Mobile App Security Take Any Mobile App and Make It Secure

Similar documents
The Seven Habits of State-of-the-Art Mobile App Security

Ensuring the security of your mobile business intelligence

WHITE PAPER Secure mobile computing and business intelligence on Apple and Android mobile devices

Ensuring the security of your mobile business intelligence

WHITE PAPER Secure mobile computing and business intelligence on Apple and Android mobile devices

The increasing popularity of mobile devices is rapidly changing how and where we

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Secure Your Enterprise with Usher Mobile Identity

STRONGER AUTHENTICATION for CA SiteMinder

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Google Identity Services for work

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

SharePlus Enterprise: Security White Paper

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Frequently asked questions

IBM Cognos Mobile Overview

Deploying iphone and ipad Security Overview

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

FileCloud Security FAQ

SAS Mobile BI Security and the Mobile Device

Agenda. How to configure

WHITE PAPER Usher Mobile Identity Platform

ANALYTICS WHITE PAPER. MicroStrategy Analytics: Delivering Secure Enterprise Analytics

A brief on Two-Factor Authentication

Chris Boykin VP of Professional Services

Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager

Security Overview Enterprise-Class Secure Mobile File Sharing

#mstrworld. Support BYOD with MicroStrategy Mobile to cut costs and deploy to 1000s

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

An Overview of Samsung KNOX Active Directory and Group Policy Features

ios Enterprise Deployment Overview

Cloud Services MDM. ios User Guide

Guidance End User Devices Security Guidance: Apple OS X 10.9

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Mobile Security. Policies, Standards, Frameworks, Guidelines

Kony Mobile Application Management (MAM)

Roadmap to Solving Enterprise Mobility

Leveraging SAML for Federated Single Sign-on:

ipad in Business Security

How To Protect Your Mobile Devices From Security Threats

company policies are adhered to and all parties (traders,

Workday Mobile Security FAQ

Mobile Device Management Version 8. Last updated:

BYOD Guidance: BlackBerry Secure Work Space

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

How To Manage A Plethora Of Identities In A Cloud System (Saas)

Flexible Identity Federation

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

Introduction to the Mobile Access Gateway

Advanced Configuration Steps

When enterprise mobility strategies are discussed, security is usually one of the first topics

Salesforce1 Mobile Security Guide

Secure remote access to your applications and data. Secure Application Access

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

End User Devices Security Guidance: Apple OS X 10.10

What We Do: Simplify Enterprise Mobility

ADDING STRONGER AUTHENTICATION for VPN Access Control

Total Enterprise Mobility

Mobile device and application management. Speaker Name Date

nexus Hybrid Access Gateway

Securing Corporate on Personal Mobile Devices

DUBEX CUSTOMER MEETING

Deploying iphone and ipad Mobile Device Management

Succeeding in your BYOD initiative with the MicroStrategy Mobile App Platform

Okta/Dropbox Active Directory Integration Guide

Configuration Guide BES12. Version 12.2

NCSU SSO. Case Study

Adding Stronger Authentication to your Portal and Cloud Apps

Improve your mobile application security with IBM Worklight

Single Sign-on (SSO) technologies for the Domino Web Server

Centrify Mobile Authentication Services

Secure Your Analytical Insights on the Plane, in the Café and on the Train with SAS Mobile BI

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Preparing for GO!Enterprise MDM On-Demand Service

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

Introduction to the EIS Guide

Centrify Cloud Connector Deployment Guide

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

ManageEngine Desktop Central. Mobile Device Management User Guide

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

Symantec Mobile Management Suite

managing SSO with shared credentials

Mobile Security Mobile Device Management Mobile Application Management

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Securely Yours LLC We secure your information world. www. SecurelyYoursllc.com

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

iphone in Business Security Overview

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Transcription:

Mobile App Security Take Any Mobile App and Make It Secure Ray Bennett Microstrategy - Director, Mobile Service Line World, Las Vegas, 2015

Agenda - State of the Art Mobile App Security Introduction - Mobile Security Concerns - MicroStrategy s 7 Pillars of Mobile App Security MicroStrategy Security Model 1. Authentication 2. Device/Application 3. Data 4. Authorization 5. Operations 6. Platform Mobile Device Management (MDM) Summary

Introduction What are the threats and what is at stake?

