Scale Your App Strategy for Success with IBM MaaS360
-
Upload
ibm-maas360 -
Category
Mobile
-
view
385 -
download
3
Transcript of Scale Your App Strategy for Success with IBM MaaS360
Scale Your App Strategy for Success with IBM MaaS360
August 18, 2016
Frank GentileCloud Security Specialist, IBM MaaS360
Steve CrescimoneSales Leader - Mobile and Application Security, IBM MaaS360
2 IBM Security
Housekeeping items
Duration – 60 minutes
Submit your questions to all panelists in the Q&A box located on the right-hand side of your screen
Recording and slides will be emailed to you
3 IBM Security
Today’s agenda
• Market trends̶2 2016 Ponemon Institute Study Findings
• The makings of a successful app strategy
• Real customers, real data
• Best practices for scaling apps
Making App Security a Strategically Managed Discipline
INDEPENDENT PONEMON INSTITUTE STUDY
Poll #1 PlaceholderQUESTION: WHERE DO MOST SECURITY COMPROMISES MOST LIKELY OCCUR?
6 IBM Security
The Problem: Ponemon’s 2016 Application Security Risk Study
Where do most security compromises most likely occur?
Applications Network Human Intelligence
Data Physical
3225
1712
9
7 IBM Security
The Problem: Ponemon’s 2016 Application Security Risk Study
What are your organization’s top application security risk objectives?
69%
63%
62%
48%
23%
21%
11%
3%
Minimize Downtown
Minimize Business Disruption
Compliance / Regulation
Protect Intellectual Property
Prevent Attacks
Preserve Brand / Reputation
Secure critical Infrastructure
Other
Ease & Speed Matter
8 IBM Security
The Problem: Ponemon’s 2016 Application Security Risk Study
Perceptions about application developers and application security risk?
50%
Developers Lack Knowledge & Skill
Lack of resources allocated
Developers view security as a hindrance to releases
70%
73%
Intelligent Findings Analytics IFA can change these perceptions.
Improve your app security effectiveness
10 IBM Security
Identify and remediate high-priority vulnerabilities
IBM Application Security on Cloud
ComprehensiveBased on AppScan engines
SimpleAs easy a 1-2-3
FastFully Automated solution
SafeMeets IBM Security standards
11 IBM Security
Run all tests DAST
SAST
IAST
Analyze everythingWeb apps
Mobile apps
Desktop apps
Buy one subscription and get it all.
One tool, all scanning included
Comprehensive
12 IBM Security
SimpleDoes my application contain security vulnerabilities?
Enter URL / upload application
Scan the application
2
Reviewthe report
31
IBM Application Security on Cloud
13 IBM Security
Reduce false positives Minimize “unlikely attack
scenarios” Provide fix
recommendations that resolve multiple vulnerabilities
* Patents pending1Poneman Institute estimates the cost to fix a defect if found early in development at $80, while it costs around $960 to fix if found in QA
Early and repeatable vulnerability analysis drives cost reduction for fixes1
Machine learning with Intelligent Findings Analytics “IFA”*
Learned results
Intelligent Findings Analytics• Fully automated review of scan findings
• Trained by IBM Security Experts
AppScan results
Fast
Cognitive computing applied to security vulnerability analysis
14 IBM Security
• Meets or exceeds human experts
• Returns results in seconds, rather than hours or days
• 90-95% average reduction in false positives
• Integrates right back into the development workflow
• Fix an average 8-10 issues in a single place in the code
IFAExample Real World Applications
ScanFindings Vulnerabilities Fix Recommendations
Application 1 55,132 14,050 60
Application 2 12,480 1,057 35
Fast
Intelligent findings analytics results
15 IBM Security
Runs on IBM SoftLayer architecture Provides end-to-end encryption Meets strict IBM SaaS security
standards
Your source code never leaves your control / premises
Uploaded application artifacts are not stored or cached in the service
Robust protection for your sensitive application assets
Safe
01 02 03Manage it:Mobile Application Management
Secure it:Mobile Application Security
Enhance it:Gateway for Apps
