Solving BYOD Security: Real-World Use Cases
-
Upload
sierraware -
Category
Technology
-
view
488 -
download
2
Transcript of Solving BYOD Security: Real-World Use Cases
Solving BYOD Security:Real-World Use Cases
BYOD Security with Virtual Mobile Infrastructure
VMI is a service that streams mobile apps
hosted in a data center or the cloud
VMI is like Virtual Desktop
Infrastructure (VDI) for Android
VMI offers secure access to
mobile apps from any
device or location
Remote Access
Healthcare
Virtual Mobile InfrastructureUse Cases
Banking
Manufacturing
FieldEmployees
Service Providers
Healthcare Use Cases
Hospitals
Pharmacies
Healthcare Insurance
Challenge
SierraVMI securely streams healthcare providers medical apps
Data is never downloaded to mobile devices
All apps support multi-factor authentication, strong encryption & single sign-on
Use Case: Healthcare Provider
SierraVMI Solution
Simplified IT by integrating authentication, auditing, and access controls
– Replaced multiple vendors with a single, integrated mobile security solution
Protected EHR, messaging, email, notes and camera apps that could not be wrapped with MAM
Benefits
Had to address HIPAA and EPCS (Electronic Prescriptions) compliance
Doctors wanted to access medical data from their phones
Several apps were “non-compliant”
– Medical data was stored on phones
– Lacked dual-factor authentication for e-prescriptions
Healthcare Compliance
HIPAA: Health Insurance Portability and Accountability Act
EPCS: Electronic Prescriptions for Controlled Substances
164.312 (B): Audit controls. Implement hardware, software, and/or
procedural mechanisms that record and examine activity.
164.312 (D): Authentication: verify that a person or entity seeking access to
electronic protected health information is the one claimed.
“Single-factor authentication is insufficient to ensure that a practitioner will
not be able to repudiate a prescription he signed”
eRx applications must maintain an internal audit trail that records
prescriptions
TransmissionSecurity
Person or Entity
AuthenticationAudit ControlAccess Control Integrity
5 Pillars of Healthcare SecurityTechnical safeguards defined by the U.S. Department of Health & Human Services
Monitors all activity, including text messaging & email apps
Integrated dual-factor auth including client certs and one-time passwords
Strong encryption to prevent Wi-Fi and Man-in-the-Middle attacks
Centralized, granular access control for all healthcare mobile apps
Secure, centralized storage to prevent accidental deletion or alteration of PHI
SierraVMI Addresses 5 Pillars of Healthcare Security
SierraVMI Protects Medical Apps
Securely store patient photos in the data center, not on phones
Enforce dual-factor authentication for all apps
Use screen recording or logging to audit text messages
Maintain an audit trail of all e-prescriptions
Ensure ePHI notes are never stored on phones
Watermark sensitive healthcare records to prevent disclosure
Rx
Messaging
Banking and Finance Use Case
Challenge
For FFIEC compliance, a bank had to:
– Monitor network and host activity to identify violations and anomalies
– Enforce out-of-band authentication
The bank worried about :
– Keyloggers and malware on phones
– Wi-Fi and Man-in-the-Middle attacks
SierraVMI prevents data from being downloaded to phones
One-time passwords provide out-of-band authentication
IT can log and screen record remote access and privileged activity
IT can scan Android and apps for vulnerabilities with server-grade tools
Use Case: Bank
SierraVMI Solution
Reduced the risk of costly data breaches due to device theft or insider abuse
Improved business agility because new apps could be released faster, without cumbersome MAM integration
Satisfied FFIEC requirements with a single, centrally managed solution
Benefits
Employees at Chicago branch
AuthenticationServer
4096-bit ECDHE Encryption
Malware Scanner
Firewall
User DataProtected with
Encryption
SierraVMIServer
Internet
Multi-factor Authentication
+
SierraVMI Deployment for Bank
Traders in NY
High-net-worth bankers in SF
Logs, screen recording
Virtual Mobile Workspaces
Privileged user monitoring for banks
Detailed logging for compliance
– FFIEC Remote Access requirements
Screen recording for forensics
Legal notification warns users that activity will be recorded
Banking Regulations
FFIEC: Federal Financial Institutions Examination Council
MAS: Monetary Authority of Singapore Threat Risk Management
Where…single-factor authentication is inadequate, financial institutions
should implement multifactor authentication, layered security, or other
controls.
Appendix E2: As part of the two-factor authentication infrastructure, the FI
should implement adequate controls and security measures to minimise
exposure to MitM attacks.
