Upload
prolifics
View
349
Download
0
Tags:
Embed Size (px)
DESCRIPTION
When it comes to mobile security, this presentation shows why MDM is not enough
Citation preview
© 2013 IBM Corporation
IBM Mobile Security: Why MDM is not Enough
Ken ParmeleeBusiness Development Executive and Program Director, MobileFirst
© 2013 IBM Corporation2
Enterprises need confidence to put mobile first…
© 2013 IBM Corporation3
The threat of attack looms large
© 2013 IBM Corporation4
Mobile devices are shared more often
Mobile devices are used in more locations
Mobile devices prioritize the user
Mobile devices are diverse.
Mobile devices have multiple personas
• Personal phones and tablets shared with family
• Enterprise tablet shared with co-workers
• Social norms of mobile apps vs. file systems
• Work tool
• Entertainment device
• Personal organization
• Security profile per persona?
• OS immaturity for enterprise mgmt
• BYOD dictates multiple OSs
• Vendor / carrier control dictates multiple OS versions
• A single location could offer public, private, and cell connections
• Anywhere, anytime
• Increasing reliance on enterprise WiFi
• Conflicts with user experience not tolerated
• OS architecture puts the user in control
• Difficult to enforce policy, app lists
Mobile devices: Unique security challenges
© 2013 IBM Corporation5
Mobile Fraud Risk Vectors
#1: Compromised andVulnerable Devices
#1: Compromised andVulnerable Devices
Susceptible to rogue apps, mobile
malware
Susceptible to rogue apps, mobile
malware
#2: Account Takeover via a Criminal Mobile
Device
#2: Account Takeover via a Criminal Mobile
Device
Server-side device ID isn't effective for
mobile device
Server-side device ID isn't effective for
mobile device
#3: Cross-ChannelAttacks
#3: Cross-ChannelAttacks
Credential theft from the desktop enables
mobile fraud
Credential theft from the desktop enables
mobile fraud
© 2013 IBM Corporation6
Device Management
Network, Data, and Access Security
Application Layer Security
Security for endpoint device and data
Achieve visibility and adaptive security policies
Develop and test applications
IBM MobileFirst’s approach to security
© 2013 IBM Corporation7
Why take an integrated approach to mobile security?
Speed time to deployment of enterprise mobile apps and updates, while improving quality
Improve WiFi network management for greater reliability, employee productivity, and minimize business interruptions
Enhance end-to-end security to help prevent loss of intellectual property and regulated data
Less total infrastructure for lower hardware, admin costs
Reduce help desk calls, device and service lifecycle costs
© 2013 IBM Corporation8
What if context determined capabilities automatically & securely?
• Context On-site inside emergency room On the hospital network Authorized doctor on shift
Function: All app features Data: Full data access and storage Security: Single-factor authentication
• Context At coffee shop On an unsecured network Authorized doctor on call
Function: Designated features only Data: Specific encrypted data Security: Multi-factor authentication
Governed Policy
© 2013 IBM Corporation9
Industry Solutions
IBM & Partner Applications
BankingBanking Insurance
Insurance
Transport
Transport
TelecomTelecom GovernmentGovernmentRetailRetail HealthcareHealthcare AutomotiveAutomotive
Application & Data Platform
Str
ateg
y &
Des
ign
Ser
vice
s
Cloud & Managed Services
Devices Network Servers
Develo
pm
ent &
Inte
gratio
n S
ervices
ManagementManagement AnalyticsAnalyticsSecuritySecurity
IBM MobileFirst offering portfolio
© 2013 IBM Corporation10
IBM MobileFirst Security offers: Context aware risk – based access control
Mobile threat protection
Strong session management & Single Sign–on
Vulnerability analysis for mobile apps
Visibility and analysis of security events from the device, network, user end app behavior
For clients who need to:
Protect devices and data
Defend the network
Ensure secure access
IBM MobileFirst Security
Safeguard mobile apps Preserve user experience without
compromising security
Key offerings:
IBM Security Access Manager for Cloud and Mobile
IBM Security Appscan
© 2013 IBM Corporation11
EnrollRegister owner and services
ConfigureSet appropriate security policies
MonitorEnsure device compliance
ReconfigureAdd new policies over-the-air
De-provisionRemove services and wipe
AuthenticateProperly identify mobile users
EncryptSecure network connectivity
MonitorLog network access and events
ControlAllow or deny access to apps
BlockIdentify and stop mobile threats
DevelopUtilize secure coding practices
TestIdentify application vulnerabilities
MonitorCorrelate unauthorized activity
ProtectDefend against application attacks
UpdatePatch old or vulnerable apps
Corporate Intranet
Internet
IBM
Sec
uri
ty F
ram
ewo
rk d
om
ain
s
Steps to consider when securing the mobile enterprise
© 2013 IBM Corporation12
IBM SecurityAppScan
IBM Security AppScanIdentify vulnerabilities in web and mobile application source code
Native Android and iOS application support
Better vulnerability detection from: Risk assessment of over 40,000 APIs
Full call and data flow analysis for Java, JavaScript, Object-C (Mac OS X)
Provides identification of sensitive data leak sources
Helps reduce malware susceptibility of mobile apps
Native Android and iOS application support
Better vulnerability detection from: Risk assessment of over 40,000 APIs
Full call and data flow analysis for Java, JavaScript, Object-C (Mac OS X)
Provides identification of sensitive data leak sources
Helps reduce malware susceptibility of mobile apps
What’s new in IBM Security AppScan V8.7
