fredfinch-it

Q: Application Security in the Enterprise

Hi there,

 

With recent exploits against non-jailbroken iPhones, I'm curious to know what other folks are doing re protecting iPhones in the enterprise?  We have a NON-byod environment, all phones are owned by us, but we let users download anything they want to them.  It's supposed to be limited to "work related" but we all know how that goes.  We have instructed staff to check the apps against zap.zscaler to get a security rating, but most apps aren't on there.  We also looked at proofpoint, but their services are > $20K per year which is out of range for us.  Is there any in-between for checking the legitimacy and security of apps?

 

Cheers, Katie

iPhone 5

Posted on Mar 29, 2016 10:33 AM

Close

Q: Application Security in the Enterprise

  • All replies
  • Helpful answers

  • by William Lloyd,

    William Lloyd William Lloyd Mar 29, 2016 7:52 PM in response to fredfinch-it
    Level 7 (21,148 points)
    Mar 29, 2016 7:52 PM in response to fredfinch-it

    If the device isn't jailbroken, then the apps have to come from the App Store, or they have to be distributed via an enterprise program.

     

    Do you have MDM? You should be able to get a report on the installed apps. Also, because of sandboxing, even a malicious app can only access data in its own app container, unless the device is jailbroken (which is more and more rare these days).

  • by fredfinch-it,

    fredfinch-it fredfinch-it Mar 29, 2016 8:12 PM in response to William Lloyd
    Level 1 (8 points)
    iPhone
    Mar 29, 2016 8:12 PM in response to William Lloyd

    Hi William, we do have an MDM but it does not partition.  Looking at upgrading to a more robust one where we could treat one section as a sandbox, as you say, like companies do with byod, and let them do whatever they want there, and have our own "corporate" partition walled off. But proofpoint's solution was attractive as it's an extra layer of security on the whole device.  Katie

  • by William Lloyd,

    William Lloyd William Lloyd Mar 29, 2016 8:18 PM in response to fredfinch-it
    Level 7 (21,148 points)
    Mar 29, 2016 8:18 PM in response to fredfinch-it

    It's not clear to me how Proofpoint could secure an entire iOS device, due to the security model of iOS.

     

    MDM in general can secure information on an iOS device, because the data of every app distributed via MDM is "owned" by the company. If you remove an app that was distributed via MDM, the data goes with it. This effectively allows a company to partition data, because anything distributed via MDM has its data controlled by the company, and everything installed by the user via the App Store is owned by the user. This also allows for "selective wipe" of data if a user wants to stop using their device for work, or if they lose the company: You can remove all corporate apps without having to worry about removing a user's photos or personal documents.

     

    If Proofpoint is working for you, that's great. But I would encourage you to investigate what an "extra layer of security on the whole device" really means, as it sounds like a bit overstated to me.

  • by fredfinch-it,

    fredfinch-it fredfinch-it Mar 29, 2016 8:29 PM in response to William Lloyd
    Level 1 (8 points)
    iPhone
    Mar 29, 2016 8:29 PM in response to William Lloyd

    Thanks William.  Interesting distinctions.  We aren't using Proofpoint, just a (half baked) MDM.  The model that PP explained to me it kind of acts like an app gateway, analyzing traffic, by using an api into the MDM.  So if your app is supposed to turn on a flashlight, but all the sudden you see that it's sending data to a city in China,  you can blacklist it.  Works with both library of known apps and real-time detection.  They admit it's a pretty new product, and at 20K we sure can't afford it, but it's an interesting approach to an emerging threat vector.

  • by William Lloyd,

    William Lloyd William Lloyd Mar 29, 2016 8:36 PM in response to fredfinch-it
    Level 7 (21,148 points)
    Mar 29, 2016 8:36 PM in response to fredfinch-it

    Hmmm. I have my doubts about how much data they can actually intercept.

     

    Have you ever read the iOS security guide published by Apple? It is a gold mine of information on how everything is secured. It's available here: https://www.apple.com/business/docs/iOS_Security_Guide.pdf

     

    Yes, it's 80+ pages, but it is extremely thorough, and I'd say reading it is nearly mandatory before spending any money on 3rd party solutions which purport to "secure" the platform. Companies may tell all manner of spooky stories to get you to pay money, but they may be nothing other than lore.