Security White Paper


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security White Paper

  1. 1. Mobile Device Security A TechStone Soft White Paper 915 Highland Pointe Dr., Suite 250 Roseville, CA 95678 Phone: (916) 724-5301 Fax : (916) 724-5303 By: Amira Samaha, Marketing Director
  2. 2. Contents Introduction A brief case for an end-to-end mobile device Introduction 3 security solution. Trends in Mobile Security 3 The MobiWee Solution 5 Trends in Mobile Security & Key Players Implementation 6 in Mobile Security Company Information 8 An overview of common use-cases for mobile device security and their current solutions. The MobiWee Solution A brief overview of the common pain points associated with mobile information management. Implementation The MobiWee suite of security services in detail. Company Information More about TechStone Soft. 2|Page
  3. 3. Mobile Device Security T here are many ways to approach mobile security, and in this white paper, we will endeavor to explore each aspect, its current technology and key players, and ultimately form an end- necessary time to locate and retrieve the device. Unfortunately, this straightforward solution has no direct line consequence to the respective IT department in the event of data loss. Even with corporate policies enforcing after-loss encryption, to-end solution that encapsulates these the lack of IT department motivation is often factors. transferred to the IT-uneducated employee who remains ignorant of the encryption remedy. Rather Location services ensure the phone is simply than implementing costly employee seminars or misplaced rather than lost or stolen, relying on an unmotivated IT department, the ideal potentially saving the user time, resources, resolution would include a simple yet effective and in some cases unnecessary worry for remote encryption method that the employee would their employer. administer in lieu of an IT department. In the case of sensitive information on the If a device is determined to be lost or stolen with no device, there are two vulnerabilities to hope of recovery, it becomes a veritable treasure consider: authentication and the sensitive trove of sensitive data that could put clients, data itself. employees, corporations, and countless others at risk. Social security numbers, payroll data, and other While crucial for ensuring security, security risks are instantly made vulnerable to authentication straddles the line between identity theft and fraud in addition to the resulting tedious and practical. When choosing an hostile publicity that would be associated with any authentication method, the importance of corporation that allowed such a folly. Unfortunately, simplicity cannot be stressed enough. The this is a commonplace incident, and the first to hear process must require minimal user input yet of such an event are often the clients, who become provide DNA match accuracy in return. disillusioned at best. The best recourse under the circumstances would be to simply wipe the device, In the event of an authenticity breach, the alleviating concerns all around. Even when such a data itself is often secured by means of solution exists free of charge, it is often difficult to encryption. In this case, the user s carry out, relying on a carrier, manufacturer, or information is rendered unreadable to advanced user knowledge. Ideally, the owner of the anyone without the pin code that serves as a mobile device would have the means to remotely key to decrypt the device. While this is wipe their mobile device with minimal effort or likely the most thorough form of data product knowledge (such as the device IMEI, etc). security, this process renders the data unsearchable to third party tools and devices For prosumers and employers alike, access to [often that do not use security native to the OS. live] company data is integral to any mobile security While this may not be drawback for those policy. Most corporate and educational institutions who do not intend to use the data on a daily employ a digital signature that binds together a basis, doctors, lawyers and professionals public key with an identity- this is called a alike whom habitually access sensitive data certificate. The setup associated with a certificate find this limiting and often choose to leave often requires a dedicated IT staff or advanced their device unencrypted for the sake of knowledge of the mobile device, limiting the scope practicality. Ideally, the option to encrypt of such a solution. While laptops are ubiquitous and would be most favorable after a loss or theft, relatively invariable, other mobile devices such as so as to give the proper authorities the smartphones often require a unique skill-set (each 3|Page
  4. 4. Mobile Device Security phone has a slightly different UI) and IT their device logged in, eliminating a significant support is often requested to carry out portion of its functionality. proper configuration. The capability to easily import and export certificates directly To eliminate any user interference, offer maximum to the employee s phone would eliminate security and realistically address business continuity, costly IT assistance and assure proper a digital badge in lieu of more complex solutions configuration. would be ideal. A digital badge is easy to provision, install, and can be linked back to corporate Additional security measures that would infrastructures such as active directory/LDAP drastically boost security such as (which also ensures that access is no longer granted Smartcards, One Time Password devices to former employees). and the like are generally under-utilized due to budgetary constraints and the simple lack These remedies, while useful in their own right, of legal requirement (unlike the military and offer a disjointed and independently lacking other government institutions). Typically, solution. As the proverb goes, a chain is as strong these multifactor authentication methods as its weakest link, and a collection of disjointed require additional physical devices, remedies do not always