Embed Size (px)
Citation preview
An InformationWeek Webcast
Sponsored by
Is that a Laptop in Your Pocket? Security & Privacy in the Age of Mobility
Webcast Logistics
Today’s Presenters
David P. Merrill
Senior Technical Staff Member
IBM
Naveed Makhani
Senior Product Manager
IBM Tivoli
© 2012 IBM Corporation
IBM
4
Mobile is the next evolution in computing
Host/Mainframe
Client/Server
Web/Desktop
Mobile/Wireless/Cloud
Mobile Applications
85 billion mobile applications will be
downloaded in 2012
(Source: IDC)
Security
8X increase in security risk
driven by proliferation of
mobile data and devices
Unified Communications (UC)
78%
of multinational corporations plan to adopt mobile UC by 2015, including mobile video streaming and conferencing
“Consumerisation of IT”
62% individual–liable (BYOD*) devices used for
business, compared to 38% corporate-liable
in 2012
(Source: IDC*)
Employees
34% employees in 2012 are mobile (Source: IDC*)
4
© 2012 IBM Corporation
IBM
5
Opportunities for the enterprise
Business to Consumer
• Drive increased sales through personalised offers
• Handle retail sales transactions and opportunities more efficiently
• Offer accurate and usable data to customers in realtime and at anytime they choose
• Maintain contact with clients, on 24/7 basis for access to mobile online apps
• Deeper insight into customer buying behavior for up sell and cross sell
• Improve conversion rate for high value clients by providing enhanced choices
Business to Enterprise
• Increase worker productivity
• Improved decision making for mobile workers
• Increase revenue through sales efficiency
• Extend existing applications to mobile workers and partners
• Deploy industry specific solutions to streamline business processes and reduce costs
• Increase employee satisfaction through flexible BYOD programs
• Reduce personnel cost (utilizing personal owned instead of corporate issued devices)
© 2012 IBM Corporation
IBM
6
Mobile Security Threat Landscape Malware Loss and Theft
Communication OS vulnerability based attacks
• A survey of consumer users found that one out of every three users has ever lost a mobile device.
• 2011 study - 36 percent of consumers in the United States have either lost their mobile phone or had it stolen. (Symantec)
• The major benefits of mobile devices (size and portability) unfortunately come with the big risk of losing sensitive data that has to be accepted but can be mitigated.
• Cell phone theft in New York City jumped from eight percent of robberies 10 years ago to more than 40 percent today (CBS News)
• No platform is immune. Malicious applications on increase in all app stores
• “Zeus for Mobile”
• First large scale mobile botnet in 1Q2012 – RootStrap (Symantec)
• Mobile OS vulnerabilities continue to be discovered at significant rates
• Always on and connected, mobile device is a prime target for hit-and-run network-based attacks and exploiting zero-day vulnerabilities.
• Published techniques to “jailbreak” or “root” mobile devices allow hackers to get administrative access, commonly within days of release
• SMS toll fraud continues as one of primary exploited areas
• Bluetooth is an exploited vector because a device in a discoverable mode can be easily discovered and lured to accept a malicious connection request.
• “Man in the middle” attacks have been demonstrated to be possible with several platforms using Wi-Fi links.
• Phishing or pharming attacks can leverage multiple channels: email, SMS, MSS, and voice
• Malware existed in various forms (viruses, worms, Trojans, spyware) has been constantly increasing.
• 25,000 mobile malware apps were identified as of the second quarter of 2012--a 417 percent rise from the first quarter. (Trend)
0
50
100
150
200
2006 2007 2008 2009 2010 2011 2012
Total Mobile Operating System Vulnerabilities
2006 - 2012 1H (projected)
© 2012 IBM Corporation
IBM
7
New Mobile threats
Which QR code is evil?
• QR Code contained a URL to
download malware
• The malware sent SMS messages
to a premium rate number (US $6
per message)
http://siliconangle.com/blog/2011/1
0/21/infected-qr-malware-surfaces-
on-smartphones-apps/
© 2012 IBM Corporation
IBM
8
Bottom Line: Your enterprise data is no less valuable just because it is on a mobile device, but it is likely at more risk!
© 2012 IBM Corporation
IBM
9
The stages of enterprise mobility starts with e-mail messaging, followed by “mobilising” business applications and eventually leads to unified workforce collaboration.
Enterprise Mobility Maturity
Bu
sin
ess V
alu
e
remote access business email
device agnostic – any device
synchronized inboxes with
business workstations
synchronized calendars
able to view / edit attached
corporate documents
instant messaging
shared mail boxes
one mailbox multiple “inboxes”
E-mail Messaging to the Workforce
remote and wireless access to business
data via mobilized applications
device agnostic – any device
auto-sensing of devices & network
real-time and multi-tasking
synchronized calendars – over all end
user computing devices
synchronized documents and
databases: edit here, updates
everywhere
multimedia: text (MIM), voice, & video
internet “web” enabled
location aware
voice active solutions: hands-free
Remote Access of Business Applications to the Workforce real-time information, data &
screen sharing
device agnostic – any device
location aware and intelligent
dynamic “impromptu” conference
calls
unified messaging: voice, video, e-
mail & text
combined inbox: e-mail, voice mail
rich multimedia computing devices
auto-sensing of devices & network
network and device aware
multi-tasking solutions & devices
Internet “web enabled”
voice active solutions: hands free
Unified Workforce Collaboration
Business Management: Processes & Device Security Network
READINESS DOMAINS
IBM Corporation 2011
Moving Beyond email to support applications
© 2012 IBM Corporation
IBM
10
Endpoint Management Convergence Matters….
Why does this matter?
– Cost
– Compliance and reporting
– Enablement of role-based security management
Proliferation of tactical mobile security tools and point
products
– Served purpose
– Ultimately inefficient and complex
Consistency across all endpoints
– Tablets and smartphones are really just computers
– Same data at risk
– Extend security standards Roles Configuration policies
© 2012 IBM Corporation
IBM
11
Mobile endpoints are part of Enterprise Threat management
11
People
Data
Applications
Infrastructure
Employees Consultants Hackers Terrorists Outsourcers Customers Suppliers
Systems
applications Web applications Web 2.0 Mobile apps
Structured Unstructured At rest In motion
While tactically we may treat them as unique,
strategically they should be put into enterprise context
© 2012 IBM Corporation
IBM
12
Mobile Security Solutions IBM Has to Offer
Internet
IBM WorkLight Runtime for safe mobile apps
• Encrypted data cache
• App validation
IBM Endpoint
Manager for Mobile Configure, Provision, Monitor
• Set appropriate security
policies
• Enable endpoint access
• Ensure compliance
Secure Data and the Device
IBM Security Access
Manager for Mobile
(TAMeb) Authenticate & authorize users
and devices
• Standards Support: OAuth,
SAML, OpenID
• Single Sign-On & Identity
Mediation
IBM Mobile Connect Secure Connectivity
• App level VPN
Protect Access to
Enterprise Apps and Data
Achieve Visibility and Enable Adaptive Security Posture
IBM QRadar System-wide Mobile Security Awareness
• Risk Assessment
• Threat Detection
IBM WorkLight Develop safe mobile apps
• Direct Updates
IBM AppScan for
Mobile Vulnerability testing
• Dynamic & Static analysis
of Hybrid and Mobile web
apps
Develop and Test Mobile
Apps
© 2012 IBM Corporation
IBM
13
Mobile Security Enabled with IBM Solutions
IBM can bring together a broad portfolio of technologies and services to
meet the mobile security needs of customers across multiple industries
Mobile Information Protection
Mobile Threat Management
Mobile Identity and Access Management
Mobile Network Protection
Mobile Device Security Management
Mobile Device Management
Secure Mobile Application Development
© 2012 IBM Corporation
IBM
14
Case study with IBM
95% of IBM employees are issued laptops
Over 100,000 smartphones and tablets with
access to the IBM corporate network and
growing rapidly!
