Mobile Application Security



Similar documents
Good for Enterprise Good Dynamics

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

How To Secure Your Mobile Device

Enterprise Mobile App Management Essentials. Presented by Ryan Hope and John Nielsen

Secure Your Mobile Workplace

How To Protect Your Mobile Device From Attack

AirWatch Solution Overview

AirWatch Enterprise Mobility Management. AirWatch Enterprise Mobility Management

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

Systems Manager Cloud-Based Enterprise Mobility Management

Dell World Software User Forum 2013

Kaspersky Security for Mobile Administrator's Guide

ForeScout MDM Enterprise

End User Devices Security Guidance: Apple ios 8

Course Outline. Managing Enterprise Devices and Apps using System Center Configuration ManagerCourse 20696B: 5 days Instructor Led

The ForeScout Difference

Enterprise Mobility Management for Financial Sector

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Feature List for Kaspersky Security for Mobile

Building Apps for iphone and ipad. Presented by Ryan Hope, Sumeet Singh

Mobile Device Security Is there an app for that?

Management of Multi-OS Smart Devices Made Simple.

Mobile App Containers: Product Or Feature?

Managing Enterprise Devices and Apps using System Center Configuration Manager

20696B: Administering System Center Configuration Manager and Intune

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

Managing Enterprise Devices and Apps using System Center Configuration Manager 20696B; 5 Days, Instructor-led

Welcome! Thank you! mobco about mobile samsung about devices mobileiron about mobile IT accellion on mobile documents hands-on devices and race karts

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering!

Embracing Complete BYOD Security with MDM and NAC

Mobile device and application management. Speaker Name Date

BYOD Guidance: BlackBerry Secure Work Space

Fromdistance MDM. Setting the standard in device management

MaaS360 Mobile Enterprise Gateway

Building Secure Mobile Applications Using MaaS360 SDK and IBM Worklight

MaaS360 Mobile Enterprise Gateway

AT&T Toggle. 4/23/2014 Page i

Enterprise Mobility as a Service

Mobile Device Management for CFAES

Microsoft Windows Intune: Cloud-based solution

6 Things To Think About Before Implementing BYOD

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

Microsoft Enterprise Mobility Suite

Codeproof Mobile Security & SaaS MDM Platform

Systems Manager Cloud Based Mobile Device Management

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

What We Do: Simplify Enterprise Mobility

Apps. Devices. Users. Data. Deploying and managing applications across platforms is difficult.

Getting Started Guide: Getting the most out of your Windows Intune cloud

Cortado Corporate Server

Mobile Device Strategy

Move over, TMG! Replacing TMG with Sophos UTM

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Kony Mobile Application Management (MAM)

I D C V E N D O R S P O T L I G H T. T a m i n g t h e C onsumerization of IT w ith C l o u d - B a s e d M obile De vi c e M a n a g e ment

DUBEX CUSTOMER MEETING

Introduction to the AirWatch Browser Guide

BYOD: BRING YOUR OWN DEVICE.

GETS AIRWATCH MDM HANDBOOK

Clavister InSight TM. Protecting Values

Deploying Management and Security Agents to Mobile Devices. Deploying Mgmt and Security Agents

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Guideline on Safe BYOD Management

Total Enterprise Mobility. Norbert Elek

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown

EFFECTIVE BYOD. A presentation by: Tzachy Givaty, CommuniTake

AppConnect FAQ for MobileIron Technology Partners! AppConnect Overview

Symantec Mobile Management for Configuration Manager 7.2

Sichere bewegliche Arbeitskräfte Trend Micro Safe Mobile Workforce

THEODORA TITONIS VERACODE Vice President Mobile

Advanced Configuration Steps

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Cloud Services MDM. ios User Guide

Features of AnyShare

Athena Mobile Device Management from Symantec

Operationalize Policies. Take Action. Establish Policies. Opportunity to use same tools and practices from desktop management in server environment

Ben Hall Technical Pre-Sales Manager

PULSE APPCONNECT. A Micro VPN That Allows Specific Applications on Mobile Devices to Independently Leverage the Connect Secure Gateway.

