Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 1 3/19/2013 DenyAll & Promon © 2013 1

Beyond BYOD: securing the

data (not the device)

March 19, 2013

This event will start at

11am CET,

thanks for your patience

Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 2 3/19/2013 DenyAll & Promon © 2013 2

• You’re muted…

• … but please ask your

questions using the chat tool

• We’ll take a few minutes at the

end to answer them

Logistics

Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 3 3/19/2013 DenyAll & Promon © 2013 3

Today's Presentors

Stéphane de Saint Albin

CMO

Tom Lysemose

CTO & founder

Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 4 3/19/2013 DenyAll & Promon © 2013 4

Bring Your Own Device?

The Risk.

Malware residing on personal devices taking

advantage of user rights to leak corporate data.

The Solution.

rWeb + Client Shield protect corporate data

accessed via browsers and mobile apps.

Todays’ Webinar

Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 5 3/19/2013 DenyAll & Promon © 2013 5

Content

1. Beyond BYOD: the issue with personal

devices

2. Man-In-The-Browser/Mobile attacks

3. Protecting corporate data on personal devices

– Browser-based apps (OWA)

– Mobile Apps

4. Q&A and conclusion

Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 6 3/19/2013 DenyAll & Promon © 2013 6 Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 6

Beyond BYOD: the issue

with personal devices

Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 7 3/19/2013 DenyAll & Promon © 2013 7 Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 7

Poll #1

Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 8 3/19/2013 DenyAll & Promon © 2013 8

• Security policy adjusted to allow personal

device connectivity

– Exceptions to wifi policy, for example

– Creates security ‘holes’ that can be exploited by hackers

• Users access both personal and corporate data

– User credentials and corporate data ‘stored’ on devices

– Cracked in minutes, cf. Symantec Experiment

• Personal devices are unmanaged by default

– No password, no security control

– No lock or remote deletion capability if lost/stolen

BYOD related issues

Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 9 3/19/2013 DenyAll & Promon © 2013 9

• Endpoint security not efficient vs. modern threats

– Won’t prevent malware infection

– Millions of zombie devices in spite of anti-virus software

• MDM is no silver bullet

– Enforcing secure configuration policy is a good

but insufficient step

• Compromised devices can become attack vectors

– Modern malware now available on mobile platforms

Beyond BYOD

Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 10 3/19/2013 DenyAll & Promon © 2013 10

• The problem with personal devices is not that they

– are used to play and work

– can be lost or stolen

– are usually unmanaged

– are not well protected against malware

– should be considered as unsafe

• The problem is that they access, use and store

sensitive data

– User credentials

– Corporate email

– Confidential information accessed via mobile apps

Data security is the issue

Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 11 3/19/2013 DenyAll & Promon © 2013 11 Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 11

Man-in-the-Browser/Mobile

Attacks

To read full slides presentation & access to the video recording on:

Beyond BYOD: securing the data (not the device)

Please click on the link available in the description below.

Securing & Accelerating Your Applications 3/15/2013 Deny All © 2012 13 3/19/2013 DenyAll & Promon © 2013 13

Thank you!

info@denyall.com

+33 1 46 20 96 00