Are We There Yet? The Path Towards Securing the Mobile Enterprise
-
Upload
ibm-security-systems -
Category
Technology
-
view
408 -
download
0
description
Transcript of Are We There Yet? The Path Towards Securing the Mobile Enterprise
![Page 1: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/1.jpg)
© 2014 IBM Corporation
IBM Security Systems
1 © 2014 IBM Corporation
Are We There Yet? The Path Towards Securing the Mobile Enterprise
Yishay Yovel
Program Director, Fraud and Mobile Strategy
IBM Security
![Page 2: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/2.jpg)
© 2014 IBM Corporation
IBM Security Systems
2
ABOUT THE SURVEY
![Page 3: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/3.jpg)
Survey Respondents Demographics
Total Response: 209
![Page 4: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/4.jpg)
Survey Respondents Demographics: Larger Enterprises
![Page 5: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/5.jpg)
© 2014 IBM Corporation
IBM Security Systems
5
IBM MOBILE SECURITY FRAMEWORK
![Page 6: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/6.jpg)
© 2014 IBM Corporation
IBM Security Systems
6
IBM Mobile Security Framework - Requirements
Device Security Content Security Application Security Transaction Security
Provision, manage and secure Corporate and BYOD devices
Secure enterprise content access and sharing
Develop vulnerability free, tamper proof and risk aware applications
Prevent and detect high risk mobile transactions from employees, customers and partners
Security Intelligence
A unified architecture for integrating mobile security information and event management (SIEM), log management, anomaly detection, and configuration and vulnerability management
Security Intelligence
Enterprise Applicationsand Cloud Services
Identity, Fraud,and Data Protection
Content Security
Application Security
Transaction Security
Device Security
DATA
Personal and Consumer Enterprise
![Page 7: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/7.jpg)
© 2014 IBM Corporation
IBM Security Systems
7
THE CURRENT STATE OF AFFAIRS
![Page 8: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/8.jpg)
Survey Respondents Demographics : Mobile Attributes
![Page 9: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/9.jpg)
Mobile Security incidents
![Page 10: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/10.jpg)
Enterprises see a wide range of business and technical risks spanning all pillars of the framework, malware risk is emerging
![Page 11: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/11.jpg)
Enterprises have rolled out core device/content security capabilities, application and transaction security capabilities are emerging
![Page 12: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/12.jpg)
© 2014 IBM Corporation
IBM Security Systems
12
DEVICE AND CONTENT SECURITY
![Page 13: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/13.jpg)
Mobile Device, Content Management
Enterprise doc catalog
View, edit, create, & sync files across devices
Protect and contain sensitive content
Activate & manage users, devices & policies
Enterprise app catalog
Operations & servicedesk management
Secure network access for business apps
Extend content incorporate file repositories
Access intranet sites
Secure Document Sharing
Mobile Enterprise Gateway
Secure Productivity Suite
Complete set of worktools & app security
Identity & access controls
Data leak prevention & app compliance rules
Advanced Mobile Management
![Page 14: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/14.jpg)
Enterprises deploy basic controls to address “device lost” scenario, extended requirements for “risky devices” emerging
![Page 15: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/15.jpg)
Enterprise deploy secure containers to control enterprise content for BYOD, emerging capabilities for more granular content control
![Page 16: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/16.jpg)
© 2014 IBM Corporation
IBM Security Systems
16
APPLICATION SECURITY
![Page 17: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/17.jpg)
© 2014 IBM Corporation
IBM Security Systems
17 IBM and Business Partner Only
IBM Application Security capabilities
Application Security Management
Assessbusiness impact
Inventory assets
Determine compliance
Measure statusand progress
Prioritize vulnerabilities
Utilize resources effectively to identify and mitigate risk
TestApplications
StaticAnalysis
Dynamic Analysis
Mobile Application
AnalysisInteractiveAnalysis
ProtectDeployed Applications
IntrusionPrevention
DatabaseActivity
Monitoring
WebApplication
FirewallSIEM
MobileApplicationProtection
![Page 18: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/18.jpg)
