solving byod security: real-world use cases

Download Solving BYOD Security: Real-World Use Cases

Post on 16-Apr-2017

471 views

Category:

Technology

2 download

Embed Size (px)

TRANSCRIPT

  • Solving BYOD Security:Real-World Use Cases

  • BYOD Security with Virtual Mobile Infrastructure

    VMI is a service that streams mobile apps

    hosted in a data center or the cloud

    VMI is like Virtual Desktop

    Infrastructure (VDI) for Android

    VMI offers secure access to

    mobile apps from any

    device or location

  • Remote Access

    Healthcare

    Virtual Mobile InfrastructureUse Cases

    Banking

    Manufacturing

    FieldEmployees

    Service Providers

  • Healthcare Use Cases

    Hospitals

    Pharmacies

    Healthcare Insurance

  • Challenge

    SierraVMI securely streams healthcare providers medical apps

    Data is never downloaded to mobile devices

    All apps support multi-factor authentication, strong encryption & single sign-on

    Use Case: Healthcare Provider

    SierraVMI Solution

    Simplified IT by integrating authentication, auditing, and access controls

    Replaced multiple vendors with a single, integrated mobile security solution

    Protected EHR, messaging, email, notes and camera apps that could not be wrapped with MAM

    Benefits

    Had to address HIPAA and EPCS (Electronic Prescriptions) compliance

    Doctors wanted to access medical data from their phones

    Several apps were non-compliant

    Medical data was stored on phones

    Lacked dual-factor authentication for e-prescriptions

  • Healthcare Compliance

    HIPAA: Health Insurance Portability and Accountability Act

    EPCS: Electronic Prescriptions for Controlled Substances

    164.312 (B): Audit controls. Implement hardware, software, and/or

    procedural mechanisms that record and examine activity.

    164.312 (D): Authentication: verify that a person or entity seeking access to

    electronic protected health information is the one claimed.

    Single-factor authentication is insufficient to ensure that a practitioner will

    not be able to repudiate a prescription he signed

    eRx applications must maintain an internal audit trail that records

    prescriptions

  • TransmissionSecurity

    Person or Entity

    AuthenticationAudit ControlAccess Control Integrity

    5 Pillars of Healthcare SecurityTechnical safeguards defined by the U.S. Department of Health & Human Services

    Monitors all activity, including text messaging & email apps

    Integrated dual-factor auth including client certs and one-time passwords

    Strong encryption to prevent Wi-Fi and Man-in-the-Middle attacks

    Centralized, granular access control for all healthcare mobile apps

    Secure, centralized storage to prevent accidental deletion or alteration of PHI

    SierraVMI Addresses 5 Pillars of Healthcare Security

  • SierraVMI Protects Medical Apps

    Securely store patient photos in the data center, not on phones

    Enforce dual-factor authentication for all apps

    Use screen recording or logging to audit text messages

    Maintain an audit trail of all e-prescriptions

    Ensure ePHI notes are never stored on phones

    Watermark sensitive healthcare records to prevent disclosure

    Rx

    Messaging

  • Banking and Finance Use Case

  • Challenge

    For FFIEC compliance, a bank had to:

    Monitor network and host activity to identify violations and anomalies

    Enforce out-of-band authentication

    The bank worried about :

    Keyloggers and malware on phones

    Wi-Fi and Man-in-the-Middle attacks

    SierraVMI prevents data from being downloaded to phones

    One-time passwords provide out-of-band authentication

    IT can log and screen record remote access and privileged activity

    IT can scan Android and apps for vulnerabilities with server-grade tools

    Use Case: Bank

    SierraVMI Solution

    Reduced the risk of costly data breaches due to device theft or insider abuse

    Improved business agility because new apps could be released faster, without cumbersome MAM integration

    Satisfied FFIEC requirements with a single, centrally managed solution

    Benefits

  • Employees at Chicago branch

    AuthenticationServer

    4096-bit ECDHE Encryption

    Malware Scanner

    Firewall

    User DataProtected with

    Encryption

    SierraVMIServer

    Internet

    Multi-factor Authentication

    +

    SierraVMI Deployment for Bank

    Traders in NY

    High-net-worth bankers in SF

    Logs, screen recording

    Virtual Mobile Workspaces

  • Privileged user monitoring for banks

    Detailed logging for compliance

    FFIEC Remote Access requirements

    Screen recording for forensics

    Legal notification warns users that activity will be recorded

  • Banking Regulations

    FFIEC: Federal Financial Institutions Examination Council

    MAS: Monetary Authority of Singapore Threat Risk Management

    Wheresingle-factor authentication is inadequate, financial institutions

    should implement multifactor authentication, layered security, or other

    controls.

