BYOD Adaption in Banking

Similar documents
How To Protect Your Mobile Devices From Security Threats

Network and Security Controls

BYOD: End-to-End Security

What We Do: Simplify Enterprise Mobility

W H I T E P A P E R E m b r a c i n g C o n s u m e r i z a t i o n w i t h C o n f i d e n c e

Endpoint protection for physical and virtual desktops

Building a BYOD Strategy For Education

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

ADDING STRONGER AUTHENTICATION for VPN Access Control

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Section 12 MUST BE COMPLETED BY: 4/22

BYOD: BRING YOUR OWN DEVICE.

Cortado Corporate Server

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Bell Mobile Device Management (MDM)

Security Overview Enterprise-Class Secure Mobile File Sharing

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Mobile Access Software Blade

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

Ibrahim Yusuf Presales Engineer at Sophos Smartphones and BYOD: what are the risks and how do you manage them?

Mobile device and application management. Speaker Name Date

Good for Enterprise Good Dynamics

Hands on, field experiences with BYOD. BYOD Seminar

Lync SHIELD Product Suite

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

BRING YOUR OWN DEVICE

Mobile Device Strategy

Mobile Device Management for CFAES

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

STRONGER AUTHENTICATION for CA SiteMinder

BYOD AND ME. How cell phone hacking effects your business.! Richard Rigby CEO Wraith Intelligence

Ensuring the security of your mobile business intelligence

EasyConnect. Any application - Any device - Anywhere. Faster, Simpler & Safer Networks

BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective

Samsung Mobile Security

Secure Your Mobile Device Access with Cisco BYOD Solutions

Mobile Device Security Is there an app for that?

Symantec Mobile Management 7.1

Securing end-user mobile devices in the enterprise

Network Security Administrator

Control Issues and Mobile Devices

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

10 Quick Tips to Mobile Security

Smart Givaudan. From BYOD experience to new mobile opportunities

Mobile Devices in Healthcare: Managing Risk. June 2012

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Symantec Mobile Management Suite

Guideline on Safe BYOD Management

Tk20 Network Infrastructure

Athena Mobile Device Management from Symantec

Feature List for Kaspersky Security for Mobile

2012 NCSA / Symantec. National Small Business Study

Securing Corporate on Personal Mobile Devices

Symantec Mobile Management 7.2

Tom Schauer TrustCC cell

PostFiles. The file sharing and synchronization solution dedicated to professionals.

Symantec Mobile Management 7.1

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

State of South Carolina Policy Guidance and Training

ADMINISTRATOR GUIDE FOR USA MOBILITY AMC SELECT

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Administration Guide

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

Guidance End User Devices Security Guidance: Apple OS X 10.9

Deep Dive BYOD, COPE & MDM

A guide to enterprise mobile device management.

Technical White Paper BlackBerry Enterprise Server

Strong Authentication for Secure VPN Access

Do you want to mobilize your entire work process efficiently? Do you want to protect your most valuable asset data?

Mobile Madness or BYOD Security?

RFI Template for Enterprise MDM Solutions

Bring Your Own Device (BYOD) and 1:1 Initiatives: What Questions Do You Need to Answer Before Jumping In?

ForeScout MDM Enterprise

[BRING YOUR OWN DEVICE POLICY]

EndUser Protection. Peter Skondro. Sophos

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Enterprise Mobility as a Service

Secure Your Mobile Workplace

Transcription:

BYOD Adaption in Banking A report submitted to the Institute for Development and Reasearch in Banking Technology, Hyderabad In partial fulfillment of the summer internship of Bachelor of Technology In Computer Science & Engineering By Konda Rashmitha Indian Institute of Technology, Indore

CERTIFICATE This is to certify that the project work, entitled BYOD Adaption in Banking, submitted for partial fulfillment of the requirement for the award of summer internship of Bachelor of Technology in Computer Science & Engineering to the Indian Institute of Technology-Indore is a bonafide work carried out by Konda Rashmitha (1100119) under my guidance. The matter embodied in the project report has not been submitted for the award of other degree or diploma. Project Guided by Dr. Rajarshi Pal Assistant Professor @ Institute of Development and Research in Banking Technology (IDRBT), Hyderabad.

