SlideShare une entreprise Scribd logo

Portable Biometrics (1)

Télécharger en tant que PPTX, PDF
T
Torrey Hutchison
1  sur  14
Portable Biometrics
OUR TEAM •Morgan Mayernik •David Stroh •Torrey Hutchison
1. The best solution is largely dependent on the nuanced situation and company policies surrounding information security. 2. Biometrics with OTP technology will improve security for Enterprise data. 3. The choice of template data storage platform depends on the requirements of the system and organization. HYPOTHESIS
PROJECT OBJECTIVES a)How do members of the enterprise currently interact with biometrics enabled mobile devices or smart cards? b)How do multi-factor authentication techniques, such as the incorporation of OTP, for biometric authentication on mobile devices affect overall usage? c) How should templates be stored on mobile devices? d)How should companies allow portable biometrics while not compromising security and privacy of the biometric. Key Takeaway: security, privacy, and convenience are the primary concerns in portable biometrics
DEFINITIONS 1. Portable Biometrics 2. Performance with respect to portability 3. Hackability 1
CHALLENGES FOR IMPLEMENTATION 1. BYOD initiatives in the modern enterprise a. Experience across devices is not uniform b. Monitoring apps and devices c. Insecure cloud services or apps d. Remotely wiping devices (2) 2. User Interactions a. Malicious Applications b. Poorly selected or absent pins/passwords c. Poorly managed security updates d. Lost devices (3)
LITERATURE REVIEW FINDINGS: •Assume that the networks between the mobile device and the organization cannot be trusted •Informed consent and privacy legislation •Ensure all biometric data will be securely stored and safeguarded. KeyTakeaway:The only effective way to implement portable biometrics in the workplace is to create stringent and informed corporate policies
SOLUTION ON BYOD •Largely dependent on the situations and preferences of the enterprise: •Allow all BYOD (Embrace) •Allow limited device types, OS versions, users (Contain) •Don’t allow any BYOD (Block) Key Takeaway: There is no silver bullet 4
BYOD Regulatory Apps Types: 1.Data in Remote workspace 2.Data on device Challenges: 1.Legacy software 2.Multiple Mobile Platforms 5 Key Takeaway: Organizations should maintain a distinction between corporate data and personal data
One Time Password (OTP) Currently: Something "you have" provides you with something “you know" With biometrics: Something "you have" prompts you to provide proof of "what you are" to gain something “you know” (5) Key Takeaway: Marrying OTP and Biometrics will be effective in the described use cases 7 6
Storage Options Device Storage Local storage in the memory of a singular device that allows that device to access and use data without making it accessible to other devices through sharing mechanisms. Cloud Storage Cloud storage is storage on an internet server that can be accessed by a multitude of devices from any location. Definition: "a model for enabling convenient, on demand network access to a shared pool of configurable computing resources … that can be rapidly provisioned and released with minimal management effort or service provider interaction" (NIST 8) 9
CLOUD V DEVICE STORAGE Cloud Advantages Cloud Disadvantages Device Advantages Device Disadvantages Extremely Portable Requires trust in the server Encryption allows better privacy for the user Requires trust in the user Offers the option for multi-device use May reduce privacy for the user User has full control over access and deletion of device Device could be stolen or lost, and template lost with it The template may be less secure Uses storage capacity already available from the phone Employee interaction with the template is less visible to the enterprise May have additional fees associated with data storage Localized use Key Takeaway: Neither is a perfect solution
NEXT STEPS 1.Develop prototypes to test OTP systems and how biometrics affects their hackability and usability. 2.Work with Cloud team to test whether device storage or cloud storage is better for use in the enterprise. • Hypothesis: The best storage method depends on the circumstances • Follow up testing if the hypothesis is correct: Which circumstances require which form of storage and why? 3.Create a survey to distribute to members of the enterprise gaging current security awareness and reactions to privacy concerns. KeyTakeaway: Assessment of technology and Best Practices document
REFERENCES1. https://www.truthfinder.com/infomania/technology/most-hackable-tech/ 2.http://cds.frost.com/p/71979/#!/nts/c?id=9838-00-8D-00-00&hq=contextual%20security%20enterprise http://www.infosecurity-magazine.com/magazine-features/hard-soft-or-smart-evaluating-the-two-factor/ http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6313688 http://www.accellion.com/about-us/press/press-releases/employee-use-mobile-devices-not-enterprise-security- standards http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-124r1.pdf http://www.ponemon.org/local/upload/file/AT%26T%20Mobility%20Report%20FINAL%202.pdf 3. http://cds.frost.com/p/71979/#!/ppt/c?id=NFB4-01-00-00-00&hq=contextual%20security%20enterprise 4. http://www.acronis.com/it-it/blog/posts/6-components-any-successful-byod-policy 5. https://nubosoftware.com/ 6. http://ipt.intel.com/Home/How-it-works/network-security-identity-management/ipt-with-one-time-password 7. http://its.unl.edu/security/two-factor-authentication 8. http://www.nist.gov/itl/cloud/upload/cloud-def-v15.pdf 9. http://connectedsocialmedia.com/10003/intel-scale-out-storage-technologies-powering-tomorrows-cloud/

Recommandé

CIS13: The Power of the Cloud and Transformation in the Enterprise
CIS13: The Power of the Cloud and Transformation in the EnterpriseCIS13: The Power of the Cloud and Transformation in the Enterprise
CIS13: The Power of the Cloud and Transformation in the Enterprise
CloudIDSummit
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
AugmentedWorldExpo
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
Jay McLaughlin
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
NetIQ
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot
Caston Thomas
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
NetIQ
 
Webinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch IntelligenceWebinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch Intelligence
Ivanti
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and Complexity
NetIQ
 

Recommandé

CIS13: The Power of the Cloud and Transformation in the Enterprise
CIS13: The Power of the Cloud and Transformation in the EnterpriseCIS13: The Power of the Cloud and Transformation in the Enterprise
CIS13: The Power of the Cloud and Transformation in the Enterprise
CloudIDSummit
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
AugmentedWorldExpo
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
Jay McLaughlin
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
NetIQ
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot
Caston Thomas
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
NetIQ
 
Webinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch IntelligenceWebinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch Intelligence
Ivanti
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and Complexity
NetIQ
 
Basics of IoT Testing
Basics of IoT TestingBasics of IoT Testing
Basics of IoT Testing
Sunil Agrawala, MS, PMP
 
BYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of ItBYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of It
Arlette Measures
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
NetIQ
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security Program
NetIQ
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
rcnossen
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formatted
Matthew Moldvan
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or loose
Bjørn Sloth
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology Operations
Ivanti
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges Today
Ivanti
 
Mobile Security in 2013
Mobile Security in 2013 Mobile Security in 2013
Mobile Security in 2013
Troy C. Fulton
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Ivanti
 
Mobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefitsMobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefits
Waterstons Ltd
 
Accelerating Our Path to Multi Platform Benefits
Accelerating Our Path to Multi Platform BenefitsAccelerating Our Path to Multi Platform Benefits
Accelerating Our Path to Multi Platform Benefits
Intel IT Center
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Michael Noel
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
OracleIDM
 
INTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSINTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONS
Ivanti
 
Shadow Data Exposed
Shadow Data ExposedShadow Data Exposed
Shadow Data Exposed
Elastica Inc.
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for Business
Elastica Inc.
 
Ci31560566
Ci31560566Ci31560566
Ci31560566
IJERA Editor
 
Reasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldReasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy World
Elastica Inc.
 
Exploring byod approaches for mobile learning
Exploring byod approaches for mobile learningExploring byod approaches for mobile learning
Exploring byod approaches for mobile learning
Debbie Richards
 
Preparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility StrategyPreparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility Strategy
Logicalis Australia
 

Contenu connexe

Tendances

Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
rcnossen
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formatted
Matthew Moldvan
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology Operations
Ivanti
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Ivanti
 
Mobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefitsMobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefits
Waterstons Ltd
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Michael Noel
 
Shadow Data Exposed
Shadow Data ExposedShadow Data Exposed
Shadow Data Exposed
Elastica Inc.
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for Business
Elastica Inc.
 

