The 7 Things I Know About Cyber Security After 25 Years | April 2024
Security White Paper
1. Mobile Device Security
A TechStone Soft White Paper
915 Highland Pointe Dr., Suite 250
Roseville, CA 95678
Phone: (916) 724-5301
Fax : (916) 724-5303
http://www.mobiwee.com/
By: Amira Samaha, Marketing Director
2. Contents Introduction
A brief case for an end-to-end mobile device
Introduction 3 security solution.
Trends in Mobile Security 3
The MobiWee Solution 5 Trends in Mobile Security & Key Players
Implementation 6 in Mobile Security
Company Information 8 An overview of common use-cases for mobile
device security and their current solutions.
The MobiWee Solution
A brief overview of the common pain points
associated with mobile information
management.
Implementation
The MobiWee suite of security services in
detail.
Company Information
More about TechStone Soft.
2|Page
3. Mobile Device Security
T here are many ways to approach
mobile security, and in this white
paper, we will endeavor to
explore each aspect, its current technology
and key players, and ultimately form an end-
necessary time to locate and retrieve the device.
Unfortunately, this straightforward solution has no
direct line consequence to the respective IT
department in the event of data loss. Even with
corporate policies enforcing after-loss encryption,
to-end solution that encapsulates these the lack of IT department motivation is often
factors. transferred to the IT-uneducated employee who
remains ignorant of the encryption remedy. Rather
Location services ensure the phone is simply than implementing costly employee seminars or
misplaced rather than lost or stolen, relying on an unmotivated IT department, the ideal
potentially saving the user time, resources, resolution would include a simple yet effective
and in some cases unnecessary worry for remote encryption method that the employee would
their employer. administer in lieu of an IT department.
In the case of sensitive information on the If a device is determined to be lost or stolen with no
device, there are two vulnerabilities to hope of recovery, it becomes a veritable treasure
consider: authentication and the sensitive trove of sensitive data that could put clients,
data itself. employees, corporations, and countless others at
risk. Social security numbers, payroll data, and other
While crucial for ensuring security, security risks are instantly made vulnerable to
authentication straddles the line between identity theft and fraud in addition to the resulting
tedious and practical. When choosing an hostile publicity that would be associated with any
authentication method, the importance of corporation that allowed such a folly. Unfortunately,
simplicity cannot be stressed enough. The this is a commonplace incident, and the first to hear
process must require minimal user input yet of such an event are often the clients, who become
provide DNA match accuracy in return. disillusioned at best. The best recourse under the
circumstances would be to simply wipe the device,
In the event of an authenticity breach, the alleviating concerns all around. Even when such a
data itself is often secured by means of solution exists free of charge, it is often difficult to
encryption. In this case, the user s carry out, relying on a carrier, manufacturer, or
information is rendered unreadable to advanced user knowledge. Ideally, the owner of the
anyone without the pin code that serves as a mobile device would have the means to remotely
key to decrypt the device. While this is wipe their mobile device with minimal effort or
likely the most thorough form of data product knowledge (such as the device IMEI, etc).
security, this process renders the data
unsearchable to third party tools and devices For prosumers and employers alike, access to [often
that do not use security native to the OS. live] company data is integral to any mobile security
While this may not be drawback for those policy. Most corporate and educational institutions
who do not intend to use the data on a daily employ a digital signature that binds together a
basis, doctors, lawyers and professionals public key with an identity- this is called a
alike whom habitually access sensitive data certificate. The setup associated with a certificate
find this limiting and often choose to leave often requires a dedicated IT staff or advanced
their device unencrypted for the sake of knowledge of the mobile device, limiting the scope
practicality. Ideally, the option to encrypt of such a solution. While laptops are ubiquitous and
would be most favorable after a loss or theft, relatively invariable, other mobile devices such as
so as to give the proper authorities the smartphones often require a unique skill-set (each
3|Page
4. Mobile Device Security
phone has a slightly different UI) and IT their device logged in, eliminating a significant
support is often requested to carry out portion of its functionality.
proper configuration. The capability to
easily import and export certificates directly To eliminate any user interference, offer maximum
to the employee s phone would eliminate security and realistically address business continuity,
costly IT assistance and assure proper a digital badge in lieu of more complex solutions
configuration. would be ideal. A digital badge is easy to provision,
install, and can be linked back to corporate
Additional security measures that would infrastructures such as active directory/LDAP
drastically boost security such as (which also ensures that access is no longer granted
Smartcards, One Time Password devices to former employees).
and the like are generally under-utilized due
to budgetary constraints and the simple lack These remedies, while useful in their own right,
of legal requirement (unlike the military and offer a disjointed and independently lacking
other government institutions). Typically, solution. As the proverb goes, a chain is as strong
these multifactor authentication methods as its weakest link, and a collection of disjointed
require additional physical devices, remedies do not always create a comprehensive,
software, drivers, and an IT department end-to-end solution.
