CHECK POINT SANDBLAST MOBILE DATA PRIVACY AND HANDLING

Transcription

1 CHECK POINT SANDBLAST MOBILE DATA PRIVACY AND HANDLING EXECUTIVE SUMMARY This document details the handling of data within the Check Point SandBlast Mobile solution, including data elements to which the solution has access and the handling of each element within solution components. The Solution architecture allows customers to meet rigid compliance, data protection, and privacy requirements and regulations. It uses a variety of patent-pending algorithms and detection techniques to identify mobile device risks, and triggers appropriate defense responses that protect business and personal data. The Check Point SandBlast Mobile solution ( the Solution ) includes the following components: Check Point SandBlast Mobile Behavioral Risk Engine ( the Engine ) Check Point SandBlast Mobile Gateway ( the Gateway ) Check Point SandBlast Mobile Management Dashboard ( the Dashboard ) SandBlast Mobile Protect app ( the App ) for ios and Android The Solution and its components protect mobile devices from advanced mobile malware, spyware, viruses, Trojan horses, targeted attacks, and other malicious technologies that may gather information from a device. Device threat detection requires the App to monitor behavior on the device. The App may also collect, store, and process metadata about device use, configurations, and log details. The Solution requires the user s address, in most cases their work address assigned by their Enterprise organization, to register a device. Upon the creation of a user device within the organization s Dashboard, a unique identifier (Check Point device_id) is created and used as the pseudonymized 1 method of identifying a user s device within the Solution. The Personal Information is only stored in the organization s Dashboard, where the linkage to the Check Point device_id and user s address (and possibly name and phone number, if provided) is made. 1 The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person 2017 Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 1

2 TABLE OF CONTENTS 1 SOLUTION ARCHITECTURE Components DATA COLLECTION AND STORAGE User Information Use of User Information Information the Solution Collects from Apps Installed on a Device Information the Solution Collects from the Dashboard Where the Data is Stored SandBlast Mobile Protect App Check Point SandBlast Mobile Gateway Check Point SandBlast Mobile Management Dashboard Check Point SandBlast Mobile Behavioral Risk Engine How the Data Flows Within the Solution What Happens When a Device is Removed from the Solution INFRASTRUCTURE SECURITY AUTHORIZED EMPLOYEE ACCESS (THE ORGANIZATION S ADMINISTRATORS) Controlling SandBlast Mobile Administrator Access to Employee Data Information Visible to the Organziation s Administrators via the Dashboard Device Not a Risk Device at Risk BYOD Privacy Mode Events and Alerts Tab Device Risk Tab App Analysis Tab User and Device Management Solution Architecture with UDM Where and How Data is Stored in a UDM Deployment EU DATA PROTECTION LAWS Solution Component Locations APPENDICES Android SandBlast Protect App Permissions Advanced Threat Detection Capabilities Definitions Under GDPR (Article 4) EU Member States (at the time of this publication) EEA Member Countries (at the time of this publication) Safe Jurisdiction List (at the time of this publication) References/Resources Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 2

3 1 SOLUTION ARCHITECTURE 1.1 Components Component 1 SandBlast Mobile Protect app Description The SandBlast Mobile Protect app is a lightweight app for ios and Android that gathers data and helps analyze threats to devices in an Enterprise environment. It monitors operating systems and information about apps and network connections and provides data to the Solution which it uses to identify suspicious or malicious behavior. To protect user privacy, the App examines critical risk indicators found in the anonymized data it collects. The App performs some analysis on the device while resource-intensive analysis is performed in the cloud. This approach minimizes impact on device performance and battery life without changing the end-user experience. No Personal Information 2 is processed by or stored in the App. 2 EMM/MDM Enterprise Mobility Management/Mobile Device Management Device Management and Policy Enforcement System. 3 SandBlast Mobile Gateway The cloud-based Check Point SandBlast Mobile Gateway is a multi-tenant architecture to which mobile devices are registered. The Gateway handles all Solution communications with enrolled mobile devices and with the customer s ( organization s ) Dashboard instance. No Personal Information 2 is processed by or stored in the Gateway. 2 Personal Information is any information that can individually identify a person. Anonymous information connected or linked with any Personal Information shall be deemed as Personal Information so long as such a connection or linkage exists. Within the Solution, the user s name, address, address, and phone number, and linkage by way of unique identifier (Check Point device_id) to an IP address, unique device identifier (UDID/IMEI), etc. are considered to be Personal Information. See Section 2.1 for additional details Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 3