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Parla, Secure Cloud

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

Bell Mobile Device Management (MDM)

Oracle Mobile Security

MDM Mobile Device Management

Sophos Mobile Control Technical guide

Cisco Mobile Collaboration Management Service

Transcription:

Mobile Application Security Rebecca Finnin, AT&T ISACA Geek Week 08/20/2013

AGENDA Mobile Application Development Review Gartner Framework of Mobile App Development Challenges Outline Security Implications of Each Discuss Unique AT&T Solutions

Mobile App Development: Challenges Gartner Field Research Summary: Mobile Application Development Jan 24 2013, Kirk Knoernschild & Danny Brian Strategy and Governance Development and Delivery Platforms and Frameworks Management and Security

Mobile App Development: Challenges Mobile Application Development Strategy and Governance Operating Without a Plan Security Concern: Threat modeling and architecture review with agile development? IT s Second Chance Security Concern: Percentage of mobile applications developed by 3 rd parties? Cross-Functional Strategy Security Concern: Critical mass to form Mobile Center of Excellence (COE)?

Mobile App Development: Challenges Mobile Application Development Development and Delivery Adopting Agile Security Concern: Developer experience with mobile platforms (much less security)? RESTful Service Orientation Security Concern: Who is testing the API on back end application? Distribution Challenges Security Concern: Public or private app stores? Testing Complexity Squared Security Concern: Testing via devices or simulators? AT&T Solution: Application Resource Optimization (ARO)

AT&T Solution: ARO Mobile Application Design Challenges Mobile code not being written mindful of unique aspects of wireless network environment Leads to issues with user experience, battery life and network efficiency Most common pitfalls: excessive radio activity, inefficient use of pre-fetching, unnecessary duplicate content downloads

AT&T Solution: ARO AT&T Solution - Application Resource Optimizer (ARO) http://developer.att.com/aro Free java-based, open source diagnostic tool Available for use with Android and Windows, ios (network usage only via proxy) Measures data traffic, GPS, bluetooth and camera usage Grades application (Pass/Fail) against 12 best practices Ex Benefits: 46% energy savings from clustering data transfers, eliminate 17% of network traffic from unnecessary download of unaltered HTTP content Based upon research papers from AT&T and UMich, ACM Mobisys conference

AT&T Solution: ARO Security Features Integration with Lookout - Mobile Security API Provides assessment of mobile code for indications of malware, spyware or other security vulnerabilities 6-10 High / 5-1 Medium / 0 Low Severity Readout Available for Android Application Packages (APK) upon release in March 2013

Mobile App Development: Challenges Mobile Application Development Platforms and Frameworks A Tale of Two Platforms Security Concern: Standards for device OS, cross-platform mobile development framework or all of the above? Betting on HTML5 Security Concern: HTML5 may become operational best practice, but as it matures will it incorporate better security measures? A Framework Dilemma Security Concern: How to Develop Security SMEs with such a diverse toolset? The App Residency Decision Security Concern: Should native app be required for certain situations or mandate additional security controls for mobile web apps?

Mobile App Development: Challenges Mobile Application Development Management and Security Relying on MDM Security Concern: Is MDM enough or too device-centric? Dealing with Data Security Concern: Do you trust device storage? AT&T Solution: TOGGLE

AT&T Solution: TOGGLE Mobile Device Paradox Cost pressures / user preferences mean use of personal devices is desirable Security concerns about corporate data on personal device is undesirable

AT&T Solution: TOGGLE Technology Options MDM Container Hypervisor Dual Persona Corporate Email Y Y Y Y Centralized configuration management and trouble-shooting, device wipe/lock Role-based policy mgmt for access to apps and Data Y Y Y Y Y Y Y Y Basic Enterprise App Store Y Y Y Application Push Y Y Y Y Device and App Usage reporting Y Y Y BTF Server deployment Y Y Cloud deployment Y Y Separation of user and business data Y Y Y Basic Security (Password / AV / Malware/ VPN / Encryption) Enhanced Security (real-time network based scanning) Y Y Y Y End-User and IT Self Service Y Y Y Y 12 Personal Applications, Data, and Usage not seen by IT Y Y Multi-OS Support Y Y Y

AT&T Solution: TOGGLE AT&T Solution - TOGGLE https://www.wireless.att.com/businesscenter/solutions/industrysolutions/mobile-productivity-solutions/toggle.jsp Establishes two containers on a single device: Personal and Work Available with any domestic carrier and on ios and Android platforms ToggleHub provides centralized enterprise application, document and media distribution portal. Work mode also provides access to corporate email, contact lists, calendars, browser, messenger tools and access to encrypted attachments. Administrative Interface provides device inventory, user and application management, policy based administration, configuration management and reporting

AT&T Solution: TOGGLE How Does It Work? Mobile application client creates encrypted, password protected workspace on the device Management console is a cloud-based service Security Features Include: Anti Virus / Anti Malware features Application Level VPN LDAP/Active Directory Integration Mobile Device Management Application and Content Management Document Viewer AT&T Toggle Browser Toggle Email Enhanced Application Wrapping

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information