www.cloudsecurityalliance.org copyright © 2011 cloud security alliance mobile working group session

Download Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Mobile Working Group Session

Post on 31-Mar-2015

213 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Slide 1

www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Mobile Working Group Session Slide 2 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Dan Hubbard Guido Sanchidrian Mark Cunningham Nadeem Bhukari Alice Decker Satheesh Sudarsan Matt Broda Randy Bunnell Megan Bell Jim Hunter Pam Fusco Tyler Shields Jeff Shaffer Govind Tatachari Ken Huang Mats Nslund Giles Hogben Eric Fisher Sam Wilke Steven Michalove Allen Lum Girish Bhat Warren Tsai Jay Munsterman Initiative Leads/Contributors Co-chairs David Lingenfelter Cesare Garlati Freddy Kasprzykowski CSA Staff Luciano Santos John Yeoh Aaron Alva Evan Scoboria Kendall Scoboria Slide 3 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Security Guidance for Critical Areas of Mobile Computing Published Nov. 2012 Mobile Computing Definition Threats to Mobile Computing Maturity of the Mobile Landscape BYOD Policies Mobile Authentication App Stores Mobile Device Management Slide 4 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Authentication Apps MDM BYOD Slide 5 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Slide 6 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance 1. Data loss from lost, stolen or decommissioned devices. 2. Information-stealing mobile malware. 3. Data loss and data leakage through poorly written third-party apps. 4. Vulnerabilities within devices, OS, design and third-party applications. 5. Unsecured Wi-Fi, network access and rogue access points. 6. Unsecured or rogue marketplaces. 7. Insufficient management tools, capabilities and access to APIs (includes personas). 8. NFC and proximity-based hacking. Slide 7 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance theres room for improvement 78% Have Mobile Policy 86% Allow BYOD 47% Utilize MDM 36% Have App Restriction 41% Have Security Controls Slide 8 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Jay Munsterman Slide 9 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Analyze new challenges of: Policy Privacy Device and Data Segmentation Delivered Policy Guidance for v1 Guidance Slide 10 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Need more team members!! Help us out! Conference call late March Decide on next steps, consider: Policy Templates Policy Examples Evaluation of emerging containerization options Slide 11 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance David Lingenfelter Slide 12 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Increase security and compliance enforcement Reduce the cost of supporting mobile assets Enhance application and performance management Ensure better business continuity Increase productivity and employee satisfaction Beyond Simple MDM Slide 13 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Mark Cunningham Slide 14 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Slide 15 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Slide 16 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Slide 17 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Slide 18 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Ease of Use Future Authentication Technologies Slide 19 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance What you download may be compromised! James Hunter Slide 20 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Apple and Google control 80% of the App Market By the end of 2013 an estimated 50 Billion downloads There are over 1 million different Apps The summary doesn't consider Amazon and Samsung. Corporate sites offering downloads for their flavor Apps, Developers, in all sizes and Apps Distributors. We have a chaotic marketplace depending on the participants "best efforts", to insure the end user privacy and security, as well as that of others (Companies who employ them, even ones they visit and use WiFi service). Slide 21 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance How trustworthy is the App Store? How trustworthy is the Developer? Can the user report issues found in the App? Who should get the report? Does the App use more permissions than needed? Does the App make connections to the Internet? Does the user need anti-virus, malware, etc.? Will this be an issue with BYOD? Slide 22 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Initial draft of the policy guideline submitted in late October-early November 2012, for Orlando. November 2012 decision made to develop a stand- alone document. December 2012 received updated peer review info from J. Yeoh. January 2013 started efforts to recruit more volunteers for App Store Security working group? February 2013 re-started efforts to make contact with App Store Management at Microsoft. Slide 23 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance March 2013 start update of draft guideline to a stand alone document. March 2013 continue efforts to recruit several volunteers to work on the stand alone document. March 2013 request CSA Global support for contacts with Apple, Google, Amazon, Samsung Appstore contacts. April-June 2013 pursue App Store management contacts, involvement and support. Slide 24 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Thanks to the following individuals: John Yeoh, Research Analyst, Global CSAAuthors/Contributors Group Lead James Hunter, Net Effects Inc. Peer Reviewers Tom Jones; Ionnis Kounelis; Sandeep Mahajan; Henry St. Andre, InContact Co Chair, Mobile Security, Cesare Garlati Trend Micro Slide 25 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Moving at the speed of mobile! Slide 26 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Charter review Cooperation Between Working Groups New Mobile Controls In CCM Maturity questionnaire v2.0 Top Threats Review Stand Alone App Store Document Stand Alone Authentication Document New Section On Data Protection Slide 27 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Securing public and private application stores Analysis of mobile security features of key mobile operating systems Mobile device management, provisioning, policy, and data management Guidelines for the mobile device security framework Scalable authentication for mobile Best practices for secure mobile application Identification of primary risks related BYOD Bring Your Own Device Solutions for resolving multiple usage roles related to BYOD Slide 28 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Information sharing across working groups Already working with CCM More guidance and input from Corporate, GRC and SME Timeframes/Deadlines/Review Periods Slide 29 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Create more material people will want to use to develop their mobile business plans Baseline Controls Policy Templates App Security Guidelines Threats and Risks Slide 30 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance BlackHat (July 27-Aug1) EMEA Congress (September) ASIAPAC Events (Congress, May 14-17) CSA Congress Orlando (November) https://cloudsecurityalliance.org/events/ Slide 31 www.cloudsecurityalliance.org Copyright 2011 Cloud Security Alliance Chapter meetings every other Thursday @ 9:00am PST LinkedIn: Cloud Security Alliance: Mobile Working Group Basecamp

Recommended

View more >