Mobile and Cloud Data Management Best Practice AUTHOR: VISHAL RUPANI

1

2

Mobile Device RisksWhat are the possible information management risks to the enterprise associate with this innovation or condition?

“Attackers are definitely searching after the weakest point in the chain,” and then honing in on the most successful scams, says Lior Kohavi, CTO at CYREN, a cloud-based security solutions provider in McLean, Va.

Attack Surfaces include:

• Mobile Phishing and ransomware

• Using an infected mobile device to infiltrate nearby devices

• Cross platform banking attacks

• Cryptocurrency mining attacks

Key Takeways:

• Mobile identity theft is not limited to personal devices, corporate devices are at risk as well.

• Smartphones are not much different structurally than desktops or laptop computers when it comes to hackers, viruses, malware, and spyware. Their apps and mobile browsers enable storing sensitive information such as passwords, corporate credit card numbers, and bank account data in addition to our contacts and other sensitive information. When this data is breached, however, the resulting data theft can have severe and long-lasting consequences.

3

Mobile Device Risk MitigationThere are many actions companies can take to mitigate the risks or conditions including policies, processes and activities.

Manage through Technology:

• Create a strong password policy that is required to unlock phones and access data.

• Ensure phones automatically lock when it has not been used for a specified period of time.

• Keep the operating system and apps up-to-date.

• These updates are important for keeping the smartphone or tablet current with all of the latest security enhancements. Mobile devices should be patched and managed properly, similar to corporate desktops and laptops.

Manage through Training:

• Make sure users are educated on performing transactions on secure websites by verifying that the “s” is in the “https://” in the address bar.

• Educate users and inform them to avoid performing personal business on corporate devices (i.e.. Shopping online or surfing the web on untrusted sites)

• Educate users to never share sensitive data such as passwords or corporate data, credit card numbers over an unsecured Wi-Fi connection. Using a public Wi-Fi network can give a nearby hacker the opportunity to steal data.

• Educate users to carefully review phone bills for sudden increases in data usage, a potential sign off hacking.

4

Cloud Applications and Storage RisksAs cloud solutions become more mainstream and enable businesses they also introduce risks that corporations need to

be aware off. Below are the top 5 risks.

1: Shared access: Multitenancy security issues are just now becoming important, and the vulnerabilities within are starting to

be explored.

2: Virtual exploits: Every large cloud provider by nature is a significant user of virtualization and these platforms are often

shared across multi-tenancy business customers.

3: Authentication, authorization, and access control: Cloud vendor's choice of authentication, authorization, and access

control mechanisms is crucial, but much depends on process as well.

4: Availability: When you're a customer of a public cloud provider, redundancy and fault tolerance are not under your

control. What's provided and how it's done are not disclosed and it's completely opaque!

5: Ownership: This risk comes as a surprise to many cloud customers, but often the customer is not the only owner of the

data. Many public cloud providers, including the largest and best known, have clauses in their contracts that explicitly states

that the data stored is the provider's -- not the customer's.

5

Cloud Applications and Storage Risk MitigationHigh Level Diligence Approach includes:

1. Check Password and Enable Two Factor Authentication (If Available)

2. Audit Your Connected Apps, Devices, and Services

3. Check Your Provider's Stance on Privacy and Encryption

4. Audit Your Files and Remove or Encrypt Sensitive Data

5. Consider Diversifying with Privacy- and Security-Conscious Services

Detailed Diligence - Clarify the below points with cloud providers:

1. Who owns your data and what can the cloud provider do with it? Where is your data physically stored? How is it handled when no longer needed? If data encryption is used and enforced, are private keys shared among tenants? Who and how many people on the cloud vendor's team can see your data?

2. How does cloud storage and applications align with E-Discovery and preservation of data?

3. How often do they identify and remove stale accounts? How many privileged accounts can access their systems -- and your data?

4. What type of authentication is required by privileged users?

6

Referenceshttp://www.infoworld.com/article/2614369/security/the-5-cloud-risks-you-have-to-stop-ignoring.html

http://lifehacker.com/the-start-to-finish-guide-to-securing-your-cloud-storag-1632901910

https://heimdalsecurity.com/blog/10-critical-corporate-cyber-security-risks-a-data-driven-list/

https://heimdalsecurity.com/blog/10-critical-corporate-cyber-security-risks-a-data-driven-list/

http://www.pinow.com/articles/1682/mobile-identity-theft-statistics-and-prevention-tips

http://www.pcworld.com/article/164132/hack_smartphone.html