4 4 Management Dashboard 5 Behavioral Risk Engine The cloud-based web-gui Check Point SandBlast Mobile Management Dashboard enables administration, provisioning, and monitoring of devices and policies and is configured as a per-customer instance. The Dashboard can be integrated with an existing Mobile Device Management (MDM)/Enterprise Mobility Management (EMM) solution for automated policy enforcement on devices at risk. When using this integration, the MDM/EMM serves as a repository with which the Dashboard syncs enrolled devices and identities. Personal Information 2, such as a user s name, address, and phone number, is processed by and may be stored in the Dashboard. The cloud-based Check Point SandBlast Mobile Behavioral Risk Engine uses data it receives from the App about network, configuration, and operating system integrity data, and information about installed apps to perform in-depth mobile threat analysis. The Engine uses this data to detect and analyze suspicious activity, and produces a risk score based on the threat type and severity. The risk score determines if and what automatic mitigation action is needed to keep a device and its data protected. No Personal Information 2 is processed by or stored in the Engine. 2 DATA COLLECTION AND STORAGE 2.1 User Information Anonymous information on a device that does not enable identification of an individual user may become available to Check Point when a user installs and/or uses the SandBlast Mobile Protect app. The Solution collects two types of data from an enrolled device: 1. Anonymous device information. The App collects aggregated technical and device usage information such as, but not limited to: operating system versions, device configurations, internal and external hardware components and driver versions, device activity logs (for features like connectivity status to Wi-Fi/wireless networks or secured or unsecured Wi-Fi), information about apps on a device (binary file) including the app source of time/date of installation, and SandBlast Mobile Protect App logs. 2. Individually identifiable information ( Personal Information ). This is information on a device that identifies, or may with reasonable effort identify an individual, or may be of a private and/or sensitive nature. The Check Point App does not actively collect any Personal Information stored on or flowing through a device. However, Check Point Solution may receive the following Personal Information: a. Personal Information provided by the organization. The organization may enter into the Solution Personal Information that may include a user s full name or organization identifier, address and telephone number. The organization may provide Check Point with this information which may be used to manage and/or implement the Solution. b. Personal Information the App collects automatically. As part of the communication between the App and servers hosting Solution components, user devices automatically provide the Solution with an IP address, Check Point proprietary VPN connection credentials (as detailed below), unique device identifier (UDID/IMEI), and Check Point device_id. c. Personal Information a user provides voluntarily. App users may provide Check Point with certain information using "report" text box in the App, such as personal details while reporting an issue or debugging information of an issue Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 4

