beyond byod: securing the data (not the device)
DESCRIPTION
Bring Your Own Device; The Risk? Malware residing on personal devices taking advantage of user rights to leak corporate data. The Solution? Find out here with full slides presentation & video recording available on: http://www.denyall.com/recordings_en.html http://www.denyall.comTRANSCRIPT
Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 1 3/19/2013 DenyAll & Promon © 2013 1
Beyond BYOD: securing the
data (not the device)
March 19, 2013
This event will start at
11am CET,
thanks for your patience
Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 2 3/19/2013 DenyAll & Promon © 2013 2
• You’re muted…
• … but please ask your
questions using the chat tool
• We’ll take a few minutes at the
end to answer them
Logistics
Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 3 3/19/2013 DenyAll & Promon © 2013 3
Today's Presentors
Stéphane de Saint Albin
CMO
Tom Lysemose
CTO & founder
Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 4 3/19/2013 DenyAll & Promon © 2013 4
Bring Your Own Device?
The Risk.
Malware residing on personal devices taking
advantage of user rights to leak corporate data.
The Solution.
rWeb + Client Shield protect corporate data
accessed via browsers and mobile apps.
Todays’ Webinar
Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 5 3/19/2013 DenyAll & Promon © 2013 5
Content
1. Beyond BYOD: the issue with personal
devices
2. Man-In-The-Browser/Mobile attacks
3. Protecting corporate data on personal devices
– Browser-based apps (OWA)
– Mobile Apps
4. Q&A and conclusion
Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 6 3/19/2013 DenyAll & Promon © 2013 6 Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 6
Beyond BYOD: the issue
with personal devices
Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 7 3/19/2013 DenyAll & Promon © 2013 7 Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 7
Poll #1
Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 8 3/19/2013 DenyAll & Promon © 2013 8
• Security policy adjusted to allow personal
device connectivity
– Exceptions to wifi policy, for example
– Creates security ‘holes’ that can be exploited by hackers
• Users access both personal and corporate data
– User credentials and corporate data ‘stored’ on devices
– Cracked in minutes, cf. Symantec Experiment
• Personal devices are unmanaged by default
– No password, no security control
– No lock or remote deletion capability if lost/stolen
BYOD related issues
Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 9 3/19/2013 DenyAll & Promon © 2013 9
• Endpoint security not efficient vs. modern threats
– Won’t prevent malware infection
– Millions of zombie devices in spite of anti-virus software
• MDM is no silver bullet
– Enforcing secure configuration policy is a good
but insufficient step
• Compromised devices can become attack vectors
– Modern malware now available on mobile platforms
Beyond BYOD
Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 10 3/19/2013 DenyAll & Promon © 2013 10
• The problem with personal devices is not that they
– are used to play and work
– can be lost or stolen
– are usually unmanaged
– are not well protected against malware
– should be considered as unsafe
• The problem is that they access, use and store
sensitive data
– User credentials
– Corporate email
– Confidential information accessed via mobile apps
Data security is the issue
Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 11 3/19/2013 DenyAll & Promon © 2013 11 Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 11
Man-in-the-Browser/Mobile
Attacks
To read full slides presentation & access to the video recording on:
Beyond BYOD: securing the data (not the device)
Please click on the link available in the description below.
Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 13 3/19/2013 DenyAll & Promon © 2013 13
Thank you!
+33 1 46 20 96 00