Mobile Security Concerns and Risks Most Concerning - Lack of Control Network Domain: More Control External Domain: Less Control Malware Rootkits Botnets Phishing Ransom-ware Intrusions

Top Mobile Threats for 2015 According to McAfee Labs *From: McAfee Labs Threats Report. http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2014.pdf

How Big a Problem is Mobile Malware? Total mobile malware samples exceeded 5 million in Q3 2014, up by 16% in this quarter and 112% in the past year *From: McAfee Labs Threats Report. http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2014.pdf

The Expanding Mobile Device Ecosystem Increased exposure Devices do not work in a vacuum - Connect to one or more cloud-based services (enterprise Exchange server, Gmail, MobileMe, icloud, etc.), home or work PC, or all of above When properly deployed, both platforms allow users to simultaneously synchronize devices with private and enterprise cloud services without risking data exposure - However, there are several scenarios in which services may be abused by employees, resulting in exposure of enterprise data

Mobile Means More Exposure Victims of our own success Cloud Ever Expanding Attack Surface Internet of Things BYOD Bluetooth More >> Users Device Types Integration Points Moving Parts

What is Compromised and Needs Protecting? Names, Telephone Numbers - Contact Information Email Addresses Text Messages Notes Browser history Application Data (Financial Numbers, Forecasts) Trade Secrets..and on

Microstrategy Mobile Secure Solution Preview A Complete, Flexible, and Customizable Security Model Authentication - Multi-factor, via Touch ID, Passcode & Certificate Communication - Information Flow Mobile Server Intelligence Server Firewall Firewall Device Security - Native hardware security including passcode, auto-lock, failed attempt limits Application Security - Double encryption with app level passcode, online or offline Data Protection - AES 256-bit encryption of data in transit and at rest Authorization - Access managed dynamically based on profile and privileges Operations Engineered process and methodology that defines how mobile technology is to be securely used Platform Security - multi-tier architecture to ensure integrity of mobile computing / BI data

Mobile Security Custom Models are a balancing act A Mobile Security Model needs to be Customizable 1. Authentication 2. Device 3. Application 4. Data 5. Authorization 6. Operations 7. Platform Fully Open Unsecured Least Secure Fully Lock Down Most Secure

Tolerance to Risk vs. Corporate and User Needs A Mobile Security Model Needs to be Flexible Security Functionality User Experience

Authentication Credentials Request and Access Log-ins

Microstrategy Mobile - User Authentication Device Level and Application Authentication Device ios Profile Logon Network Logon (if using VPN or Tunnel) Microstrategy Project Meta-Data Logon 1. Standard 2. Windows 3. LDAP 4. Database Mobile Server Authentication Account/Logon that Mobile Server Web Pool Runs Under: 1. Anonymous 2. Basic 3. Windows (Service Account)

Microstrategy App Passcode, as of 9.4.1, Update 3 An added layer of authentication protection Device level application security Issues credential challenge on each entry Encrypts local caches

Microstrategy App Passcode First Entry into App Create and Confirm password Challenge Create Confirm

Microstrategy App Passcode Each Successive Entry Attempt

Touch ID New in 9.4.1, Update 5 Advanced Biometric Authentication Integration 5X stronger According to Apple, there is 1 in 50K chance of registering a false fingerprint match versus 1 in 10K chance of guessing a 4-digit passcode No guessing Trying out 50,000 different fingerprints is an incredible logistical challenge. Hack proof Apple doesn t store the fingerprint as an image; they store it as a mathematical representation that hackers can t reverse engineer. Convenient Split second access. Don t have to remember an additional passcode. Unique to you; impossible to forget. Supported on ios8 for iphone 5s, 6, 6+, ipad Air 2, ipad Mini 3

Touch ID Microstrategy Application Level *Unsupported platforms simply enter passcode

Touch ID Microstrategy Document Level

Introducing - Microstrategy 9s + The world s most sophisticated Analytics Platform. Now including the world s most simple, seamless and sophisticated identity platform.

