Upload
nalneesh-gaur
View
735
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
The IntersectionSecurity considerations for being social & mobile while riding the cloudNalneesh Gaur, PwCWeb Forum, Information Management ForumMarch 2, 2012
www.pwc.com
PwC 2
Cloud, mobile and social media synergies increasingly exploited
Case study 1: Construction safety
Case study 2: The board room
PwC 3
About this talk
• Context and Emerging Trends• Pain Points/Imperatives• Response Framework
PwC 4
Context and Emerging Trends
What insights can we glean from emerging trends?
PwC 5
The Context
Local/Proximity Context
Install/Access/Use Application
Access/Store Data locally
Exchange Information
Remote Context
Access/Use Applications
Download/Upload Content
Community Interactions
Conduct Mobile Commerce
Use Location Based Services
Mobile Device
Social Media
Cloud Applications, Data and Services
PwC 6
Japan’s social networking trends show importance of mobile – mobile page views = 85% vs. 14% 4.5 years ago
One of Japan’s leading social network monthly page views, mobile vs. PC, CQ2:06-CQ4:10
Source: Morgan Stanley Research
2Q06 3Q06 4Q06 1Q07 2Q07 3Q07 4Q07 1Q08 2Q08 3Q08 4Q08 1Q09 2Q09 3Q09 4Q09 1Q10 2Q10 3Q10 4Q100
5,000
10,000
15,000
20,000
25,000
30,000
Mobile Page Views Desktop Page Views
CQ3:09 – Platform opened to 3rd-party developers
15%
85%
Mon
thly
Pag
e Vi
ews
(MM
)
86%
14%
PwC 7
Strong mobile trends for leading social companies
Source: Kleiner Perkins: 2011 Top 10 Mobile Trends-Feb-2011
200MM mobile active users vs. 50M in 9/09 2x more active than desktop-only users
Mobile = 50% of total active users.Vs. 25% Y/YMobile = 40% of all tweets
Introduction of mobile product drove 2x conversionratio from free to paying subscribersMobile users = 25-30% total users in mature markets
100MM mobile users vs.50MM Y/Y
Adding 3MM users per month50% of all users subscribe on mobile
Facebook Twitter
Spotify
SHAZAM Pandora
PwC 8
Convenience and ubiquity are driving mobility
Computing growth drivers over time, 1960-2020E
Note: PC installed base reached 100MM in 1993, cellphone/Internet users reached 1B in 2002/2005 respectively;Source: ITU, Mark Lipacis, Morgan Stanley Research.
1
10
100
1,000
10,000
100,000
1,000,000
1960 1970 1980 1990 2000 20202010
Mainframe
Minicomputer
Pc
Desktop Internet
Mobile Internet
Increasin
g Integration
1MM+Units
10MM+Units
100MM+Units
1B+Units/Users
10B+Units???
More than Just Phones
iPad
Kindle
Cell phone/PDA
Mobile Video
Wireless HomeAppliances
Smartphone
Tablet
MP3
Car ElectronicsGPS, ABS, A/V
HomeEntertainment
Games
PwC 9
Mobile is shaping new behaviors
Average Time Spent on Various Mobile Functions, 1/11
Source: AppsFire 1/11
10 minutes (12%)
Web/Web Apps
40 minutes (47%)
All Other• Maps
• Games
• Social Networking
• Utilities
• More
7 minutes (9%)
Mail App
27 minutes (32%)
Telephony
• Phone
• Skype
• Messages
New Activity
PwC 10
Forecast: Global public cloud market size, 2011 To 2020
Source: Forrester, April 2011 “Sizing The Cloud”
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020$0
$20
$40
$60
$80
$100
$120
$140
$160
$180
Total public cloud markets(US$ billions)
PwC
Cloud computing: Many want better enforcement of provider security policies.
Question 41: “Does your organization currently use cloud services such as Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), or Infrastructure-as-a-Service (IaaS)?” Question 41c: “What impact has cloud computing had on your company’s information security?” Question 41b: “What is the greatest
security risk to your cloud computing strategy?” (Not all factors shown. Total does not add up to 100%.)
Four out of ten (41%) respondents say their organization uses cloud services – and 54% of those that do say the cloud has improved their information security. The greatest risks associated with cloud computing? An uncertain ability to enforce provider security policies and inadequate training and IT auditing are top concerns.
Uncertain ability to en-force provider site secu-
rity policies
Inadequate trainingand IT auditing
Questionable privileged access controlat provider site
Proximity of data to someone else's
Uncertain ability to recover data
0%
20%
40%
32%
19%15%
11%9%
11
PwC 12
88 percent of mobile professionals use social networks
14 percent have used cloud computing in the past year
Source: The Business Journals reveals the business habits of the rising number of SMB mobile professionals, 2011
PwC 13
Business continuity
Access Control
Compliance
Events - Incident response and investigation
Document, audit processes and
procedures for data access protection
Maintain compliance with regulatory
Detect and correct security events
Cooperate during investigations and incident responses
Audit and report user access and data use
Ensure the viability of the provider and
contingency of the consumer’s services
Control access to sensitive data
Provision and deprovision user access
Data protection and segregation
Provide business continuity and
disaster recovery
Prevent unauthorized data exposure, loss or
corruption
Maintain data segregation in multi-
tenet environment
Implement data classification scheme
and processes for handling sensitive data
Securely dispose of data no longer required
In a cloud services environment, providers and consumers must address familiar security and risk challenges
PwC 14
Recap: Key trends at the Intersection
Business drivers1. Mobile Devices with Advanced
Capabilities and Fast Network Connectivity
2. User Driven Change- Board Room and Senior
Executives driving usage - Users demanding enhanced
collaboration and productivity
3. Greater convenience- Applications moving beyond
Email/Contacts/Calendars- Rich content enables quick
decisioning
Key trends
BYOD/Approved Corporate Mobile devices1
Compelling Mobile Applications2
Identity as a Service, Strong Authentication3
Cloud Applications, Data and Services4
Social Networking for Marketing and Customer Interaction5
Social Media Monitoring/Analytics6
PwC 15
Pain points (Imperatives)
Business Context:What other businesses are experiencing?
PwC 16
“Nearly 30% of companies experienced a breach due to unauthorized mobile device use.”
Source: Q1 Enterprise and SMB Survey, 2009 - Forrester Research
PwC 17
Malware by mobile OS
“The MM revolution started principally in 2004 with the release of the Cabir. A worm, SymbianOS. Some MM were released before this date, but it was Cabir and the release of its source code that caused an explosion of new MM to emerge.” – Ken Dunham, Mobile Malware Attacks and Defense
Source: McAffee Threats Report: Second Quarter 2011
New Mobile Malware Q2 2011AndroidJave MESymbianBlackberryMSILPythonVBS
Growth in Mobile Malware
Serious attacks emerge
Complete device control
PwC 18
Complicating factors for security
Device Diversity/Complexity
Application Explosion
Data Explosion
Advanced Persistent Threats
Data Transference and Inference
PwC 19
Response framework
Leading practices: How other businesses are responding
PwC 20
Mobile devices and social media: New rules and new risks
Have a security strategy foremployee use of personal devices
Have a security strategyfor mobile devices
Have a security strategyfor social media
10%
20%
30%
40%
50%
43%
37%
32%
Question 17: “What process information security safeguards does your organization currently have in place?” (Not all factors shown. Total does not add up to 100%.)
Source: PwC/CXO media 2012 Global State of Information Security Survey
PwC 21
Guiding principles
PwC 22
Governance
PwC 23
Process
PwC 24
Technology
PwC 25
Key questions remain
• Which policies are enforceable?• How will we educate our customers, employers and partners?• Which process and tools to evolve? How to address gaps?• How to balance productivity, opportunity and risks?• What is the right approach to changing culture – grass roots,
leadership, hybrid?• Others?
PwC 26
Thank youNalneesh Gaur, [email protected]
© 2012 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers LLP, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.
This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisor