Learn how organizations in different industries are protecting their mobile apps, streamlining app management, and satisfying compliance with virtual mobile infrastructure.
2. BYOD Security with Virtual Mobile
Infrastructure
VMI is a service that streams mobile apps
hosted in a data center or the cloud
VMI is like Virtual Desktop
Infrastructure (VDI) for Android
VMI offers secure access to
mobile apps from any
device or location
5. Challenge
SierraVMI securely streams
healthcare providers medical apps
Data is never downloaded to mobile
devices
All apps support multi-factor
authentication, strong encryption &
single sign-on
Use Case: Healthcare Provider
SierraVMI Solution
Simplified IT by integrating authentication, auditing, and access controls
– Replaced multiple vendors with a single, integrated mobile security solution
Protected EHR, messaging, email, notes and camera apps that could not be
wrapped with MAM
Benefits
Had to address HIPAA and EPCS
(Electronic Prescriptions) compliance
Doctors wanted to access medical
data from their phones
Several apps were “non-compliant”
– Medical data was stored on phones
– Lacked dual-factor authentication for
e-prescriptions
6. Healthcare Compliance
HIPAA: Health Insurance Portability and Accountability Act
EPCS: Electronic Prescriptions for Controlled Substances
164.312 (B): Audit controls. Implement hardware, software, and/or
procedural mechanisms that record and examine activity.
164.312 (D): Authentication: verify that a person or entity seeking access to
electronic protected health information is the one claimed.
“Single-factor authentication is insufficient to ensure that a practitioner will
not be able to repudiate a prescription he signed”
eRx applications must maintain an internal audit trail that records
prescriptions
7. Transmission
Security
Person or
Entity
Authentication
Audit ControlAccess Control Integrity
5 Pillars of Healthcare Security
Technical safeguards defined by the U.S. Department of Health & Human Services
Monitors all
activity,
including text
messaging &
email apps
Integrated
dual-factor
auth including
client certs
and one-time
passwords
Strong
encryption to
prevent Wi-Fi
and Man-in-
the-Middle
attacks
Centralized,
granular
access control
for all
healthcare
mobile apps
Secure,
centralized
storage to
prevent
accidental
deletion or
alteration
of PHI
SierraVMI Addresses 5 Pillars of Healthcare Security
8. SierraVMI Protects Medical Apps
Securely store patient
photos in the data
center, not on phones
Enforce dual-factor
authentication for all
apps
Use screen recording
or logging to audit
text messages
Maintain an audit trail
of all e-prescriptions
Ensure ePHI notes
are never stored on
phones
Watermark sensitive
healthcare records to
prevent disclosure
Rx
Messaging
10. Challenge
For FFIEC compliance, a bank had to:
– Monitor network and host activity to
identify violations and anomalies
– Enforce out-of-band authentication
The bank worried about :
– Keyloggers and malware on phones
– Wi-Fi and Man-in-the-Middle attacks
SierraVMI prevents data from being
downloaded to phones
One-time passwords provide out-of-
band authentication
IT can log and screen record remote
access and privileged activity
IT can scan Android and apps for
vulnerabilities with server-grade tools
Use Case: Bank
SierraVMI Solution
Reduced the risk of costly data breaches due to device theft or insider abuse
Improved business agility because new apps could be released faster, without
cumbersome MAM integration
Satisfied FFIEC requirements with a single, centrally managed solution
Benefits
11. Employees at
Chicago branch
Authentication
Server
4096-bit ECDHE
Encryption
Malware
Scanner
Firewall
User Data
Protected with
Encryption
SierraVMI
Server
Internet
Multi-factor
Authentication
+
SierraVMI Deployment for Bank
Traders in NY
High-net-worth
bankers in SF
Logs, screen
recording
Virtual Mobile
Workspaces
12. Privileged user monitoring for banks
Detailed logging for compliance
– FFIEC Remote Access requirements
Screen recording for forensics
Legal notification warns users that activity
will be recorded
13. Banking Regulations
FFIEC: Federal Financial Institutions Examination Council
MAS: Monetary Authority of Singapore Threat Risk Management
Where…single-factor authentication is inadequate, financial institutions
should implement multifactor authentication, layered security, or other
controls.
Appendix E2: As part of the two-factor authentication infrastructure, the FI
should implement adequate controls and security measures to minimise
exposure to MitM attacks.
