MDM is not Enough - Parmelee

© 2013 IBM Corporation

IBM Mobile Security: Why MDM is not Enough

Ken ParmeleeBusiness Development Executive and Program Director, MobileFirst

© 2013 IBM Corporation2

Enterprises need confidence to put mobile first…


The threat of attack looms large


Mobile devices are shared more often

Mobile devices are used in more locations

Mobile devices prioritize the user

Mobile devices are diverse.

Mobile devices have multiple personas

• Personal phones and tablets shared with family

• Enterprise tablet shared with co-workers

• Social norms of mobile apps vs. file systems

• Work tool

• Entertainment device

• Personal organization

• Security profile per persona?

• OS immaturity for enterprise mgmt

• BYOD dictates multiple OSs

• Vendor / carrier control dictates multiple OS versions

• A single location could offer public, private, and cell connections

• Anywhere, anytime

• Increasing reliance on enterprise WiFi

• Conflicts with user experience not tolerated

• OS architecture puts the user in control

• Difficult to enforce policy, app lists

Mobile devices: Unique security challenges


Mobile Fraud Risk Vectors

#1: Compromised andVulnerable Devices

#1: Compromised andVulnerable Devices

Susceptible to rogue apps, mobile

malware

Susceptible to rogue apps, mobile

malware

#2: Account Takeover via a Criminal Mobile

Device

#2: Account Takeover via a Criminal Mobile

Device

Server-side device ID isn't effective for

mobile device

Server-side device ID isn't effective for

mobile device

#3: Cross-ChannelAttacks

#3: Cross-ChannelAttacks

Credential theft from the desktop enables

mobile fraud

Credential theft from the desktop enables

mobile fraud


Device Management

Network, Data, and Access Security

Application Layer Security

Security for endpoint device and data

Achieve visibility and adaptive security policies

Develop and test applications

IBM MobileFirst’s approach to security


Why take an integrated approach to mobile security?

Speed time to deployment of enterprise mobile apps and updates, while improving quality

Improve WiFi network management for greater reliability, employee productivity, and minimize business interruptions

Enhance end-to-end security to help prevent loss of intellectual property and regulated data

Less total infrastructure for lower hardware, admin costs

Reduce help desk calls, device and service lifecycle costs


What if context determined capabilities automatically & securely?

• Context On-site inside emergency room On the hospital network Authorized doctor on shift

Function: All app features Data: Full data access and storage Security: Single-factor authentication

• Context At coffee shop On an unsecured network Authorized doctor on call

Function: Designated features only Data: Specific encrypted data Security: Multi-factor authentication

Governed Policy


Industry Solutions

IBM & Partner Applications

BankingBanking Insurance

Insurance

Transport

Transport

TelecomTelecom GovernmentGovernmentRetailRetail HealthcareHealthcare AutomotiveAutomotive

Application & Data Platform

Str

ateg

y &

Des

ign

Ser

vice

s

Cloud & Managed Services

Devices Network Servers

Develo

pm

ent &

Inte

gratio

n S

ervices

ManagementManagement AnalyticsAnalyticsSecuritySecurity

IBM MobileFirst offering portfolio


IBM MobileFirst Security offers: Context aware risk – based access control

Mobile threat protection

Strong session management & Single Sign–on

Vulnerability analysis for mobile apps

Visibility and analysis of security events from the device, network, user end app behavior

For clients who need to:

Protect devices and data

Defend the network

Ensure secure access

IBM MobileFirst Security

Safeguard mobile apps Preserve user experience without

compromising security

Key offerings:

IBM Security Access Manager for Cloud and Mobile

IBM Security Appscan


EnrollRegister owner and services

ConfigureSet appropriate security policies

MonitorEnsure device compliance

ReconfigureAdd new policies over-the-air

De-provisionRemove services and wipe

AuthenticateProperly identify mobile users

EncryptSecure network connectivity

MonitorLog network access and events

ControlAllow or deny access to apps

BlockIdentify and stop mobile threats

DevelopUtilize secure coding practices

TestIdentify application vulnerabilities

MonitorCorrelate unauthorized activity

ProtectDefend against application attacks

UpdatePatch old or vulnerable apps

Corporate Intranet

Internet

IBM

Sec

uri

ty F

ram

ewo

rk d

om

ain

s

Steps to consider when securing the mobile enterprise


IBM SecurityAppScan

IBM Security AppScanIdentify vulnerabilities in web and mobile application source code

Native Android and iOS application support

Better vulnerability detection from: Risk assessment of over 40,000 APIs

Full call and data flow analysis for Java, JavaScript, Object-C (Mac OS X)

Provides identification of sensitive data leak sources

Helps reduce malware susceptibility of mobile apps

Native Android and iOS application support

Better vulnerability detection from: Risk assessment of over 40,000 APIs

Full call and data flow analysis for Java, JavaScript, Object-C (Mac OS X)