    Appendix E2: As part of the two-factor authentication infrastructure, the FI

    should implement adequate controls and security measures to minimise

    exposure to MitM attacks.

    GLBA: Gramm-Leach-Bliley Act

    Section 501(b) 3) Financial Institutionsshould protect against unauthorized

    access to or use of customer records or information

  • Manufacturing Use Case

  • Challenge

    Manufacturer had developed training, messaging and productivity apps

    Required client certs to prevent unauthorized access to all apps

    Needed to publish assembly instruction and training videos with contractors and suppliers

    An employee had recently leaked product plans to a competitor

    SierraVMI secures the manufacturers mobile apps by:

    Requiring client certs for all apps

    Providing secure access to contractors and suppliers

    Applying anti-screen capture and watermarking on sensitive files

    Securely distributing training videos

    Use Case: Manufacturing

    SierraVMI Solution

    Reduced the risk of a data breach by applying stringent security to all apps

    Improved visibility into mobile access with security alerts and detailed logging

    Increased productivity by sharing assembly instructions with employees & partners

    Benefits

  • Extend Access to All Users

    Office Workers Partners

    Assembly Floor

    2. Securely share plans, logistics & forecasts

    with partners

    1. Stream videos using multimedia redirection

    with watermarking & anti-screen capture

    3. Authenticate all

    users with client certificates

  • Field Employee Use Case Insurance

    Real Estate

    Power and Utility

  • Challenge

    Companies with field workers need to:

    Prevent data loss from lost devices

    Print invoices, take pictures of accidents, tag activity with GPS

    Prevent data tampering of photos and other records

    Utility meter readers, claims adjusters

    No data stored on device; lost devices can be disabled instantly

    Apps can use all device features, including camera, GPS, Bluetooth printers

    Sensitive content like photos cannot be saved or modified by users

    Rules based on location, time-of-day

    Use Case: Field Employees

    SierraVMI Solution

    Minimize upgrade cycles of hardware by streaming new apps to older devices

    Lower capital costs by allowing employees and partners to bring their own devices

    Reduce costly fraud by preventing users from modifying sensitive content

    Benefits

  • Life Cycle Management

    Field sales constantly need to replace old, broken and lost devices

    SierraVMI accelerates deployment of new devices

    IT doesnt need to worry about device or OS compatibility

    SierraVMI lowers hardware costs

    Minimizes hardware inventory

    Supports low-cost platforms, when needed

    Enables employees to buy their own devices

  • Stop Network & Man-in-the-Middle Attacks

    Protect against malicious Wi-Fi and micro cell towers with:

    End-to-end 4096-bit SSL encryption

    Multi-factor authentication

    Low TCO:

    Eliminate the need for multiple solutions like MDM, MAM and VPN and costly mobile app changes

  • SierraVMI Protects Field Apps

    Audio streamed to secure VMI client

    Videos streamed to integrated VMI media player

    Camera photos stored in data center, not phone

    Microphone recordings stored in data center

    Secure printing to local printer

    Secure GPS

  • Remote Access Use Case

  • Challenge

    Delivers a secure mobile workspace for business apps

    Policies can stop users from copying sensitive data or saving contact lists

    Watermarking and anti-screen capture prevent data loss

    Supports all Android apps without costly integration

    Use Case: Remote Access

    SierraVMI Solution

    Prevents costly data breaches caused by lost mobile devices or by users intentionally or accidentally distributing confidential data

    Improves business agility because companies can publish new corporate apps more quickly to all devices without MAM integration or iOS/Windows porting

    Satisfies various compliance requirements with multi-factor auth and encryption

    Benefits

    Provide secure remote access to email, Intranet sites, and corporate apps

    Unfortunately:

    MDM doesnt isolate business from personal data or prevent insider abuse

    MAM requires costs app integ