According to Gartner, 75 percent of mobile applications will fail basic security tests through 2015. The explosive growth of BYOA raises the question of, “Are you at risk?" Take a look at our latest webinar with Sean Frazier, senior sales engineer, to learn how to transform any mobile app into a self-defending app to best protect your enterprise from mobile threats.
Download the full recording here: http://offers.bluebox.com/resource-webinar-transform-risky-mobile-apps.html
7. Application Level Risks
75%
Don’t use
proper
encryption
when storing
data on a
mobile device
97%
Having access
to private data
without
appropriate
security
measures
75%
Mobile Security
breaches by
2017 will be the
result of
exploiting
poorly
developed
mobile apps
8. Device Level Risks
Change of
device posture
by other apps
on device
Uncontrolled
OS versions
Undue focus
on
jailbreaking
and rooting
alone – what
about non-
root system
exploits?
9. Device Level Risks
52
Vulnerabilitie
s patched in
iOS in 2014;
40% of those
were critical
code exploits
24%
Android devices
run the latest
KitKat 4.4
version
Change of
device posture
by other apps
on device
10. User Level Risks
User Level
Failure to
report lost or
stolen devices
Mobile
devices
connect to
more public
hotspots and
unknown
servers than
laptops
Basic device-
level
protection like
password and
encryption
turned off
11. User Level Risks
User Level
34%
Take no
security
measures at all
26
Number of
apps the
average mobile
user has
downloaded
113
Number of
smart phones
lost every
MINUTE in the
U.S.
12. Securing Mobile Apps
Option 1: MDM
12
Enroll users to MDM
Distribute MDM profile
Enforce device-level passcode
and encryption
Distribute apps via
Enterprise App Catalog
Needs to be enabled for
the entire device
Requires profiles to be
installed on device – including
BYOD. Users rejecting due to
privacy concerns
Hard to scale for external
vendors and customers
Drawbacks:
13. Securing Mobile Apps
Option 2: Containerization
13
Implemented via SDK or App
Wrapping
App developer involvement
Covers Email, PIM and Browsers
as well
Substantial developer
involvement required
Unstable first gen
technologies
Non-native experience
results in low user adoption
Drawbacks:
14. Free developer time
from security
Focus on building
business logic
Developers
Business
Owner
Accelerate Time To
Market
Meet ever-
increasing user
demand for apps
Competitive
Advantage
Stay current with
mobile threats
Ensure compliance
Security
Mobile App Security Needs
14
15. What you really need
15
Easy, secure access to any app for any user on any device
Containerization of any app – on demand, instantly
Apps that assume they are at risk, ALWAYS, and defend
accordingly
Minimal management of updates across the mobile app lifecycle
16. Self-Defending Behavior
Bluebox Self-Defending Apps
Enterprise Controls
• Protect commercial or
custom apps in seconds
• Detect and defend against
mobile threats
• Respond quickly to keep
corporate data secure
Data Wrapping
Triple Layer Defense
16
17. 1. Data Wrapping: The Unique Bluebox Approach
User
Data
App
Device
Network
OTHERS
▪ Data Security on Devices,
Apps and Network
▪ Support for ANY 3rd party or
internal apps
▪ Native app experience
▪ Clear separation of
personal and corporate
data
Bluebox Triple Layer Defense
1. Data Wrapping
17
18. Bluebox Triple Layer Defense
2. Enterprise Controls
▪ Per App VPN
▪ App eventing and logging
▪ Data sharing controls
▪ Data visibility and control
18
19. Bluebox Triple Layer Defense
3. Dynamic App Integrity for Self-Defending Behavior
19
Beyond Jailbreak and Root Detection
• Device Integrity
• Detection of sandbox security tampering
▪ App tampering detection
▪ Detection of tools used to reverse engineer apps
▪ Detection of hostile device environment, debuggers, hooks
▪ Checksum violations for tampering of Bluebox wrapper
▪ App tampering deterrents
▪ Honeypots, or traps, to mislead and deceive attackers
21. Summary
21
Assume that your apps are perpetually at risk at all layers – Device, App and
User
Get beyond jailbreak and rooted detection!
Make your apps self-defending
Focus on the user – allow easy access to your apps on any device
Fortify your Apps – don’t just manage them
22. Bluebox User Enrollment
Proprietary and Confidential 22
▪ Easy 3-step process via
Bluebox App
▪ SAML 2.0, OAuth 2
(using Google as
provider) and ActiveSync
supported for user auth
▪ Elegantly off-board users
via SAML and SCIM
Editor's Notes
This problem is why every CIO and CISO that we spoke to about mobile security challenges said it’s not about securing the device anymore its about securing the data. They want the ability to gain visibility of where/what type of data goes on/off these devices and control and secure it. And these controls can’t be at the expense of today’s empowered employee who wants freedom to choose the apps they prefer while keeping a native device experience and ensuring privacy. Solving both the enterprise and employee requirements are critical. Otherwise employees will just go around the system putting your data at risk.
As one of our customers put it – I’m looking for the security of a container but the native experience of an MDM.
Unlike others who started at the device – we started from the other side and focused on the user and data which is the most important