Mobile Working Group Session - PowerPoint Presentation

Slide1

Mobile Working Group Session Slide2

Thank You

Dan

HubbardGuido SanchidrianMark Cunningham Nadeem BhukariAlice DeckerSatheesh SudarsanMatt BrodaRandy BunnellMegan BellJim HunterPam FuscoTyler Shields

Jeff ShafferGovind TatachariKen HuangMats NäslundGiles HogbenEric FisherSam WilkeSteven MichaloveAllen LumGirish BhatWarren TsaiJay Munsterman

Initiative Leads/Contributors

Co-chairs

David Lingenfelter

Cesare

Garlati

Freddy Kasprzykowski

CSA Staff

Luciano Santos

John

Yeoh

Aaron Alva

Evan Scoboria

Kendall ScoboriaSlide3

Mobile Guidance v1.0

Security Guidance for

Critical Areas of Mobile ComputingPublished Nov. 2012Mobile Computing DefinitionThreats to Mobile ComputingMaturity of the Mobile LandscapeBYOD PoliciesMobile AuthenticationApp StoresMobile Device ManagementSlide4

Mobile Guidance DefinedSlide5

Threats and MaturitySlide6

Top Mobile Threats – Evil 8

Data

loss from lost, stolen or decommissioned devices. Information-stealing mobile malware. Data l

oss and data leakage through poorly written third-party apps. Vulnerabilities within devices, OS, design and third-party applications. Unsecured Wi-Fi, network access and rogue access points. Unsecured or rogue marketplaces. Insufficient management tools,

capabilities and access to APIs (

includes

personas).

NFC and

proximity-based hacking.Slide7

Maturity

…there’s room for improvementSlide8

BYOD

Jay

MunstermanSlide9

BYOD Charter

Analyze new challenges of:

PolicyPrivacyDevice and Data SegmentationDelivered Policy Guidance for v1 GuidanceSlide10

Next Steps for BYOD

Need more team members!! Help us out!

Conference call late MarchDecide on next steps, consider:Policy TemplatesPolicy ExamplesEvaluation of emerging containerization optionsSlide11

MDM

David

LingenfelterSlide12

MDM Opportunities

Increase security and compliance enforcement

Reduce the cost of supporting mobile assetsEnhance application and performance managementEnsure better business continuityIncrease productivity and employee satisfaction

Beyond Simple MDM Slide13

Mobile Authentication

Mark CunninghamSlide14

Mobile Authentication GuidanceSlide15

Mobile Authentication GuidanceSlide16

Mobile Authentication GuidanceSlide17

Mobile Authentication GuidanceSlide18

Mobile Authentication

GuidanceEase of UseFuture Authentication TechnologiesSlide19

App Stores security

What you download may be compromised!

James HunterSlide20

State of the App Market

Apple and Google control 80% of the App Market

By the end of 2013 an estimated 50 Billion downloadsThere are over 1 million different AppsThe summary doesn't consider Amazon and Samsung. Corporate sites offering downloads for their flavor Apps, Developers, in all sizes and Apps Distributors.We

have a chaotic marketplace depending on the participants "best efforts", to insure the end user privacy and security, as well as that of others (Companies who employ them, even ones they visit and use WiFi service).Slide21

What are the areas of concern?

How trustworthy is the App Store?

How trustworthy is the Developer?Can the user report issues found in the App?Who should get the report?Does the App use more permissions than needed?Does the App make connections to the Internet?

Does the user need anti-virus, malware, etc.?Will this be an issue with BYOD? Slide22

The status of the working group?

Initial draft of the policy guideline submitted in late October-early November 2012, for Orlando.

November 2012 decision made to develop a stand-alone document.December 2012 received updated peer review info from J. Yeoh.January 2013 started efforts to recruit more volunteers for App Store Security working group?February 2013 re-started efforts to make contact with App Store Management at Microsoft.Slide23

The status of the working group?

March 2013 start update of draft guideline to a stand alone document.

March 2013 continue efforts to recruit several volunteers to work on the stand alone document.March 2013 request CSA Global support for contacts with Apple, Google, Amazon, Samsung Appstore contacts.April-June 2013 pursue App Store management contacts, involvement and support.Slide24

App Store Security Initiative

Thanks to the following individuals:

John Yeoh, Research Analyst, Global CSAAuthors/ContributorsGroup Lead James Hunter, Net Effects Inc. Peer ReviewersTom Jones; Ionnis Kounelis; Sandeep Mahajan; Henry St. Andre, InContactCo Chair, Mobile Security, Cesare Garlati Trend MicroSlide25

Mobile 2013

Moving at the speed of mobile!Slide26

Where do we go from here?

Charter review

Cooperation Between Working GroupsNew Mobile Controls In CCMMaturity questionnaire v2.0Top Threats ReviewStand Alone App Store DocumentStand Alone Authentication DocumentNew Section On Data ProtectionSlide27

Mobile Working Group Charter

Securing public and private application stores

Analysis of mobile security features of key mobile operating systemsMobile device management, provisioning, policy, and data managementGuidelines for the mobile device security frameworkScalable authentication for mobileBest practices for secure mobile applicationIdentification of primary risks related BYOD – Bring Your Own DeviceSolutions for resolving multiple usage roles related to BYODSlide28

Chapter Cooperation

Information

sharing across working groupsAlready working with CCMMore guidance and input from Corporate, GRC and SMETimeframes/Deadlines/Review PeriodsSlide29

Reference Materials

Create more material people will want to use to develop their mobile business plans

Baseline ControlsPolicy TemplatesApp Security GuidelinesThreats and RisksSlide30

CSA 2013 Events

BlackHat

(July 27-Aug1)EMEA Congress (September)ASIAPAC Events (Congress, May 14-17)CSA Congress Orlando (November)https://cloudsecurityalliance.org/events/Slide31

Thank you

Chapter meetings every other Thursday @ 9:00am PST

LinkedIn: Cloud Security Alliance: Mobile Working GroupBasecamp