Webinar on Enterprise Security & android

Editor's Notes

• #4: Definition of mobilityDefinition of enterprise mobility
• #5: There is a realization that mobility goes beyond email. Isolated success in deployment of mobile solutions have reinforces this belief.The main application areas:Using mobility to extend the reach and availability of corporate data. Allowing for better informed decision makingEnabling corporate communicationsEmailInstant MessagingSocial Media Tools3. Using the mobile device as an application and service delivery platformContent: access and presentation of corporate content on a device, providing the right information at the right time and placeTransactions and Workflows: Enabling a mobile worker to work away from officeAnalytics and Reporting: Dashboards with intelligent reporting and analytic capabilities provide powerful business aides on the move.4. A derivative of mobile deployment: COST -> From device procurement, software overheads, recurring telecom expenditure. Telecom expense management: Cost control and management5. Customer outreach: using the reach of mobile devices to reach, communicate with, track behavior, provide service, generate brand recall, and loyalty, using the power social media on mobile devices
• #6: Device Level Security –Applies to device management security. Controls who can access to specific device settings. Controls the level of access to device settings.Even if sufficient security is implemented in wireless virtual private networks (VPNs), if a device is lost or stolen, the entire corporate intranet could be threatened if those devices aren't protected by password and other user-level security measuresNetwork level securityTwo basic security problems in wirelessConnecting to the network does not need physical access to the network-Just stand outside a building, you can get connected to AP that is inside the building2. The broadcast nature of radio communications-WiFi network normally operate at 150mW, upto 300M radius-Have you ever tried wireshark (or tcpdump)‏3. Other related security vulnerabilities -Anyone can generate transmissions, -which will be received by other devices in range-which will interfere with other nearby transmissions and may prevent their correct reception (jamming)‏-Injecting bogus messages into the network is easy-Replaying previously recorded messages is easy4. Illegitimate access to the network and its services is easy-Denial of service is easily achieved by jammingNetwork level security challenges1. Transmission Securityat physical, medium access and data link layers over wireless media.2. Communication Securitymessage confidentiality, integrity, and end-point authentication3.Authorization and Access Control4. Network Infrastructure Protection5. Robustness6. Efficiency
• #7: Mobility InfrastructureSecurity is a key focus area. Ensuring existing policies is implemented for MobilityIntegrationExtend existing integration tools and rulesIntegration with the existing backend systemCan we “Build everything as an infrastructure component and keep devices light”? Definite need for Mobile Middleware PlatformComposite Applications Landscape, Composite Devices to be supportedMobile Device Management is an urgent Priority! Start managing your devices from Day 1!Common Services and Mobile Applications Layer can arrive in stagesMobile Applications DistributionEnterprise distribution through OTA to specific devices based on device ID or user IDhttp://www.cellcrypt.com/deployment
• #8: 1. User Authentication: Due to the size limits of mobile devices, mobile applications tend to neglect password policies of enterprise. Thedesktop application may be following 8-10 character password policy but mobile application may be allowing 4 characters PIN. One shouldcarefully evaluate the effect of such diversions from norms and come up with a pragmatic approach keeping mobile device size andsecurity in perspective.2. Data Security on Device: Mobile applications tend to store data on local device for performance reasons. This can pose seriousrisks. One can think about encrypting the data for local storage but then encryption-decryption is a resource intensive function especiallyif you rely on asymmetric algorithms. One should take a balanced approach, for example one can use symmetric algorithms forencrypting data and use asymmetric key for encrypting symmetric key.3. Data in Transit : Data in transit (when data moves from one system to another system) is another critical aspect of datasecurity. In the case of mobile applications, there are so many intermediaries in-between. Ensuring the data confidentiality and dataintegrity in transit can pose serious challenges.4. Device Management and Application Provisioning: As one can imagine, people move to different departments within the samecompany. With the move, it is critical that their access to enterprise applications via mobile applications is provisioned and de-provisionedin a controlled manner. Managing the right level of mapping between mobile devices and mobile applications poses unauthorized accessrisk.5. Security Analysis and Monitoring: Monitoring security incidents such as password changes, failed logons, unauthorized accessrequests, non-repudiations is critical as they can help you identify risks in your mobile application environment. A carefully structuredapproach towards mobile applications security monitoring can help you to thwart these risks.
• #10: 4. Healthcare apps should follow FDA guidelines.
• #11: These are 3 security pillars of Android Security Architecture.
• #12: A particular permission may be enforced at a number of places during your program's operation: At the time of a call into the system, to prevent an application from executing certain functions. When starting an activity, to prevent applications from launching activities of other applications. Both sending and receiving broadcasts, to control who can receive your broadcast or who can send a broadcast to you. When accessing and operating on a content provider. Binding to or starting a service.
• #13: Recently Google has removed some of the malware applications remotely from users devices without any user intervention.Vodafone now has its own content channel in the Android Market app store to help its customers find its services and apps.Vodafone's move is also an acknowledgement of how important the Android Market can be as a distribution channel for an operator's own apps and services.
• #14: Application Isolation – Note editor cannot read emailDistinct UIDs and GIDs for each install
• #16: Remote wipe: Exchange administrators can remotely reset the device to factory defaults to secure data in case device is lost or stolen.Improved security with the addition of numeric pin or alpha-numeric password options to unlock device. Exchange administrators can enforce password policy across devicesExchange Calendars are now supported in the Calendar application.Auto-discovery: you just need to know your user-name and password to easily set up and sync an Exchange account (available for Exchange 2007 and higher).Global Address Lists look-up is now available in the Email application, enabling users to auto-complete recipient names from the directory.
• #17: In Android 3.0, developers of device administration applications can support new types of policies, including policies for encrypted storage, password expiration, password history, and password complex characters required.Android 3.1Users can now configure an HTTP proxy for each connected Wi-Fi access point. This lets administrators work with users to set a proxy hostname, port, and any bypass sub-domains. This proxy configuration is automatically used by the Browser when the Wi-Fi access point is connected, and may optionally be used by other apps. The proxy and IP configuration is now backed up and restored across system updates and resets.To meet the needs of tablet users, the platform now allows a "encrypted storage card" device policy to be accepted on devices with emulated storage cards and encrypted primary storage.