5 Anonymous device information connected to or linked with any Personal Information shall be deemed as Personal Information so long as such connection or linkage exists, such as how the Check Point device_id creates a linkage between the user s Personal Information and the IP address of the device connected to the Solution. Such linkage may be created in circumstances where the Solution has detected anomalies on a device through its collection of Anonymous device information. Such information is sent to the Dashboard which is managed by the organization. When a device is deleted and no longer associated with any Personal Information, the Anonymous Information loses this linkage and becomes Non- Personal Information. If specifically permitted by the organization on a case-by-case basis, Check Point may have access to this Dashboard which may also contain Personal Information such as user names, addresses, and phone numbers (e.g. where Check Point s investigation of a security incident requires the organization to contact an individual user at the organization). 2.2 Use of User Information The Solution collects Anonymous device information and Personal Information so the organization can protect information stored on mobile devices. In general, the Solution: 1. Enables the organization's designated personnel to monitor whether or not the App is currently and properly running on the device; 2. Enables the organization's designated personnel to perform real-time assessments and to protect the device against potential or residing threats, malware and any other harmful or malicious applications and processes; 3. Enables the organization's designated personnel to alert a user of such threats and to instruct the user on how to remove threats from a device. The Solution will use Personal Information in order to: 1. Send the user instructions via including a link to the application page on the applicable marketplace (app store, including but not limited to private application stores) to continue the download process; 2. Determine geo-location information from which the user's mobile device is connected to the Internet in order to know the location of the device in order to render the detection of possible Man-In-The-Middle attacks. In the App for ios, this functionality is disabled at default, but can be enabled by the user or MDM Administrator. In the App for Android, this functionality is enabled by default, but can be disabled. In either case, the geo-location is only gathered when there is an actual Man-In-The-Middle attack occurring. In addition, Check Point may collect and use Anonymous device information to: 1. Understand app usage and behaviors. 2. Create statistics and other aggregate information and analysis with respect to behavioral patterns of use of the organizational devices (i.e. type of applications installed on organizational devices, computer servers with which such applications are connected, and the extent of the data exchanged with these servers). 3. Use it for statistical, analytical and research purposes and for customization, developing and improvement of the Solution and its components. Analysis of Anonymous device information is cross-organizational, and Check Point may use this information as necessary to enable and improve the Solution and its components. 2.3 Information the Solution Collects from Apps Installed on a Device The App does not upload the content of communications or content of apps. It uploads metadata, data points, or binary files (plist file of.ipa on ios or.apk file on Android). Generally, the Solution does not upload app binaries installed on user s device. Instead, the Solution attempts to and usually can identify the app on the external repository, such as the App Store or Google Play, by its signature (binary hash, package name and version). However, sometimes it may be necessary for the app binary to be uploaded from the device to the Solution for analysis, for example, if someone physically or side-load installs malware on a device and the malware does not exist on these stores. In the case of Android, it may be necessary to upload the app (.apk file) to the Solution from a user s device. However, no personal data is uploaded in order to avoid compromising the privacy of a user s personal data Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 5

6 2.4 Information the Solution Collects from the Dashboard As part of the device enrollment action, by either MDM integration or manual entry, a user s address (required), name (optional), and phone number (optional) can be entered to associate a device with a user. The Dashboard is the only location in the Solution where Personal Information is used, viewed, and/or stored. 2.5 Where the Data is Stored The data elements/types accessed, uploaded, viewable, and/or stored are listed below per Solution component SandBlast Mobile Protect App The App accesses and/or uploads the following data elements to the Solution. No Personal Information is processed by or stored in this component. (For a more detailed breakdown between Android and ios, please see Appendix B.) Data Type Description Access? Upload Detail to the Solution? Device Properties Operation system version, Hardware component and driver versions Connectivity status (WiFi, Network) Device connectivity type where type could be GPRS, SecuredWifi or NonSecuredWifi. Communication metadata Sockets state: IP addresses, ports, state, protocol, data length No Device configuration The App monitors configuration changes on the device. It also performs analysis for weaknesses in device operating systems, like vulnerable versions of Open SSL. Running Process List List of running processes by reading /proc folder No Running Process Traffic Sent/Received Statistics Process traffic statistics of bytes sent and received per process id No Installed Apps List List of all installed apps including app name, version, app_id, package_name, app_location, the size of app file, app fingerprint certificate list. File list List of files located in /system and /. No Device SD card Reads SD card, but does not upload information. No Check Point Protect app s data usage Interface, bytes sent, bytes received Check Point s device_id Unique device identifier within the Mobile Threat Prevention cloud Check Point VPN login credential Unique Check Point certificate for connecting to Capsule Cloud VPN No Certificates of app not to upload On ios, the app checks for CA certificate, proxy, or VPN configurations that could compromise the security of the device. No 2017 Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 6

