Upload
bob-gourley
View
214
Download
0
Embed Size (px)
Citation preview
7/29/2019 Trusted Mobile Computing
1/8
November 2012
White Paper:Enabling Trusted MobileComputing
CTOlabs.com
Inside: Context on BYOD
Integrity Verifcation and Compliance Assurance
Lessons to learn or your enterprise deployment
A White Paper providing context and guidance you can use
7/29/2019 Trusted Mobile Computing
2/8
CTOlabs.com
Trusted Mobile Computing Through Integrity Verifcationand Compliance Assurance
The use of mobile devices within government and industry is continuing to evolve at a rapid pace.
Only a few years ago, enterprise mobility meant wireless email on BlackBerry. Today, organizations
are embracing the latest iOS and Android devices and are constantly waiting to nd out whats next.
Tablets and the iPad are revolutionizing the way eld employees and knowledge workers do their
jobs. And mobile apps are everywhere, on every device, and are used for both personal entertainment
and business productivity. The bring-your-own-device (BYOD) approach has also spread through
government and industry with the promise of increased employee satisfaction and productivity aswell as potential cost savings and organizational eciencies.
Security Policies, Saeguards and Risk Management
Security policies and safeguards have not kept pace with the growth in mobility for the enterprise,
resulting in rising mobile risk. A recent survey by Trend Micro found that nearly half of all companies
allowing BYOD experienced data or security breaches due to employee devices accessing corporate
networks. Because employee devices can carry malware, access insecure networks, track their
owners, and even surreptitiously record conversations and take photos if tampered with, ensuring
device integrity is now a necessity in the modern workplace. Fortunately, there is a solution that is
specically designed to monitor and maintain system integrity while still enabling choice of device
and applications. Fixmo Sentinel Integrity Services provides leading integrity monitoring, tamper
detection, jailbreak detection, and policy verication to ensure that mobile devices and applications
start and remain in a known trusted state.
Fixmo and Its Origins
Fixmos origins lie with the U.S. National Security Agencys (NSA) internally-developed solution for
verifying the integrity of their BlackBerry mobile devices, codenamed AutoBerry. While BlackBerry
devices were issued for security and compliance with government security standards (FIPS 140-2),
there were a growing number of reported incidents where unveried network communications and
software updates were occurring on devices of employees that were traveling overseas and roaming
across wireless networks. These incidents raised serious concerns over the integrity of these devices
1
7/29/2019 Trusted Mobile Computing
3/8
A White Paper or the Government IT Community
and their potential exposure to malicious code injection and cyber attacks. Finding dangerous ormalicious alterations to device software proved extremely dicult as checking for variations in
millions of lines of code was impractical and monitoring policy compliance across thousands of
devices was manpower intensive. AutoBerry saved time and eort by comparing known good hashes
of devices in a trusted state and then detecting any dierences and analyzing for vulnerabilities and
compromises, thereby automating mobile device compliance auditing.
Through the NSA Technology Transfer Program, Fixmo
expanded on AutoBerrys capabilities, ported all of the
functionality to Android and much of it to iOS, and
released the resulting product as a commercial-o-the-
shelf (COTS) solution for both government agencies and
private sector organizations.
Integrity Verifcation andCompliance Assurance MitigatesRisk
Mobile device integrity is critical to an enterprise as
threats to mobile device security are serious and growing.
Recently, the Government Accountability Oce reported
on the gravity of mobile risk, calling on the Department of
Homeland Security and the National Institute of Standards
and Technology to implement measures to increase mobile
device security in the public and private sectors. Mobile
devices face unique and dangerous threat environments
as users connect to cellular networks with root access to
their devices and WiFi networks they do not know and
trust. Mobile devices are susceptible to loss, malware,cyber attacks, phishing, hidden SMS managing applications that send expensive premium rate SMS
messages, and SMiShing or phishing through SMS rather than email.
Adding to this, most mobile devices used for business are now also permitted to have unveried
third party applications installed on them from public app stores or third party distribution sites.
Currently, most IT departments lack sucient tools to detect tampering, compromises or potential
2
Scans Can Drive Policy Changes
Fixmo empowers you with the ability to make
changes to devices based on the results of scans,
with a wide range of options available for you to
execute. For example:
If high-risk change is detected during
an integrity scan (such as jailbroken OS,
detection of malware or the presence of a
blacklisted application), automatically lock
or wipe the device
If a medium-risk change is detected during a
scan (such as the installation of an unknown
application), automatically lock down the
corporate data residing within the Fixmo
SafeZone secure workspace until IT can
analyze the risk and make a decision on
what actions to take, if any
If a low-risk change is detected (such as
the upgrade of a trusted application to a
new version), notify IT but do not take any
immediate action
7/29/2019 Trusted Mobile Computing
4/8
CTOlabs.com
3
non-compliance scenarios caused by unveried third party applications which may or may not bemalicious in intent.
Mobile Threats Increasing
Mobile malware is rampant and rising. Recent analysis
by Arxan Technologies found that over 90% of the
top 100 paid applications for iOS and Android have
copycat versions on the market that resemble legitimate
applications but are instead infected. For Apple, mostof those hacked apps are on unauthorized markets
for jailbroken devices, though malware was recently
discovered in the Apple App Store that harvests data from
user address books. Researchers also claim to have snuck
malware into the App Store before to demonstrate that
Apples verication is not infallible.
Android malware similarly spies on users with infected
devices. One typical, common recent instance of malware
(known as Android.Trojan.GingerMaster), comes bundled
with multiple non-malicious apps and runs in the
background to broadcast device IDs, phone numbers, and
more to command and control servers. Other common
infected applications (such as Android.Monitor.Sheri)
monitor users GPS coordinates. Additionally, one must
consider the vast array of mobile applications that are not
designed to be malware, but may put your private data
and devices out of compliance nonetheless. For example,
a recent report suggests that 86% of the top 100 apps onthe Apple App Store and Google Play marketplace request
access to some type of personal information with many of them gaining access to GPS coordinates
and/or the native address book on the device which houses both personal and business contacts.
