Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
The 7 insecure
habits of highly
effective
smartphones and
tablets
2 November 2011, Infosecurity.nl seminar
Pieter Ceelen
M...
1© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the...
2© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the...
3© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the...
The 7 habits
5© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the...
6© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the...
7© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the...
8© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the...
9© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the...
10© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
11© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
12© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
13© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
14© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
15© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
16© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
17© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
18© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
19© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
20© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
21© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
22© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
23© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
24© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
25© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
26© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
27© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
Solutions
29© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
30© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
31© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
32© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
33© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
34© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
35© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
36© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
Wrap up
38© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of th...
Thank you
Presentation by :
Marc Smeets MSc. CISSP CISA
smeets.marc@kpmg.nl
+31 6 513 66680
Pieter Ceelen MSc.
ceelen.piet...
© 2011 KPMG Advisory N.V., a Dutch limited liability
company, is a subsidiary of KPMG Europe LLP and a
member firm of the ...
Upcoming SlideShare
Loading in …5
×

The 7 Insecure Habits Of Highly Effective Smartphones P.Ceelen & M.Smeets Infosecuritycongress Nov2011

900 views

Published on

Sheets as presented at the 2011 Infosecurity conference about the insecurities of mobile devices.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

The 7 Insecure Habits Of Highly Effective Smartphones P.Ceelen & M.Smeets Infosecuritycongress Nov2011