Tendances (20)

Basics of IoT Testing
Basics of IoT TestingBasics of IoT Testing
Basics of IoT Testing
 
BYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of ItBYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of It
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security Program
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formatted
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or loose
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology Operations
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges Today
 
Mobile Security in 2013
Mobile Security in 2013 Mobile Security in 2013
Mobile Security in 2013
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
 
Mobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefitsMobile device management and BYOD – simple changes, big benefits
Mobile device management and BYOD – simple changes, big benefits
 
Accelerating Our Path to Multi Platform Benefits
Accelerating Our Path to Multi Platform BenefitsAccelerating Our Path to Multi Platform Benefits
Accelerating Our Path to Multi Platform Benefits
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
 
INTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSINTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONS
 
Shadow Data Exposed
Shadow Data ExposedShadow Data Exposed
Shadow Data Exposed
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for Business
 
Ci31560566
Ci31560566Ci31560566
Ci31560566
 
Reasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy WorldReasoning About Enterprise Application Security in a Cloudy World
Reasoning About Enterprise Application Security in a Cloudy World
 

Similaire à Portable Biometrics (1)

Exploring byod approaches for mobile learning
Exploring byod approaches for mobile learningExploring byod approaches for mobile learning
Exploring byod approaches for mobile learning
Debbie Richards
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
Sonny Hashmi
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYOD
K Singh
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 

Similaire à Portable Biometrics (1) (20)

Exploring byod approaches for mobile learning
Exploring byod approaches for mobile learningExploring byod approaches for mobile learning
Exploring byod approaches for mobile learning
 
Preparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility StrategyPreparing an Effective BYOD or Mobility Strategy
Preparing an Effective BYOD or Mobility Strategy
 
biometrics and cyber security
biometrics and cyber securitybiometrics and cyber security
biometrics and cyber security
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-security
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYOD
 
Secure Android Mobile Device: SOTI MobiControl and Android Plus technology
Secure Android Mobile Device: SOTI MobiControl and Android Plus technology Secure Android Mobile Device: SOTI MobiControl and Android Plus technology
Secure Android Mobile Device: SOTI MobiControl and Android Plus technology
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 
Byod
ByodByod
Byod
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Security and Wearables: Success starts with security
Security and Wearables: Success starts with securitySecurity and Wearables: Success starts with security
Security and Wearables: Success starts with security
 
Session 4 Enterprise Mobile Security
Session 4 Enterprise Mobile SecuritySession 4 Enterprise Mobile Security
Session 4 Enterprise Mobile Security
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
 
6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins
 
Moving from a Data Center to a Hybrid IT Environment Securely
Moving from a Data Center to a Hybrid IT Environment SecurelyMoving from a Data Center to a Hybrid IT Environment Securely
Moving from a Data Center to a Hybrid IT Environment Securely
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.ppt
 

Portable Biometrics (1)

