SlideShare une entreprise Scribd logo

State ofmobilesecurity

Gary Sandoval
Gary Sandoval

State of Mobile App Security

Mobile
1  sur  5
Télécharger pour lire hors ligne
State of App Security Recent attacks targeting mobile apps and operating systems have put an unprecedented amount of mobile business data at risk. Many enterprises are unprepared to combat the latest mobile threats: • One in 10 enterprises have at least one compromised device. • More than 53% have at least one device that is not in compliance with corporate security policies. This white paper outlines how to protect enterprise data while realizing the transformative benefits of mobility. For more information about protecting corporate data against mobile threats, listen to MobileIron’s on-demand webinar. 415 East Middlefield Road Mountain View, CA 94043 USA Tel. +1.650.919.8100 Fax +1.650.919.8006 info@mobileiron.com
2 Apps drive business The transformative power of mobility can only be realized by mobilizing core business processes. Both custom-developed and third- party apps are at the heart of this transformation. But they need to be properly secured As the future of work evolves toward mobility, the future of data breaches and cybercrime lies in mobile apps and operating systems. Recent attacks, such as XcodeGhost, Stagefright, Key Raider, and YiSpecter, for the first time are targeting mobile apps and operating systems to exfiltrate sensitive data. Many enterprises are unprepared. For example, iOS apps infected with XcodeGhost malware can collect information about devices and then encrypt and upload that data to command and control (CnC) servers run by attackers through the HTTP protocol. Malware detection company FireEye identified more than 4,000 infected apps on the App Store and mobile app risk management company Appthority found that almost every organization with at least 100 iOS devices had at least one infected device. Attackers are starting to capitalize on enterprises’ inability to prevent and detect mobile malware. 300,000 apps that were custom built for employee use. MobileIron customers have deployed more than Top third-party apps deployed: Salesforce Goodreader Microsoft Office Suite Cisco AnyConnect Box Cisco Webex Skype for Business Google Docs Evernote Xora Mobile Worker 1 2 3 4 5 6 7 8 9 10 We are tech savvy consumers that have come to expect consumer-grade experiences from our work tools. The KeyRaider malware was used to steal information from 225,000 jailbroken iPhones. ActiveSync/O365 and anti-virus tools are ill-equipped to protect against today’s mobile threats because they have no visibility into jailbroken or rooted devices.
3 Malware is becoming more sophisticated and a recent approach is to infiltrate corporate networks over the VPN to steal data. Anti-virus is not effective in this situation because mobile operating systems sandbox applications, preventing anti-virus from removing threats. When employees use a VPN to access the corporate network, organizations are unknowingly allowing all apps to possibly access the network, including malicious apps. crossing networks the company doesn’t own. For example, an employee traveling on business may connect to an open Wi-Fi hotspot that may or may not be legitimate. Traditional Network Access Control (NAC) has very limited visibility into the security posture of a mobile device. 1 in 10 enterprises has at least one compromised device Companies need to make sure they are using anti-malware Enterprises must also consider data loss from rogue access points and Man in the Middle (MitM) attacks. In the mobile world, devices that the company may or may not own are Today’s organizations have many disparate security technologies that are rarely fully integrated. Even when they are, they seldom include information about mobile devices and apps. As more work gets done on mobile devices and more enterprise data moves in apps and clouds, organizations need to ensure that they are protecting themselves against internal and external threats. Time to rethink app security MobileIron secures corporate data in a world of mixed-use devices by separating the corporate data and apps from the personal data and apps, and by authenticating users, apps, and devices before granting access to network resources. Based on the identity of the user and the security context of the user, app, device, network, and cloud, MobileIron allows the enterprise to make dynamic decisions about what services to provide to whom and when. More than 53% of enterprises have at least one device that is not in compliance with corporate security policies
4 Proactive Defenses Most current security technologies lack mobile awareness and the ability to prevent data loss. MobileIron embraces the new features found in mobile to create innovative ways of protecting mobile enterprise data in apps, in the cloud, on the network, and on the device using containerization, encryption, and app-level data loss prevention (DLP) controls. • MobileIron AppConnect secures app data-at-rest. • MobileIron Tunnel secures app data-in-motion. • MobileIron’s Content Security Service provides document-level security to protect enterprise content across personal cloud services. • MobileIron Sentry, MobileIron’s intelligent gateway, manages, encrypts, and secures traffic between the mobile device and back-end enterprise systems. Automated response to threats Current response mechanisms are failing to detect and respond to mobile threats. MobileIron does both online and offline detection of malware/compromise and initiates automated, real-time responses such as wiping corporate data and apps or blocking network access. For example: • A compromised or out of compliance device can be quarantined and the enterprise data removed. • Network access can be limited or totally blocked in response to the device being rooted or jailbroken. App data-at-rest and app data-in-motion security Mobile computing puts enterprise data in apps, therefore data must be secured at the app level. MobileIron’s AppConnect protects data-at-rest within the app and provides DLP controls in order to ensure that enterprise data is shared only with corporate sanctioned apps and cloud services. AppConnect deletes corporate data To protect sensitive data against the threats of tomorrow, enterprises need to rethink their security approach for a fundamentally different mobile architecture.
5 when a threat is detected. Data-in-motion is secured using MobileIron Tunnel for per-App VPN. MobileIron Docs@Work provides data loss prevention (DLP) controls to protect these documents from unauthorized distribution and secure access to enterprise storage services like SharePoint, Office 365, OneDrive Pro, and Box. In conjunction with MobileIron Sentry, Docs@ Work secures email attachments so that they are encrypted and can only be viewed using authorized applications that are managed by MobileIron. Integrations to make the existing enterprise security stack mobile-aware MobileIron provides in-depth defense with an ecosystem of best-of-breed partners which integrate with MobileIron to make enterprise infrastructure mobile-aware. MobileIron has integrated with leading Threat Management vendors including FireEye, Veracode, CheckPoint, and Proofpoint for malware detection and mitigation, and top Network Access Control vendors Aruba, Cisco and Forescout. MobileIron has also integrated with Splunk to allow IT to intercept security threats by correlating mobile device data with Splunk’s common information model to diagnose problems. MobiIeron AppConnect: an ecosystem of secure mobile apps MobileIron’s partnerships with leading Enterprise File Sync and Sharing (EFSS) vendors lets IT give users access to the consumer apps they want to use while ensuring that corporate data can be protected. With MobileIron, companies can put controls on EFSS apps including: • Requiring that users login to apps such as Box only on trusted devices • Whitelisting specific 3rd-party apps to ensure content can only be opened into other managed applications • Restricting the ability for users to cut, copy, or paste content In addition to EFSS partners, MobileIron has more than 70 AppConnect partners with more than 80 integrated solutions in market. Conclusion Mobile has introduced a new operating system architecture and application model. User expectations and threat landscapes have changed so that traditional information security technologies are no longer effective. MobileIron incorporates identity, security context, and privacy enforcement to set the appropriate level of access to enterprise data and services. This prevents the loss of enterprise data from mobile devices, apps, internal networks, or cloud. With MobileIron, only trusted users on trusted devices with trusted apps over trusted sessions can access enterprise data. That’s modern enterprise security.

