NSA, PRISM and Snowden: Data Security in the Enterprise after NSA scandal

Page 1

Enterprise Mobility in the Era of the NSA, PRISM and Others How Data Security is Still Possible Cortado White Paper


Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. The NSA eavesdropping scandal: Why 2014 is suddenly feeling like Orwell's 1984 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1 Who's who and their programs? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1.1 The intelligence services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.1.2 The various eavesdropping programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.1.3 Analog eavesdropping program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.1.4 Analysis programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 1.2 To summarize: The methods used by the NSA and GCHQ . . . . . . . . . . . . 12 2. The commercial and economic aspect of security . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.1 International reactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.2 A European example: Germany's position . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3. Basic rules for Internet security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.1 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.2 Public key infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.3 Be suspicious of commercial encryption software . . . . . . . . . . . . . . . . . . . . 15 3.4 Encrypt e-mail communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.5 Perfect forward secrecy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.6 Air gap method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.7 Avoid public clouds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 4. Is the eavesdropping scandal destroying the potential of enterprise mobility? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.1 Points of attack in mobile communications 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 5. The response to points of attack: Cortado Corporate Server . . . . . . . . . . . . . . . 21 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Enterprise Mobility in Zeiten von NSA, PRISM & Co. | Mai 2014 | www.cortado.de | www.thinprint.de Follow Cortado :

facebook

twitter

youtube

linkedin

2


Abstract Situation. The eavesdropping scandal and the technical background behind it. Since June 2013, thanks to Edward Snowden one thing is clear: The Internet system is not secure, and all the other systems and devices that rely on it even less so. Private individuals and companies are affected by espionage. Every connection can be manipulated. The NSA has a budget of 11 billion U.S. dollars a year, 440 million of which is invested in "Research and Technology." It is therefore hardly surprising that the technical implementation of PRISM and others is particularly complex and far-reaching. Problem. Commercial and economic implications Outside of Europe, the NSA scandal is not being considered such a cause for concern. However, both the commercial and the economic implications are huge. The economy's trust in new technologies has been severely damaged. Solution. Measures for increasing data security The revelations show that the Internet does not simply take care of itself. With the help of a few basic rules, you can create a "secure container." There is even insecurity in the enterprise mobility area. If companies feel that the data they store on-site is no longer secure, what does that mean for mobile data traffic? The good news is that mobile technology does not have to be relegated to the archives, quite the opposite in fact. With the right management system, enterprise mobility is secure. Result. On-premise as a basis for enterprise mobility Cortado Corporate Server is an enterprise mobility system that combines mobile device management with mobile application management and file access/file sharing in one complete solution and is simultaneously installed on the company's own site. At the same time, the transmitted data meets the highest security standards.

Enterprise Mobility in the Era of the NSA, PRISM and Others | May 2014 | www.cortado.com | www.thinprint.com

3


Download this white paper for free from the Cortado Corporate Server website today! http://bit.ly/1joirEt

www.cortado.com

Follow Cortado::

facebook

twitter

youtube

linkedin


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.