What is Usher? The future of identification and authentication Usher is a self-service, cloud-based application that simplifies user authentication and delivers unprecedented system security. Protect Cyber Assets Replace Physical Badges Secure Facilities and Entryways Monitor and Manage Activities

Log into applications without entering password credentials Bluetooth, QR Code

Log into applications without entering password credentials Fingerprint

See it for yourself with the Secure Analytics 9s Demo Microstrategy default iphone App Download

Microstrategy 9s with Usher iphone Application Access Demo 26

Microstrategy 9s with Usher Time and Geo-Fence Restrictions User Does Not Satisfy Following Condition: Time Geolocation

Microstrategy 9s Builds on top of existing secure architecture and provides 3 factor authentication

Microstrategy 9s Usher platform architecture

Getting Started with Microstrategy 9s

Single SignOn (SSO) OOB Support Seamless SSO Support for Authentication Providers Tivoli Siteminder Oblix Okta Seamless SSO Support for Portal Server Applications Microsoft Sharepoint IBM Websphere Oracle WebLogic SAP Enterprise Portal Also 3 rd Party Identity Management Systems that support SAML (Security Assertion Markup Language) Federated Identity Management Systems (Ping-Fed) TBA

Single SignOn (SSO) Basic Mechanism Device side Application Supports: HTML Forms Consumption Allows Custom Log-on Screen Work-flow

Device/Application Mobile User Hardware and Software

MicroStrategy Mobile Application Security MicroStrategy Mobile Server MicroStrategy Intelligence Server Web User Authen'ca'on Support for SSO Link Encryp'on User Authen'ca'on Standard LDAP Database NT Expira'on can be set to enforce MicroStrategy user creden'als when opening the app User creden'als are stored encrypted on device. Applica'on data is encrypted on device. Caches can be cleared when exi'ng the applica'on. Isola'on protects App data from other Apps. Apps are signed to ensure the App is authen'c. Run'me checks enforce App Security. Password required aeer 'meout or suspended state (Confiden'al Project Mode) Single sign- on support. LDAP, Kerberos, NT Integra'on. Independent Third Party Security Tes'ng

Apple ios ios8 Secure Encryption Model

Google Android Security Model 1. Security at the Operating System level through the Linux kernel 2. Mandatory application sandbox 3. Secure inter-process communication 4. Application signing 5. Application-defined and user granted permissions

Security Models Android and ios devices - varying degrees Isolation - Limits app s ability to access sensitive data or systems on device Permissions-based access control - Grants set of permissions to each app and then limits each app to accessing device data/systems within the scope of permissions Traditional access control - Protects devices by using techniques such as passwords and idle time screen locking Limited Hardware Access - Apps can not directly access the underlying hardware Data Encryption - Conceals data at rest on device to address device loss or theft

Apple s ios vs. Google s Android A General Summation ios A locked-down platform - Strict Controls on Device and Store - Well designed and thus far, resistant to attack - Rigorous certification model which vets the identity of software authors and weeds out attackers Android Freedom with precaution - Major improvement over traditional computing programs - Less rigorous certification model which allows a more open development environment - Relies on users to make important security decisions

Data Protecting Sensitive Data at Rest and in Transit

Symmetric Cryptography/Encryption Protects data at rest or in transit (i.e., AES (128, 192, 256)) Hello! 6&%3!aO! Hello!

Asymmetric (Public Key) Cryptography/Encryption Exchange symmetric keys, digital signing, x.509 certificate authentication Hello! 6&%3!aO! Hello!