trained to troubleshoot the security system
and its interaction with other programs and To create a comprehensive, end to end solution, two
tools. Even with these provisions, issues must be addressed: the components and their
employees often undermine security individual merit, and how well they interact with one
measures for the sake of expediency by another. For example; an authentication system
permanently gluing they smartcard into their might not allow for remote certificates to be
computer or pasting the key code to their installed. When these issues arise, many solutions
OTP device on the device itself. lack the technical support or knowledge to address
such compatibility issues. For this reason, it is
Ideally, any multifactor authentication important to consider how the programs or solutions
standard would forego a costly physical interact with one another before implementing a
device yet deliver the same security. Some security system. The much simpler, more cost
2-factor authentication methods have been effective solution is simply to look for a
created for just this purpose, requiring a preconfigured security suite that offers all of the
username and password (first factor) and above security components. That s where MobiWee
calling the user and asking the user to dial a comes in: unlike other solutions, MobiWee
number or unique pass code. This addresses all of the above issues to provide a
authenticates the user and the device, complete, preconfigured, end-to-end solution that is
operating on the assumption that whoever at once cost effective and easy to use.
has found or stolen the device does not
know the username and password.
Unfortunately, many find the user name and
password to be a nuisance and simply leave
4|Page
5. Mobile Device Security
The MobiWee suite of cloud services (www.mobiwee.com) is the user-centric solution to the most
common pain points associated with mobile information management:
· Traditional syncing tethers users to their computer
o MobiWee provides OTA/cloud collaboration from any PC, Mac, or mobile device.
· Mobilizing data is risky
o MobiWee secures sensitive data with remote lock/wipe, remote data encryption (using the
native OS security), remote certificate export/installation, and remote device location
services- even when the mobile device is lost, stolen, or the SIM card has been replaced.
· Business continuity
o MobiWee is non-intrusive and easy to use; business continuity is not put at risk with complex
security that is impossible to implement when away from the office.
· Ex: When a VP/Manager is away on a business trip and the Smartcard/OTP device is
wiped, troubleshooting is impossible without an IT department.
· MobiWee remote certificates can be implemented worldwide, through the IT
department or self-service.
· High Cost for Services and Support
o MobiWee reduces costs by utilizing a scalable cloud computing model (host servers do not
require regular maintenance or a dedicated IT staff).
· Usability & User Experience
o MobiWee offers compelling services that require little to no technical expertise to
personalize, collaborate, and secure mobile devices.
Users have the freedom to remotely access, backup, sync, and secure their phone over the 3GSM or Wi-Fi
network- no matter what phone, operating system, or computer the user is running (currently running on
Windows 6.0 & higher with Android, Symbian, iPhone, Palm Pre, and Blackberry on the way).
MobiWee allows users to remotely locate their lost or stolen phone, forward it to any number, retrieve
any data, media, or contact list, then lock, wipe, encrypt, or delete certificates (for prosumers) - even if the
SIM card has been replaced.
MobiWee also reduces the hassle of phone upgrades by facilitating Exchange, POP3/IMAP email
configuration. With one click on the email icon, MobiWee sends your email settings to your device over
the 3G or Wi-Fi network.
5|Page
6. Mobile Device Security
Location Service:
Whether on the bus, at the airport, or simply left at work, with the mobile
device location service, you re never left guessing. If your mobile device is
out of range, the MobiWee location service will keep trying until it finds it.
Multifactor Authentication:
MobiWee can provide automated, customized multiform authentication
using a variety of credentials that require little to no user contribution.
Remote Encryption/Decryption:
Ensure your sensitive information is protected against data breaches.
MobiWee Encryption/Decryption services ensure that your data is
safeguarded, on and off your corporate network. Encrypt your Smartphone
from the MobiWee website before or after you lose it.
6|Page
7. Mobile Device Security
Remote Lock/Wipe:
Defend yourself against identity theft with the remote lock/wipe service,
no matter where you left your phone. Just log in to MobiWee.com and
click to lock or reset your device and external memory to factory settings-
from any computer.
Remote Certificate/Digital Badge:
Take the work out of security while securing your work by exporting and
installing certificates remotely from any PC. With MobiWee, your
identity is verified every time, from any mobile device, PC, or Mac.
7|Page
8. Mobile Device Security
About the Company:
TechStone Soft was established with a vision to serve the global business and technology
needs. We provide a sophisticated suite of solutions for achieving superior business results and
enable our clients to rapidly lead technology markets, and enhance customer services and
experience.
Our applications portfolio includes automation solutions which has the ability to extend
the enterprise capabilities beyond boundaries through state-of-art technology collaboration.
TechStone also has a workflow collaboration framework that can enable customers to have full
control of their personal devices and data stored and accessed within these devices.
TechStone Soft
915 Highland Pointe Dr., Suite 250
Roseville, CA 95678
Phone: (916) 724-5301
Fax : (916) 724-5303
e-Mail: admin@techstonesolutions.com
8|Page