© 2014 IBM Corporation
IBM Security Systems
18 IBM and Business Partner Only
Appscan and Worklight: Integrated App development and vulnerability Scanning
![Page 19: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/19.jpg)
Enterprises address app security for their own apps, less focused on risk from 3rd party apps and theft of their own apps
![Page 20: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/20.jpg)
© 2014 IBM Corporation
IBM Security Systems
20
TRANSACTION SECURITY
![Page 21: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/21.jpg)
Transaction security: New Breed of Financial Mobile Malware is coming
![Page 22: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/22.jpg)
Transaction Security: Flagging malware infected devices, enables mobile fraud detection
![Page 23: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/23.jpg)
Transaction security focuses on securing “flow”, limited focus on fraud risk (malware) and transaction anomalies
![Page 24: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/24.jpg)
© 2014 IBM Corporation
IBM Security Systems
24
FUTURE AREAS OF INVESTMENT
![Page 25: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/25.jpg)
Investments spans all pillars of the maturity model
![Page 26: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/26.jpg)
Beyond the basics, organizations are increasing focus on App Security, emerging interest in transaction security
![Page 27: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/27.jpg)
Most organizations will increase mobile security budgets to reap the benefits of mobile productivity
![Page 28: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/28.jpg)
© 2014 IBM Corporation
IBM Security Systems
28
SUMMARY
![Page 29: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/29.jpg)
© 2014 IBM Corporation
IBM Security Systems
29
Security solutions for the mobile enterprise
Device Security Content Security Application Security Transaction Security
• Enroll, provision and configure devices, settings and mobile policy
• Fingerprint devices with a unique and persistent mobile device ID
• Remotely Locate, Lock and Wipe lost or stolen devices
• Enforce device security compliance: passcode, encryption, jailbreak / root detection
• Restrict copy, paste and share
• Integration with Connections, SharePoint, Box, Google Drive, Windows File Share
• Secure access to corporate mail, calendar and contacts
• Secure access to corporate intranet sites and network
Software Development Lifecycle
• Integrated Development Environment
• iOS / Android Static Scanning
Application Protection
• App Wrapping or SDK Container
• Hardening & Tamper ResistanceIBM Business Partner (Arxan)
• Run-time Risk DetectionMalware, Jailbreak / Root, Device ID, and Location
• Whitelist / Blacklist Applications
Access
• Mobile Access Management
• Identity Federation
• API Connectivity
Transactions
• Mobile Fraud Risk Detection
• Cross-channel Fraud Detection
• Browser Security / URL Filtering
• IP Velocity
Security Intelligence
Security Intelligence
Enterprise Applicationsand Cloud Services
Identity, Fraud,and Data Protection
Content Security
Application Security
Transaction Security
Device Security
DATA
Personal and Consumer Enterprise
IBM SecurityAppScan
IBM SecurityAccess Manager
IBM Mobile Security Solutions
IBM Mobile Security Services
Security Intelligence
IBM Mobile First powered by…
IBM QRadar SecurityIntelligence Platform
![Page 30: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/30.jpg)
Summary
• Enterprises are making investments across all pillars of the IBM Mobile Security Framework, but we are “half way there”
• Current investment focus on device and content security which supports the BYOD program
• Future investments will address the development of secure mobile applications end eventually transaction fraud risk
• Use the IBM Mobile Security Framework to build a prioritized roadmap for your investments in mobile security for your BYOD program, Employee productivity and Customer Engagement
• Follow this link: http://ibm.com/security/mobile
![Page 31: Are We There Yet? The Path Towards Securing the Mobile Enterprise](https://reader033.fdocuments.in/reader033/viewer/2022052506/556d3acbd8b42aa95c8b4e2d/html5/thumbnails/31.jpg)
© 2014 IBM Corporation
IBM Security Systems
31
www.ibm.com/security
© Copyright IBM Corporation 2014. THE INFORMATION IN THESE MATERIALS ARE PROVIDED "AS IS" WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. These materials are current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, ibm.com and other IBM products and services are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.