DECLARATION I, Konda Rashmitha, hereby declare that this dissertation entitled BYOD Adaption in Banking, submitted by me under the guidance and supervision of Dr. Rajarshi pal, Assistant Professor, IDRBT, is a bonafide work. I also declare that it has not been submitted previously in part or in full to this institute or other university or institute for the award of any degree or diploma. Date: 11 July, 2014 Place: IDRBT, Hyderabad. Signature of the student Name: Konda Rashmitha Roll No. - 1100119 Contact: 08985337531

ACKNOWLEDGEMENT I would like to take this opportunity to thank wholeheartedly the gracious souls without whom this project would have been unfulfilled dream. I express my sincere gratitude to Dr. Rajarshi Pal, Assistant Professor, IDRBT, India, for his stimulating guidance, continuous encouragement and supervision throughout the course of present work. I am extremely thankful to Shri B. Sambamurthy, Director and IDRBT for providing me infrastructural facilities to work in, without which this work would not have been possible. I would like to thank my Friends for their constant source of encouragement, motivation and their help in my project invaluable. Finally I thank my parents for their love and encouragement. Sincerely, Konda Rashmitha (1100119)

Content 1 Introduction 01 1.1 Advantages 02 1.2 Disadvantages 03 2 BYOD Adoptions 04-05 3 Challenges 06 4 Framework of BYOD 07 4.1 Proposed architecture 07 4.2 Explanation 08

INTRODUCTION BYOD (bring your own device), is a rapidly growing issue among the IT experts across the world. Many employees like to access their work materials at anytime and anywhere, and are increasingly using their personal devices to do so. Employees at companies of all sizes are bringing a variety of wireless devices, from smartphones to tablets, with different operating systems, makes, models and features. The employees bring their personal devices to work, access business emails on their phones, download and transfer business data between their workplace system and one or more devices. 1 P a g e

1.1 ADVANTAGES: Cost saving: A business that adopts a BYOD policy allows itself to save money on high priced devices that it would normally be required to purchase for their employees (Reduce hardware spend, software licensing & device maintenance). Productivity gain: Employees are more comfortable and often work faster with their own technology. Workers will always have their device with them, whether it is at work from home. Increased Flexibility: Allowing employees to bring their own devices to the workplace can drastically increases employee flexibility and employee productivity. The organizations still utilizes desktop computers, a BYOD policy would allow for employees to work remotely with little effort. Employees enjoy increased mobility. IT benefits from a simplified infrastructure, and a reduction in ongoing end-user devices management, troubleshooting and support. BYOD can help to attract and retain top performers who seek to work flexibly, and often put in time outside traditional work hours. 2 P a g e

1.2 DISADVANTAGES: Data security: This could be the biggest issue for organizations while implementing a BYOD system. Letting employees use their own devices for work purposes can lead to pertinent company data being compromised. The problem IT decision makers are encountering is trying to find the best method to allow users to access all data necessary while keeping that data safe and secure. The device is used to access both sensitive and risky network s services. Unique security challenges to IT professionals and there is very much need for stronger access control and authentication policies. Cost, the some of the organizations still purchase the devices for the employees. Exposure to data breaches, privacy violations and other security risks if the device and its applications have inadequate security. 3 P a g e

2 BYOD ADOPTIONS: Password policy: The company may have a lot of users/employees using devices on company network that will also be taken nearly everywhere. The companies do not want weak passwords, such that they can be easily 'hacked' and give access to the company data to the wrong people. For this, the companies need to instate a strong password policy across the board. Also, make sure they require regular password changes. The end users will balk at this but, in the end it will be worth the security gained. Multi-level authentication: 1)User name and password.2)digital certificate: Exchange of trusted certificate between the devices and enterprise services to authenticate the device by using the Digital signature algorithm(dsa). User device registration: Each and every device has to undergo some authentication process before accessing the enterprise server and files. This is done to ensure the user and device to avoid the potential threat. Limited supported platforms: It will be a tedious task for the mobile device management to provide an architecture which is flexible i.e. accessibility with any device or O.S. A set of guidelines/ predefined devices should be provided to restrict each and every device from accessing the enterprise server which makes the mobile management complicated. Educate your employees: Employees need to understand the risks involved with BYOD. They need to know how important it is to keep anti-virus and anti-malware up to date. They also need to know how best to keep data secure on their devices and that they should never use those devices on unsecured networks. 4 P a g e