Recommandé

Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
Kavita Rastogi
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
TestingXperts
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat Management
Killian Delaney
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your Employees
Neil Kemp
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?
IBM Security
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
SHOLOVE INTERNATIONAL LLC
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec Technology and Consulting
 
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYODIBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
Camilo Fandiño Gómez
 

Recommandé

Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
Kavita Rastogi
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
TestingXperts
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat Management
Killian Delaney
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your Employees
Neil Kemp
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?
IBM Security
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
SHOLOVE INTERNATIONAL LLC
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec Technology and Consulting
 
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYODIBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
Camilo Fandiño Gómez
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
Booz Allen Hamilton
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
AP DealFlow
 
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileEnabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
Nuno Alves
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile Security
Arrow ECS UK
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
Vince Verbeke
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
Tharaka Mahadewa
 
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...
BlackBerry
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
Cigniti Technologies Ltd
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Security
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
EMC
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
Jeewanthi Fernando
 
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIIBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
AGILLY
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environment
K Singh
 
Tech mahindra whitepaper modified mobile app store architecture with pro acti...
Tech mahindra whitepaper modified mobile app store architecture with pro acti...Tech mahindra whitepaper modified mobile app store architecture with pro acti...
Tech mahindra whitepaper modified mobile app store architecture with pro acti...
anuragsinghal1981
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
EMC
 
Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?
Ainsha Noordin (Umie)
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watson
Prime Infoserv
 
IBM Cloud Security Enforcer
IBM Cloud Security EnforcerIBM Cloud Security Enforcer
IBM Cloud Security Enforcer
Camilo Fandiño Gómez
 
