Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Fundamentals of Secure Collaboration in the Mobile Workforce
Sinisha Patkovic
1
DISCUSSION
2
• Hyper connected “X-Times” future and blurring of lines
between personal, social cloud, & enterprise.
• CIO Challenge: lost balance between productivity, user
satisfaction, and risk management.
• Governance & Decision Making: Boards don’t speak Cyber.
• Bias: do you know we are wired to value gain over risk?
• Who is liable for corporate privacy and security?
• Collaborating in the Cloud – who is liable for data breach?
The world is moving to a ‘X-Times’ future 10+ times the connected devices (all end points) 100+ times the apps – BYOX & Corporate deployed 1,000+ times the amount of data 10,000+ times the collaboration opportunities
WHAT IS THE FUTURE OF MOBILITY?
3
4
Users
Applications
Takes the world by storm. • Now we have to embrace it…
= More devices
What did MDM get us? (Email)• Enterprise apps ‐ challenging to build and deploy
= More apps
Tons of desktop applications!• These apps run your business• They need to go mobile• New technologies
= More integrations
Future Proof • Data is behind the firewall• VPNs not designed for mobile• What about UX?• How do you manage all the
apps • How develop these apps?
THE CHALLENGES
BYOD
5
SECURITY MATTERS
In 2013, the average cost per data breach fin the U.K. was £2.16 million—or £41 per record.
By 2016, there will be 752M business use smartphones worldwide. Only 273M will be under MDM management.
By 2017, half of employers will require employees to supply their own device for work purposes.
Employee-owned devices will be compromised by malware at more than double the rate of corporate-owned devices.
In 2016, 83.9M corporate liable devices will be shipped, up from 61.4M in 2013.
$5.4M
752M
50%
2X
83.9M
2014 Cost of Data Breach Study, Ponemon Institute and IBM
6
UNDERSTAND THESECURITY THREATCyber Defense & Mobile MalwareNeed for automated scanning of applications before they ever reach the device. Also application activity (on device/network) monitoring is necessary.
Someone is ALWAYS ListeningThe assumption must always be that every data route is insecure. We must built our data channels accordingly.
Consumer Applications in the EnterpriseNeed to separate corporate information from consumer apps. Personal apps only have access to personal information.
The Insider ThreatBeing able to limit access to data on mobile devices is equally important as it is on laptops and desktops.
7
Security as a foundation of product development.
• Product Layers that benefit from security
• Secure Hardware
• Secure OS
• Secure EMM
• Secure Cloud Infrastructure
• Secure Value Added Services
• Secure IoT Microkernel
• Innovative security: better usability, better accuracy, user centric, context aware.
SECURITY LAYERS
8
Risk Management
User Experience
\\
UNDERSTANDING ENTERPRISE FORCES
Business Enablement
• Mobile Productivity, App Strategy• Secure Voice• Collaboration• Cost of Ownership
• Intellectual Property• Sensitive Data (need for DRM)• Regulatory Compliance• Privacy
• Usability• Design / Style• Personal Preference• Consumer Applications
Business Enablement
Risk Management
User Experience
9
Mobile Device
• Social networking
• Personal email / webmail
• IM, SMS, P2P• USB / microSD• Others
User Activity• File attachment• Cut & Paste• USB / microSD
Malware• Data‐at‐rest• Direct access• Other
Data Loss
Data LossERP, CRM, MIS, FISContent & Asset mgmt.,etc.
WorkUse
PersonalUse
Hacker Command &
Control
PrivateEnterpriseResources
Public Networks
DATA LEAK RISKS WITH WORK & PERSONAL USE COMMINGLING
Sensitive & Regulated Data
10
THREAT ATTACK VECTORS• Eavesdropping and interception:
• Insecure external email, SMS, P2P chat, and other consumer communications• Voice: over-the-air and carrier infrastructure• Insecure file sharing
• Malware:• App store malware• Device rooting / Operating System compromises
• Cyber attack with physical possession of device:• Device rooting / Operating System compromises• Weak or no data-at-rest encryption, weak or no authentication
• Data loss due to personal use• Forwarding work data and files with personal use (webmail, cloud file sharing,
SMS/P2P etc.)• Insecure file offloading and sharing (cloud file sharing, USB/SD card storage)
12
TRENDSTHREATS FOLLOW ASSETS
DEVICE MANAGEMENT MODELS
COPECorporate Owned Personal Enabled
BYODBring Your Own Device
CYODChoose Your Own Device
COBOCorporate Owned
Business Only
Organizations continue to invest in Corporate liable devices - COPE demand continues to grow.
83.9MCorporate liable devices
worldwide to be shipped in
2016Growing from 61.4M
in 2013IDC - Worldwide Business Use Smartphone
2013–2017 Forecast Update
13
CONTAINER SPECTRUM
“Best Practices In Mobile Device Management” Phil Redman, July 26, 201214
ECONOMY DATA LEAK PREVENTION
Security – Data Leak Prevention For Dual Use
DesktopVirtualization
VDI/HDV$$/$$$
Application Neutral
Containers (pseudo-
native SDK)$Application
SpecificContainers
(bolt-on SDK)$$$
IntegratedContainers
(Native SDK)
$
Mobile OSVirtualization
(Mobile Hypervisor)
$$$
Total Cost of Ownership(including app development)
$ least expensive$$$$$ most expensive
15
EMM CORE COMPETENCIES
• Core: MDM, VPN, Container, App Management, is commoditized.
• Need for Consumer-level User Experience in Container
• App Baseline Security, License Management, App Analytics, Single Sign On
• Reputation Services: real time risk engine for compliance and risk related to OS, apps, privacy.
• Expanded Analytics to manage scale• Intelligence Aggregation, Policy Automation
16
EMM COMPETENCIES
• Unified end-point management• Desktop, laptop, tablet, smartphone, IoT nodes
• Mobile Identity and Access• User/Person driven, contextualized.
• File Level protection – DRM• Operation-level security across file life-cycle.
• Collaboration• Video conferencing, screen sharing.
• Back-end integration both on premise and cloud.
17
FUTURE OPPORTUNITIES
• Confidence based security: wider context for authenticating user – sensors, content, biometrics…
• Right-time Experiences: dynamic content based on multi-source context. Needs breaking of data/service silos.
• Indoor Location Services.• Geo-fencing: automated policy enforcement.
18
DISCUSSION
19
• Hyper connected “X-Times” future and blurring of
lines between personal, social cloud, & enterprise.
• Governance: Boards don’t speak Cyber
• Collaborating in the Cloud – who owns the risk?
• Bias: wired to value gain over risk
• New threat vectors