7 2.5.2 Check Point SandBlast Mobile Gateway The Gateway stores the following data elements which may be viewable from the Dashboard (per customer instance). No Personal Information is processed by or stored in this component. Data Type Description Access? Info Stored in the Gateway? Displayed via the Dashboard? Check Point device_id Hash of the app binary Unique identifier of device registered to the Solution SHA256 hash of app binary is used as app_id in the Solution Installation location App installation filesystem location No Installation time App installation time No Installation source (market or otherwise) App source location No Last active time Last time device connected to the gateway Network connection type Certificates of app Registration address Device connectivity type where type could be GPRS, SecuredWifi, or NonSecuredWifi No If an app requires a certificate to operate, such as a VPN profile certificate, the administrator can upload the certificate details and then whitelist its use. associated with the unique Check Point device_id No* Registration phone number Phone number associated with the unique Check Point device_id No*, if provided Alerts Alerts sent from the Dashboard and App No** * Registration s or phone number - the gateway sends the registration s \ registration text messages but does not store them. ** Alerts the gateway sends the alerts to the devices but does not store them Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 7

8 2.5.3 Check Point SandBlast Mobile Management Dashboard The Dashboard stores the following data elements (per customer instance). Data Type Description Access? Info Stored in the Dashboard? Corporate user data Data that was provided through the integration with the MDM or manually. - address (required) - user name (optional) - phone number (optional) Check Point device_id Unique identifier of device Alerts Audit trail of incidents and actions that occurred on the device. Events/Alerts could be an app installation/removal, or profiles detected on devices, etc. Security group(s) Devices can be added to specific security groups, such as Sales Team, for easy management of all devices in a group. Security policy Security policy for an app. Possible settings are Default, Whitelist, Blacklist, or User Approval. Dashboard users and roles Administrative user list and level of access. Apps to Device Association When a device is at High or Medium risk level, all malicious, warning, or info severity level apps are viewable from the device s information view. If the device is not at High or Medium risk level, then no apps are associated to the device s information view. Also, if BYOD Mode is enabled, the dashboard will not display the app to device association Check Point SandBlast Mobile Behavioral Risk Engine The Engine stores the following data elements which may be viewable from the Dashboard (per customer instance). No Personal Information is processed by or stored in this component. Data Type Description Access? Info Stored in the Engine? Displayed via the Dashboard? App binary App binary obtained from the store or uploaded Extracted raw data Threats found per app App attributes such as installed/removed from a device, threat level, code analysis method, etc. Exploit usage, for example, the app can exfiltrate from the device. The Engine is not aware of the device (or associated user) on which the app is installed Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 8

9 2.5.5 How the Data Flows Within the Solution In the event the Engine detects or suspects any malware, spyware or other malicious software on a device, the Solution sends a push notification about the threat which specifes there is malicious software on the device and instructions for how to remove it. In the event the user does not follow these instructions, the Solution may restrict device functionality according to the organization s policies and practices. Check Point will disclose to the organization's designated personnel specific and relevant information about the malicious software (name and type) and type of the information that may have leaked from a device, if any (i.e. metadata of messages exchanged through the device). The collection, processing, analysis, monitoring, storing and disclosure (as necessary in relevant cases) of the information including, but not limited to the information pertaining to the device as part of the Solution, shall be subject to our Privacy Policy 3 which is incorporated herein for reference. The Solution does not monitor with whom the user communicates or the content of such communication. It monitors information that may flag malicious or potentially harmful software on a device, such as mobile apps which are deemed by the Solution as anomalies. It monitors device use in real-time only as necessary to enable the Solution. By deleting the App from a device, the device, and all corporate data residing on the device, may be exposed to targeted attacks by malicious technology. Therefore, an alert is sent to the organization's designated personnel if the App is removed. 3 Check Point Privacy Policy: Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 9

10 Below is an overview of communication between the Solution components. SandBlast Mobile Protect app SandBlast Mobile Protect app Detects changes in apps or network connections Detects possible MiTM vulnerability Encrypted artifacts sent over SSL to SandBlast Mobile Cloud Services SandBlast Mobile Gateway SandBlast Mobile Gateway Receives Data from Device Application list is processed, compared to already known Application Risk Assessment based on application_id Application artifacts aggregated for identification and analysis (stripped of any identifying device information) Application is retreived from device, if not Application is retreived from app store available from online source Application Behavioral Analysis: Automated and Researcher Risk Type Identification Severity of Risk Behavioral Risk Engine Risk Score assigned to the specific applcation_id Results of Analysis and Application metadata stored in the Engine database Risk Score and application_id returned to the Gateway SandBlast Mobile Gateway Risk Score/application_id evaluated, if malicious/warning The Gateway sends alert to the Dashboard SandBlast Mobile Dashboard The Dashboard processes Risk Assessment against set policies The Dashboard sends alert to MDM/EMM if configured. The Dashboard sends alert to affected devices' SandBlast Mobile Protect App Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 10

11 2.6 What Happens When a Device is Removed from the Solution If for any reason a user wishes to delete or modify Personal Information, the user must contact his organization. Such requests will be handled by the organization and/or to the extent applicable, such request will be transferred to us by the organization. Reasonable efforts will be made to modify or delete any such Personal Information pursuant to any applicable privacy laws. Aggregated and/or anonymous data may remain on Check Point servers indefinitely. Note, that unless the organization instructs Check Point otherwise, it may retain the user s Personal Information for as long as required to provide the organization the Solution, and as permitted under any applicable privacy laws. 3 INFRASTRUCTURE SECURITY Check Point takes reasonable measures to maintain the security and integrity of the SandBlast Mobile Protect app, the Solution, the user's information, and the organization s information and to prevent unauthorized access to it or use thereof through generally accepted industry standard technologies and internal procedures (among others, state of the art firewalls, antivirus, IDS/IPS, etc.). Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage and Check Point cannot guarantee that unauthorized access or use will never occur. The Solution collects ios and Android apps from their respective online app stores to analyze and detect suspicious activity and produces a risk score based on the type and severity of the risk. The App communicates with the Solution over HTTPS with a server certificate signed by a trusted certificate authority (CA). The certificate uses RSA with 2048-bit key for authentication and key exchange to establish a 256-bit session key. The HTTPS sessions are encrypted using AES. 4 AUTHORIZED EMPLOYEE ACCESS (THE ORGANIZATION S ADMINISTRATORS) The collected information can be viewed/accessed only by the designated authorized personnel of the organization (i.e. IT officer or information security officer of the organization) in accordance with our Privacy Policy. Such information access and monitoring by the organization s designated personnel is performed through the Dashboard. 4.1 Controlling SandBlast Mobile Administrator Access to Employee Data There are different levels of Administrators as described below. Role Super User Admin Support Basic Support Device Admin Security Manager Security Manager Viewer Basic Security Manager Settings View Settings Update My Profile View My Profile Update Events View Events Update Alerts Receive Device Risk Profiles View Profiles Policy Update App Analysis View App Policy Update Devices View Devices Resend Registration Groups Update Dashboard Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 11

12 4.2 Information Visible to the Organziation s Administrators via the Dashboard Device Not a Risk There are two views in which user and device information are viewable when the device is not at risk, Devices and Device Risk tabs. In the Devices tab, the user s name, address, and phone number as entered by the organization are associated with a particular device id. The details of the device are limited to device OS type and version, device type, the version of the SandBlast Mobile Protect app running on the device, and the last time the device connected with the Gateway. In this view, the Administrators can view a list of registered devices, but cannot view the list of apps installed on a particular device. When the device is viewed from the Device Risk tab, the device detail is similar to that of the Devices tab. From the App Analysis tab, the Administrator can view a comprehensive list of all the apps installed across all the registered devices, but they cannot view on which devices the apps are installed when the app is not identified as Malicious or Warning severity level Device at Risk If a device is determined to be at High or Medium risk level, the Administrators can view the same level of device details as before, but with a list of applications that put the device at risk Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 12

