Mobile Working Group Session

sandwichclippersΚινητά – Ασύρματες Τεχνολογίες

24 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

80 εμφανίσεις

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Mobile Working Group Session

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Dan
Hubbard

Guido Sanchidrian

Mark Cunningham

Nadeem
Bhukari

Alice Decker

Satheesh

Sudarsan

Matt
Broda

Randy
Bunnell

Megan
Bell

Jim Hunter

Pam Fusco

Tyler Shields

Jeff Shaffer

Govind

Tatachari

Ken Huang

Mats
Näslund

Giles Hogben

Eric Fisher

Sam
Wilke

Steven
Michalove

Allen
Lum

Girish

Bhat

Warren Tsai

Jay
Munsterman

Initiative
Leads/Contributors

Co
-
chairs

David Lingenfelter

Cesare
Garlati

Freddy Kasprzykowski


CSA Staff

Luciano Santos

John
Yeoh

Aaron Alva

Evan Scoboria

Kendall Scoboria


www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Security Guidance for

Critical Areas of Mobile Computing

Published Nov. 2012



Mobile Computing Definition


Threats to Mobile Computing


Maturity of the Mobile Landscape


BYOD Policies


Mobile Authentication


App Stores


Mobile Device Management



www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Authentication

Apps

MDM

BYOD

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

1.

Data
l
oss
from lost,
stolen
or decommissioned
devices.

2.

Information
-
stealing
mobile
malware.

3.

Data
l
oss and data
l
eakage
through poorly written
third
-
party apps.

4.

Vulnerabilities
within devices, OS,
design and third
-
party applications.

5.

Unsecured Wi
-
Fi
, network
access
and rogue access
points.

6.

Unsecured
or
rogue marketplaces.

7.

Insufficient
management tools,
capabilities
and access to
API
s (
includes

personas).

8.

NFC and
proximity
-
based hacking.


www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

…there’s room for improvement

78%

Have Mobile
Policy

86%

Allow BYOD

47%

Utilize MDM

36%

Have App
Restriction

41%

Have Security
Controls

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Jay
Munsterman

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Analyze new challenges of:


Policy


Privacy


Device and Data Segmentation


Delivered Policy Guidance for v1 Guidance

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance


Need more team members!! Help us out!


Conference call late March


Decide on next steps, consider:


Policy Templates


Policy Examples


Evaluation of emerging containerization options


www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

David
Lingenfelter

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Increase security and compliance
enforcement

Reduce the cost of supporting
mobile assets

Enhance application and
performance management

Ensure better business continuity

Increase productivity

and employee satisfaction

Beyond Simple MDM

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Mark Cunningham

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance


Ease of Use


Future Authentication Technologies

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

What you download may be compromised!


James Hunter

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance


Apple and Google control 80% of the App Market


By the end of 2013 an estimated 50 Billion downloads


There are over 1 million different Apps

The
summary doesn't consider Amazon and
Samsung
.
Corporate sites offering downloads for the
ir

flavor Apps,
Developers, in all sizes and Apps Distributors.

We
have a chaotic marketplace depending on the
participants "best efforts", to insure the end user privacy
and security, as well as that of others (Companies who
employ them, even ones they visit and use WiFi
service).


www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance


How trustworthy is the App Store?


How trustworthy is the

Developer?


Can the user report issues found in the App?


Who should get the report?


Does the App use more permissions than
needed?


Does the App make connections to the
Internet?


Does the user need anti
-
virus, malware, etc.?


Will this be an issue with BYOD?


www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance


Initial draft of the policy guideline submitted in late
October
-
early November 2012, for Orlando.


November 2012 decision made to develop a stand
-
alone document.


December 2012 received updated peer review info from
J. Yeoh.


January 2013 started efforts to recruit more volunteers
for App Store Security working group
?


February 2013 re
-
started efforts to make contact with
App Store Management at Microsoft.

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance


March 2013 start update of draft guideline to a stand
alone document.


March 2013 continue efforts to recruit several volunteers
to work on the stand alone document.


March 2013 request CSA Global support for contacts
with Apple, Google, Amazon, Samsung Appstore
contacts.


April
-
June 2013 pursue App Store management
contacts, involvement and support.


www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Thanks to the following individuals:


John Yeoh,
Research Analyst, Global

CSA
Authors/Contributors

Group Lead James Hunter, Net Effects Inc.


Peer Reviewers

Tom Jones; Ionnis Kounelis; Sandeep Mahajan; Henry
St. Andre, InContact


Co Chair, Mobile Security, Cesare Garlati Trend Micro

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Moving at the speed of mobile!

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Charter review

Cooperation Between Working Groups

New Mobile Controls In CCM

Maturity questionnaire v2.0

Top Threats Review

Stand Alone App Store Document

Stand Alone Authentication Document

New Section On Data Protection

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Securing public and private application stores

Analysis of mobile security features of key mobile operating systems

Mobile device management, provisioning, policy, and data
management

Guidelines for the mobile device security framework

Scalable authentication for mobile

Best practices for secure mobile application

Identification of primary risks related BYOD


Bring Your Own
Device

Solutions for resolving multiple usage roles related to BYOD

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Information
sharing across
working groups

Already working with CCM

More guidance and input from Corporate,
GRC and SME

Timeframes/Deadlines/Review Periods

www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Create more material people will want to use
to develop their mobile business plans

Baseline Controls

Policy Templates

App Security Guidelines

Threats and Risks


www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

BlackHat

(July 27
-
Aug1)

EMEA Congress (September)

ASIAPAC Events (Congress, May 14
-
17)

CSA Congress Orlando (November)

https://cloudsecurityalliance.org/events/


www.cloudsecurityalliance.org

Copyright ©
2011
Cloud Security Alliance

Chapter meetings every other Thursday @ 9:00am PST

LinkedIn: Cloud Security Alliance: Mobile Working Group

Basecamp