Solving BYOD Security:Real-World Use Cases

BYOD Security with Virtual Mobile Infrastructure

VMI is a service that streams mobile apps

hosted in a data center or the cloud

VMI is like Virtual Desktop

Infrastructure (VDI) for Android

VMI offers secure access to

mobile apps from any

device or location

Remote Access

Healthcare

Virtual Mobile InfrastructureUse Cases

Banking

Manufacturing

FieldEmployees

Service Providers

Healthcare Use Cases

Hospitals

Pharmacies

Healthcare Insurance

Challenge

SierraVMI securely streams healthcare providers medical apps

Data is never downloaded to mobile devices

All apps support multi-factor authentication, strong encryption & single sign-on

Use Case: Healthcare Provider

SierraVMI Solution

Simplified IT by integrating authentication, auditing, and access controls

– Replaced multiple vendors with a single, integrated mobile security solution

Protected EHR, messaging, email, notes and camera apps that could not be wrapped with MAM

Benefits

Had to address HIPAA and EPCS (Electronic Prescriptions) compliance

Doctors wanted to access medical data from their phones

Several apps were “non-compliant”

– Medical data was stored on phones

– Lacked dual-factor authentication for e-prescriptions

Healthcare Compliance

HIPAA: Health Insurance Portability and Accountability Act

EPCS: Electronic Prescriptions for Controlled Substances

164.312 (B): Audit controls. Implement hardware, software, and/or

procedural mechanisms that record and examine activity.

164.312 (D): Authentication: verify that a person or entity seeking access to

electronic protected health information is the one claimed.

“Single-factor authentication is insufficient to ensure that a practitioner will

not be able to repudiate a prescription he signed”

eRx applications must maintain an internal audit trail that records

prescriptions

TransmissionSecurity

Person or Entity

AuthenticationAudit ControlAccess Control Integrity

5 Pillars of Healthcare SecurityTechnical safeguards defined by the U.S. Department of Health & Human Services

Monitors all activity, including text messaging & email apps

Integrated dual-factor auth including client certs and one-time passwords

Strong encryption to prevent Wi-Fi and Man-in-the-Middle attacks

Centralized, granular access control for all healthcare mobile apps

Secure, centralized storage to prevent accidental deletion or alteration of PHI

SierraVMI Addresses 5 Pillars of Healthcare Security

SierraVMI Protects Medical Apps

Securely store patient photos in the data center, not on phones

Enforce dual-factor authentication for all apps

Use screen recording or logging to audit text messages

Maintain an audit trail of all e-prescriptions

Ensure ePHI notes are never stored on phones

Watermark sensitive healthcare records to prevent disclosure

Rx

Messaging

Banking and Finance Use Case

Challenge

For FFIEC compliance, a bank had to:

– Monitor network and host activity to identify violations and anomalies

– Enforce out-of-band authentication

The bank worried about :

– Keyloggers and malware on phones

– Wi-Fi and Man-in-the-Middle attacks

SierraVMI prevents data from being downloaded to phones

One-time passwords provide out-of-band authentication

IT can log and screen record remote access and privileged activity

IT can scan Android and apps for vulnerabilities with server-grade tools

Use Case: Bank

SierraVMI Solution

Reduced the risk of costly data breaches due to device theft or insider abuse

Improved business agility because new apps could be released faster, without cumbersome MAM integration

Satisfied FFIEC requirements with a single, centrally managed solution

Benefits

Employees at Chicago branch

AuthenticationServer

4096-bit ECDHE Encryption

Malware Scanner

Firewall

User DataProtected with

Encryption

SierraVMIServer

Internet

Multi-factor Authentication

+

SierraVMI Deployment for Bank

Traders in NY

High-net-worth bankers in SF

Logs, screen recording

Virtual Mobile Workspaces

Privileged user monitoring for banks

Detailed logging for compliance

– FFIEC Remote Access requirements

Screen recording for forensics

Legal notification warns users that activity will be recorded

Banking Regulations

FFIEC: Federal Financial Institutions Examination Council

MAS: Monetary Authority of Singapore Threat Risk Management

Where…single-factor authentication is inadequate, financial institutions

should implement multifactor authentication, layered security, or other

controls.

Appendix E2: As part of the two-factor authentication infrastructure, the FI

should implement adequate controls and security measures to minimise

exposure to MitM attacks.

GLBA: Gramm-Leach-Bliley Act

Section 501(b) 3) Financial Institutions…should protect against unauthorized

access to or use of customer records or information

Manufacturing Use Case

Challenge

Manufacturer had developed training, messaging and productivity apps

– Required client certs to prevent unauthorized access to all apps

– Needed to publish assembly instruction and training videos with contractors and suppliers

An employee had recently leaked product plans to a competitor

SierraVMI secures the manufacturer’s mobile apps by:

– Requiring client certs for all apps

– Providing secure access to contractors and suppliers

– Applying anti-screen capture and watermarking on sensitive files

– Securely distributing training videos

Use Case: Manufacturing

SierraVMI Solution

Reduced the risk of a data breach by applying stringent security to all apps

– Improved visibility into mobile access with security alerts and detailed logging

Increased productivity by sharing assembly instructions with employees & partners

