Enforcing Cyber security in Mobile Applications – Public Sector Use Case

SAPHINA MCHOME, VIOLA RUKIZATANZANIA REVENUE AUTHORITY

INFORMATION AND COMMUNICATION TECHNOLOGIES DEPARTMENT

Emailsmchome@tra.go.tz: vrukiza@tra.go.tz;

Introduction Security risks and threats Security Enforcement Conclusion

OUTLINE

INTRODUCTION – PURPOSE

Mobile devices &

Applications

Risks & Threats

Secure Mobile

platforms

Essential Security

Mechanisms

Fastest growing sector Calls + SMS Fully fledged mobile

computing platform 1G Analogue cellular network 2G Digital

Cellular network 3G Broadband data services- 4G native IP networks

INTRODUCTION – MOBILE TECHNOLOGY

Smartphones, tablets, PDAs High Processing power High Storage Capacity Easy Usability - touch screens, voice,

QWERTY keyboards

INTRODUCTION – MOBILE TECHNOLOGY Cont.

High capabilities has led to fast & high penetration and adoptionMobile payments & banking

Income & Property Tax, Utility bills (LUKU, DSTV & Water)– MPESA, NMB mobile

Business operations - Complete Office Software

INTRODUCTION – MOBILE APPLICATION IN PUBLIC SECTOR

Information securityMainly focused in protecting Information and Information systems from threats and risks that may result in unauthorized disclosure, interruption, modification and destruction.

SECURITY RISKS AND THREATS

Security principle for ensuring non-disclosure of Information to unauthorized users Small size – Easily misplaced, left

unattended, stolen Vulnerabilities in mobile applications -

Malicious Code embedded in mobile apps Wireless Technology – Bluetooth & Wi-Fi

SECURITY RISKS AND THREATS - CONFIDENTIALITY

Data integrity refers to the accuracy and consistency of stored or data in transit, which is mainly indicated by the absence of data alteration in an unauthorized way or by unauthorized person Weak protection mechanisms Turning off security features Intentional hacking of the traffic through

sniffing and spoofing

SECURITY RISKS AND THREATS - INTEGRITY

Availability is a security attribute of ensuring that a system is operational and functional at a given moment of time Compromised devices causing downtime to

the connected infrastructure DOS attacks targeting mobile devices

battery

SECURITY RISKS AND THREATS - AVAILABILITY

Secure Information while optimizeKey requirements of security solution

ENFORCE SECURITY

Protection

ManagementSupport

Detection

Discover devices’ protection mechanisms availability of antivirus remote sanitization & encryption capabilities authentication strength

Block unprotected /compromised devices based on Security policy set

ENFORCE SECURITY - DETECTION MECHANISMS

Effective Authentication methods – avoid plain, weak passwords

Access Control - Limit what attacker can do Encryption

Protect stored information – even when device is lost Protect transmitted data

Block unused, vulnerable communication ports Disable wireless communication (Bluetooth, Wi-Fi)

while not in use

ENFORCE SECURITY – PROTECTION MECHANISMS

Centrally managing all devices Security Administration Control Audit Report

Security Policies - Digital Policy Certificate

ENFORCE SECURITY - MANAGEMENT

Support when devices are lost Remote Sanitization GPS Locator

Education and Security awareness Simple Steps to reduce risks Trusted sites for downloading applications Proper security settings Use of strong password Regular updating devices

ENFORCE SECURITY - SUPPORT

Ratings by Security Mechanisms CategoryEnterprise Readiness of Consumer mobile platforms by Cesare Garlati of Trend Micro

Security Mechanisms in Mobile Platforms

Usage of mobile applications is inevitable Organizations’ commitment Investment in security solutions - Means for

enforcing, monitoring and auditing protection mechanisms

Users Security Awareness

CONCLUSION

Q & A

THANK YOU