mobile security for banking and finance
TRANSCRIPT
Mobile Security Checklist for Finance
Protect Business Data
Prevent data breaches and leaks
Monitor mobile access
Address regulations such as SOX and FINRA
Secure remote access for NIST SP 800-53 and ISO/IEC 27002
BYOD Access Is a Reality
95% of organizations allow employee-owned devices “in some way
shape or form”1
44% of job seekers prefer employers that support BYOD policies2
$950 - $3,150 per U.S. employee per year can be saved by
implementing a BYOD program through increased productivity3
1 Cisco IBSG Horizons Study
2 http://www.informationweek.com/mobile/6-risks-your-byod-policy-must-address/d/d-id/1107451?page_number=13 Dell Global BYOD Survey 20134 Ovum Multi-Market BYOD Survey 2013
5 Pillars of Mobile SecurityAnd challenges IT Security will likely encounter
TransmissionSecurity
Person or Entity
AuthenticationAudit ControlAccess Control Integrity
Difficult to audit mobile activity since users may send data via email or text messaging apps
Mobile apps may not support multi-factor authentication; auth may vary across apps
Mobile apps may not use stringent SSL ciphers or even encrypt data at all
IT must define policies for different users, mobile apps and devices—a management nightmare
Organizations must prevent accidental deletion or alteration of data
Cyber Attacks and Malware
Top mobile attack methods are:
Social engineering threats
Malvertising
Repacked, malicious apps on third party app stores
New mobile malware strains introduced every 22 seconds1
1 G Data Security Labs
Physical Theft
3.1M smartphones were
stolen in the U.S. in 20131
Source: Consumer Reports
41% will wait hours to a week to report a lost phone to prevent it from being wiped
2014 BYOD Survey, Zixcorp
Risks of Uncontrolled Devices
Weak Encryption
No support for strong
authentication
Unpatched application
Stores PHI on phone
No auditing of user access
Unpatched phone OS
In violation of HIPAA compliance requirements
Mobile Device Management Not Working
20% of enterprise BYOD programs will fail due
to MDM measures that are too restrictive.1
1 2014 MDM research report by ESG2 2014 Employee BYOD Survey by Zixcorp3 Gartner 2014 Mobility Predictions; original quote spelled out BYOD and MDM.
For IT TeamsFor Employees
43% worry that employers could
access personal data2
30% are concerned their employer
could control their personal device2
30% say MDM is
more difficult to use
than they anticipated1
VDI Isn’t the Solution for BYOD
Expensive
VDI Shortcomings
– Not designed for touch
– No multimedia redirection
– No access to camera, printer, video, GPS
Total cost for Microsoft VDI, Citrix, and hardware is $1,000+ per user1
Not designed for cellular edge, 3G networks
1 Microsoft Desktop OS $187 per user, Citrix $300/user
Requires High Bandwidth
Designed for Windows
Virtual Mobile Infrastructure (VMI)
VMI is a service that hosts mobile apps or full
operating systems on remote servers
Provide remote access to:
Android, Apple iOS and Windows Phone with client apps
Any HTML 5-enabled device
Centralize app management to:
Eliminate need to install and upgrade apps on every device
SierraVMI Deployment
SierraVMI hosted in Secure Data Center
Authentication Server
Laptop
Tablet
Phone
SierraVMI Keeps Business Data Safe
SierraVMI Shields Mobile Data
4096-bit ECDHE Encryption
Dual factor authentication
SierraVMI:
• Records mobile app access
• Stores app data securely in the data center
• IT can centrally upgrade mobile apps
End user
Mobile App Virtualization Architecture
Android VM Kernel
Multi-User Android RuntimeVMI Security
Gateway
EmailApp
MessagingApp
FinancialApp
Clients
AuthenticationServer
Benefits Very high density
Apps can share resources like CPU
Easy to manage
No need for expensive storage
Firefall containerFirefall containerFirefall container
Access ControlAudit
Control
SierraVMI and the 5 Pillars of Mobile Security
How SierraVMI addresses mobile security requirements for compliance
TransmissionSecurity
IntegrityPerson or
Entity Authentication
Enforce consistent
multi-factor authentication
for all apps
Granularly control access; back up files on server to
prevent accidental deletion
Centrally manage access controls for all apps; assign
policies based on LDAP/AD
groups
Audit mobile activity with detailed logs and session recordings
Use 4096-bit encryption and
client cert authentication for all mobile
apps
Monitor User and Application Activity
Dashboard of
system status
Detailed logs
of user activity
Geo-tracking
Prevent Data Loss
Watermarking deters users from photographing screens
– Watermark all content including documents, video, pictures with no additional overhead
Anti-screen capture prevents users from taking screenshots
With VMI, no data is downloaded to the phone
– Users cannot copy and paste text
Securely Store and Distribute Content
Share sensitive videos using multi-media redirection
– Ensure users do not capture or download files
– Watermark images & videos
Store files on data center servers, not users’ devices
Strong Authentication
Prevent unauthorized access with:
– Client certificates
– One-time password (sent via text message)
– Restricting access based on geographic location
– Brute force login protection
Ensure only legitimate users access your data
Single Sign-on to Ease Management
Integrate with LDAP, Active
Directory or SAML
Access email, calendar,
contacts, and business apps
without needing to re-
authenticate
Automate app provisioning
Reduce IT helpdesk calls due
to forgotten passwords
Improve user experience by
eliminating extra login steps
IT Cost ReductionDirectory Services Integration
Centralized data storage
Prevent data loss from device theft
Centralized patch management
Eliminate concerns of devices with vulnerable or unpatched software
Regularly scan Android server for viruses and vulnerabilities
Simplify and Secure Mobile App Management
Before VMI With VMI
Companies rely on heavy-handed MDM features like remote wipe to prevent data loss
Each app has different encryptionand authentication capabilities
Limited ability to monitor mobile user access to business apps
Remote VPN access to network resources difficult to restrict or audit
Companies must develop mobile apps for iOS, Android, Windows Phone, Blackberry
Data is never downloaded to mobile devices
All apps support multi-factor auth, strong encryption & SSO
Optional logging and video recording of privileged users
Granular control and monitoring of remote access from mobile apps
Companies can develop an app for Android and support all devices
Compliance: Ensure privacy and prevent data loss
Security: Strong authentication, 4096-bit encryption
Scalability: High user density, high performance
Reasons Why You Should Deploy SierraVMI
www.sierraware.com
Click now to view SierraVMI