats – Evil 8 Data loss from lost, stolen or decommissioned devices. Information-stealing mobile malware. Data loss and data leakage through poorly written third-party apps. Vulnerabilities within devices, OS, design and third-party applications. Unsecured Wi-Fi, network access and rogue access points. Unsecured or rogue marketplaces. Insufficient management tools, capabilities and access to APIs (includes personas). NFC and proximity-based hacking.

  7. Maturity …there’s room for improvement

  8. BYOD Jay Munsterman

  9. BYOD Charter • Analyze new challenges of: • Policy • Privacy • Device and Data Segmentation • Delivered Policy Guidance for v1 Guidance

  10. Next Steps for BYOD • Need more team members!! Help us out! • Conference call late March • Decide on next steps, consider: • Policy Templates • Policy Examples • Evaluation of emerging containerization options

  11. MDM David Lingenfelter

  12. MDM Opportunities • Increase security and compliance enforcement • Reduce the cost of supporting mobile assets • Enhance application and performance management • Ensure better business continuity • Increase productivity and employee satisfaction Beyond Simple MDM

  13. Mobile Authentication Mark Cunningham

  14. Mobile Authentication Guidance

  15. Mobile Authentication Guidance

  16. Mobile Authentication Guidance

  17. Mobile Authentication Guidance

  18. Mobile AuthenticationGuidance • Ease of Use • Future Authentication Technologies

  19. What you download may be compromised! App Stores security James Hunter

  20. State of the App Market • Apple and Google control 80% of the App Market • By the end of 2013 an estimated 50 Billion downloads • There are over 1 million different Apps The summary doesn't consider Amazon and Samsung. Corporate sites offering downloads for their flavor Apps, Developers, in all sizes and Apps Distributors. We have a chaotic marketplace depending on the participants "best efforts", to insure the end user privacy and security, as well as that of others (Companies who employ them, even ones they visit and use WiFi service).

  21. What are the areas of concern? • How trustworthy is the App Store? • How trustworthy is the Developer? • Can the user report issues found in the App? • Who should get the report? • Does the App use more permissions than needed? • Does the App make connections to the Internet? • Does the user need anti-virus, malware, etc.? • Will this be an issue with BYOD? 

  22. The status of the working group? • Initial draft of the policy guideline submitted in late October-early November 2012, for Orlando. • November 2012 decision made to develop a stand-alone document. • December 2012 received updated peer review info from J. Yeoh. • January 2013 started efforts to recruit more volunteers for App Store Security working group? • February 2013 re-started efforts to make contact with App Store Management at Microsoft.

  23. The status of the working group? • March 2013 start update of draft guideline to a stand alone document. • March 2013 continue efforts to recruit several volunteers to work on the stand alone document. • March 2013 request CSA Global support for contacts with Apple, Google, Amazon, Samsung Appstore contacts. • April-June 2013 pursue App Store management contacts, involvement and support.

  24. App Store Security Initiative Thanks to the following individuals:John Yeoh, Research Analyst, Global CSAAuthors/ContributorsGroup Lead James Hunter, Net Effects Inc. Peer ReviewersTom Jones; Ionnis Kounelis; Sandeep Mahajan; Henry St. Andre, InContactCo Chair, Mobile Security, Cesare Garlati Trend Micro

  25. Moving at the speed of mobile! Mobile 2013

  26. Where do we go from here? • Charter review • Cooperation Between Working Groups • New Mobile Controls In CCM • Maturity questionnaire v2.0 • Top Threats Review • Stand Alone App Store Document • Stand Alone Authentication Document • New Section On Data Protection

  27. Mobile Working Group Charter • Securing public and private application stores • Analysis of mobile security features of key mobile operating systems • Mobile device management, provisioning, policy, and data management • Guidelines for the mobile device security framework • Scalable authentication for mobile • Best practices for secure mobile application • Identification of primary risks related BYOD – Bring Your Own Device • Solutions for resolving multiple usage roles related to BYOD

  28. Chapter Cooperation • Information sharing across working groups • Already working with CCM • More guidance and input from Corporate, GRC and SME • Timeframes/Deadlines/Review Periods

  29. Reference Materials Create more material people will want to use to develop their mobile business plans • Baseline Controls • Policy Templates • App Security Guidelines • Threats and Risks

  30. CSA 2013 Events • BlackHat (July 27-Aug1) • EMEA Congress (September) • ASIAPAC Events (Congress, May 14-17) • CSA Congress Orlando (November) https://cloudsecurityalliance.org/events/

  31. Chapter meetings every other Thursday @ 9:00am PST LinkedIn: Cloud Security Alliance: Mobile Working Group Basecamp Thank you

More Related