Provides identification of sensitive data leak sources

Helps reduce malware susceptibility of mobile apps

What’s new in IBM Security AppScan V8.7

Native support extended for iOS to accelerate enterprise usage Enhanced support for JavaScript analysis in hybrid mobile apps Out-of-the-box support for IBM Worklight built apps to incorporate context aware risk-

based access

What’s new in IBM Security AppScan V8.7

Native support extended for iOS to accelerate enterprise usage Enhanced support for JavaScript analysis in hybrid mobile apps Out-of-the-box support for IBM Worklight built apps to incorporate context aware risk-

based access


Security solutions for the mobile enterprise

Enterprise Applicationsand Cloud Services

Identity, Fraud,and Data Protection

Device Security Content Security Application Security Transaction Security

IBM SecurityAppScan

IBM SecurityAccess Manager

IBM Mobile Security Solutions

IBM Mobile Security Services

Security Intelligence

IBM Mobile First powered by…

IBM QRadar SecurityIntelligence Platform


1. Mobile Device ManagementMDM MAM Expense

2. Secure Productivity SuiteEmail Web Apps

3. Mobile Enterprise GatewayIntranet Content Apps

4. Secure Document SharingView Sync Edit

MaaS360 meets all Enterprise Use Cases

14

Device Security

App Security

Content Security

******

Separate Work ContainerSeparate Work Container

EMM Comprehensivenessin a single, purpose-built platform

Use Case Flexibility & Comprehensiveness

• Full Native Device, App, and Content Mgmt• Native-like, dual-persona container• Mix-and-Match by

– Platform (iOS / Android)– Function (Email, Docs, etc.)


MaaS360 Secure Productivity Suite

MaaS360 Secure Mail

MaaS360 Application Security

MaaS360 Secure Document Sharing

MaaS360 Secure Browser

15

A Trusted WorkPlace Dual-Persona container for seamless security and productivity



IBM Security Access Manager for Cloud and MobileExtend user-access protection to cloud and mobile environments

Context-aware detection and prevention capabilities

Enable federated single sign-on (SSO) and identity mediation across different service providers

Mobile authentication and one-time password support

Consistently execute security policies across multiple applications and users

Context-aware detection and prevention capabilities

Enable federated single sign-on (SSO) and identity mediation across different service providers

Mobile authentication and one-time password support

Consistently execute security policies across multiple applications and users

Security-rich cloud services access to mobile users with IBM Security Access Manager and IBM WebSphere DataPowerAuthentication and authorization to back-end services Security-rich integration and federated single sign-on with third party service

providers

Security-rich cloud services access to mobile users with IBM Security Access Manager and IBM WebSphere DataPowerAuthentication and authorization to back-end services Security-rich integration and federated single sign-on with third party service

providers


European Bank delivers secure mobile Internet bankingEuropean Bank delivers secure mobile Internet bankingBackgroundMajor European Bank needed to reduce operational

complexity and cost with a single, scalable infrastructure to secure access to various back-end services from multiple mobile apps. A customized authentication mechanism empowered the bank to guarantee the security of its customers while safeguarding the trust relationship with a safe app platform that encrypts local data and delivers app updates immediately.

Customer Needs Extend secure access to banking apps to mobile

customers

Enhance productivity of employees to perform secure banking transactions via mobile devices

Support for iOS, Android, and Windows Mobile

Benefits

Authenticates requests made via HTTPS from hybrid mobile apps running on WorkLight platform to back-end services

A custom certificates-based authentication mechanism implemented to secure back-end banking application


A health insurance provider offers secure mobile accessA health insurance provider offers secure mobile access

Challenges Differentiate from competitors by offering

customers greater access by supporting mobility

Reduce overhead of paper-based claims processing and call-center volume

Solution Requests made via HTTPS to multiple back-end

services from native device applications protected by IBM Security Access Manager

Authentication enforced with both Basic Authentication and a custom implementation through Access Manager’s External Authentication Interface

Benefits• Simultaneously build trust and improve user

experience with secure membership management and claims processing

• Improve customer satisfaction and responsiveness through secure mobile solutions

© 2013 IBM Corporation20Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose

Magic Quadrant for Mobile Enterprise Mobility Management SuitesTerrence Cosgrove, Rob Smith, Chris Silva, Bryan Taylor, John Girard, Monica BassoJune 3, 2014

This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report.

Gartner has recognized IBM as a leader in the Magic Quadrant for Enterprise Mobility Management Suites


1 Watch ‘Delivering confidence to seize the mobile opportunity’: bit.ly/15Kc0YI

Talk with your IBM representative or Business Partner to find the right next step for you

23

Learn more: ibm.com/mobilefirsttwitter.com/IBMMobile (#IBMMobile)facebook.com/IBMMobile

Three ways to get started with IBM MobileFirst


© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, Rational, the Rational logo, Telelogic, the Telelogic logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Learn more at: www.ibm.com/mobilefirst

Documents

MDM is not Enough - Parmelee