GLBA: Gramm-Leach-Bliley Act
Section 501(b) 3) Financial Institutions…should protect against unauthorized
access to or use of customer records or information
Manufacturing Use Case
Challenge
Manufacturer had developed training, messaging and productivity apps
– Required client certs to prevent unauthorized access to all apps
– Needed to publish assembly instruction and training videos with contractors and suppliers
An employee had recently leaked product plans to a competitor
SierraVMI secures the manufacturer’s mobile apps by:
– Requiring client certs for all apps
– Providing secure access to contractors and suppliers
– Applying anti-screen capture and watermarking on sensitive files
– Securely distributing training videos
Use Case: Manufacturing
SierraVMI Solution
Reduced the risk of a data breach by applying stringent security to all apps
– Improved visibility into mobile access with security alerts and detailed logging
Increased productivity by sharing assembly instructions with employees & partners
Benefits
Extend Access to All Users
Office Workers Partners
Assembly Floor
2. Securely share plans, logistics & forecasts
with partners
1. Stream videos using multimedia redirection
with watermarking & anti-screen capture
3. Authenticate all
users with client certificates
Field Employee Use Case Insurance
Real Estate
Power and Utility
Challenge
Companies with field workers need to:
– Prevent data loss from lost devices
– Print invoices, take pictures of accidents, tag activity with GPS
– Prevent data tampering of photos and other records
Utility meter readers, claims adjusters
No data stored on device; lost devices can be disabled instantly
Apps can use all device features, including camera, GPS, Bluetooth printers
Sensitive content like photos cannot be saved or modified by users
Rules based on location, time-of-day
Use Case: Field Employees
SierraVMI Solution
Minimize upgrade cycles of hardware by streaming new apps to older devices
Lower capital costs by allowing employees and partners to bring their own devices
Reduce costly fraud by preventing users from modifying sensitive content
Benefits
Life Cycle Management
Field sales constantly need to replace old, broken and lost devices
SierraVMI accelerates deployment of new devices
– IT doesn’t need to worry about device or OS compatibility
SierraVMI lowers hardware costs
– Minimizes hardware inventory
– Supports low-cost platforms, when needed
– Enables employees to buy their own devices
Stop Network & Man-in-the-Middle Attacks
Protect against malicious Wi-Fi and micro cell towers with:
– End-to-end 4096-bit SSL encryption
– Multi-factor authentication
Low TCO:
– Eliminate the need for multiple solutions like MDM, MAM and VPN and costly mobile app changes
SierraVMI Protects Field Apps
Audio streamed to secure VMI client
Videos streamed to integrated VMI media player
Camera photos stored in data center, not phone
Microphone recordings stored in data center
Secure printing to local printer
Secure GPS
Remote Access Use Case
Challenge
Delivers a secure mobile workspace for business apps
– Policies can stop users from copying sensitive data or saving contact lists
– Watermarking and anti-screen capture prevent data loss
Supports all Android apps without costly integration
Use Case: Remote Access
SierraVMI Solution
Prevents costly data breaches caused by lost mobile devices or by users intentionally or accidentally distributing confidential data
Improves business agility because companies can publish new corporate apps more quickly to all devices without MAM integration or iOS/Windows porting
Satisfies various compliance requirements with multi-factor auth and encryption
Benefits
Provide secure remote access to email, Intranet sites, and corporate apps
Unfortunately:
– MDM doesn’t isolate business from personal data or prevent insider abuse
– MAM requires costs app integration and doesn’t most third-party apps
Remote Users
Collaboration Server
4096-bit ECDHE Encryption
Virus or MalwareScanner
Firewall
User Data Protected with Encryption
SierraVMIServer
Virtual Mobile Workspaces
Internet
Multi-factor Authentication
+
Secure and Simplify Remote Access
Office Suite
Video Conference
Office Suite
Video Conference
Office Suite
Video
Conference
Office Suite
Video
Conference
SharePoint Server
Exchange Server
Service Provider Use Case
Challenge
Carriers need to bundle security solutions with their business offerings
– Business customers expect end-to-end solutions for their mobile fleets
Existing EMM products are inadequate
– MDM deemed intrusive for BYOD users
– MAM only supports a handful of apps
Streams apps from a data center, preventing data loss caused by lost or stolen phones
– Provides multi-factor auth, anti-screen capture, user monitoring, watermarking
Can secure 1M+ apps, unlike MAM
Is easy-to-manage and scalable
Use Case: Service Providers
SierraVMI Solution
Provides a new revenue stream for mobile carriers based on an innovative & differentiated security service that can be white-labeled under the carrier’s brand
Offers fast integration with carriers’ management infrastructure using RESTful APIs
Eliminates MAM/app wrapping headaches and lowers support costs compared to traditional mobile security options
Benefits
Wireless Carrier
Firewall
Mobile Carrier Deployment
Carrier Billing System
SierraVMI
Easy deployment with integrated high availability
Integration with enterprises’ and service providers’ existing
authentication, directory services, and management systems
– Granular user, group and domain-level policies
Business Partner
Remote User
Internal User
Partner App
CRM App
VPN
Authentication Servers and Corporate Data
Enterprise
XML APIs
Why Enterprises Like SierraVMI
One product for all mobile security and compliance requirements
– Data protection: Data is never downloaded to devices
– Data leak prevention: Anti-screen capture, watermarking
– Compliance auditing: Logging and screen recording
– Authentication: One-time passwords, client certs, tokens
Cost-effective
Fast deployment time
Doesn’t require changes to apps
Why Service Providers Like SierraVMI
Scalability
– High-user density lowers hardware costs
– Multi-tenancy
Easy integration with billing & management systems
– RESTful XML-based APIs
Integrated high-availability architecture
White labeling options
– Sell differentiated services under the carrier brand
Compliance: Ensure privacy and prevent data loss
Security: Strong authentication, 4096-bit encryption
Scalability: High user density, high performance
Reasons Why You Should Deploy SierraVMI
www.sierraware.com
See a live demo
Click now to view SierraVMI