Threat Context
50% of Android users are running out of
date, unpatched OS
92% of the top 50 iOS apps come fromdierent developers
85% of the top free iOS and Android apps
can access private user data
55% of smartphones used in business will
be owned by employees by 2015
90% of businesses will have corporate
apps running on employe devices by 2014
9% of companies have a policy to wipe
corporate data while leaving personal
data intact
71% of businesses plan to implement
a solution that separates business and
personal data
22% of IT pros have seen malware on
mobile devices
7/29/2019 Trusted Mobile Computing
5/8
A White Paper For The Federal IT Community
While their intent may not be malicious, these types of applications may put your state of complianceat risk.
Continuous Monitoring Required
Fixmo Sentinel Integrity Services combats these potential security and compliance breaches through
continuous monitoring of devices to prevent unwanted policy changes, OS rooting, unveried
applications, OS tampering, and other potential compromises that can lead to a state of non-
compliance. It also proves that devices are in a trusted state through auditable compliance reporting.
As almost all iPhone malware comes from third party app stores accessed by jailbroken phones, andAndroid malware typically infects devices set to accept unveried third party applications, Fixmo
Sentinel can alert IT departments if employees have made these or other changes that raise the risk for
infection so that IT can proactively assess and remediate before the threat results in an actual breach.
And if a device becomes infected, Fixmos Integrity Services will detect changes that indicate hidden
malware may be running in the background to leak sensitive data. Fixmo Sentinel contains over 100
predened compliance and integrity reports and scales easily across Android, iOS, and BlackBerry. It is
also designed to integrate with existing mobile and IT infrastructure and leverage the safety measures
your enterprise already has in place.
Fixmo Sentinel also provides integrity-based policy controls which automate policy controls based on
the results of an integrity scan. If the scan nds high-risk changes such as a jailbroken OS, malware,
or a blacklisted application, Sentinel can automatically lock or even wipe the device. If medium-risk
changes are detected, such as the installation of an unknown application, Sentinel can automatically
lock down the corporate data residing within the Fixmo SafeZone container until IT can analyze the
risk and decide which actions, if any, it should take. And if the changes that Sentinel nds are low-risk,
like upgrading a trusted application, it will take no immediate action but will notify IT. This way threats
can be countered early before they do serious damage, risks can be identied and examined further,
and the enterprise is kept up to date on the signicant changes across all of its mobile devices.
4
7/29/2019 Trusted Mobile Computing
6/8
CTOlabs.com
5
Concluding Thoughts
Trusted mobile computing requires integrity verication and compliance assurance. The many
capabilities of Fixmo deliver this to the enterprise. Fixmo capabilities are backed up with a world-class
engineering team which has built solutions that can scale to the size of the global hand-held device
market. Key components of their suite of solutions were initially developed by the US government and
under terms of the governments agreement with Fixmo these components are free for government
use.
Why Fixmo
Here is more on Fixmos key capabilities for government use:
Fixmo Sentinel Desktop - No Charge to Government: Fixmo Sentinel Desktop is the commercial
alternative for AutoBerry, a mobile device security and tamper detection solution that was initially
developed by the U.S. National Security Agency.
Fixmo Sentinel SCC - No Charge to Government: Fixmo Sentinel Server Compliance Check (SCC) is
the commercial alternative for AutoBES, a solution for automatically scanning BlackBerry EnterpriseServer and Good Mobile Messaging Server to ensure proper conguration and STIG compliance.
Fixmo MRM: Learn more about the Fixmo MRM platform which brings Fixmo Sentinel together with
the Fixmo SafeZone Secure Container to provide a holistic mobile risk management platform for
protecting devices, protecting corporate data and proving regulatory compliance.
Fixmo Solutions or Government: Visit the Fixmo Government Solutions page at Fixmo.com to learn
more about mobile security, compliance and risk management solutions for Government agencies.
7/29/2019 Trusted Mobile Computing
7/8
A White Paper For The Federal IT Community
More Reading
For more federal technology and policy issues visit:
CTOvision.com- A blog for enterprise technologists with a special focus on Big Data.
CTOlabs.com - A reference for research and reporting on all IT issues.
J.mp/ctonews - Sign up for the Government Technology Newsletters.
Fixmo.com - Learn more about Fixmo today.
About the Authors
Bob Gourley is CTO and founder of Crucial Point LLC and editor and chief of CTOvision.com He is a former
federal CTO. His career included service in operational intelligence centers around the globe where his
focus was operational all source intelligence analysis. He was the rst director of intelligence at DoDs Joint
Task Force for Computer Network Defense, served as director of technology for a division of Northrop
Grumman and spent three years as the CTO of the Defense Intelligence Agency. Bob serves on numerous
government and industry advisory boards. Contact Bob at [email protected]
Ryan Kamauis a technology research analyst at Crucial Point LLC, focusing on disruptive
technologies of interest to enterprise technologists. He writes at http://ctovision.com. He researches
and writes on developments in technology and government best practices for CTOvision.com and
CTOlabs.com, and has written numerous whitepapers on these subjects. Contact Ryan at Ryan@
crucialpointllc.com
6
7/29/2019 Trusted Mobile Computing
8/8
CTOlabs.com
For More Inormation
If you have questions or would like to discuss this report, please contact me. As an advocate for better
IT in government, I am committed to keeping the dialogue open on technologies, processes and best
practices that will keep us moving forward.
Contact:Bob Gourley
703-994-0549
All information/data 2012 CTOLabs.com.