Asymmetric Encryption x.509 Certificates Certificate Authority Collects Applicant s Money Validates Applicant s Identity Issues Digital Certificate Issues Private Key X.509 Certificate Private Key Version Unique Serial Number Certificate Signature Algorithm CA Name Validity Period Subject Name Public Key Algorithm Subject Public Key CA Signature

Putting It All Together Transport Layer Security (TLS). Also SSL Creates Session Key Uses Session Key to Encrypt Hello! Hello Back!, Server sends Cert Client Cert, Key Exchange, Verify Trust Established Encrypted Communication Asymmetric Symmetric

Authorization Implementing boundaries and restrictions

Mobile Administrator Utility Security Tab

Mobile Server Configuration Admin Settings

Mobile Server Configuration Admin Settings

Mobile Server Configuration Admin Settings ipad Settings Part 1

Mobile Server Configuration Admin Settings ipad Settings Part 2

Mobile Server Configuration Admin Settings ipad Settings Part 3

Mobile Server Configuration Admin Settings

Mobile Server Configuration Admin Settings

Mobile Server Configuration Admin Settings

User Configuration Microstrategy Mobile App

Authorizing User Access to Secure Objects and Data

Authorizing User Access to Secure Objects and Data Information Not-Sharing East Northeast Southeast Central West West Total Exec

Authorizing User Access to Secure Objects and Data East Region Users East Northeast Southeast Total Exec

Authorizing User Access to Secure Objects and Data West Region Users West West Total Exec

Authorizing User Access to Secure Objects and Data CXO Executive User No Viewing Restrictions Northeast Southeast Central West Total Exec

Authorizing User Access to Secure Objects and Data Information Not-Sharing East West Exec

Authorizing User Access to Secure Objects and Data Information Not-Sharing East West Exec

Row Level Security Filters Tabular View

Authorizing User Access to Secure Objects and Data Users Iden'fied by a Unique Login and User Name Defined in the Metadata Repository Exists Across Mul'ple Projects User Groups Set of Users Can assign Privileges and ACLs Privileges Apply to All Projects Security Roles Set of Privileges Can be assigned to Users and/or Groups Apply to Specified Projects ACLs can be Assigned to User Groups

Granting Access Permissions in Microstrategy Privileges Relates to a user s ability to perform certain functions/tasks such as Mobile, Exporting Data, Drilling, etc. Object Permissions via ACL (Access Control List) Provides user, group, role access/restriction on project metadata objects Security Filters (Could use System User Prompt) Introduces column in database tables for user or group or role End user only sees that row if they have explicit access

Operations Process and Methods for the User Community

Operational Security Situational Awareness - Keep users informed of the importance and impact of their actions Establish Security Policy Passcode Required Passcode Complexity Procedures for Reporting Lost/Stolen Device Device Management Proactive Monitoring Response to lost/stolen device report Information Management Policies for handling of sensitive data Sensitivity Reduction Information Deception Ensure proper placement and operation of WiFi Equipment

Platform Providing Secure Connection Access to the Mobile Server

Virtual Private Network (VPN) Device Clients

Virtual Private Network (VPN) Secure Pin s Generates access credential based on coordinated algorithm processing Physical Tokens iphone Passcode Generator Provides an extra layer of protection Results in extra user authentication step.

Virtual Private Networks (VPNs)

HTTPS Encrypted Communication (TLS, SSL) Digitally Signed Cert

Recommended MicroStrategy Mobile Security Architecture X.509 Cer'ficate Request Firewall MicroStrategy Cer'ficate Server CRL Firewall Cer'ficate Revoca'on List LDAP Server MD HTTPS (AES) MicroStrategy Mobile Server MicroStrategy Intelligence Server DWH

Microstrategy Cloud Hosted Model

On Premise

Platform Network Security WEP (Wired Equivalent Privacy) - Most common protocol - Currently considered not secure WPA (WiFi Protected Access) or WPA2 - Used in commercial WiFi systems - Extremely difficult to compromise Disable identifier broadcasting Maintain wireless emissions within physical corporate boundaries