Nicaragua pambicita
Nicaragua pambicitaNicaragua pambicita
Nicaragua pambicita
juanfelipe2002
 
Netto CV
Netto CVNetto CV
Netto CV
Mthembu Netto
 
David Armour CV v2.0
David Armour CV v2.0David Armour CV v2.0
David Armour CV v2.0
David Armour
 
66834 CPM Companies_Developement_Brochure_Single Page LOW REZ
66834 CPM Companies_Developement_Brochure_Single Page LOW REZ66834 CPM Companies_Developement_Brochure_Single Page LOW REZ
66834 CPM Companies_Developement_Brochure_Single Page LOW REZ
Nick Walton
 

Contenu connexe

Tendances

Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
AP DealFlow
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile Security
Arrow ECS UK
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
Tharaka Mahadewa
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Security
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environment
K Singh
 
Tech mahindra whitepaper modified mobile app store architecture with pro acti...
Tech mahindra whitepaper modified mobile app store architecture with pro acti...Tech mahindra whitepaper modified mobile app store architecture with pro acti...
Tech mahindra whitepaper modified mobile app store architecture with pro acti...
anuragsinghal1981
 

Tendances (18)

Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
 
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileEnabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile Security
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
 
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...
BlackBerry Unified Endpoint Manager (UEM): Complete Multi-OS Control for Secu...
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIIBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environment
 
Tech mahindra whitepaper modified mobile app store architecture with pro acti...
Tech mahindra whitepaper modified mobile app store architecture with pro acti...Tech mahindra whitepaper modified mobile app store architecture with pro acti...
Tech mahindra whitepaper modified mobile app store architecture with pro acti...
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
 
Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watson
 
IBM Cloud Security Enforcer
IBM Cloud Security EnforcerIBM Cloud Security Enforcer
IBM Cloud Security Enforcer
 

En vedette

David Armour CV v2.0
David Armour CV v2.0David Armour CV v2.0
David Armour CV v2.0
David Armour
 
66834 CPM Companies_Developement_Brochure_Single Page LOW REZ
66834 CPM Companies_Developement_Brochure_Single Page LOW REZ66834 CPM Companies_Developement_Brochure_Single Page LOW REZ
66834 CPM Companies_Developement_Brochure_Single Page LOW REZ
Nick Walton
 
CompTIA Network+ ce certificate
CompTIA Network+ ce certificateCompTIA Network+ ce certificate
CompTIA Network+ ce certificate
Asaad Morman
 
vExpert-certificate-2015a
vExpert-certificate-2015avExpert-certificate-2015a
vExpert-certificate-2015a
Andrew Hancock
 
Kidde co2 product manual 050128
Kidde co2 product manual 050128Kidde co2 product manual 050128
Kidde co2 product manual 050128
Bao Nguyen Dinh
 

En vedette (12)

Nicaragua pambicita
Nicaragua pambicitaNicaragua pambicita
Nicaragua pambicita
 
Netto CV
Netto CVNetto CV
Netto CV
 
David Armour CV v2.0
David Armour CV v2.0David Armour CV v2.0
David Armour CV v2.0
 
66834 CPM Companies_Developement_Brochure_Single Page LOW REZ
66834 CPM Companies_Developement_Brochure_Single Page LOW REZ66834 CPM Companies_Developement_Brochure_Single Page LOW REZ
66834 CPM Companies_Developement_Brochure_Single Page LOW REZ
 
009911282929
009911282929009911282929
009911282929
 
Doyle Antonio Professional Persona
Doyle Antonio Professional PersonaDoyle Antonio Professional Persona
Doyle Antonio Professional Persona
 
CompTIA Network+ ce certificate
CompTIA Network+ ce certificateCompTIA Network+ ce certificate
CompTIA Network+ ce certificate
 
vExpert-certificate-2015a
vExpert-certificate-2015avExpert-certificate-2015a
vExpert-certificate-2015a
 
Dasar-Dasar Keamanan Berinternet
Dasar-Dasar Keamanan BerinternetDasar-Dasar Keamanan Berinternet
Dasar-Dasar Keamanan Berinternet
 
Wages and Gifts
Wages and GiftsWages and Gifts
Wages and Gifts
 
Kidde co2 product manual 050128
Kidde co2 product manual 050128Kidde co2 product manual 050128
Kidde co2 product manual 050128
 