Now what?FIRST WE DEVELOPED OUR APP, THEN WE SCANNED IT…
17 IBM Security
Mobile Application Management is fastest growing EMM segment
Averaging ~40% CAGR until 2020
Source: 451 Research, 2015
• Need to distribute and manage a growing number of apps driving MAM market growth
• In 2015, Gartner client inquiries for MAM tools doubled
• 29% of organizations have a mobile app store today, and 30% more plan one in future
• Average B2E enterprise app store has 26 mobile apps, over 60% are public apps
18 IBM Security
Enterprise App Catalog
App security & compliance
management
Distribute & update apps
Selectively remove managed
apps
Volume Purchase Program
management
App Cloud for hosting &
distribution
IBM MaaS360 Mobile Application Management
19 IBM Security
New look and feel for iPhones, iPads and Android devices– Similar to native App Store user experience– In collaboration with Apple & Google designers– Keeps app info up-to-date with public app store
Simplify discovery of relevant apps– Intuitive search, sort, filter, multiple tabs– Highlights recently added and most popular apps– Rate and review apps to give feedback
Promote key apps for users– App Bundles to logically group apps– Featured, New, and App Bundles draw users’ attention– Display similar apps to help users find the right one
Manage at scale– Quickly create and distribute app bundles for one touch installation
Unmatched App UX in EMM industry
Android and iOS app catalogs—a reimagined experience
20 IBM Security
Enable user authentication Stop access from compromised devices Restrict cut/copy/paste Enforce file protection Limit data backup to iTunes Alert administrators of violations Take automated actions MaaS360 Market for best-in-class apps
from developers leveraging SDK
A mobile application container with full operational & security management to protect against data leaks for iOS & Android
Simple App Wrapper when deploying enterprise apps with MAM
orRobust Software Development Kit (SDK) to
integrate right in app code
IBM MaaS360 Mobile Application Security
21 IBM Security
Secure per app VPN tunnel to internal data resources to enhance enterprise apps on a mobile device Enable & distribute private apps with enterprise data, secured using IBM MaaS360 Mobile
Application Management & IBM MaaS360 Mobile Application Security No need for user to initiate a device-level VPN connection No changes to your network or firewall security settings
Files
Content
Data
Gateway
IBM MaaS360 Gateway for Apps
Real customers, real dataIBM MAAS360 APPS
23 IBM Security
MaaS360 app distribution
80% Public 20% Private
24 IBM Security
Where apps are being put to work
• Education – K-12
• Pharmaceutical
• Service companies – internet, TV and telecommunications
24
25 IBM Security
6000+ Companies60K+ Apps
10M+ Distributions
26 IBM Security
How customers compare
26
Manage 9 AppsApprox. 1500 Distributions Manage 472 Apps
Approx. 430,000 Distributions
Average Customers Top 10 Customers
27 IBM Security
How customers are scaling
27
1 to 10 apps
• Few tools necessary• Mostly public apps
• Random distribution• No end-user training
100 or more apps
• EMM and MAM is a must• AD/Group based distributions• Install/Update with one touch• Discovery of relevant apps
• App promotion, intuitive search, sort, filter• Native Experience
• Public and Private Apps• App Configuration
• DLP Controls
Average Top 10
28 IBM Security
Securing apps and scaling your app strategy for success
Your checklist:
Scan Application Security on Cloud
Manage Mobile Application Management
Secure Mobile Application Security
Enhance Gateway for Apps
SCALE! EMM, MAM, and App Security
Poll #2 PlaceholderWOULD YOU LIKE MORE INFO ON ASOC?
Questions?SUBMIT VIA ON24 Q&A BOX
AppendixAPP SECURITY ON CLOUD – SAMPLE REPORTS
32 IBM Security
Security Report – Payment Card Industry Data Security Standard (PCI)
Version 3.1
33 IBM Security
Web Application Report
demo.testfire.net
34 IBM Security
Mobile Application Report
Altoro for iOS v1.0
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU