Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
-
Upload
augmentedworldexpo -
Category
Technology
-
view
134 -
download
0
Transcript of Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Security in the Enterprise for Smart Glasses
Pete Wassell
@AUGMATE #AWE2016
Impact of Mobile
Employee Security Stats• 87% say careless employees are a greater threat to
security than cybercriminals, up from 72% in 2012
• Employee actions have the highest impact on vulnerability of mobile data
• 63% say employees likely contributed to recent high-profile security breaches
• 92% say employee behaviors could have made a difference in preventing high-profile security breaches
• 56% are managing business data on employee-owned personal devices, up from 37% in 2013
Mobile security incidents very expensive
• 79% report mobile security incidents in the past year
• 52% of large companies say cost of mobile security incidents last year exceeded $500,000
• 45% of businesses with less than 1000 employees reported mobile security incident costs exceeding $100,000
• 49% cite Android as platform with greatest perceived security risk (up from 30% last year), compared to Apple, Windows Mobile, and Blackberry
• 66% say careless employees greater security risk than cybercriminals
Wearable Security Stats• 69 percent of wearable device owners say they forego
login credentials, such as PINs, passwords, fingerprint scanners and voice recognition, to access their devices.
• 56 percent of wearable owners use their devices to access business apps such as Box, Slack, Trello, Dropbox, Salesforce, Google Docs, Microsoft Office or a combination of those.
• 42 percent of wearable owners cite identity theft as their top security concern when it comes to their devices.
• Lack of IT management and device control comes in second (34 percent) and a general increase in breaches of sensitive work data or information comes in third (22 percent).
From the article: Unmanaged wearables infiltrating the enterprise
Forrester Forecastfor Smart Glasses
Key Takeaways:
Over 14 Million US Workers Will Use Smart Glasses By 2025. The smart glasses market is real and tangible for enterprises: About 8% of all US workers will use smart glasses in their jobs by 2025.
Security Vulnerabilities• SQL injection
• Phishing
• Buffer overflow attacks
• Cross-site request forgery
Wearable Security Threats• Bluetooth sniffers can
pickup unencrypted data
• DTE [Data Terminal Equipment], which is hackable.
• A malicious firmware update could also compromise a paired mobile device such as a smartphone or laptop
Wearable Hardware• The data collected and stored on your mobile device can
be worth 10 times the value of a credit card on the black market.
• Choose a device that has location and remote-lock capabilities, so the device can be erased should it be lost or stolen.
• Another key tip is to enable a password to protect your device.
• Whenever possible, use biometric authentication such as your fingerprint or face recognition — you’ll likely find it easier than using a password while providing even stronger protection.
read the license agreementsread the license agreements
Privacy and Personal Wearables in a Corporate Environment
• Companies give you a discount on health insurance if you wear a device.
• Heart rate data can reveal a range of personal activities – not just hitting the treadmill after work.
• What about: Customer Data?
• UL is creating standard for wearable privacy and security
AR Enterprise Architecture from AREA
1. Transport Mechanism
2. Application Service
3. Wearables
4. Integration of AR application to the enterprise system.
HIPAA Advice• No shared accounts
• Auto-logout, similar to screen savor with password
• Encryption for both transmission & storage of data
• Verification of unaltered data transmission & data storage
• Authentication of access
• Defined rotocols for wifi and bluetooth
IEEE Advice• Strong password and password reset policies
• 15-minute forced re-authentication when devices are idle
• Strong authentication of identity
• Prevent users from changing identity without re-authentication”
• Authenticate the wearable during the pairing process.
How businesses can reduce security and privacy risks?
Have you established information security and privacy policies for the use of wearable computing devices within your organization? No? What are you waiting for? Research shows that one in five Americans owns and uses some type of wearable.
How can businesses reduce security and privacy risks?
Collecting Data:
• When they are using a wearable to collect information in any way, employees and contractors should be required employees to notify those in their immediate vicinity that they are doing so, and direct them to respect and follow the requests to not include those around them, or anything within their work areas, in their data collection activities.
• Otherwise, do not allow employees or contractors to use wearables to collect videos, still images, audio recordings, or other types of information that is about the business, customers, patients, or employees.
How businesses can reduce security and privacy risks? • Obtain data breach insurance
or cyber liability insurance
• Patched network with the latest security updates
• Have a privacy policy
• Set up wearable devices and any associated online accounts with obscure user names and unique passwords, all of which should be hard to guess.
Seven ways to manage and secure business wearables1. WDM [Wearable Device Management] policy
2. Application blacklists to disable wearable-specific apps
3. No authentication = No access
4. Implement biometrics, proximity and geofencing
5. Analyze network traffic
6. Use wireless intrusion prevention systems (WIPS)
7. Use WDM to assess and enroll devices, provision security policies, applications and data containers, and apply actions such as find and wipe when business wearables are lost or stolen
AREA Advice• There are many existing models and lessons to leverage for
AR security measures
• Examine and documenting security measures upfront
• Undertake a thorough audit of their IT and security infrastructure
• AR developers and providers need to work directly with end users and customer security teams
• Considering “security by design” or building security into design is critical.
Security Training
• Training Budget
• Training via solution providers
• Reinforce training once per year
To minimize wearable technology security issues
• Custom security levels
• Remote erase feature
• Bluetooth encryption
• Cloud security
More Ways to Secure Wearables
• Additional layers of security
• Data classification
• Staying up-to-date
• Educating employees on rules
Augmate AdviceHire a security expert
Remote Device Management Control Devices from Web Application
Security kiosk mode prevents unintended usage of devices
Prevent theft by remotely locking device
Restrict device usage to Wi-Fi and Bluetooth based geofences
Audit applications to detect modifications installed on device
Ensure latest software is delivered to device
Respond quickly to security vulnerabilities
Infrastructure Protecting Transferring Data
Immutable infrastructure for our web, API, and data ingest
Managed database with periodic backups
Multi-factor authentication to access Augmate infrastructure
Segmented access keys to limit access between cloud resources
HTTPS encryption everywhere using only strong protocols (TLS)
Per-organization isolation of all data
Android Device Level
Custom ROM to harden security and privacy
Privileged shim that only communicates with our OTA updater
APK Encryption In Transfer and at Rest
Wifi Credential Encryption In Transfer and at Rest
Database Level Guarding Your Most Valuable Asset
SQL injection prevention
SQL level multi-tenancy
Periodic backups and point-in-time recovery
Out of the cloud?
Thank You
@AUGMATE #AWE2016