13 Further details regarding the Malicious or Warning severity level app are viewable either by drilling-down on the app from the Device Risk view or by viewing the app from App Analysis tab. A Malicious or Warning severity level app will not only include information about the app, such as fingerprint, store location, capability, etc., but also list the affected devices (i.e. the devices on which the app is installed) Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 13

14 4.3 BYOD Privacy Mode In the Dashboard under Settings > Privacy Settings, BYOD Privacy Mode can be enabled. When enabled, administrators can only see that a malicious threat exists, but not which user is affected. This is to ensure the highest user privacy when needed Events and Alerts Tab BYOD Privacy Mode Disabled The administrator can see which device and the device phone number that is associated with the event/alert BYOD Privacy Mode Enabled The administrator cannot see which device and the device phone number that is associated with the event/alert Device Risk Tab BYOD Privacy Mode Disabled The administrator can see which apps placed the device into High Risk state BYOD Privacy Mode Enabled The administrator cannot see which apps placed the device into High Risk state Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 14

15 4.3.3 App Analysis Tab BYOD Privacy Mode Disabled When BYOD Privacy Mode is disabled, the drill-down into the App Analysis information for a Malicious or Warning severity app will display the affected devices BYOD Privacy Mode Enabled However, when BYOD Privacy Mode is enabled, the drill-down into the App Analysis information for a Malicious or Warning severity app will not display the affected devices. 4.4 User and Device Management User and Device Management (UDM) is a web-based application residing within the organization s data center that manages a range of user and device related tasks. A typical user accesses organizational resources from multiple devices: computers, laptops, smartphones, and tablets. UDM provides a unified environment for managing various user and device related tasks, such as provisioning, transparency of access via logs, viewing user and device details, certificate management, AD user management, and FDE password recovery (for Endpoint Security clients). With UDM, security administrators can delegate user and device management tasks to Help Desk administrators. This delegation of responsibilities lets the network security team handle security policy issues and the Help Desk team manages some user access tasks. The purpose of this section is to describe the data elements and flow of data between the App, the Dashboard, and the User and Device Management (UDM) server Solution Architecture with UDM 2017 Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 15

16 4.4.2 Where and How Data is Stored in a UDM Deployment The data elements/types accessed, uploaded, viewable, and/or stored are listed below per component SandBlast Mobile Protect App The App interaction with the Solution does not change in a UDM deployment model. Information remains the same as described in Section No Personal Information is processed by or stored in this component Check Point User and Device Management (UDM) Server Data Type Description Access? Upload Detail to the Solution? Device Owner Name User s Name Encrypted Device Owner Address User s Address Encrypted Device Number User s Device Phone Number Encrypted Check Point device_id Unique identifier of device registered to the Solution No Check Point SandBlast Mobile Gateway In a UDM deployment model, the UDM Management Server communicates directly with an server for sending device registration messages. All data elements remain the same as described in Section except that the Dashboard displays encrypted corporate user data ( , name, and phone number) as indicated below. No Personal Information is processed by or stored in this component. Data Type Description Access? Info Stored in the Gateway? Displayed via the Dashboard? Registration address Registration phone number associated with the unique Check Point device_id Encrypted No Encrypted Phone number associated with the unique Check Point device_id Encrypted No Encrypted Check Point SandBlast Mobile Management Dashboard The Dashboard stores the same data elements in a UDM deployment model as it does without UDM with the notable difference that the corporate user data ( address, name, and phone number) is encrypted. The UDM Management Server does not allow editing of the Dashboard; it is a read-only view. All other data elements remain the same as described in Section Data Type Description Access? Info Stored in the Dashboard? Corporate user data Data that was provided through the integration with the MDM or manually. - address (required) - user name (optional) - phone number (optional) Encrypted Encrypted 2017 Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 16