Viral vaccines 2
Viral vaccines 2Viral vaccines 2
Viral vaccines 2
 

Similaire à State ofmobilesecurity

Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
Cygnet Infotech
 
Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Arnold Bijlsma
 
SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015
Francisco Anes
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
IBM Software India
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
kostikjaylonshaewe47
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
JAYANT RAJURKAR
 
Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy on
ijmnct
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01
ijmnct
 

Similaire à State ofmobilesecurity (20)

MobileIron's Enterprise Solution for App Security and Management
MobileIron's Enterprise Solution for App Security and ManagementMobileIron's Enterprise Solution for App Security and Management
MobileIron's Enterprise Solution for App Security and Management
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
 
Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)Lookout Mobile Endpoint Security Datasheet (US - v2.5)
Lookout Mobile Endpoint Security Datasheet (US - v2.5)
 
SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015
 
Securing mobile apps in a BYOD world
Securing mobile apps in a BYOD worldSecuring mobile apps in a BYOD world
Securing mobile apps in a BYOD world
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
 
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityWEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
 
Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy on
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee
 
Mobile App-Store Enhanced Architecture with Pro-active Security Control
Mobile App-Store Enhanced Architecture with Pro-active Security ControlMobile App-Store Enhanced Architecture with Pro-active Security Control
Mobile App-Store Enhanced Architecture with Pro-active Security Control
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
 
What Is Cyber Security? | Cyberroot Risk Advisory
What Is Cyber Security? | Cyberroot Risk Advisory What Is Cyber Security? | Cyberroot Risk Advisory
What Is Cyber Security? | Cyberroot Risk Advisory
 

