Page 45 - Mobile Data Loss
P. 45

Developing Your Mobile Device Security Strategy  39

               The breaches from 2013 to 2015 enumerated that it typically takes
                                                             1
            days, months, even years to identify a data breach. By today’s stan-
            dards and expectations, this is nowhere near responsive enough. This
            delay in response has led to exposures of large amounts of credit cards,
            patient health information, and personnel records. Mobile devices and
            Enterprise Mobility Management afford us the ability to more quickly
            identify threats and automatically respond to those threats.
               It should be apparent at this point that by far the biggest threat is
            from malware and operating system compromises. In mobile, this can
            stem from a variety of vectors including, but not limited to:

            • User Jailbreaking an iOS device and loading an app outside of the
              App Store
            • User Rooting an Android device and side-loading an app outside of
              Google Play
            • Attacker distributing an app through a malicious email link or SMS
              message
            • Developer who unknowingly builds an app using a third-party SDK
              unaware that the SDK includes malware or risky behaviors, and
              posts it in the App Store or Google Play
            • Malicious user who circumvents a curated app store and the app
              vetting security processes and posts an app for download

               The EMM’s mobile device client compromise detections, App
            Reputation or Mobile Threat Prevention, and quarantine are good
            deterrents to mobile malware. This will ensure the integrity of your
            devices, and allow the EMM to respond to threats by quarantining
            devices when they fall out of compliance. This can allow the EMM to:

            • Perform a full wipe of a device (Best for Corporate Issued Devices)
            • Perform a selective wipe by just removing the corporate data and/or
              Apps (Best for BYOD)
            • Block the device’s network access to enterprise resources by using a
              Secure Mobile Gateway and/or Network Access Control
            • Alert, log, and report on out-of-compliance devices

               It’s important to note that this may require the EMM to wait until
            the next time a device checks into the console, perhaps up to 4 hours.
            While that is far quicker than the aforementioned breaches, for some

            1 http://www.verizonenterprise.com/DBIR/2015/
   40   41   42   43   44   45   46   47   48   49