Carey Nachenberg is a Symantec fellow and chief architect of Symantec’s Security Technology and Response (STAR) division. He has been at the company for the past eighteen years.
With so many consumer devices finding their way into the enterprise, CIOs and CISOs are facing a trial by fire. Every day, more users are using mobile devices to access corporate services, view corporate data, and conduct business. Moreover, many of these devices are not controlled by the admin-istrator, meaning that sensitive enterprise data is not subject to the enter-prise’s existing compliance, security, and Data Loss Prevention policies.
To complicate matters, today’s mobile devices are not islands— they are connected to an entire ecosystem of supporting cloud and PC-based services. Many corporate employees synchronize their device(s) with at least one the administrator’s control. Moreover, many users also directly synchronize their mobile device with their home computer to back up key device settings and data. In both scenarios, key enterprise assets may be stored in any number of insecure locations outside the direct governance of the enterprise.
In this paper, we will review the security models of the two most popular mobile platforms in use today, Android and iOS, in order to understand the impact these devices will have as their adoption grows within enterprises.
- Mobile Security Goals
- Apple iOS
- Isolation (Sandboxing)
- Limiting The Impact of Malware
- Permissions-Based Access Control
- Application Provenance
- Brief Overview of Android Malware
- iOS vs. Android: Security Overview
- Scenario #1: Unsanctioned Desktop Sync
- Scenario #2: Unsanctioned Enterprise Desktop to Cloud Sync
- Scenario #3: Unsanctioned Enterprise Device Sync with Home PC
- Mobile Security Solutions