Mobile security management dan BYOD
Network World - Many IT professionals agree that BYOD promotes end user productivity and satisfaction. If it weren’t for a little thing called “security,” BYOD would probably be much more widely embraced than it is.In an April 2013 survey of the Information Security Community of LinkedIn, only about 20% of the 1,600 respondents say that privately owned devices are widely in use and supported by a BYOD policy at their organizations. On the other hand, Microsoft says that 67% of people use their personal devices at work, regardless of the company’s official policy on BYOD. That’s a pretty big gap between officially sanctioned and reality — and that gap puts corporate data and applications at risk.
As reported in the Cisco 2014 Annual Security Report, criminals are exploiting the mobility aspect of BYOD by using wireless channels to eavesdrop and gain access to data being exchanged through those channels. What’s more, mobile malware is becoming a big problem, especially for devices utilizing the Android OS. Cisco says that 99% of the malware it analyzed in the past year is directed at Android devices.
Just where does all that mobile malware come from? All the apps we can’t resist downloading. Even apps that appear to be legitimate can be fake versions designed to spread malware. For instance, there are numerous counterfeit versions of the Netflix mobile app that are primed to inject malware onto smart phones and tablets.
There is a new entrant in the mobile security market designed to address the two pain points of risky apps on users’ devices and unsecured wireless networks. Marble Security offers what looks to be a well rounded mobile security management solution that dynamically adapts to threats in real time while also providing essential device and app management features.
Marble’s cloud-based service is comprised of three sets of capabilities:
• Mobile Security Management (MSM)
• Mobile App Management (MAM)
• Mobile Device Management (MDM)
Marble’s MDM capabilities are fairly standard: enforce password and encryption requirements; remotely lock and wipe devices; control device functions such as the camera or Bluetooth; set policies for geo-fencing.
The MAM capabilities are also similar to other vendors’ offerings: push corporate apps to employees’ devices; remove apps as necessary when people leave the company or the device is lost; provide an enterprise app store for required or recommended apps.
It’s the MSM capabilities that tell the real story. The MSM capabilities are anchored by the Marble Threat Labs, an internal research group that analyzes tens of thousands of mobile apps a day to understand their behaviors. These apps are run in an instrumented kernel in a sandbox to see what they do and what behaviors they exhibit.
For example, does an app collect information from the device’s contacts list and send it to a malicious server? Does the app read all of the SMS messages on the phone? Marble Threat Labs has learned that 9% of the apps it analyzes redirect SMS messages off the device. Another 10% of apps read all of the device owner’s phone messages.
Since there aren’t legitimate reasons for apps to behave this way, the apps are deemed as high risk. Their use on the enterprise network can be controlled via policy in the MSM console. Rather than blacklisting an app by name, which can get cumbersome to maintain, you can identify app behavior that is not permitted; for example, “do not allow devices on our network if they contain apps that read the SMS messages.”
Marble continuously establishes risk scores in real time for each user, device, app and network connection based on criteria set by the enterprise. Marble uses Big Data analysis to correlate and assess all of these parameters. This aids in setting risk-based access control, making it possible to restrict access to enterprise networks, applications and data whenever risk thresholds exceed levels set by administrators.
Unknown or unprotected wireless networks can pose a risk, too. Some users connect to 10 or more networks – at work, at home, in the coffee shop, at the airport, etc. – and IT only controls one of those networks. To resolve this problem, the Marble Network is a secure, hosted VPN that isolates users from network attacks and provides encrypted communications between enterprise applications and cloud services.
Marble Messenger is another feature that may appeal to highly regulated industries such as healthcare and financial services. This is a secure messaging service that encrypts messages end-to-end and attachments, too. For example, two doctors can be communicating about a patient’s care, even including photos of, say, the patient’s wound. Ordinary SMS text would be a violation of HIPAA, but Marble Messenger ensures the messages and attachments are all encrypted and private. The data from the conversation is not stored on the local devices but rather on the Marble servers. An administrator can set policies for how long the messages and attachments are to be stored, if at all.
The Marble solution includes other security features as well: a private DNS service; DNS blacklisting; URL and IP address blacklisting; jail-break jammer detection; and malware and privacy protection. Marble Security’s solution is comprehensive and focused on securing enterprise data and applications in a BYOD environment.
Linda Musthaler (LMusthaler@essential-iws.com) is a Principal Analyst with Essential Solutions Corp. which researches the practical value of information technology and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.