Native support extended for iOS to accelerate enterprise usage Enhanced support for JavaScript analysis in hybrid mobile apps Out-of-the-box support for IBM Worklight built apps to incorporate context aware risk-
based access
What’s new in IBM Security AppScan V8.7
Native support extended for iOS to accelerate enterprise usage Enhanced support for JavaScript analysis in hybrid mobile apps Out-of-the-box support for IBM Worklight built apps to incorporate context aware risk-
based access
© 2013 IBM Corporation13
Security solutions for the mobile enterprise
Enterprise Applicationsand Cloud Services
Identity, Fraud,and Data Protection
Device Security Content Security Application Security Transaction Security
IBM SecurityAppScan
IBM SecurityAccess Manager
IBM Mobile Security Solutions
IBM Mobile Security Services
Security Intelligence
IBM Mobile First powered by…
IBM QRadar SecurityIntelligence Platform
© 2013 IBM Corporation14
1. Mobile Device ManagementMDM MAM Expense
2. Secure Productivity SuiteEmail Web Apps
3. Mobile Enterprise GatewayIntranet Content Apps
4. Secure Document SharingView Sync Edit
MaaS360 meets all Enterprise Use Cases
14
Device Security
App Security
Content Security
******
Separate Work ContainerSeparate Work Container
EMM Comprehensivenessin a single, purpose-built platform
Use Case Flexibility & Comprehensiveness
• Full Native Device, App, and Content Mgmt• Native-like, dual-persona container• Mix-and-Match by
– Platform (iOS / Android)– Function (Email, Docs, etc.)
© 2013 IBM Corporation15
MaaS360 Secure Productivity Suite
MaaS360 Secure Mail
MaaS360 Application Security
MaaS360 Secure Document Sharing
MaaS360 Secure Browser
15
A Trusted WorkPlace Dual-Persona container for seamless security and productivity
© 2013 IBM Corporation1616
© 2013 IBM Corporation17
IBM Security Access Manager for Cloud and MobileExtend user-access protection to cloud and mobile environments
Context-aware detection and prevention capabilities
Enable federated single sign-on (SSO) and identity mediation across different service providers
Mobile authentication and one-time password support
Consistently execute security policies across multiple applications and users
Context-aware detection and prevention capabilities
Enable federated single sign-on (SSO) and identity mediation across different service providers
Mobile authentication and one-time password support
Consistently execute security policies across multiple applications and users
Security-rich cloud services access to mobile users with IBM Security Access Manager and IBM WebSphere DataPowerAuthentication and authorization to back-end services Security-rich integration and federated single sign-on with third party service
providers
Security-rich cloud services access to mobile users with IBM Security Access Manager and IBM WebSphere DataPowerAuthentication and authorization to back-end services Security-rich integration and federated single sign-on with third party service
providers
© 2013 IBM Corporation18
European Bank delivers secure mobile Internet bankingEuropean Bank delivers secure mobile Internet bankingBackgroundMajor European Bank needed to reduce operational
complexity and cost with a single, scalable infrastructure to secure access to various back-end services from multiple mobile apps. A customized authentication mechanism empowered the bank to guarantee the security of its customers while safeguarding the trust relationship with a safe app platform that encrypts local data and delivers app updates immediately.
Customer Needs Extend secure access to banking apps to mobile
customers
Enhance productivity of employees to perform secure banking transactions via mobile devices
Support for iOS, Android, and Windows Mobile
Benefits
Authenticates requests made via HTTPS from hybrid mobile apps running on WorkLight platform to back-end services
A custom certificates-based authentication mechanism implemented to secure back-end banking application
© 2013 IBM Corporation19
A health insurance provider offers secure mobile accessA health insurance provider offers secure mobile access
Challenges Differentiate from competitors by offering
customers greater access by supporting mobility
Reduce overhead of paper-based claims processing and call-center volume
Solution Requests made via HTTPS to multiple back-end
services from native device applications protected by IBM Security Access Manager
Authentication enforced with both Basic Authentication and a custom implementation through Access Manager’s External Authentication Interface
Benefits• Simultaneously build trust and improve user
experience with secure membership management and claims processing
• Improve customer satisfaction and responsiveness through secure mobile solutions
© 2013 IBM Corporation20Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose
Magic Quadrant for Mobile Enterprise Mobility Management SuitesTerrence Cosgrove, Rob Smith, Chris Silva, Bryan Taylor, John Girard, Monica BassoJune 3, 2014
This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report.
Gartner has recognized IBM as a leader in the Magic Quadrant for Enterprise Mobility Management Suites
© 2013 IBM Corporation21
1 Watch ‘Delivering confidence to seize the mobile opportunity’: bit.ly/15Kc0YI
Talk with your IBM representative or Business Partner to find the right next step for you
23
Learn more: ibm.com/mobilefirsttwitter.com/IBMMobile (#IBMMobile)facebook.com/IBMMobile
Three ways to get started with IBM MobileFirst
© 2013 IBM Corporation22
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, Rational, the Rational logo, Telelogic, the Telelogic logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Learn more at: www.ibm.com/mobilefirst