GLBA: Gramm-Leach-Bliley Act
Section 501(b) 3) Financial Institutions…should protect against unauthorized
access to or use of customer records or information
15. Challenge
Manufacturer had developed training,
messaging and productivity apps
– Required client certs to prevent
unauthorized access to all apps
– Needed to publish assembly
instruction and training videos with
contractors and suppliers
An employee had recently leaked
product plans to a competitor
SierraVMI secures the manufacturer’s
mobile apps by:
– Requiring client certs for all apps
– Providing secure access to
contractors and suppliers
– Applying anti-screen capture and
watermarking on sensitive files
– Securely distributing training videos
Use Case: Manufacturing
SierraVMI Solution
Reduced the risk of a data breach by applying stringent security to all apps
– Improved visibility into mobile access with security alerts and detailed logging
Increased productivity by sharing assembly instructions with employees & partners
Benefits
16. Extend Access to All Users
Office Workers Partners
Assembly Floor
2. Securely share
plans, logistics
& forecasts
with partners
1. Stream videos using
multimedia redirection
with watermarking &
anti-screen capture
3. Authenticate all
users with client
certificates
18. Challenge
Companies with field workers need to:
– Prevent data loss from lost devices
– Print invoices, take pictures of
accidents, tag activity with GPS
– Prevent data tampering of photos
and other records
Utility meter readers, claims adjusters
No data stored on device; lost
devices can be disabled instantly
Apps can use all device features,
including camera, GPS, Bluetooth
printers
Sensitive content like photos cannot
be saved or modified by users
Rules based on location, time-of-day
Use Case: Field Employees
SierraVMI Solution
Minimize upgrade cycles of hardware by streaming new apps to older devices
Lower capital costs by allowing employees and partners to bring their own devices
Reduce costly fraud by preventing users from modifying sensitive content
Benefits
19. Life Cycle Management
Field sales constantly need to
replace old, broken and lost devices
SierraVMI accelerates deployment of new devices
– IT doesn’t need to worry about device or OS compatibility
SierraVMI lowers hardware costs
– Minimizes hardware inventory
– Supports low-cost platforms, when needed
– Enables employees to buy their own devices
20. Stop Network & Man-in-the-Middle Attacks
Protect against malicious Wi-Fi and micro cell
towers with:
– End-to-end 4096-bit SSL encryption
– Multi-factor authentication
Low TCO:
– Eliminate the need for multiple solutions like MDM,
MAM and VPN and costly mobile app changes
21. SierraVMI Protects Field Apps
Audio streamed to
secure VMI client
Videos streamed
to integrated VMI
media player
Camera photos
stored in data
center, not phone
Microphone
recordings stored
in data center
Secure printing to
local printer
Secure GPS
23. Challenge
Delivers a secure mobile workspace
for business apps
– Policies can stop users from copying
sensitive data or saving contact lists
– Watermarking and anti-screen capture
prevent data loss
Supports all Android apps without
costly integration
Use Case: Remote Access
SierraVMI Solution
Prevents costly data breaches caused by lost mobile devices or by users
intentionally or accidentally distributing confidential data
Improves business agility because companies can publish new corporate apps
more quickly to all devices without MAM integration or iOS/Windows porting
Satisfies various compliance requirements with multi-factor auth and encryption
Benefits
Provide secure remote access to email,
Intranet sites, and corporate apps
Unfortunately:
– MDM doesn’t isolate business from
personal data or prevent insider abuse
– MAM requires costs app integration and
doesn’t most third-party apps
24. Remote Users
Collaboration
Server
4096-bit ECDHE
Encryption
Virus or Malware
Scanner
Firewall
User Data Protected
with Encryption
SierraVMI
Server
Virtual Mobile
Workspaces
Internet
Multi-factor Authentication
+
Secure and Simplify Remote Access
Office
Suite
Video
Conference
Office
Suite
Video
Conference
Office
Suite
Video
Conference
Office
Suite
Video
Conference
SharePoint
Server
Exchange
Server
26. Challenge
Carriers need to bundle security
solutions with their business offerings
– Business customers expect end-to-end
solutions for their mobile fleets
Existing EMM products are inadequate
– MDM deemed intrusive for BYOD users
– MAM only supports a handful of apps
Streams apps from a data center,
preventing data loss caused by lost
or stolen phones
– Provides multi-factor auth, anti-screen
capture, user monitoring, watermarking
Can secure 1M+ apps, unlike MAM
Is easy-to-manage and scalable
Use Case: Service Providers
SierraVMI Solution
Provides a new revenue stream for mobile carriers based on an innovative &
differentiated security service that can be white-labeled under the carrier’s brand
Offers fast integration with carriers’ management infrastructure using RESTful APIs
Eliminates MAM/app wrapping headaches and lowers support costs compared to
traditional mobile security options
Benefits
27. Wireless
Carrier
Firewall
Mobile Carrier Deployment
Carrier
Billing
System
SierraVMI
Easy deployment with integrated high availability
Integration with enterprises’ and service providers’ existing
authentication, directory services, and management systems
– Granular user, group and domain-level policies
Business Partner
Remote User
Internal User
Email
Partner
App
CRM
App
VPN
Authentication Servers
and Corporate Data
Enterprise
XML APIs
28. Why Enterprises Like SierraVMI
One product for all mobile security and compliance
requirements
– Data protection: Data is never downloaded to devices
– Data leak prevention: Anti-screen capture, watermarking
– Compliance auditing: Logging and screen recording
– Authentication: One-time passwords, client certs, tokens
Cost-effective
Fast deployment time
Doesn’t require changes to apps
29. Why Service Providers Like SierraVMI
Scalability
– High-user density lowers hardware costs
– Multi-tenancy
Easy integration with billing & management systems
– RESTful XML-based APIs
Integrated high-availability architecture
White labeling options
– Sell differentiated services under the carrier brand
30. Compliance: Ensure privacy and
prevent data loss
Security: Strong authentication,
4096-bit encryption
Scalability: High user density, high
performance
Reasons Why You Should Deploy SierraVMI