Whitepaper: A Window into Mobile Device Security Whitepaper: A Window into Mobile Device Security By Carey Nachenberg July 1, 2011 6:04 PM Tags : Android Management Security Mobility iOS Symantec Mobile Cloud Computing Computers Devices Whitepaper Enterprise Data Loss Prevention Quest Table Of Contents 1. Introduction 2. Mobile Security Goals 3. Apple iOS 4. Encryption 5. Isolation (Sandboxing) 6. Limiting The Impact of Malware 7. Vulnerabilities 8. Android 9. Permissions-Based Access Control 10. Application Provenance 11. Encryption 12. Brief Overview of Android Malware 13. iOS vs. Android: Security Overview 14. Scenario #1: Unsanctioned Desktop Sync 15. Scenario #2: Unsanctioned Enterprise Desktop to Cloud Sync 16. Scenario #3: Unsanctioned Enterprise Device Sync with Home PC 17. Mobile Security Solutions 18. Conclusion 1. Introduction Carey NachenbergCarey Nachenberg is a Symantec fellow and chief architect of Symantec’s Security Technology and Response (STAR) division. He has been at the company for the past eighteen years. With so many consumer devices finding their way into the enterprise, CIOs and CISOs are facing a trial by fire. Every day, more users are using mobile devices to access corporate services, view corporate data, and conduct business. Moreover, many of these devices are not controlled by the admin-istrator, meaning that sensitive enterprise data is not subject to the enter-prise’s existing compliance, security, and Data Loss Prevention policies. To complicate matters, today’s mobile devices are not islands— they are connected to an entire ecosystem of supporting cloud and PC-based services. Many corporate employees synchronize their device(s) with at least one the administrator’s control. Moreover, many users also directly synchronize their mobile device with their home computer to back up key device settings and data. In both scenarios, key enterprise assets may be stored in any number of insecure locations outside the direct governance of the enterprise. In this paper, we will review the security models of the two most popular mobile platforms in use today, Android and iOS, in order to understand the impact these devices will have as their adoption grows within enterprises. Next 1. Introduction1. Introduction2. Mobile Security Goals3. Apple iOS4. Encryption5. Isolation (Sandboxing)6. Limiting The Impact of Malware7. Vulnerabilities8. Android9. Permissions-Based Access Control10. Application Provenance11. Encryption12. Brief Overview of Android Malware13. iOS vs. Android: Security Overview14. Scenario #1: Unsanctioned Desktop Sync15. Scenario #2: Unsanctioned Enterprise Desktop to Cloud Sync16. Scenario #3: Unsanctioned Enterprise Device Sync with Home PC17. Mobile Security Solutions18. Conclusion Comment on this article ... Comment(s)| Comments