Locking Down Risks from Unlocking How organizations can protect themselves from the security threats and liability of unlocked phones. While steep fines have placed the unlocking issue in the spotlight, savvy organizations will tell you that this is nothing new. For years, they have taken action to protect themselves from the security risks posed by unlocked or jailbroken phones. The question now is –how far should they go in ensuring that their employees don’t jailbreak or unlock their phones? Webinar covers: • Security strategy best practices • Acceptable use policy options • Data protection • Application management

1. Locking Down the Risks
from Unlocked Devices
Presented by:
Troy Fulton
Director, Product Marketing
Wednesday, February 20, 2013
© 2013 Tangoe, Inc.
Thursday, February 21, 2013

2. Today‟s Speaker
Troy Fulton
Director, MDM Product Marketing
• 20+ years in high-tech and communications devices
• Senior product marketing and management positions
with global corporations including Motorola Mobility,
Nokia, and Compaq
• MBA from The College of William and Mary; BA from
Boston College
© 2013 Tangoe, Inc.
2

3. Agenda
• Definitions
• What is Illegal
• Key Takeaways
• Risk & Mitigation
• Summary
• Q&A
© 2013 Tangoe, Inc.
3

4. Definitions: Unlocking
• Enables a device to work on a wireless carrier other than the one device
was purchased from
•
If an AT&T iPhone were unlocked, it could be used on T-Mobile USA's network
• In October, the U.S. Library of Congress invalidated a copyright
exemption in the Digital Millennium Copyright Act for unlocking
cell phones
• Unlocking a device is potentially illegal, unless authorized
by a carrier
• Civil fines range from $200 to $2,500 per unlock
• Criminal penalties up to $500,000 and five years in jail.
• http://bits.blogs.nytimes.com/2013/01/25/cellphone-unlock-dmca/
• Unauthorized unlocking requires the device to be jailbroken
© 2013 Tangoe, Inc.
4

5. Definitions: Jailbreak
• Pertains to iOS devices
• Allows applications not approved by Apple to be downloaded from any
source
• Removes the security controls which prevent access to data on a device by
unauthorized people and applications
• Process of removing the sandbox protections that Apple places in its iOS
products
• Enables users to access files they normally wouldn't be permitted to, which
opens up all sorts of possibilities for customizing an iOS system
• Many technically inclined users loathe being
locked into a sandboxed device
© 2013 Tangoe, Inc.
5

6. Definitions: Root
• Pertains to Android devices
• Android, unlike Apple, is an open source operating system
• Android out of the box allows users to install 3rd party apps (also known as
sideloading)
• User can install themes
• Allows the install of applications directly from SD card or internal memory of
device
• Everything IOS users hope to accomplish with jailbreaking is basic functionality
within Android
• Rooting overcomes limitations carriers and OEMS put
on devices (skins, etc.)
• COMPLETELY remove and replace the entire
operating system of the device
© 2013 Tangoe, Inc.
6

7. What Has Been Reported to be Illegal
• Unlocking without carrier permission
• A common example….
• Use device as an Internet hotspot
• Switch to a local carrier when traveling overseas to avoid roaming charges
• In Europe, unlocked phones function as you might expect.
• You buy a phone and obtain a SIM card from the network you have chosen, and the phone
registers on that network
• Want to change networks? Get a different SIM and swap it out
• Why does this work?
•
Network operators share the same three portions of the spectrum and support GSM
(3G) and LTE (4G).
• In the U.S. carriers enable different features on their smartphones
• Support differentiated mobile experiences
• Support competing 3G and 4G wireless communication
standards at different spectrum frequencies
© 2013 Tangoe, Inc.
7

8. Key Takeaways: Unlocking
• New carrier = non-optimized usage rates
• Unlocking can also interfere with your phone‟s settings
• Features previously enabled will not likely function
• Phone warranty voided
• Jailbreaking attracts malware and decrypts data
• This law does not eliminate the practice of unlocking phones
• Does not prevent unlocked phones from entering corporate networks
• Organization may be held liable for an employee‟s unlocked device
© 2013 Tangoe, Inc.
8

9. Key Takeaways: Jailbreak vs. Rooted
• Sandbox protection for apps is removed
• Every app can get to everything
• iOS and Android apps designed not to share data
• Jailbreaking decrypts data on the device
• Bypasses device password
• Android app developers can store data in cipher text (optional)
•
If not, encrypted device data may be stored in plain text if you PC synch
• Jailbroken vs. rooted
• iOS: apps must utilize the Data Protection APIs to maintain encryption
•
Password protection enables data encryption
•
NSS Labs: possible to jailbreak an iOS device and completely bypass the passcode
•
Jailbroken phones are more vulnerable to malware
• Android: device password enables full file system encryption
•
Modifying the bootloader or OS is not sufficient to access data without the password
•
Rooting decrypts all data. Google recommends an OEM hardware solution
© 2013 Tangoe, Inc.
9

10. Risks and Mitigation
• Device is lost or stolen
• Exposed data…all of it
• SMS/iMessage texts
• Address book, calendar, email….
• VPN
• Secure communication but is the device secure?
• Access to enterprise resources
• Need mobile anti-virus
• Mitigate risks
• Monitor with automatic policy response
•
Carrier and application
• Mobile content management
• Containerization
• ABQ
© 2013 Tangoe, Inc.
10

11. Secure Mobile Content Management
• Enforce security for
device-based
Corporate
Document
Stores
access
• Manage distribution
authority
• Enforce DLP via
cut/paste features
• Manage document
Native, 3rd
Party
Editing
Tools
Mobile
Content
Management
version control &
redundancy
Device
Continuum
© 2013 Tangoe, Inc.
Simple,
Private
File
Sharing

12. Mobile Device Containerization
Tap to access Divide
•
•
•
Enter passcode
Get to work!
•
•
•
Personal phone, SMS and web
Choice of device, services
Freedom & privacy
Data security
Enterprise apps & services
Easy to manage and control
• Separate corporate data from personal data
• Allow „personal data‟ to co-exist
• Provide controls over corporate data
© 2013 Tangoe, Inc.
12

13. Secure Network Access: THE BYOD Solution
• Real-time detection and enforcement
• Detect and quarantine unknown devices
• Self-Service Device Enrollment Modules
• Guest Access Management
• Non-Browser Device Registration
• MDM Policy Enforcement
• MDM Self-Registration process integrated with NAC-based Policy
Enforcement
• NAC-based MDM Policy Enforcement and Remediation Messaging
13
© 2013 Tangoe, Inc.

14. Summary
• Terms and conditions should clearly describe the penalties for unlocking
• Know your environment
• SANS Institute IT Survey: 9% are “fully aware” of all mobile devices on their network
• Lifecycle of smartphones and tablets is very short: 12 – 18 months
• Do not be fooled…if no controls, there is sensitive data on the device
• Make (sustainable) decisions
• If you do not define policy, employees will
• Never store confidential corporate data on an unencrypted device
• No corporate business through the use of personal accounts
• Prohibit sending emails from your corporate address to private email accounts
• Lock down any device assigned to an employee, including remote wipe
• Secure communication to the device
• Block device access to ActiveSync for non-compliance
• Have a recycling program
© 2013 Tangoe, Inc.
14

15. Questions and Contacts
Troy Fulton
Director, Product Marketing
Troy.Fulton@tangoe.com
Tangoe
203.859.9300
info@tangoe.com
www.tangoe.com
© 2013 Tangoe, Inc.
15