Sensitive Information
Transcription
Sensitive Information
Sensitive Information Enterprises have allowed access to some corporate apps and data from both personally owned and enterprise owned smartphones and tablets, but many enterprises limit access to more sensitive data due to security concerns. “Unsurprisingly, security is the top concern for BYOD… The risks of data leakage on mobile platforms are particularly acute and are now a bigger problem than malware.” Gartner } Top concerns for BYOD Forrester “We have worked with the team behind DroidCloud, now Hypori, in the trusted computing space for around 7 years now. We are working with them on secure mobility, and see their technology as a key part of the answer for mobile apps in the DoD.” “Many organizations working within regulated or high-security environments elect not to implement BYOD at all.” Gartner Antonio De Simone, JHU APL 50% 59% 65% 65% Mobile data security 59% Data breach security 55% 55% Mobile data security 50% Mobile applications security” "We have worked with the team behind DroidCloud, now Hypori, in the trusted computing space for around 7 years now. We are working with them on secure mobility, and see their technology as a key part of the answer for mobile apps in the DoD." Ryan, DoD Mobile security challenges Attestation – of mobile devices and backend infrastructure. Application Security – app permissions, isolation, malware detection. Authentication – two factor auth mechanisms, confidence in user identity. Data Security – encryption in transit and at rest. Key Management – auth and app certs, including distribution and storage. Sanitization – ability to rigorously delete with ‘reasonable’ assurance. Access Management – user permissions, geo-fencing (both data Continuous Monitoring – risk framework based on patterns of life. Patching – timely and efficient, for firmware, OS and apps. Auditing – app and user actions, efficient discovery processes. Dual Persona – user vs corporate apps and data separation in COPE / BYOD. Device Ecosystem – so many device types, Android OS fragmentation. and users) These challenges are relevant to enterprise owned devices, COPE and BYOD. Hypori (originally DroidCloud) provides a ‘mobile first’ thin client experience that keeps all the apps, data and management on enterprise servers as opposed to mobile end point devices. The ACE platform allows users to access a remote Android virtual device, similar to Virtual Desktop Infrastructure, but designed for touch interaction – both the Android OS and the hundreds of thousands of COTS apps available for it. We call it Virtual Mobile Infrastructure. www.hy p ori.com Hypori’s ACE platform integrates with existing EMM investments such as MDM (to manage the virtual devices), MAM and app stores (to deploy the ACE client and/or to deploy apps to virtual devices), etc – the virtual device is like a physical handset, but it is running on a server. It is complimentary to VDI. The ACE platform also integrates with the rest of the enterprise IT ecosystem, such as LDAP, two factor auth, system monitoring, DevOps deployment and auditing. 9211 Waterford Centre Blvd, Suite 100, Austin, TX 78758 +1 512-646-1040 “Overall Objective: Implement Thin Client Cloud for Security – Store OS, applications and data in enterprise servers; no data on local device. Benefits Decreases chance of insider threat Network data can be securely accessed Keeps secure data out of the hands of bad guys if the phone is lost Protects data in the enterprise through security management, monitoring and auditing.” Deborah Plunkett, NSA IAD Director, AFCEA – 3rd Annual Defense & Security Mobile Symposium Sensitive Information Hypori’s ACE platform can integrate with and compliment existing EMM deployments, just as VDI implementations are used in a variety of architectures to deliver apps and data to users inside an enterprise. VMI can be applied selectively to business processes and information judged to be of higher sensitivity to the enterprise. Users want more than email, calendar and a browser – they want real MS Office for mobile, commercial chat and VTC tools like Cisco Jabber, Microsoft Lync and Adobe Connect – and an open source based platform for building custom apps. The ACE platform delivers this experience in compliance with NSA’s Mobility Capability Package, and can be deployed in a globally distributed cloud fabric at carrier scale down to a tactical mini server for sites with intermittent external connectivity. Existing, ‘strategic’ DoD customers that can be referenced. No Data at Rest Low Risk All the data and apps stay in the enterprise. APPS Much less expensive than an custom ‘one off’ solution. Access to Apps Cost Savings Easy to get onto, easy to get off – it’s “just Android”. No Lock-in Defense in Depth Commercial Hundreds of thousands of COTS apps designed for touch. Commercial platform, runs on commercial handsets. Attestation, containment, monitoring and auditing. There is no such thing as a 100% secure system, but Hypori’s ACE platform has been designed and developed under a Defense in Depth strategy in conjunction with the US DoD for the most high value and security conscious users imaginable. www.hy p ori.com 9211 Waterford Centre Blvd, Suite 100, Austin, TX 78758 +1 512-646-1040