17 Check Point SandBlast Mobile Behavioral Risk Engine The interaction between the Dashboard and the Engine does not change in a UDM deployment model. Information remains the same as described in Section No Personal Information is processed by or stored in this component. 5 EU DATA PROTECTION LAWS In April 2016, the European Union published the final text of Regulation (EU) 2016/679 4, also known as the General Data Protection Regulation (GDPR), on the protection of natural persons with regard to the processing of personal data 5 and on the free movement of such data. The GDPR takes effect on May 25, 2018, after a two-year implementation period. It replaces EU Directive 95/46/EC 6. The GDPR regulates the use of Personal Information and the free movement of such data across a wide range of sectors. As a regulation, the GDPR is a directly binding legislative act that must be applied in its entirety across the EU. In the context of the GDPR and Check Point SandBlast Mobile, the Enterprise organization is the controller 5 and Check Point is the processor 5. The Solution requires the user s address, in most cases their work address assigned by their Enterprise organization, to register a device. Upon the creation of a user device within the organization s Dashboard, a unique identifier (Check Point device_id) is created and used as the pseudonymized 5 method of identifying a user s device within the Solution. The personal data is only stored in the organization s Dashboard, where the linkage to the Check Point device_id and user s address (and possibly name and phone number, if provided) is made. The organization s Dashboard is a web-based cloud service secured with HTTPS (SSL/TLS). If the organization has employees within the EU, the organization s Dashboard (and its database) will reside within the EU. In the cases of data exchanged between the Dashboard and the Gateway, and the App and the Gateway, no personal data is exchanged or stored. In the case of a device registration, a registration is sent via the Gateway, but is not stored in the Gateway. In all components other than the organization s Dashboard, only the unique identifier is used, providing a pseudonymized method. In the case of a UDM deployment, the user s personal data is encrypted before the information is uploaded to the organization s Dashboard. Please see Section 4.4 for additional information regarding the UDM Deployment. Except in the organization s Dashboard, there is no Personal Information stored within the other components. The data is either anonymized (such as during the exchange between the Engine and the Gateway) or pseudonymized (such as during the exchange between the Dashboard and the Gateway or between the Gateway and the App). All communication between each component from the App to the Engine is encrypted in transit. There is no transfer of Personal Information outside of the EU-based servers (the organization s Dashboard) to third countries. Only anonymized or pseudonymized data is exchanged between EU-based servers and U.S.-based servers. The Solution architecture is conducive with meeting the EU Directive and the EU Regulation as a data processor by minimizing the amount of personal data needed to operate the Solution, keeping the data within the EU, using industry leading security measures, and by utilizing and providing anonymizing and pseudonymizing methods/techniques. Check Point takes all necessary actions to ensure personal data is secure at rest as well as in transit within the Solution. As discussed in Section 2.6, the user can contact the organization to request their personal data be removed from the Solution. However, anonymized data may persist. 4 Official Journal of the European Union: Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) 5 See GDPR definition in Section EU Directive 95/46/EC: Protection of Personal Data, Official Journal L 281, 23/11/1995 P Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 17

18 5.1 Solution Component Locations The Dashboards are running in Amazon Web Services (AWS) located in both the EU & the U.S. The accompanying Dashboard databases are always near the Dashboard (same AWS region). Therefore, any user s Personal Information (user s name, address, and phone number) is stored in the region required by the organization, either EU or U.S. All of the Gateways, as well as the Gateway databases, are running in AWS located in the U.S. There is no Personal Information stored in the Gateway or Gateway databases Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 18