Mobile Device Management (MDM)

Mobile Device Management (MDM) AirWatch MobileIron Citrix

MDM Benefits of an MDM Integration Supports a variety of mobile devices (Phones, Tablets, Printers) Provides centralized control to manage, monitor, and support mobile users Supports BYOD models Asserts control over user experience Enforces specific levels of security policy across all mobile devices Protects proprietary organizational information Provides On-Demand VPN (or other) access Supports monitoring Supports ActiveSync (email platforms)

MDM Integration Internal App Store Distribution Xcode Distribution/Save/Archive MDM Managed Internal App Store

MDM API Integration Code Level App Wrapping Code Level App Wrapping Sandboxes and Containers

Code Level App Wrapping Secured by Good Dynamics By Microstrategy v9.4.1.4 Registered on Sep 11, 2014

MDM API Integration Current/Planned Offerings Exists for 9.4.1 (update 1, 2, 3, 4). Previously for 9.3.0 Currently available in Beta Planned. In contract negotiation and test Planned.

Summary Microstrategy Low Vulnerability Mobile Security Model

Microstrategy Low Vulnerability Mobile Security Model Communications Data in transit always encrypted (Symmetric and Asymmetric) Network administration Firewall Mobile Server Firewall Intelligence Server

Microstrategy Low Vulnerability Mobile Security Model Emissions Data in motion encrypted with WPA and WPA2 Disable Identifier Broadcasting Maintain wireless emissions within corporate boundary Firewall Mobile Server Firewall Intelligence Server

Microstrategy Low Vulnerability Mobile Security Model Firewall Device ios/android Protections Digital X-509 certificates ios Remote Wipe Device Lock Max number of failed attempts Mobile Server Firewall Intelligence Server

Microstrategy Low Vulnerability Mobile Security Model Mobile Server Firewall Firewall Application Encrypt user credentials and app data Clear credentials Clear caches Leverage ios sandboxing Digitally sign apps Runtime checks Single SignOn (LDAP, Kerberos, Tivoli, etc.) Intelligence Server

Microstrategy Low Vulnerability Mobile Security Model Firewall Data User and Group Authentication Privileges ACL s Security Roles Database Level Security Mobile Server Firewall Intelligence Server

Microstrategy Low Vulnerability Mobile Security Model Mobile Server Firewall Firewall Authentication App passcode (Complexity, Expiration) Touch ID Microstrategy 9s (Usher Mobile Identity) Digital Signing and Certificates (e.g., HTTPS) VPN Tunneling Auth Models (e.g., Windows NT, LDAP, Basic, etc.) Intelligence Server

Microstrategy Low Vulnerability Mobile Security Model Mobile Server Intelligence Server Firewall Firewall Operations MDM Device activation, user authentication, certificate enrollment Configuration profiles, Restrict device features Policy and restrictions enforcement Asset management, theft and loss prevention Situational Awareness

MSTR SDK (Extending OOTB Capabilities) Application Device Side Edit un-compiled Objective-C code via X-code Potential customizations: - Rebranding - Springboard icon - Opening logo animation - Custom help - Custom Visualizations Mobile Server Side Java Task Framework (e.g., Mobile Logon Task) XML Configuration Files

For More Information

For More Information Mobile Security Whitepaper Secure Mobile Computing and Business Intelligence on Apple and Android Mobile Devices http://www.microstrategy.com/strategy/media/downloads/products/whitepaper_mobile- Security.pdf MicroStrategy Product Manuals Administration Guide Mobile Administration and Design Guide New Microstrategy Community - Mobile Discussion Forums and Knowledge Base http://community.microstrategy.com Microstrategy Apple App Store Download(s) https://itunes.apple.com/us/app/microstrategy-mobile-for-ipad/id382821025?mt=8

Thankyou! Questions? Ray Bennett, rbennett@microstrategy.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information