Personally owned devices can be used for
business purposes
Strong dependency on collaboration and social
media tools to conduct IBM business and stay
connected
A highly diverse workforce: • 425,000 employees worldwide
• 50% workforce has less than 5 years of
service • 50% of employees work remotely – not
from a traditional IBM office • 71% of employees are outside the US
Established policies for mobile employees
Established policies for personally-owned devices
Sold expensive office space and created world-wide mobility centers
Launched small, focused “opt-in” BYOD pilots. Resisted the urge to “boil the ocean”
Embraced collaboration and social media tools to allow mobile devices to stay connected
How did IBM become a mobile business?
IBM's BYOD program "really is
about supporting employees in
the way they want to work.
They will find the most
appropriate tool to get their job
done. I want to make sure I
can enable them to do that,
but in a way that safeguards
the integrity of our business.“
– IBM CIO Jeanette Horan
© 2012 IBM Corporation
IBM
15
IBM Endpoint Manager delivers a unified systems and security management solution for all enterprise devices
Windows & Mac
Desktops/Laptops
Unix / Linux Servers
Windows Mobile / Kiosks /
POS devices
Android / iOS / Symbian /
Windows Phone devices
Supporting more devices…
…and more capabilities.
Mobile Device Mgmt Security Config Mgmt
S/W Use Analysis
OS Deployment Remote Control
Endpoint Protection
Power Mgmt Patch Mgmt
Device Inventory
Configuration Mgmt
© 2012 IBM Corporation
IBM
16
Agent-based Management
– Android via native BigFix agent
– iOS via Apple’s MDM APIs
Email-based management through Exchange and Lotus Traveler
– Supported platforms: iOS, Android, Windows Phone, Windows Mobile, Symbian
How does Endpoint Manager manage mobile devices?
Category Endpoint Manager Capabilities
Platform Support Apple iOS, Google Android, Nokia Symbian, Windows Phone, Windows Mobile
Management Actions Selective wipe, full wipe, deny email access, remote lock, user notification, clear passcode
End-User Services Self-service portal, enterprise app store, authenticated enrollment (AD/LDAP)
Application Management Application inventory, enterprise app store, whitelisting, blacklisting, Apple VPP
Policy & Security Management Password policies, device encryption, jailbreak & root detection
Location Services Track devices and locate on map
Enterprise Access Management Configure email, VPN, and Wi-Fi; certificate management
Expense Management Enable/disable voice and data roaming
© 2012 IBM Corporation
IBM
17
A “Single Device View” enables administrators and helpdesk personnel to easily view device details and take required action
© 2012 IBM Corporation
IBM
18
Web reports provide at-a-glance mobile device deployment overviews
© 2012 IBM Corporation
IBM
19
A flexible enrollment process enables organizations to include a EULA and to collect critical device and employee data via customizable questions
© 2012 IBM Corporation
IBM
20
Distribute apps using the Enterprise App Store
© 2012 IBM Corporation
IBM
21
A unified report of password policies across all mobile OS’ makes it easy for administrators to identify non-compliant devices
© 2012 IBM Corporation
IBM
22
Read my thoughts
Follow me at the Institute of Advanced Security Mobile Security expert blog – http://instituteforadvancedsecurity.com/ias-blogs/community-blogs/b/weblog12/default.aspx
LinkedIn: [email protected]
Twitter: @davidpmerrill
Read IBM’s ISS XFORCE trend report
– 2012 Annual Trend report released in March
– Includes substantial update on Mobile Security trends – https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg-Tivoli_Organic&S_PKG=xforce-trend-risk-report
© 2012 IBM Corporation
IBM
23
Q&A Session
David P. Merrill
Senior Technical Staff Member
IBM
Naveed Makhani
Senior Product Manager
IBM Tivoli
Resources
For more information please visit:
www.ibm.com/mobile-enterprise