  • 2. OUR TEAM •Morgan Mayernik •David Stroh •Torrey Hutchison
  • 3. 1. The best solution is largely dependent on the nuanced situation and company policies surrounding information security. 2. Biometrics with OTP technology will improve security for Enterprise data. 3. The choice of template data storage platform depends on the requirements of the system and organization. HYPOTHESIS
  • 4. PROJECT OBJECTIVES a)How do members of the enterprise currently interact with biometrics enabled mobile devices or smart cards? b)How do multi-factor authentication techniques, such as the incorporation of OTP, for biometric authentication on mobile devices affect overall usage? c) How should templates be stored on mobile devices? d)How should companies allow portable biometrics while not compromising security and privacy of the biometric. Key Takeaway: security, privacy, and convenience are the primary concerns in portable biometrics
  • 5. DEFINITIONS 1. Portable Biometrics 2. Performance with respect to portability 3. Hackability 1
  • 6. CHALLENGES FOR IMPLEMENTATION 1. BYOD initiatives in the modern enterprise a. Experience across devices is not uniform b. Monitoring apps and devices c. Insecure cloud services or apps d. Remotely wiping devices (2) 2. User Interactions a. Malicious Applications b. Poorly selected or absent pins/passwords c. Poorly managed security updates d. Lost devices (3)
  • 7. LITERATURE REVIEW FINDINGS: •Assume that the networks between the mobile device and the organization cannot be trusted •Informed consent and privacy legislation •Ensure all biometric data will be securely stored and safeguarded. KeyTakeaway:The only effective way to implement portable biometrics in the workplace is to create stringent and informed corporate policies
  • 8. SOLUTION ON BYOD •Largely dependent on the situations and preferences of the enterprise: •Allow all BYOD (Embrace) •Allow limited device types, OS versions, users (Contain) •Don’t allow any BYOD (Block) Key Takeaway: There is no silver bullet 4
  • 9. BYOD Regulatory Apps Types: 1.Data in Remote workspace 2.Data on device Challenges: 1.Legacy software 2.Multiple Mobile Platforms 5 Key Takeaway: Organizations should maintain a distinction between corporate data and personal data
  • 10. One Time Password (OTP) Currently: Something "you have" provides you with something “you know" With biometrics: Something "you have" prompts you to provide proof of "what you are" to gain something “you know” (5) Key Takeaway: Marrying OTP and Biometrics will be effective in the described use cases 7 6
  • 11. Storage Options Device Storage Local storage in the memory of a singular device that allows that device to access and use data without making it accessible to other devices through sharing mechanisms. Cloud Storage Cloud storage is storage on an internet server that can be accessed by a multitude of devices from any location. Definition: "a model for enabling convenient, on demand network access to a shared pool of configurable computing resources … that can be rapidly provisioned and released with minimal management effort or service provider interaction" (NIST 8) 9
  • 12. CLOUD V DEVICE STORAGE Cloud Advantages Cloud Disadvantages Device Advantages Device Disadvantages Extremely Portable Requires trust in the server Encryption allows better privacy for the user Requires trust in the user Offers the option for multi-device use May reduce privacy for the user User has full control over access and deletion of device Device could be stolen or lost, and template lost with it The template may be less secure Uses storage capacity already available from the phone Employee interaction with the template is less visible to the enterprise May have additional fees associated with data storage Localized use Key Takeaway: Neither is a perfect solution
  • 13. NEXT STEPS 1.Develop prototypes to test OTP systems and how biometrics affects their hackability and usability. 2.Work with Cloud team to test whether device storage or cloud storage is better for use in the enterprise. • Hypothesis: The best storage method depends on the circumstances • Follow up testing if the hypothesis is correct: Which circumstances require which form of storage and why? 3.Create a survey to distribute to members of the enterprise gaging current security awareness and reactions to privacy concerns. KeyTakeaway: Assessment of technology and Best Practices document
  • 14. REFERENCES1. https://www.truthfinder.com/infomania/technology/most-hackable-tech/ 2.http://cds.frost.com/p/71979/#!/nts/c?id=9838-00-8D-00-00&hq=contextual%20security%20enterprise http://www.infosecurity-magazine.com/magazine-features/hard-soft-or-smart-evaluating-the-two-factor/ http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6313688 http://www.accellion.com/about-us/press/press-releases/employee-use-mobile-devices-not-enterprise-security- standards http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-124r1.pdf http://www.ponemon.org/local/upload/file/AT%26T%20Mobility%20Report%20FINAL%202.pdf 3. http://cds.frost.com/p/71979/#!/ppt/c?id=NFB4-01-00-00-00&hq=contextual%20security%20enterprise 4. http://www.acronis.com/it-it/blog/posts/6-components-any-successful-byod-policy 5. https://nubosoftware.com/ 6. http://ipt.intel.com/Home/How-it-works/network-security-identity-management/ipt-with-one-time-password 7. http://its.unl.edu/security/two-factor-authentication 8. http://www.nist.gov/itl/cloud/upload/cloud-def-v15.pdf 9. http://connectedsocialmedia.com/10003/intel-scale-out-storage-technologies-powering-tomorrows-cloud/

Notes de l'éditeur

  1. I thought the bare-bones information looked better in contextual 