Are We There Yet? The Path Towards Securing the Mobile Enterprise
Download as PPTX, PDF3 likes967 views
The document discusses the current state and future direction of mobile security for enterprises, highlighting the importance of IBM's mobile security framework which covers device and content security, application security, and transaction security. It notes that while many organizations are investing in these areas, they are only partially effective and need to enhance their focus on secure application development and fraud detection. Enterprises are encouraged to use the framework to prioritize their mobile security investments to improve both employee productivity and customer engagement.
Are We There Yet? The Path Towards Securing the Mobile Enterprise
- 1. © 2014 IBM Corporation IBM Security Systems Are We There Yet? The Path Towards Securing the Mobile Enterprise Yishay Yovel Program Director, Fraud and Mobile Strategy IBM Security ©1 2014 IBM Corporation
- 2. © 2014 IBM Corporation IBM Security Systems 2 ABOUT THE SURVEY
- 3. Survey Respondents Demographics Total Response: 209
- 4. Survey Respondents Demographics: Larger Enterprises
- 5. © 2014 IBM Corporation IBM Security Systems 5 IBM MOBILE SECURITY FRAMEWORK
- 6. Enterprise Applications and Cloud Services and Data Protection © 2014 IBM Corporation IBM Security Systems IBM Mobile Security Framework - Requirements 6 Security Intelligence Identity, Fraud, Transaction Security Application Security Content Security Enterprise Device Security Personal and Consumer DATA Device Security Content Security Application Security Transaction Security Provision, manage and secure Corporate and BYOD devices Secure enterprise content access and sharing Develop vulnerability free, tamper proof and risk aware applications Prevent and detect high risk mobile transactions from employees, customers and partners Security Intelligence A unified architecture for integrating mobile security information and event management (SIEM), log management, anomaly detection, and configuration and vulnerability management
- 7. © 2014 IBM Corporation IBM Security Systems 7 THE CURRENT STATE OF AFFAIRS
- 8. Survey Respondents Demographics : Mobile Attributes
- 10. Enterprises see a wide range of business and technical risks spanning all pillars of the framework, malware risk is emerging
- 11. Enterprises have rolled out core device/content security capabilities, application and transaction security capabilities are emerging
- 12. © 2014 IBM Corporation IBM Security Systems 12 DEVICE AND CONTENT SECURITY
- 13. Mobile Device, Content Management Enterprise doc catalog View, edit, create, & sync files across devices Protect and contain sensitive content Activate & manage users, devices & policies Enterprise app catalog Operations & service desk management Secure Productivity Suite Complete set of work tools & app security Identity & access controls Data leak prevention & app compliance rules Secure network access for business apps Extend content in corporate file repositories Access intranet sites Secure Document Sharing Mobile Enterprise Gateway Advanced Mobile Management
- 14. Enterprises deploy basic controls to address “device lost” scenario, extended requirements for “risky devices” emerging
- 15. Enterprise deploy secure containers to control enterprise content for BYOD, emerging capabilities for more granular content control
- 16. © 2014 IBM Corporation IBM Security Systems 16 APPLICATION SECURITY
- 17. © 2014 IBM Corporation IBM Security Systems IBM Application Security capabilities Application Security Management Assess business impact Inventory assets Test Applications Static Analysis 17 IBM and Business Partner Only Determine compliance Measure status and progress Prioritize vulnerabilities Utilize resources effectively to identify and mitigate risk Dynamic Analysis Mobile Application Analysis Interactive Analysis Protect Deployed Applications Intrusion Prevention Database Activity Monitoring Web Application SIEM Firewall Mobile Application Protection
- 18. Appscan and Worklight: Integrated App development and vulnerability Scanning © 2014 IBM Corporation IBM Security Systems 18 IBM and Business Partner Only
- 19. Enterprises address app security for their own apps, less focused on risk from 3rd party apps and theft of their own apps
- 20. © 2014 IBM Corporation IBM Security Systems 20 TRANSACTION SECURITY
- 21. Transaction security: New Breed of Financial Mobile Malware is coming
- 22. Transaction Security: Flagging malware infected devices, enables mobile fraud detection
- 23. Transaction security focuses on securing “flow”, limited focus on fraud risk (malware) and transaction anomalies
- 24. © 2014 IBM Corporation IBM Security Systems 24 FUTURE AREAS OF INVESTMENT
- 25. Investments spans all pillars of the maturity model
- 26. Beyond the basics, organizations are increasing focus on App Security, emerging interest in transaction security
- 27. Most organizations will increase mobile security budgets to reap the benefits of mobile productivity
- 28. © 2014 IBM Corporation IBM Security Systems 28 SUMMARY
- 29. © 2014 IBM Corporation IBM Security Systems Security solutions for the mobile enterprise Personal and Consumer 29 Security Intelligence Transaction Security Application Security Device Security Content Security Application Security Transaction Security • Enroll, provision and configure devices, settings and mobile policy • Fingerprint devices with a unique and persistent mobile device ID • Remotely Locate, Lock and Wipe lost or stolen devices • Enforce device security compliance: passcode, encryption, jailbreak / root detection • Restrict copy, paste and share • Integration with Connections, SharePoint, Box, Google Drive, Windows File Share • Secure access to corporate mail, calendar and contacts • Secure access to corporate intranet sites and network Software Development Lifecycle • Integrated Development Environment • iOS / Android Static Scanning Application Protection • App Wrapping or SDK Container • Hardening & Tamper Resistance IBM Business Partner (Arxan) • Run-time Risk Detection Malware, Jailbreak / Root, Device ID, and Location • Whitelist / Blacklist Applications Access • Mobile Access Management • Identity Federation • API Connectivity Transactions • Mobile Fraud Risk Detection • Cross-channel Fraud Detection • Browser Security / URL Filtering • IP Velocity Security Intelligence Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Content Security Device Security DATA Enterprise IBM Security AppScan IBM Security Access Manager IBM Mobile Security Solutions IBM Mobile Security Services Security Intelligence IBM Mobile First powered by… IBM QRadar Security Intelligence Platform
- 30. Summary • Enterprises are making investments across all pillars of the IBM Mobile Security Framework, but we are “half way there” • Current investment focus on device and content security which supports the BYOD program • Future investments will address the development of secure mobile applications end eventually transaction fraud risk • Use the IBM Mobile Security Framework to build a prioritized roadmap for your investments in mobile security for your BYOD program, Employee productivity and Customer Engagement • Follow this link: http://ibm.com/security/mobile
- 31. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. © 2014 IBM Corporation IBM Security Systems 31 www.ibm.com/security © Copyright IBM Corporation 2014. THE INFORMATION IN THESE MATERIALS ARE PROVIDED "AS IS" WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. These materials are current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, ibm.com and other IBM products and services are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml