1. Security Trends in a Mobile Environment: Access in an Anytime, Anywhere World Ken Huang & James Hewitt HDI Executive Forum | June 22, 2011
2. About CGI Full Service IT company Managed service, BPO IP based Business Solutions SI&C Cloud and Mobile Computing: Cloud IT services Cloud security services Approximately 31,000 professionals worldwide Total Revenue: $4.5 Billion. 2
3. Who Are We? Ken Huang Director of Security Engineering Cloud/Mobile Security ST&E IDAM E-Signature, etc. Frequent Speaker Blog: http://cloud-identity.blogspot.com/ Linkedin: www.linkedin.com/in/kenhuang8 Twitter: http://twitter.com/#!/kenhuangus James Hewitt Director of Security Governance CISO ST&E Database Security Frequent Speaker Linkedin: http://www.linkedin.com/pub/jim-hewitt/0/6ab/552 3
4. Topics Mobile Technology and Trends Mobile Application and Trends Mobile Security and Trends Data Loss Prevention for Mobile Devices and Trends Discussion Topics 4
9. NFC Based on RFID Technology at 13.56 MHz Operating distance typically up to 10 cm Compatible with today’s field-proven contactless RFID technology Data exchange rate today up to 424 kilobits/s Uses less power than Bluetooth Does not need pairing 9
10. Mobile Application Trends Payment Using your phone to pay will become a reality Federal Government Adoption Mobile apps will become more widely used Cloud and Mobile Computing During an appearance in Silicon Valley, Aneesh Chopra, the nation’s first-ever CTO, acknowledged the inevitable emergence of cloud and mobile as solutions for the federal government, but sees them as supplementing, rather than replacing, legacy systems Transportation Department gets $100 million for mobile apps 10
11. Mobile Application Trends (cont.) Federal Government Adoption (cont.) FBI – most wanted listing app on iPhone IRS – check refund status The White House mobile app – news, videos, podcasts, blogs, etc. Productivity tool Mobile apps will become more mature over time Banking Check balances, transfer funds, etc. 11
12. Mobile Application Trends (cont.) Entertainment Videos, gaming, etc. Social networking Facebook Twitter Foursquare Linkedin Any new apps? Activists Collective bargaining and strikes Other Price comparison for various products 12
13. Wi-Fi Security Trends Use a strong password Don’t broadcast your SSID Use good wireless encryption (WPA, not WEP) Use another layer of encryption when possible (e.g. VPN, SSL) Restrict access by MAC address Shut down the network and wireless network when not in use Monitor your network for intruders Use a firewall 13
14. 4G Security Trends Backward compatibility to 3G or GSM capabilities exposes 4G to 3G and GSM security vulnerabilities 4G also has a roaming vulnerability associated with mutual authentication: a fake network can easily claim to be a “roaming partner” 14
15. Bluetooth Security Trends Bluejacking Sending either a picture or a message from one user to an unsuspecting user through Bluetooth wireless technology. DoS Attacks Eavesdropping Man-in-the-middle attacks Message modification NIST published a Guide to Bluetooth Security in 2008 15
16. NFC Security Trends Ghost and Leech Attack Hacker’s RFID reader steals or transmits credentials to a fake RFID card Eavesdropping Hacker must have a good receiver and stay close To avoid this, use a secure channel as compensating control Data Corruption Jams the data so that it is not readable by the receiver Check RF field as compensating control. 16
17. NFC Security Trends (cont.) Data Modification Changes the semantics of the data Use secure channel 17
18. Attack on the app Currently, Androids are the target due to Google’s loose vetting process According to USA Today (June 5, 2011), Google had to remove 25 apps from the Android market, but not before 125,000 users have downloaded the apps1 These apps allow hackers to download more malicious programs when the user makes phone calls iPhones and iPads are lightly hacked – but will become targets in the future 1http://www.usatoday.com/tech/products/2011-06-03-tougher-security-sought-in-google-apple-devices_n.htm 18
19. Data Protection for Mobile Device and Trends File-level encryption (PocketCrypt or PointSafe) Encryption of data in the transit Remote data wipe-out Device tracking Data backup (Cloud Storage As Service) Mobile Device Management (MDM)- Example GSA use Fiberlink. 19
20. Gartner Predications 2014 will witness over 3 billion mobile users worldwide Mobiles phones will become the preferred and most commonly used web device globally by 2013. As a result, a large number of mobile applications will be built for multiple platforms (Android, J2ME, Symbian, iOS, etc.) and domains (mobile payments, mobile, commerce, mobile VAS, etc.). 20
21. Do Cell Phones Cause Cancer? According to an article in the HuffingtonPost (June 1, 2011): The World Health Organization announced that cell phones could possibly cause cancer. The WHO’s cancer research arm, the International Agency for Research on Cancer, classifies cell phones as a class 2b possible carcinogen. “The IARC also identified known as well as probable carcinogens, including a few others which some of us come into contact with on a regular basis.” 1 CNN link: http://www.cnn.com/2011/HEALTH/05/31/who.cell.phones/index.html 1http://www.huffingtonpost.com/2011/05/20/cell-phone-radiation_n_864799.html 21
22. Topics for discussion What is the security policy for mobile technology in your organization? How can data be protected? Data encryption for mobile device Data Loss Prevention for mobile technology Mobile technology and cloud computing Trends on Telecommuting or telework 22