THE ULTIMATE SOLUTION TO SECURE MOBILE COMMUNICATIONS AND DEVICES

Transcription

1 THE ULTIMATE SOLUTION TO SECURE MOBILE COMMUNICATIONS AND DEVICES

2 Mobility and cybersecurity concerns Why is it important? + 38% worldwide annual growth in enterprise cyber-attacks in Source : PwC (2015) 63% of CISO state that mobility evolution within their organization generate higher than expected security risk increase. source : IBM (2016) 46% of CISO have identified security incidents in 2015 (data breaches, malware detection, intrusion...). source : IBM (2016) What are the consequences? Cybercrime is sometimes described as «the new 21st century threat*» Everyone is affected, multiple risks are associated with it: Leakage of classified information Theft of industrial secrets Loss of sales opportunities Roberry of customer database Service interruption Reputation damages etc. Mobility solutions offer gateways to organizations IT systems (governments, administrations, enterprises). Cyberattacks can generate from heavy financial losses up to national security impacts. The latest reform of data protection rules in the EU imposes Enterprises to implement adequate measures for personal data protection, under penalty of a fine that can reach 4% of the total enterprise turnover in the case of compliance failure. *Quote from Mireille Ballestrazzi, Interpol CEO

3 Market answers What is the adequate solution? It is sometimes complex for organizations to make the right choice among the numerous market solutions supposed to secure mobile communications. Here is a proposed list of selection criteria in order to help you decide according to your needs. 1Which security level? 2What type of solution? 3Which devices? 4Which functionalities? 5Which security management? Common Criteria Certification (ISO 15408) EAL certifications evaluate IT software and solutions and guarantee the compliance with the required assurance level. They are internationally recognized. Software (SW) Mobile applications generally compatible with different types of mobile devices and OS (Android, ios, Blackberry, Windows). They are mainly used to offer a first level of security. Consumer electronic devices with SW application Compatibility with different devices OS. Mobile applications offer a first level of security although they do not provide a fully secured environment. Secured voice Secured SMS Secured data (VPN) Data communications are encrypted between the devices and the organization IT system. On-premise architecture The organization has total control of the solution, and fully masters the data, the servers as well as the encryption keys. This architecture is recommended for a higher level of security. Local and international certifications Certifications are issued by recognized authorities, based on an evaluation of the classification level for information that can be stored and communicated. Those approvals are based on Common Criteria certifications as well as local or international standards. Software + Hardware (SW+HW) Solutions based on a hardware element, providing a higher level of security. Specific hardware devices They generally provide a fully secured environment. They usually offer a limited customer experience and lack discretion, which both limit user adoption.. Consumer electronic device with HW+SW solution Device local encryption Strong authentication Use of a hardware element to access the device and the organization IT system. Externalized architecture The organization hands over the control and administration of the solution to a third party, which can then access the sensitive data. This architecture is secured provided the third party is a trusted partner. They generally offer high-level security, combined with bestin-class consumer electronic device user experience.

4 Cryptosmart solution... Cryptosmart is the only solution combining government-grade security on consumer electronic devices, which enhance its adoption by all users. Cryptosmart has been deployed by governments and large international companies to protect sensitive data in mobility conditions, in case of device loss, theft or eavesdropping. Range of Cryptosmart compatible devices Secured workspace Premium security Zero paper security Ultimate security for all

5 mobility, security and simplicity Mobile devices and communications security 1What security level? 2What type of 4 Which 5 solution? functionalities? Which security management? Common criteria certification (ISO 15408) Cryptographic component EAL5+ Cryptosmart smart card EAL4+ Software + Hardware (SW+HW) Exploitation of Android OS technical opportunities Use of a powerful certified cryptographic smart card End-to-end secured voice End-to-end secured SMS Secured data (VPN) On-premise architecture The on-premise Cryptosmart infrastructure offers full control over the company security and associated data. Local and International certifications ANSSI : Restricted OTAN : Restricted UE : Restricted 3 Which devices? Consumer electronic devices with HW+SW solution Full device encryption Strong authentication Externalized architecture ERCOM also offers its customers to work with trusted partners in order to deploy hosted infrastructures or develop a SaaS (Software as a Service) model. Thanks to its certified smart card, Cryptosmart creates a fully secured environment on the latest Android devices. Restrainted distribution

6 Use case Secure your smartphone and mobile communications on the move, anywhere in the world Cryptosmart offers various security features for frequent travelers: compatibility with all mobile (2G, 3G & 4G), WiFi and satellite operators encryption of all types of communications (voice, SMS and data) full device content encryption remote device wipe in case of loss or theft My contacts are not equipped with Cryptosmart? A Cryptosmart user can call any contact, even non-equipped with Cryptosmart. The communication is secured from the Cryptosmart device up to the organization IT system. 2 major use cases: secured communication from a Cryptosmart device to organization landlines secured communications initiated from sensitive networks such as public WiFi or foreign mobile operator My Cryptosmart contact is part of a third party organization? Different organizations can connect their Cryptosmart systems, thus allowing their users to secure calls with crossorganization end-to-end encryption. There are multiple use cases, among which secured communications: between different ministries of a country government between governments of allied countries between government entities and private companies between private companies

7 Cryptosmart - InterGateway THE ONLY SOLUTION TO DEPLOY YOUR SECURED VOICE COMMUNITY Legend Government entity Private company End-to-end encryption security

8 6, rue Dewoitine - Immeuble Rubis Vélizy-Villacoublay FRANCE cryptosmart@ercom.fr +33 (0) Photo Credit : Shutterstock