Mobile Security for Banking and Finance

Download Mobile Security for Banking and Finance

Post on 09-Feb-2017




1 download


Mobile Security forBanking and FinanceMobile Security Checklist for FinanceProtect Business Data Prevent data breaches and leaks Monitor mobile access Address regulations such as SOX and FINRASecure remote access for NIST SP 800-53 and ISO/IEC 27002BYOD Access Is a Reality95% of organizations allow employee-owned devices in some way shape or form144% of job seekers prefer employers that support BYOD policies2$950 - $3,150 per U.S. employee per year can be saved by implementing a BYOD program through increased productivity31 Cisco IBSG Horizons Study2 Dell Global BYOD Survey 20134 Ovum Multi-Market BYOD Survey 20135 Pillars of Mobile SecurityAnd challenges IT Security will likely encounterTransmissionSecurityPerson or Entity AuthenticationAudit ControlAccess Control IntegrityDifficult to audit mobile activity since users may send data via email or text messaging appsMobile apps may not support multi-factor authentication; auth may vary across appsMobile apps may not use stringent SSL ciphers or even encrypt data at allIT must define policies for different users, mobile apps and devicesa management nightmareOrganizations must prevent accidental deletion or alteration of dataMobile Devices Introduce RiskInsider AbuseAccidental Data ExposureCyber AttackPhysical TheftCyber Attacks and MalwareTop mobile attack methods are: Social engineering threats Malvertising Repacked, malicious apps on third party app stores New mobile malware strains introduced every 22 seconds11 G Data Security Labs Physical Theft3.1M smartphones were stolen in the U.S. in 20131Source: Consumer Reports41% will wait hours to a week to report a lost phone to prevent it from being wiped2014 BYOD Survey, ZixcorpRisks of Uncontrolled DevicesWeak EncryptionNo support for strong authenticationUnpatched applicationStores PHI on phoneNo auditing of user accessUnpatched phone OSIn violation of HIPAA compliance requirementsMobile Device Management Not Working20% of enterprise BYOD programs will fail due to MDM measures that are too restrictive.11 2014 MDM research report by ESG2 2014 Employee BYOD Survey by Zixcorp3 Gartner 2014 Mobility Predictions; original quote spelled out BYOD and MDM.For IT TeamsFor Employees43% worry that employers could access personal data230% are concerned their employer could control their personal device230% say MDM is more difficult to use than they anticipated1VDI Isnt the Solution for BYODExpensiveVDI Shortcomings Not designed for touch No multimedia redirection No access to camera, printer, video, GPSTotal cost for Microsoft VDI, Citrix, and hardware is $1,000+ per user1Not designed for cellular edge, 3G networks1 Microsoft Desktop OS $187 per user, Citrix $300/userRequires High Bandwidth Designed for WindowsVirtual Mobile InfrastructureVirtual Mobile Infrastructure (VMI)VMI is a service that hosts mobile apps or full operating systems on remote servers Provide remote access to: Android, Apple iOS and Windows Phone with client apps Any HTML 5-enabled deviceCentralize app management to: Eliminate need to install and upgrade apps on every deviceSierraVMI DeploymentSierraVMI hosted in Secure Data CenterAuthentication ServerLaptopTabletPhoneSierraVMI Keeps Business Data SafeSierraVMI Shields Mobile Data 4096-bit ECDHE EncryptionDual factor authenticationSierraVMI: Records mobile app access Stores app data securely in the data center IT can centrally upgrade mobile appsEnd userMobile App Virtualization ArchitectureAndroid VM KernelMulti-User Android RuntimeVMI SecurityGateway EmailAppMessagingAppFinancialAppClientsAuthenticationServerBenefits Very high density Apps can share resources like CPU Easy to manage No need for expensive storage Firefall containerFirefall containerFirefall containerAccess ControlAudit ControlSierraVMI and the 5 Pillars of Mobile Security How SierraVMI addresses mobile security requirements for complianceTransmissionSecurityIntegrityPerson or Entity AuthenticationEnforce consistent multi-factor authentication for all appsGranularly control access; back up files on server to prevent accidental deletion Centrally manage access controls for all apps; assign policies based on LDAP/AD groups Audit mobile activity with detailed logs and session recordingsUse 4096-bit encryption and client cert authentication for all mobile appsMonitor User and Application Activity Dashboard of system status Detailed logs of user activity Geo-trackingUser Monitoring Record user sessions for forensics Allow adminsto view up to 8live sessionsPrevent Data Loss Watermarking deters users from photographing screens Watermark all content including documents, video, pictures with no additional overhead Anti-screen capture prevents users from taking screenshots With VMI, no data is downloaded to the phone Users cannot copy and paste textSecurely Store and Distribute ContentShare sensitive videos using multi-media redirection Ensure users do not capture or download files Watermark images & videosStore files on data center servers, not users devicesStrong AuthenticationPrevent unauthorized access with: Client certificates One-time password (sent via text message) Restricting access based on geographic location Brute force login protectionEnsure only legitimate users access your dataSingle Sign-on to Ease Management Integrate with LDAP, Active Directory or SAML Access email, calendar, contacts, and business apps without needing to re-authenticate Automate app provisioning Reduce IT helpdesk calls due to forgotten passwords Improve user experience by eliminating extra login stepsIT Cost ReductionDirectory Services Integration Centralized data storage Prevent data loss from device theft Centralized patch management Eliminate concerns of devices with vulnerable or unpatched software Regularly scan Android server for viruses and vulnerabilitiesSimplify and Secure Mobile App ManagementBefore VMI With VMI Companies rely on heavy-handed MDM features like remote wipe to prevent data loss Each app has different encryptionand authentication capabilities Limited ability to monitor mobile user access to business apps Remote VPN access to network resources difficult to restrict or audit Companies must develop mobile apps for iOS, Android, Windows Phone, Blackberry Data is never downloaded to mobile devices All apps support multi-factor auth, strong encryption & SSO Optional logging and video recording of privileged users Granular control and monitoring of remote access from mobile apps Companies can develop an app for Android and support all devicesCompliance: Ensure privacy and prevent data lossSecurity: Strong authentication, 4096-bit encryptionScalability: High user density, high performanceReasons Why You Should Deploy SierraVMIwww.sierraware.comClick now to view SierraVMI


View more >