Benefits

Extend Access to All Users

Office Workers Partners

Assembly Floor

2. Securely share plans, logistics & forecasts

with partners

1. Stream videos using multimedia redirection

with watermarking & anti-screen capture

3. Authenticate all

users with client certificates

Field Employee Use Case Insurance

Real Estate

Power and Utility

Challenge

Companies with field workers need to:

– Prevent data loss from lost devices

– Print invoices, take pictures of accidents, tag activity with GPS

– Prevent data tampering of photos and other records

Utility meter readers, claims adjusters

No data stored on device; lost devices can be disabled instantly

Apps can use all device features, including camera, GPS, Bluetooth printers

Sensitive content like photos cannot be saved or modified by users

Rules based on location, time-of-day

Use Case: Field Employees

SierraVMI Solution

Minimize upgrade cycles of hardware by streaming new apps to older devices

Lower capital costs by allowing employees and partners to bring their own devices

Reduce costly fraud by preventing users from modifying sensitive content

Benefits

Life Cycle Management

Field sales constantly need to replace old, broken and lost devices

SierraVMI accelerates deployment of new devices

– IT doesn’t need to worry about device or OS compatibility

SierraVMI lowers hardware costs

– Minimizes hardware inventory

– Supports low-cost platforms, when needed

– Enables employees to buy their own devices

Stop Network & Man-in-the-Middle Attacks

Protect against malicious Wi-Fi and micro cell towers with:

– End-to-end 4096-bit SSL encryption

– Multi-factor authentication

Low TCO:

– Eliminate the need for multiple solutions like MDM, MAM and VPN and costly mobile app changes

SierraVMI Protects Field Apps

Audio streamed to secure VMI client

Videos streamed to integrated VMI media player

Camera photos stored in data center, not phone

Microphone recordings stored in data center

Secure printing to local printer

Secure GPS

Remote Access Use Case

Challenge

Delivers a secure mobile workspace for business apps

– Policies can stop users from copying sensitive data or saving contact lists

– Watermarking and anti-screen capture prevent data loss

Supports all Android apps without costly integration

Use Case: Remote Access

SierraVMI Solution

Prevents costly data breaches caused by lost mobile devices or by users intentionally or accidentally distributing confidential data

Improves business agility because companies can publish new corporate apps more quickly to all devices without MAM integration or iOS/Windows porting

Satisfies various compliance requirements with multi-factor auth and encryption

Benefits

Provide secure remote access to email, Intranet sites, and corporate apps

Unfortunately:

– MDM doesn’t isolate business from personal data or prevent insider abuse

– MAM requires costs app integration and doesn’t most third-party apps

Remote Users

Collaboration Server

4096-bit ECDHE Encryption

Virus or MalwareScanner

Firewall

User Data Protected with Encryption

SierraVMIServer

Virtual Mobile Workspaces

Internet

Multi-factor Authentication

+

Secure and Simplify Remote Access

Office Suite

Video Conference

Office Suite

Video Conference

Office Suite

Video

Conference

Office Suite

Video

Conference

SharePoint Server

Exchange Server

Service Provider Use Case

Challenge

Carriers need to bundle security solutions with their business offerings

– Business customers expect end-to-end solutions for their mobile fleets

Existing EMM products are inadequate

– MDM deemed intrusive for BYOD users

– MAM only supports a handful of apps

Streams apps from a data center, preventing data loss caused by lost or stolen phones

– Provides multi-factor auth, anti-screen capture, user monitoring, watermarking

Can secure 1M+ apps, unlike MAM

Is easy-to-manage and scalable

Use Case: Service Providers

SierraVMI Solution

Provides a new revenue stream for mobile carriers based on an innovative & differentiated security service that can be white-labeled under the carrier’s brand

Offers fast integration with carriers’ management infrastructure using RESTful APIs

Eliminates MAM/app wrapping headaches and lowers support costs compared to traditional mobile security options

Benefits

Wireless Carrier

Firewall

Mobile Carrier Deployment

Carrier Billing System

SierraVMI

Easy deployment with integrated high availability

Integration with enterprises’ and service providers’ existing

authentication, directory services, and management systems

– Granular user, group and domain-level policies

Business Partner

Remote User

Internal User

Email

Partner App

CRM App

VPN

Authentication Servers and Corporate Data

Enterprise

XML APIs

Why Enterprises Like SierraVMI

One product for all mobile security and compliance requirements

– Data protection: Data is never downloaded to devices

– Data leak prevention: Anti-screen capture, watermarking

– Compliance auditing: Logging and screen recording

– Authentication: One-time passwords, client certs, tokens

Cost-effective

Fast deployment time

Doesn’t require changes to apps

Why Service Providers Like SierraVMI

Scalability

– High-user density lowers hardware costs

– Multi-tenancy

Easy integration with billing & management systems

– RESTful XML-based APIs

Integrated high-availability architecture

White labeling options

– Sell differentiated services under the carrier brand

Compliance: Ensure privacy and prevent data loss

Security: Strong authentication, 4096-bit encryption

Scalability: High user density, high performance

Reasons Why You Should Deploy SierraVMI

www.sierraware.com

See a live demo

Click now to view SierraVMI