  1. 1. The 7 insecure habits of highly effective smartphones and tablets 2 November 2011, Infosecurity.nl seminar Pieter Ceelen Marc Smeets
  2. 2. 1© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Agenda Intro ■  Who are we? ■  What’s the buzz? The 7 insecure habits Solutions Wrap up
  3. 3. 2© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Who are we? Pieter Ceelen ■  Loves hacking, cooking and reading books ■  Android user Marc Smeets: ■  Loves fast cars and champagne (not together) ■  Loves IT security ■  Apple user Ethical hackers @ KPMG IT Advisory ■  Team of over 15 IT security testers ■  Combining strong technical skills with IT auditing skills ■  Translating impact of deep technical issues to management, from bit to board
  4. 4. 3© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. What’s the buzz? History ■  Blackberry served the corporate world ■  As of 2007 major growth market share of smartphones (iPhone, Android) Recent years ■  Explosion of smartphone penetration ■  Emergence of tablets ■  Corporate and private phones get mixed: “Bring your own device” Recent years ■  Intuitive/Usable interface ■  Internet/cloud integration ■  Affordable pricing ■  Explosion Share of worldwide 2011 Q2 smartphone sales to end users by operating system, according to Gartner. Image from Wikipedia, user Eraserhead1
  5. 5. The 7 habits
  6. 6. 5© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 1: I don’t know where my data is
  7. 7. 6© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 1: I don’t know where my data is INTERNET CORPORATE EXCHANGE SERVICES DEVICES WIFI / UMTS / GPRS Mobile Device Management
  8. 8. 7© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 1: I don’t know where my data is INTERNET CORPORATE EXCHANGE SERVICES Mobile Device Management INTERNETSERVICES DEVICES WIFI / UMTS / GPRS WIFI / USB USB WEB CLOUD SERVICES Bluetooth LOCALSERVICES CORPORATE / PRIVATE NETWORK PERIPHERALS
  9. 9. 8© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 1: I don’t know where my data is Habit 2: ActiveSync doesn’t make all secure
  10. 10. 9© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 2: ActiveSync doesn’t make all secure ActiveSync: ■  “Exchange ActiveSync is a Microsoft Exchange synchronization protocol that's optimized to work together with high-latency and low-bandwidth networks. The protocol, based on HTTP and XML [..] enables mobile phone users to access their e-mail, calendar, contacts, and tasks“ ■  De-facto standard, widely supported by devices. ActiveSync can perform security checks: ■  Require password ■  Length of password ■  Require encryption on device ■  Etc.
  11. 11. 10© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 2: ActiveSync doesn’t make all secure - cont. Two major security issues with ActiveSync ■  1. ActiveSync checks are device local security checks ■  2. It relies on XML over HTTP(S) 1. security checks are device local security checks ■  ActiveSync server asks : “Do you have a screen lock?” ■  Device answers: “Yeah, sure! Now give me the latest emails.”
  12. 12. 11© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 2: ActiveSync doesn’t make all secure - cont. Two major security issues with ActiveSync ■  1. Security checks are device local security checks ■  2. Relies on XML over HTTP(S) 2. Relies on XML over HTTP(S) ■  Man-in-the-middle attacks –  HTTP is clear text –  HTTPS allows for rogue certificates ■  Intercepted data contains: –  sync data (e.g. Email data) –  Authentication data!
  13. 13. 12© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 1: I don’t know where my data is Habit 2: ActiveSync doesn’t make all secure Habit 3: Disk encryption doesn’t keep my data secure
  14. 14. 13© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 3: Disk encryption doesn’t keep my data secure Disk encryption is iOS only, Android has no official disk encryption yet. iOS Disk encryption: ■  Technically it is hard disk encryption ■  But, it decrypts itself without user input ■  Main reason: fast wiping via crypto-shredding Better solution is encryption based on: Something you know (passcode) + something you have (crypto chip) -> Data Protection Critical flaws in iOS allow for retrieval of all data on an iOS device if stolen.
  15. 15. 14© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 3: Disk encryption doesn’t keep my data secure
  16. 16. 15© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 1: I don’t know where my data is Habit 2: ActiveSync doesn’t make all secure Habit 3: Disk encryption doesn’t keep my data secure Habit 4: Theft is an issue, despite remote wipe
  17. 17. 16© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 4: Theft is an issue, despite remote wipe Remote wipe procedure: ■  1. End user or administrator commands the device to perform a wipe ■  2. Smartphone receives a message and performs the wipe Implementation differences between systems ■  iOS : Push notifications from Apple’s servers ■  Android : Web or SMS messages for Android (custom apps) ■  ActiveSync : Next sync attempt device receive a wipe command What if the device never receives the wipe message?
  18. 18. 17© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 4: Theft is an issue, despite remote wipe
  19. 19. 18© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 1: I don’t know where my data is Habit 2: ActiveSync doesn’t make all secure Habit 3: Disk encryption doesn’t keep my data secure Habit 4: Theft is an issue, despite remote wipe Habit 5: Jailbreaking isn’t only for hackers
  20. 20. 19© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 5: Jailbreaking isn’t only for hackers Jailbreaking (iOS) = removing the ‘jail’ Apple has put in ■  Install Apps Apple did not approve Rooting and custom roms (Android) ■  Rooting = gaining root level access to device ■  Custom rom = custom OS (faster, newer, better) Jailbreaking and rooting can be done via running applications and via boot loader It is not that hard!