State ofmobilesecurity

  • 1. State of App Security Recent attacks targeting mobile apps and operating systems have put an unprecedented amount of mobile business data at risk. Many enterprises are unprepared to combat the latest mobile threats: • One in 10 enterprises have at least one compromised device. • More than 53% have at least one device that is not in compliance with corporate security policies. This white paper outlines how to protect enterprise data while realizing the transformative benefits of mobility. For more information about protecting corporate data against mobile threats, listen to MobileIron’s on-demand webinar. 415 East Middlefield Road Mountain View, CA 94043 USA Tel. +1.650.919.8100 Fax +1.650.919.8006 info@mobileiron.com
  • 2. 2 Apps drive business The transformative power of mobility can only be realized by mobilizing core business processes. Both custom-developed and third- party apps are at the heart of this transformation. But they need to be properly secured As the future of work evolves toward mobility, the future of data breaches and cybercrime lies in mobile apps and operating systems. Recent attacks, such as XcodeGhost, Stagefright, Key Raider, and YiSpecter, for the first time are targeting mobile apps and operating systems to exfiltrate sensitive data. Many enterprises are unprepared. For example, iOS apps infected with XcodeGhost malware can collect information about devices and then encrypt and upload that data to command and control (CnC) servers run by attackers through the HTTP protocol. Malware detection company FireEye identified more than 4,000 infected apps on the App Store and mobile app risk management company Appthority found that almost every organization with at least 100 iOS devices had at least one infected device. Attackers are starting to capitalize on enterprises’ inability to prevent and detect mobile malware. 300,000 apps that were custom built for employee use. MobileIron customers have deployed more than Top third-party apps deployed: Salesforce Goodreader Microsoft Office Suite Cisco AnyConnect Box Cisco Webex Skype for Business Google Docs Evernote Xora Mobile Worker 1 2 3 4 5 6 7 8 9 10 We are tech savvy consumers that have come to expect consumer-grade experiences from our work tools. The KeyRaider malware was used to steal information from 225,000 jailbroken iPhones. ActiveSync/O365 and anti-virus tools are ill-equipped to protect against today’s mobile threats because they have no visibility into jailbroken or rooted devices.
  • 3. 3 Malware is becoming more sophisticated and a recent approach is to infiltrate corporate networks over the VPN to steal data. Anti-virus is not effective in this situation because mobile operating systems sandbox applications, preventing anti-virus from removing threats. When employees use a VPN to access the corporate network, organizations are unknowingly allowing all apps to possibly access the network, including malicious apps. crossing networks the company doesn’t own. For example, an employee traveling on business may connect to an open Wi-Fi hotspot that may or may not be legitimate. Traditional Network Access Control (NAC) has very limited visibility into the security posture of a mobile device. 1 in 10 enterprises has at least one compromised device Companies need to make sure they are using anti-malware Enterprises must also consider data loss from rogue access points and Man in the Middle (MitM) attacks. In the mobile world, devices that the company may or may not own are Today’s organizations have many disparate security technologies that are rarely fully integrated. Even when they are, they seldom include information about mobile devices and apps. As more work gets done on mobile devices and more enterprise data moves in apps and clouds, organizations need to ensure that they are protecting themselves against internal and external threats. Time to rethink app security MobileIron secures corporate data in a world of mixed-use devices by separating the corporate data and apps from the personal data and apps, and by authenticating users, apps, and devices before granting access to network resources. Based on the identity of the user and the security context of the user, app, device, network, and cloud, MobileIron allows the enterprise to make dynamic decisions about what services to provide to whom and when. More than 53% of enterprises have at least one device that is not in compliance with corporate security policies
  • 4. 4 Proactive Defenses Most current security technologies lack mobile awareness and the ability to prevent data loss. MobileIron embraces the new features found in mobile to create innovative ways of protecting mobile enterprise data in apps, in the cloud, on the network, and on the device using containerization, encryption, and app-level data loss prevention (DLP) controls. • MobileIron AppConnect secures app data-at-rest. • MobileIron Tunnel secures app data-in-motion. • MobileIron’s Content Security Service provides document-level security to protect enterprise content across personal cloud services. • MobileIron Sentry, MobileIron’s intelligent gateway, manages, encrypts, and secures traffic between the mobile device and back-end enterprise systems. Automated response to threats Current response mechanisms are failing to detect and respond to mobile threats. MobileIron does both online and offline detection of malware/compromise and initiates automated, real-time responses such as wiping corporate data and apps or blocking network access. For example: • A compromised or out of compliance device can be quarantined and the enterprise data removed. • Network access can be limited or totally blocked in response to the device being rooted or jailbroken. App data-at-rest and app data-in-motion security Mobile computing puts enterprise data in apps, therefore data must be secured at the app level. MobileIron’s AppConnect protects data-at-rest within the app and provides DLP controls in order to ensure that enterprise data is shared only with corporate sanctioned apps and cloud services. AppConnect deletes corporate data To protect sensitive data against the threats of tomorrow, enterprises need to rethink their security approach for a fundamentally different mobile architecture.
  • 5. 5 when a threat is detected. Data-in-motion is secured using MobileIron Tunnel for per-App VPN. MobileIron Docs@Work provides data loss prevention (DLP) controls to protect these documents from unauthorized distribution and secure access to enterprise storage services like SharePoint, Office 365, OneDrive Pro, and Box. In conjunction with MobileIron Sentry, Docs@ Work secures email attachments so that they are encrypted and can only be viewed using authorized applications that are managed by MobileIron. Integrations to make the existing enterprise security stack mobile-aware MobileIron provides in-depth defense with an ecosystem of best-of-breed partners which integrate with MobileIron to make enterprise infrastructure mobile-aware. MobileIron has integrated with leading Threat Management vendors including FireEye, Veracode, CheckPoint, and Proofpoint for malware detection and mitigation, and top Network Access Control vendors Aruba, Cisco and Forescout. MobileIron has also integrated with Splunk to allow IT to intercept security threats by correlating mobile device data with Splunk’s common information model to diagnose problems. MobiIeron AppConnect: an ecosystem of secure mobile apps MobileIron’s partnerships with leading Enterprise File Sync and Sharing (EFSS) vendors lets IT give users access to the consumer apps they want to use while ensuring that corporate data can be protected. With MobileIron, companies can put controls on EFSS apps including: • Requiring that users login to apps such as Box only on trusted devices • Whitelisting specific 3rd-party apps to ensure content can only be opened into other managed applications • Restricting the ability for users to cut, copy, or paste content In addition to EFSS partners, MobileIron has more than 70 AppConnect partners with more than 80 integrated solutions in market. Conclusion Mobile has introduced a new operating system architecture and application model. User expectations and threat landscapes have changed so that traditional information security technologies are no longer effective. MobileIron incorporates identity, security context, and privacy enforcement to set the appropriate level of access to enterprise data and services. This prevents the loss of enterprise data from mobile devices, apps, internal networks, or cloud. With MobileIron, only trusted users on trusted devices with trusted apps over trusted sessions can access enterprise data. That’s modern enterprise security.