Securing Enterprise Information

in mobile environment

Alexandru LUCA
PKI / Crypto – Mobile Security
Septembrie 2016

2
"By 2020, smartphone
security and management
architectures will dominate
the endpoint computing
environment, while
traditional PC image
management will decline
except on dedicated
appliance-style devices."

Source: “Managing PCs, Smartphones and Tablets and the Future Ahead”
by Ken Dulaney, Terrence Cosgrove, May 5, 2014 3
"By 2020, smartphone
security and management
architectures will dominate
the endpoint computing
environment, while
traditional PC image
management will decline
except on dedicated
appliance-style devices."

Source: “Managing PCs, Smartphones and Tablets and the Future Ahead”
by Ken Dulaney, Terrence Cosgrove, May 5, 2014 4
The world has changed…

60s & 70s 80s 90s Today

Past Enterprise
Transitions:

Change the
Way People Work

Disrupt Enterprise
Architectures
Mainframe / PC Internet Mobile
Mini Era Era Era Era New Leaders Emerge

5
New business challenges in enterprise

Old Enterprise Architecture: New Enterprise Architecture:

• System image • Full Device VPN• Perimeter

• Anti-malware agents • VDI controls
• Firewall • Multiple OS
• Software/patch • Multiple Devices • Distributed Data and
distribution • OS MDM API’s Application Services

Closed Security Model Distributed Security Model

IT Led Consumer Led

Architecture: Data Center Architecture: Distributed Computing

6
 Mobile is Here to Stay in the Enterprise

Accelerated growth of Rapid Evolution of Explosion of

mobile workforce Mobile Applications Content & Data

890 Million 82% 1 Billion

Tablets and Smartphones Employees using Files saved to Dropbox
install base in 2017 multiple apps in 24 hours

Forrester February 2013 “2013 Mobile Workforce Adoption Trends”

Installed based calculation assumes 2 Years refresh cycle – Source: IDC
https://www.dropbox.com/news/company-info

7
“
Modern operating
systems and mobile user
requirements recast the
enterprise security model

” 8
Mobile Information Security
System

9
Complete system to secure mobile
communication and devices
EMM}
 Mobile Device Management
 Manages access to Data and
Applications
 Content management with
advanced DLP capabilities
 Centralized management
Virtualization Solution }
 Secure Container within the
memory of the phone where
sensitive information is
automatically encrypted
 VPN Connections for Secure
 Central Document
Data Transfer
 Secured access to corporate E-
mail and intranet resources
{ Trust4Mobile
 certSIGN Product to encrypt
mobile communications:
voice, messages, file transfer
 Cross-platform transfer of
encrypted files
 Digital Certificates are stored
on the phone or on a smart
card
{ Trust4Sign
 certSIGN product for mobile
devices for digitally sign
documents
{ Confluence4Mobile
Management and Workflow
10
What information should be protected?

 E-mail and intranet resources

 Documents

 Remote access to the network of the organization

 Voice calls

 Messages

 Data saved on the deice

 Personal data

 Access to social networks

 ...

 Fast response when the device is lost or stolen

 Compliance and security policies that meets company standards

11
 Integrated Security Solution

Mobile User Mobile User

Users

Virtualization Virtualization
Solution Solution
Smart Card and Smart Card and
Digital Certificate Digital Certificate

Trust4Mobile Trust4Mobile
Trust4Sign Trust4Sign

Confluence4Mobile Confluence4Mobile

Secure Mobile Communication and Devices System

Enterprise Mobility Documents Management Voice and Messages E-mail Encryption
Management (EMM) Confluence Encryption - Trust4Mobile Intranet resources

12
Enterprise Mobility Management

13
Enterprise Mobility Management
Configuration and
Administration
 Enroll devices (BYOD, bulk,
admin)
 Terms and conditions
 Applications management &
configurations
 User profile (authentication,
authorization, access) based
defined role associated
 Content Management
 Device provisioning, lost,
found, lock, wipe or selective
wipe and retire
Monitoring
 Information about the device (HW, SW)
 Metrics regarding voice calls, SMS,
traffic, roaming
 Location
Security
 Device password (complexity, lifetime, etc.)
 Device or user certificate based authentication
 Restrictions (camera, microphone, USB, Wi-Fi,
etc.)
 Compromised devices (jailbreak, Root)
 Policy enforcement (applications, restrictions)
 Validation of encrypted device
 Data shredding
14
Securing Emails & Attachments

15
Secure Email

 Electronic Signature
 E-mail Encryption
 Access from PC and Mobile Device
 Advanced DLP policies
 “Open in” with secured managed
apps

16
Securing communication
(voice, text and files)

17
Deliver services to business &
governmental clients
Secure Communication
over Mobile Data Network

Central System
managed by Client

CryptoVOIPs
Initiate Call Initiate Call
SIP Server

Key Distribution CryptoVOIPk Key Distribution

 Component of communication packages for corporate users

 Central system managed by the client
 Business model:
 Leasing
 Monthly subscription
18
Trust4Mobile @ user level

 Protect communication between users

 Encrypt connection
 Communication over
 3G/4G
 WiFi – independent from GSM operator
 Free connectivity
 Cryptographic algorithms
 RSA 2048-4096 keys
 AES 256 CRT mode
 SHA-2

19
Trust4Mobile user interface
 Agenda
 Define recipients
 Initiate calls
 Recent calls
 Messages
 Send/ receive encrypted
messages
 Messages encrypted while stored
on the phone and in transit
 Files
 Send encrypted files to recipients
available in contact list
 My profile
 Configuration of application
 Username
 SSL/TLS connection configuration

20
Trust4Mobile Central System

CryptoVoIPs issuance of digital

certificates
 SIP server
 Message routing  Issue digital certificates for users
 Authenticate applications  NATO security accreditation to protect
classified information
 TLS connection
 No access to the information
 Validate digital certificates status
transmitted between users
 No information about communication
content

21
Key benefits of the solution – privacy by
design
 Encryption keys generated and
managed directly on the phone
 Users have complete control over the
keys
 Integration with smart cards (EAL4+ or
FIPS 140-2 level 2 certified)
 Messages are permanently encrypted
on the phone
 Peer to peer phone calls and messages
transmission
 Does not require access to:
 Location services
 Contacts

22
Secured document management
on mobile devices

23
Documents management and documents
workflow on mobile devices

 Management of electronic
documents
 Management of electronic
workflow
 Tasks management
 Electronic archiving
 Management of the users,
roles and access rights
 Electronic signature for hybrid
environment (mobile & PC)

24
Documents management and document
workflow @ user
level

 Decisions on electronic workflows

✔ Approve
✘ Reject
✍ Comments
 Electronic signature: PDF and CMS
 Download and access documents

25
Key elements as “final conclusion”

Secure Mobile Secure Mobile Mobile Business Secure Mobile

Bring Your Own
Device Content Process Application
Device (BYOD)
Management Management Optimization Management

BENEFIT: BENEFIT: BENEFIT: BENEFIT: BENEFIT:

Increased Increased Streamlined Improved Increased user
security productivity critical productivity and satisfaction and
workflows collaboration IT confidence

26
 Thank you!
Alexandru Luca
Tel: +40 734 302 650
Email: alexandru.luca@certsign.ro

Solution Design & Deployment certified EMM solutions

Solution Architect certified EMM solutions

27