Expand your infrastructure: The company end users are going to be taking up more bandwidth. This means more powerful wireless is going to be necessary. Instead of dealing with a bottleneck on the network, make sure company using equipment that can handle the load. Do not rely on consumer grade wireless routers. Company will also need to make sure network have a large enough incoming pipe to allow for the extra traffic coming in from end users working from various locations. Wipe data locally, remotely and selectively: Initiate automatically local wipe of data after 10 failed attempts(all data and settings on the device will be erased).remote wipe is as soon as any users reports missing or lost device administrator should initiate remote wipe of the device. Selective wipe data on the device which can be certain sensitive documents, logs, configurations file according to organizations need stored in specific area. 5 P a g e

3. CHALLENGES: Some of the challenging aspects while implementing BYOD are discussed below Anytime, Anywhere access: Many employees like to access their work materials at anytime and anywhere, and are increasingly using their personal devices to do so. Employees at companies of all sizes are bringing a variety of wireless devices, from smartphones to tablets, with different operating systems, makes, models and features. Data collection &security: IT professions are taking efficient measures to protect data and confidentiality, it is advisable to use a password or PIN lock on mobile devices.. Web site filtering, spam filtering, data leak protection and application control technologies will become even more important as information is transferred to and from each user s individual device. Network availability, Access & Second network: Wi-Fi technology will need to be tightly integrated into security infrastructure. No One-fits-all paradigm: The data availability should differ from person to person as each person/employee will have different data access limitations. 6 P a g e

4 Framework of BYOD 4.1 Proposed architecture: I D S Devices Internet Admin server repository Firewall vpn Firewall Certificate server Bank server plugin for scanning File management server 7 P a g e

4.2 Explanation: The devices are connected to the company network via internet. A firewall established a barrier between a trusted, secure internal network and another network. Enterprise networks and redirects emails and synchronizes contacts and calendaring information between servers, desktop workstations and mobile devices. VPN (virtual private network) provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. When a guest tries to access the data on enterprise server, he/she would undergo an authentication process which can be through certificates, tokens, smart cards or even SMS along with form based username/password mechanism which would ultimately be following a multifactor authentication approach. Admin server/mobile Device Management: The server administer can wipe out the device data when cost. The entire device list is monitored and managed by the mobile management administrator. The MDM is considered to be the key part of BYOD. The device information and authentication will be stored in a repository (Database) for the future reference. Digital certificates will be issued and monitored by certificate server, when the users want to access the data from the enterprise server. After complication of device registration process, an automatic plugin is initiated which is designed to scan the device to make sure it is thread free. File management server continuously stores backup, manages the session to synchronize file transfer and manages various documents. 8 P a g e

Conclusion: Through this paper we are proposing architecture for BYOD in banking. Various factors are considered which includes data security, multi-level authentication, file access management and mobile device management while proposing this architecture. Data security is provided through encryption based on network address. Multi-level authentication is provided through Digital certificates and OTP s. However there is a very high risk of data exposure even though secured communication is available. In future there is a very much need to develop a secured communication channel with which the data security can also be provided. 9 P a g e

References: [1] S. K. Crook and I. Song, Mobile virtualization technology assessment, Int. Data Corp. (IDC), Framingham, MA, USA. [2] Balance Technology, in BlackBerry - BlackBerry Balance Technology Separates Personal from Business Information, RIM. [3] Z. Epstein, RIM announces blackberry balance for work-life balance on a single smartphone, in BGR: The Three Biggest Letters in Tech. BGR, May 2, 2011. [4] R. Halevy, BRIM finally details features of BlackBerry balance,[ in Berry Review, May 3, 2011. [5] J. Dolcourt, Divide for Android Takes on BlackBerry, Sprint ID, CNET, Feb. 28, 2011. [6] J. Madden, BYOD Smack down 2012: Enterproid Divide Creates a Secure Work Persona on Personal Devices, Feb. 16, 2012, Consumerist. N.p. [7] J. Hazard, Enterproid Divides Work and Personal on Android Devices, Fires at Blackberry, in ZDNet. Between the Lines,Feb. 28, 2011 [8] M. Creeger. (2011, Aug.). ACM CTO roundtable on mobile devices in the enterprise. ACM QUE Mag. [9] Red Bend Software, Waltham, MA, USA, Mobile Virtualization 2011. 10 P a g e

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information