  21. 21. 20© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 5: Jailbreaking isn’t only for hackers
  22. 22. 21© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 1: I don’t know where my data is Habit 2: ActiveSync doesn’t make all secure Habit 3: Disk encryption doesn’t keep my data secure Habit 4: Theft is an issue, despite remote wipe Habit 5: Jailbreaking isn’t only for hackers Habit 6: Quality assured AppStore doesn’t prevent malware and viruses
  23. 23. 22© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 6: Qa’ed AppStore doesn’t prevent malware and viruses Google checks: ■  Are you a developer? Was the 25 dollar developer fee paid? ■  Are users complaining once released? ■  Afterwards: remove known rogue apps remote from device with ‘kill switch’ Apple has ‘strict’ checks in AppStore ■  Some security checks on code ■  Adhere to Apple’s guideline ■  Brand / trademark protection Android allows to install apps from non-Google App stores with a few clicks
  24. 24. 23© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 6: Qa’ed AppStore doesn’t prevent malware and viruses
  25. 25. 24© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 1: I don’t know where my data is Habit 2: ActiveSync doesn’t make all secure Habit 3: Disk encryption doesn’t keep my data secure Habit 4: Theft is an issue, despite remote wipe Habit 5: Jailbreaking isn’t only for hackers Habit 6: Quality assured AppStore doesn’t prevent malware and viruses Habit 7. Google and Apple don’t fix security issues in time
  26. 26. 25© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habit 7. Google and Apple don’t fix security issues in time Android ■  Security updates rely on Google, device vendor, telco and user ■  Major releases lagging by over 6 months ■  Average device less than a year of security updates ■  Some currently sold devices already 2 major releases behind ■  Distribution “over the air” or via USB cable ■  No clear statements from vendors on support Apple ■  Security updates rely on Apple and user ■  Less diversity, more enforcement by Apple ■  Critical security issues not fixed in release updates
  27. 27. 26© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. There are even more habits
  28. 28. 27© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Habits we didn’t even mention ■  Life cycle and diversity ■  App permissions ■  Legal ■  iTunes and mp3s on corporate computer ■  Privacy and geotracking ■  Publishing apps by your organisation ■  Unauthorized apps that use your branding/website ■  Technical vulnerabilities ■  Asset management processes ■  User awareness and security incident reporting without a phone
  29. 29. Solutions
  30. 30. 29© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Solution 1: Fine grained security checks
  31. 31. 30© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Fine grained security checks Functionality ■  Additional security checks on device, for example: –  Jailbreak detection –  Application/malware checks ■  Data processed using regular device software Operating system Pro ■  Native apps Con ■  Various risks not fully mitigated, e.g. remote wiping, malware, encryption risks
  32. 32. 31© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Solution 1: Fine grained security checks Solution 2: Virtualization
  33. 33. 32© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Virtualization Functionality ■  Two operating systems: –  playground –  hardened environment under full control of a central Management environment Operating system Pro ■  Native apps Con ■  Various risks not fully mitigated, e.g. remote wiping, malware, encryption risks ■  Hypervisor specific attacks
  34. 34. 33© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Solution 1: Fine grained security checks Solution 2: Virtualization Solution 3: Secure container
  35. 35. 34© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Secure container Functionality ■  All data encrypted on device ■  Application includes functionality for rendering Word/ Excel files, intranet ■  Encryption between app and corporate network Operating system Pro ■  Data always encrypted, prevents various security issues Con ■  Attacks on secure container, e.g. implementation flaws ■  Attacks outside container, e.g. key loggers and screen scrapers
  36. 36. 35© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Solution 1: Fine grained security checks Solution 2: Virtualization Solution 3: Secure container Solution 4: Remote desktop
  37. 37. 36© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Remote desktop Functionality ■  Render view/desktop from remote system ■  No data stored on device itself Operating system Pro ■  No data on device Con ■  Usability, e.g. App interface ■  Availability, e.g. working in a airplane ■  Attacks outside container, e.g. key loggers and screen scrapers
  38. 38. Wrap up
  39. 39. 38© 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Wrap up Enrolling mobile devices results in new risks ■  Broader then expected, e.g. legal, technology, cloud integration, backups ■  Security controls work differently on mobile devices Technical Solutions ■  Different security architectures to reduce risks of mobile devices ■  No technical solution fixes it all, mitigate risks by people, processes and technology How to continue ■  Perform risk assessment before implementation ■  Consult with relevant experts ■  Implement security controls for people, process and technology ■  Test effectiveness of security controls ■  Stay up-to-date with recent developments
  40. 40. Thank you Presentation by : Marc Smeets MSc. CISSP CISA smeets.marc@kpmg.nl +31 6 513 66680 Pieter Ceelen MSc. ceelen.pieter@kpmg.nl +31 6 515 72696
  41. 41. © 2011 KPMG Advisory N.V., a Dutch limited liability company, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks or trademarks of KPMG International.

×