Thank You Dan Hubbard Guido Sanchidrian Mark Cunningham Nadeem Bhukari Alice Decker Satheesh Sudarsan Matt Broda Randy Bunnell Megan Bell Jim Hunter Pam Fusco Tyler Shields ID: 753713
Download Presentation The PPT/PDF document "Mobile Working Group Session" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Mobile Working Group Session Slide2
Thank You
Dan
HubbardGuido SanchidrianMark Cunningham Nadeem BhukariAlice DeckerSatheesh SudarsanMatt BrodaRandy BunnellMegan BellJim HunterPam FuscoTyler Shields
Jeff ShafferGovind TatachariKen HuangMats NäslundGiles HogbenEric FisherSam WilkeSteven MichaloveAllen LumGirish BhatWarren TsaiJay Munsterman
Initiative Leads/Contributors
Co-chairs
David Lingenfelter
Cesare
Garlati
Freddy Kasprzykowski
CSA Staff
Luciano Santos
John
Yeoh
Aaron Alva
Evan Scoboria
Kendall ScoboriaSlide3
Mobile Guidance v1.0
Security Guidance for
Critical Areas of Mobile ComputingPublished Nov. 2012Mobile Computing DefinitionThreats to Mobile ComputingMaturity of the Mobile LandscapeBYOD PoliciesMobile AuthenticationApp StoresMobile Device ManagementSlide4
Mobile Guidance DefinedSlide5
Threats and MaturitySlide6
Top Mobile Threats – Evil 8
Data
loss from lost, stolen or decommissioned devices. Information-stealing mobile malware. Data l
oss and data leakage through poorly written third-party apps. Vulnerabilities within devices, OS, design and third-party applications. Unsecured Wi-Fi, network access and rogue access points. Unsecured or rogue marketplaces. Insufficient management tools,
capabilities and access to APIs (
includes
personas).
NFC and
proximity-based hacking.Slide7
Maturity
…there’s room for improvementSlide8
BYOD
Jay
MunstermanSlide9
BYOD Charter
Analyze new challenges of:
PolicyPrivacyDevice and Data SegmentationDelivered Policy Guidance for v1 GuidanceSlide10
Next Steps for BYOD
Need more team members!! Help us out!
Conference call late MarchDecide on next steps, consider:Policy TemplatesPolicy ExamplesEvaluation of emerging containerization optionsSlide11
MDM
David
LingenfelterSlide12
MDM Opportunities
Increase security and compliance enforcement
Reduce the cost of supporting mobile assetsEnhance application and performance managementEnsure better business continuityIncrease productivity and employee satisfaction
Beyond Simple MDM Slide13
Mobile Authentication
Mark CunninghamSlide14
Mobile Authentication GuidanceSlide15
Mobile Authentication GuidanceSlide16
Mobile Authentication GuidanceSlide17
Mobile Authentication GuidanceSlide18
Mobile Authentication
GuidanceEase of UseFuture Authentication TechnologiesSlide19
App Stores security
What you download may be compromised!
James HunterSlide20
State of the App Market
Apple and Google control 80% of the App Market
By the end of 2013 an estimated 50 Billion downloadsThere are over 1 million different AppsThe summary doesn't consider Amazon and Samsung. Corporate sites offering downloads for their flavor Apps, Developers, in all sizes and Apps Distributors.We
have a chaotic marketplace depending on the participants "best efforts", to insure the end user privacy and security, as well as that of others (Companies who employ them, even ones they visit and use WiFi service).Slide21
What are the areas of concern?
How trustworthy is the App Store?
How trustworthy is the Developer?Can the user report issues found in the App?Who should get the report?Does the App use more permissions than needed?Does the App make connections to the Internet?
Does the user need anti-virus, malware, etc.?Will this be an issue with BYOD? Slide22
The status of the working group?
Initial draft of the policy guideline submitted in late October-early November 2012, for Orlando.
November 2012 decision made to develop a stand-alone document.December 2012 received updated peer review info from J. Yeoh.January 2013 started efforts to recruit more volunteers for App Store Security working group?February 2013 re-started efforts to make contact with App Store Management at Microsoft.Slide23
The status of the working group?
March 2013 start update of draft guideline to a stand alone document.
March 2013 continue efforts to recruit several volunteers to work on the stand alone document.March 2013 request CSA Global support for contacts with Apple, Google, Amazon, Samsung Appstore contacts.April-June 2013 pursue App Store management contacts, involvement and support.Slide24
App Store Security Initiative
Thanks to the following individuals:
John Yeoh, Research Analyst, Global CSAAuthors/ContributorsGroup Lead James Hunter, Net Effects Inc. Peer ReviewersTom Jones; Ionnis Kounelis; Sandeep Mahajan; Henry St. Andre, InContactCo Chair, Mobile Security, Cesare Garlati Trend MicroSlide25
Mobile 2013
Moving at the speed of mobile!Slide26
Where do we go from here?
Charter review
Cooperation Between Working GroupsNew Mobile Controls In CCMMaturity questionnaire v2.0Top Threats ReviewStand Alone App Store DocumentStand Alone Authentication DocumentNew Section On Data ProtectionSlide27
Mobile Working Group Charter
Securing public and private application stores
Analysis of mobile security features of key mobile operating systemsMobile device management, provisioning, policy, and data managementGuidelines for the mobile device security frameworkScalable authentication for mobileBest practices for secure mobile applicationIdentification of primary risks related BYOD – Bring Your Own DeviceSolutions for resolving multiple usage roles related to BYODSlide28
Chapter Cooperation
Information
sharing across working groupsAlready working with CCMMore guidance and input from Corporate, GRC and SMETimeframes/Deadlines/Review PeriodsSlide29
Reference Materials
Create more material people will want to use to develop their mobile business plans
Baseline ControlsPolicy TemplatesApp Security GuidelinesThreats and RisksSlide30
CSA 2013 Events
BlackHat
(July 27-Aug1)EMEA Congress (September)ASIAPAC Events (Congress, May 14-17)CSA Congress Orlando (November)https://cloudsecurityalliance.org/events/Slide31
Thank you
Chapter meetings every other Thursday @ 9:00am PST
LinkedIn: Cloud Security Alliance: Mobile Working GroupBasecamp