create a comprehensive, software, drivers, and an IT department end-to-end solution. trained to troubleshoot the security system and its interaction with other programs and To create a comprehensive, end to end solution, two tools. Even with these provisions, issues must be addressed: the components and their employees often undermine security individual merit, and how well they interact with one measures for the sake of expediency by another. For example; an authentication system permanently gluing they smartcard into their might not allow for remote certificates to be computer or pasting the key code to their installed. When these issues arise, many solutions OTP device on the device itself. lack the technical support or knowledge to address such compatibility issues. For this reason, it is Ideally, any multifactor authentication important to consider how the programs or solutions standard would forego a costly physical interact with one another before implementing a device yet deliver the same security. Some security system. The much simpler, more cost 2-factor authentication methods have been effective solution is simply to look for a created for just this purpose, requiring a preconfigured security suite that offers all of the username and password (first factor) and above security components. That s where MobiWee calling the user and asking the user to dial a comes in: unlike other solutions, MobiWee number or unique pass code. This addresses all of the above issues to provide a authenticates the user and the device, complete, preconfigured, end-to-end solution that is operating on the assumption that whoever at once cost effective and easy to use. has found or stolen the device does not know the username and password. Unfortunately, many find the user name and password to be a nuisance and simply leave 4|Page
  5. 5. Mobile Device Security The MobiWee suite of cloud services ( is the user-centric solution to the most common pain points associated with mobile information management: · Traditional syncing tethers users to their computer o MobiWee provides OTA/cloud collaboration from any PC, Mac, or mobile device. · Mobilizing data is risky o MobiWee secures sensitive data with remote lock/wipe, remote data encryption (using the native OS security), remote certificate export/installation, and remote device location services- even when the mobile device is lost, stolen, or the SIM card has been replaced. · Business continuity o MobiWee is non-intrusive and easy to use; business continuity is not put at risk with complex security that is impossible to implement when away from the office. · Ex: When a VP/Manager is away on a business trip and the Smartcard/OTP device is wiped, troubleshooting is impossible without an IT department. · MobiWee remote certificates can be implemented worldwide, through the IT department or self-service. · High Cost for Services and Support o MobiWee reduces costs by utilizing a scalable cloud computing model (host servers do not require regular maintenance or a dedicated IT staff). · Usability & User Experience o MobiWee offers compelling services that require little to no technical expertise to personalize, collaborate, and secure mobile devices. Users have the freedom to remotely access, backup, sync, and secure their phone over the 3GSM or Wi-Fi network- no matter what phone, operating system, or computer the user is running (currently running on Windows 6.0 & higher with Android, Symbian, iPhone, Palm Pre, and Blackberry on the way). MobiWee allows users to remotely locate their lost or stolen phone, forward it to any number, retrieve any data, media, or contact list, then lock, wipe, encrypt, or delete certificates (for prosumers) - even if the SIM card has been replaced. MobiWee also reduces the hassle of phone upgrades by facilitating Exchange, POP3/IMAP email configuration. With one click on the email icon, MobiWee sends your email settings to your device over the 3G or Wi-Fi network. 5|Page
  6. 6. Mobile Device Security Location Service: Whether on the bus, at the airport, or simply left at work, with the mobile device location service, you re never left guessing. If your mobile device is out of range, the MobiWee location service will keep trying until it finds it. Multifactor Authentication: MobiWee can provide automated, customized multiform authentication using a variety of credentials that require little to no user contribution. Remote Encryption/Decryption: Ensure your sensitive information is protected against data breaches. MobiWee Encryption/Decryption services ensure that your data is safeguarded, on and off your corporate network. Encrypt your Smartphone from the MobiWee website before or after you lose it. 6|Page
  7. 7. Mobile Device Security Remote Lock/Wipe: Defend yourself against identity theft with the remote lock/wipe service, no matter where you left your phone. Just log in to and click to lock or reset your device and external memory to factory settings- from any computer. Remote Certificate/Digital Badge: Take the work out of security while securing your work by exporting and installing certificates remotely from any PC. With MobiWee, your identity is verified every time, from any mobile device, PC, or Mac. 7|Page
  8. 8. Mobile Device Security About the Company: TechStone Soft was established with a vision to serve the global business and technology needs. We provide a sophisticated suite of solutions for achieving superior business results and enable our clients to rapidly lead technology markets, and enhance customer services and experience. Our applications portfolio includes automation solutions which has the ability to extend the enterprise capabilities beyond boundaries through state-of-art technology collaboration. TechStone also has a workflow collaboration framework that can enable customers to have full control of their personal devices and data stored and accessed within these devices. TechStone Soft 915 Highland Pointe Dr., Suite 250 Roseville, CA 95678 Phone: (916) 724-5301 Fax : (916) 724-5303 e-Mail: 8|Page