Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  2. 2. Agenda  Introduction  Benefits  Cons  BYOD and Regulations  Hostile Environment - Threats  Security Enhancement  Legal Matters  Final Thoughts  Questions
  3. 3. Introduction  Bring your own devices (BYOD), it’s a new trend of permitting that employees can bring personally owned mobile devices (smartphones, tablets and laptops) to the workplace and use those devices to access, store or create company information.  The rapid rise of mobile devices and the introduction of them to the workplace bring new security and operational issues to companies.
  4. 4. Benefits  More productive employees  24/7 access to the company’s email and information stored in the company’s servers.  Higher morale among employees because they can use the technology that they want and not what the company provide.  Low or no cost to the company  Hardware is bought and maintained by the employee  Sometimes, carrier calls and internet cost also are paid by the employees  Advantage of new technology
  5. 5. Cons  Less security  Administrative cost  Software acquisition to manage mobile devices  Develop policies and procedures  Management issues  Infrastructure costs  Service (Carriers) cost  Not full control of the device
  6. 6. BYOD and Regulations  HIPAA  Protect private data  Encrypt emails and data  On the device  On the transmission  Remote management of devices  Controls to access data and applications  Monitoring  Malware and threats protection  Compliance reporting  PCI/DSS  Explicit approval of authorization to use the device  Authentication (two factor authentication)  Comprehensive list of devices (make and model) and OS (iOS, Android, Windows, RIM)  List of personnel with access to this devices  Labeling of devices with owner information  Device encryption  Transmission security (SSL/TLS, IPsec) Mobile Devices and personal/confidential data are heavily regulated in some industries. Not recommended or have a lot of aspirins at hand. A violation of any regulation carried a fine. (up to 1.5 Millions per violation on HIPAA) (Other Regulations: GLBA, HITECH, SOX)
  7. 7. Hostile Environment-Threats  Lost or stolen devices  The very best advantage of mobile devices is It’s worst enemy. Mobile devices are small, compact and …. Yes, MOBILE. Lost or stolen devices are the pinnacle of BYOD threats.  Attack surface  Rogue apps can extract contact information and data from mobile devices.  Even if you only allow authorized app, a scan of a QR code can download an app.
  8. 8. Hostile Environment-Threats  Attack vector  Attackers can connect mobile devices to open wireless access points and start scanning your network.  Backtrack (and now KALI) have ARM versions that can be installed and be used in mobile devices.  Rogue Apps  Apps should be sandboxed. Only allow authorized applications on devices with company’s data stored.  Rogue apps are entryways of malware infections.
  9. 9. Hostile Environment-Threats  Jailbrake/ Rooted Devices People tend to crave for power and control. One thing they do first with mobile devices is jailbrake or root it. This open a new window of threats. Access of rogue applications (and users!) to the root account could be dangerous to the company’s data.
  10. 10. Security Enhancement  Management  A plethora of mobile devices exist with different models, OS’s, that a possible chaos could erupt at any moment.  List of all devices allowed access to the company and prepare a periodical reports.  Look for unauthorized devices on you network  Mobile Device Management  Mobile expense control (downloads, roaming and international costs)  Remotely locate, lock and wipe lost devices  Security control checks  Anti-virus  Lock mechanism  Apps  Jailbreak/root  Automatically wipe company data
  11. 11. Security Enhancement  OS Update  Look for solutions that include different os.  Notification to users  SMS before wiping, exceeding data or service plan limit  Personal data segregation  Photos, email, calendar, call logs, voicemail, texts  Protect entryways to Corporation  Firewall rules checked and double checked!  Secure wireless access points  Single recurrent error  VPN  Quarantine unauthorized devices
  12. 12.  Enrollment  Bulk enrollment or single enrollment  Authentication with Active Directory  Policy  Reason for authorization  Devises allowed on company infrastructure  Data services or personal plan (Stipend)  Security  Applications Authorized Security Enhancement
  13. 13.  Cont. Policy  Services Provided  What data the employee can access with the device  Help desk services to personal device  Agreement between employee and company  Personal data  Education of employees of the risk associated with BYOD  Training of encryption application and communication  Not every “C” level employees knows about encryptions and safe communications Security Enhancement
  14. 14. Legal Matters  First thing first- I'm NOT a Lawyer  Legal issues may arise  If the employee Is a suspect in an internal investigation, can I take possession of the mobile device for analysis?  The employee may be accountable for any access from the mobile device if he/she lost it?  Privacy?
  15. 15. Final Thoughts  BYOD is here to stay  Prepare an analysis of the pros and cons of the implementation of BYOD in your company  Regulate the use of BYOD Policies anyone? Training programs for employees
  16. 16. Questions? Ángel L. Trinidad 787-461-8111