19 6 APPENDICES 6.1 Android SandBlast Protect App Permissions 7 Permissions Area Device & app history Identity Contacts SMS Phone Photos/Media/Files Storage Wi-Fi Connection Information Details Retrieve running apps Read sensitive log data Find accounts on the device Add or remove accounts Find accounts on the device Read you text messages (SMS or MMS) Receive text messages (SMS) Receive text messages (MMS) Receive text messages (WAP) Read phone status and identity Modify or delete the contents of USB storage Read the contents of USB storage Read the contents of your USB storage Modify or delete the contents of your USB storage View Wi-Fi connections Device ID and Call Information Other Read phone status and identity Receive data from the Internet Full network access View network connections Run at startup Close other apps Read battery statistics Modify system settings Connect and disconnect from Wi-Fi Change network connectivity Prevent device from sleeping Use accounts on the device 6.2 Advanced Threat Detection Capabilities 8 Vector ios Android Device SMS Network Apps Jailbreaking Version-specific ios exploits Suspicious configuration changes Man-in-the-middle attacks Malicious proxy and VPN profiles Malicious behaviors Spyphones and RATs Side-loading of apps using stolen or fake certificates Rooting and root kits Version- or device-specific Android exploits Suspicious configuration changes Vulnerable configurations File system tampering Malicious URLs Man-in-the-middle attacks Malicious behaviors Spyphones and RATs Bots SMS interception Keylogging and credential theft Screen scraping 7 Google Play Store Check Point Protect App Permissions: 8 SandBlast Mobile: Behavioral Risk Analysis: Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 19

20 6.3 Definitions Under GDPR (Article 4) For clarity, a few of the definitions listed under Article 4 of the GDPR are provided below. This is not an exhaustive list of definitions. Word or Phrase personal data Processing pseudonymisation (pseudonymization) controller processor third party personal data breach binding corporate rules supervisory authority cross-border processing Definition Any information relating to an identified or identifiable natural person ( data subject ); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed Personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity An independent public authority which is established by a Member State pursuant to Article 51 Either: (a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or (b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 20

21 6.4 EU Member States (at the time of this publication) 9 Austria (1995) Belgium (1958) Bulgaria (2007) Croatia (2013) Cyprus (2004) Czech Republic (2004) Denmark (1973) Estonia (2004) Finland (1995) France (1958) Germany (1958) Greece (1981) Hungary (2004) Ireland (1973) Italy (1958) Latvia (2004) Lithuania (2004) Luxembourg (1958) Malta (2004) Netherlands (1958) Poland (2004) Portugal (1986) Romania (2007) Slovakia (2004) Slovenia (2004) Spain (1986) Sweden (1995) United Kingdom (1973) 6.5 EEA Member Countries (at the time of this publication) 10 Including All EU Member States Listed Above, and Norway Liechtenstein Iceland 6.6 Safe Jurisdiction List (at the time of this publication) 11 Andorra Argentina Canada (commercial organizations) Faeroe Islands Guernsey Israel Isle of Man Jersey New Zealand Switzerland Uruguay 6.7 References/Resources 1. SandBlast Mobile: Behavioral Risk Analysis 2. Google Play Store SandBlast Mobile Protect App Permissions 3. Check Point Privacy Policy 4. User and Device Management (UDM) Administration Guide 672&partition=General&product=User 5. EU Data Privacy Regulations and Directives Official Journal of the European Union, L 119, 4 May EU Directive 95/46/EC: Protection of Personal Data Official Journal L 281, 23/11/1995 P Regulation (EC) No 1882/2003 of the European Parliament and of the Council of 29 September 2003 Official Journal L 284, 31/10/2003 P Check Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 21

22 LEARN MORE, VISIT CHECKPOINT.COM/MOBILESECURITY Check Point and SandBlast are registered trademarks of Check Point Software Technologies Ltd. All rights reserved. Android and Google Play are trademarks of Google, Inc. App Store is a registered trademark of Apple Inc. ios is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. ios is used under license by Apple Inc. Worldwide Headquarters 5 Ha Solelim Street, Tel Aviv 67897, Israel Tel: Fax: info@checkpoint.com 2017 CONTACT Check US Point Software Technologies Ltd. All rights reserved. Classification: (Protected) 22 U.S. Headquarters 959 Skyway Road, Suite 300, San Carlos, CA Tel: ; Fax: