SlideShare a Scribd company logo

Hidden security and privacy consequences around mobility (Infosec 2013)

Huntsman Security
Huntsman Security

An overview of the security and privacy implications and risks resulting from the wider adoption of mobile devices, apps, cloud and the resultant changes to customer interaction and business processes

Technology
1 of 13
Download to read offline
Copyright © Tier-3 Pty Ltd, 2012. All rights reserved. A world of information Security and privacy implications of mobility Piers Wilson Tier-3 Huntsman® - Head of Product Management
Introduc)ons   2  01/05/2013   Piers  Wilson   Head  of  Product  Management   Director  of  IISP   Previously  senior  manager  in  Cyber   Security  prac?ce  at   PricewaterhouseCoopers     Tier-­‐3  Huntsman®  at  Infosec     •  SIEM  /  Event  correla?on  /  “Big  data”  analy?cs   •  Behaviour  Anomaly  Detec?on  (BAD  2.0)   •  Governance,  Risk,  Compliance   •  Cloud/mul?-­‐tenancy  support   Stand  K31  
Agenda  and  scope   •  What  this  talk  is  about…   –  Iden?fying  the  informa?on  on  users/ ac?vity  that  has  relevance  for  security  and   an?-­‐fraud  purposes   –  Security  and  fraud  consequences  of  the   wider  business  adop?on  of  mobile   applica?ons   –  Privacy  and  security  versus  business   interest  and  usefulness   •  What  this  talk  is  not  about…   –  Mobile  device  management   –  Mobile  applica?on  security   01/05/2013   3   79%  of  the  UK  popula?on  use  the  internet   anywhere,  on  any  device   Ofcom,  2012     11%  of  businesses  report  all  marke?ng  ac?vi?es   are  truly  integrated  across  online  and  offline   channels   Affilinet,  2011     Four  out  of  five  US  smartphone  owners,  use  the   phone  to  help  with  shopping   Google/Ipsos,  2011     Demand  for  security  informa?on  and  event   management  tools  will  grow  to  more  than  $1   billion  worldwide  by  2015   Frost  &  Sullivan  2011     "There  is  no  subs?tute  for  knowledge.”   W.  Edwards  Deming     “Before  undertaking  monitoring,  iden?fy  clearly   the  purpose(s)  behind  the  monitoring  and  the   specific  benefits  it  is  likely  to  bring”     ICO  BYOD  Guidance,  2013  
Background   •  App  “ecosystems”,  consumerisa?on  and   "bring  your  own  device"  are  here   •  Users  /  Customers  increasingly  expect  to   access  systems  via  apps  /  personal   devices   •  Imminent  explosion  in  mobile  payments   •  Opportunity  to  collect,  process  and   understand  considerably  more  data   –  Internal  logs,  external  sources,  user   transac?ons,  staff  movements,  habits,   loca?ons,  ac?vi?es,  wider  contexts,  proximity   01/05/2013   4  
However…   Two  big  ques)ons   1.  Can  organisa?ons  iden?fy,  collect   and  effec?vely  analyse  the  data   available  to  them   2.  What  are  the  privacy  and  security   implica?ons  of  collec?ng  data  and   using  it  in  this  way   01/05/2013   5  
Business  intelligence  origins   •  Most  businesses  are  comfortable  with:   –  Collec?ng  security  log  and  event  informa?on  from   systems  (tradi?onal  SIEM  technologies)   –  Monitoring  staff  use,  system  ac?vity  and  network  traffic   for  threat  iden?fica?on   –  Gathering  payment  and  transac?on  informa?on  for  fraud   detec?on  and  risk  management  (FMS)   –  Profiling  customer  ac?vity  through  on-­‐line  accounts  and   loyalty  schemes   –  Credit  checking  and  the  concept  of  risk  scoring   01/05/2013   6  
What  does  mobility  mean   for  security  and  fraud?   Richer  Data     •  Loca?on  and  ac?vity  informa?on  for   employees/contractors/customers  becomes   more  available  and  more  useful   •  Monitoring  of  browsing  and  buying  habits   can  be  device  and  loca?on  aware   –  Richer  than  just  web-­‐site  analy?cs  for  tracking   customers   –  Loca?on,  proximity  to  outlets  and  real-­‐world   marke?ng  and  loca?ons  of  neighbours/ compe?tor   •  Loyalty  systems  expand  beyond  what  I  buy   (or  what  I  might  like)  or  where  I  shop   (special  offers)  to  being  more  focussed   •  We’ll  see  interest  in  greater  security  and   fraud  insights;  coupled  with  customer   profiling  and  new  flavours  of  data   –  “big  data”   Financial  Drivers     •  Interfaces  between  systems  to  detect   security  incidents,  events  and  fraud  will   become  more  prevalent  in  the  mobile  space   •  Some  intelligence  will  move  from  the  back-­‐ end  to  nearer  the  client  end   –  What  you  can’t  do  in  a  web  page  you  may  be   able  to  do  within  an  app   •  Mobile  payments  will  mean  real  money   flowing  between  real  devices  and/or   terminals   •  Real  world  financial  ac?vity,  coupled  with   on-­‐line  logging  and  monitoring  and  the   ability  to  track  loca?on  becomes  real  ?me   –  Who  gets  the  mobile  payment?   –  Where  are  the  logs?  
What  else  does  mobility  mean   for  security  and  fraud?   New  Applica)ons     •  Sector-­‐specific  applica?ons  with  the  ability   to  gather  and  analyse  logs  and  data  sets   which  “mean  something”   –  Searching  for  meaning  in  security  log  data   –  Some  uses  will  have  business/customer  benefits   –  Could  become  intrusive   •  If  we  create  data  with  more  value  the   business  cri?cality  and  the  impact  of  loss/ them/exposure  will  also  increase   –  Driving  security  requirements   •  Some  obvious  examples:   –  Motor  insurance  applica?ons  to  derive  risk   informa?on  or  to  make  post-­‐claim  decisions  –  to   log  accidents  and/or  track  movement/speed/ loca?on/risk  factors  prior  to  crash  or  robbery   –  Applica?ons  that  turn  on  the  hea?ng  when  you   are  close  to  home   Personal  /  Lifestyle     •  Personal  and  social  aspects  of  mobility,   security  and  data  analysis   •  In  many  cases  there  is  (or  will  be)  a  social   and  a  business  interpreta?on  of  the   gathered  data   •  Whose  data  is  this?   –  Work/life  balance  (hours  at  office)   –  Health  (exercise/food  consump?on)   –  Social  interac?ons  (associa?ons/photos/”near   me”)   –  Security  systems  based  on  proximity  between   users/devices/controls   –  Emergency  situa?ons/unrest  and  loca?on/ exposure   01/05/2013   8  
Don’t  collect  more  than  you  need  and   then  struggle  to  protect  it   •  Increasing  contextual  data  being  available  to  apps  installed   locally  or  to  back-­‐end  systems   •  Collec?on  and  analysis  may  be  overt  or   could  become  part  of  the  rou?ne  handling   of  ac?vity  and  transac?ons   –  Hence  less  visible   –  What  is  a  security  log  and  what  is  a  customer  ac)vity  log?   •  The  collec?on  and  use  “purposes”  could  get  blurred  …  with   implica?ons  for  privacy  and  security   –  Data  collected  for  fraud  purposes  could  become  useful  for  customer   profiling  and  marke?ng   –  If  you  know  “where  I  am”,  you  also  know  “where  I  am  not”  (at  home,  at   work,  at  the  gym);  and  maybe  “who  I’m  with”  or  “what  I’m  doing”   01/05/2013   9  
Deciding  what  informa)on  to  collect   and  why…   Security  teams  are  used  to  drawing  a  balance   between  benefit  and  risk   •  what  data  we  collect  and  its  value     Industry  (more  widely)  is  star?ng  to  invest  in,  and   discover,  the  value  of  data  analy?cs     In  security  the  wider  benefits  of  “big  data”   involves  different  parameters  …  more  data  means:   •  Improved  fraud  detec?on  capability   •  Beqer  customer  profiling   •  More  context   •  Richer  user  experience   AND   •  Greater  visibility  around  security  threats,  risks,   aqacks     01/05/2013   10   Smarter  data   analy?cs   More useful data sources More uses / Bigger audience
…  and  then  making  sure  we  can   protect  it   Growth  of  security/customer/fraud/business  data  from  the  emerging  mobile   compu?ng  environment  can:   •  Challenge  privacy  obliga?ons   •  Exceed  expecta?ons  from  users/regulators   •  Give  security  teams  another  (and  higher  impact)  data  set  to  protect   Organisa)ons  need  to  evolve  their  security  stance  -­‐  even  simple  “big  data”   examples  could  raise  the  risk  levels  much  higher     Need  considera?on  of:   •  Balancing  security,  fraud,  privacy  and  func?onality  within  the  mobile  apps/facili?es   used  by  customers  and  staff   •  Protect  data  that  we  collect  –  where  privacy  implica?ons  (to  customers)  or  raw  value   (to  us)  is  heightened   Organisa)ons  must  ensure  they  have  the  right  tools  and  approaches  to  gain  the   maximum  value  from  the  security,  fraud,  ac)vity,  loca)on  data     01/05/2013   11  
So  what?   •  The  value  of  (all)  data  is  increasing,  partly  driven  by  a  more   mobile  and  app-­‐oriented  environment   …  security  logs,  behaviour  anomaly  detec?on,  cyber  threat  detec?on   …  businesses  increasingly  using  data  to  drive  efficiencies  and  customer   in?macy  through  mobile  channels   •  We  have  to  acknowledge  these  trends  and  ensure  that  we   adequately  protect  business  informa?on  where  the  privacy  risk,   exposure  and  value  becomes  more  cri?cal   •  Clever  security  technologies  can  really  help,  especially  where   past  controls  become  less  applicable  or  effec?ve  in  a  more   interconnected  space   01/05/2013   12  
Copyright © Tier-3 Pty Ltd, 2012. All rights reserved. Finally… Time for questions Or: Find me at Tier-3’s stand K31 piers.wilson@tier-3.com +44 (0) 7800 508517 @only1weasel www.tier-3.com @tier3huntsman

Recommended

Big data research
Big data researchBig data research
Big data research
Ratan Agarwal
 
IoT Big Data Analytics Insights from Patents
IoT Big Data Analytics Insights from PatentsIoT Big Data Analytics Insights from Patents
IoT Big Data Analytics Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
InterConnect 2013 Big Data & Analytics Keynote: Mychelle Mollot
InterConnect 2013 Big Data & Analytics Keynote: Mychelle MollotInterConnect 2013 Big Data & Analytics Keynote: Mychelle Mollot
InterConnect 2013 Big Data & Analytics Keynote: Mychelle Mollot
IBM Events
 
Understanding the impact of your fraud strategy
Understanding the impact of your fraud strategy Understanding the impact of your fraud strategy
Understanding the impact of your fraud strategy
European Merchant Services
 
McKinsey MassTLC Big Data Seminar Keynote - February 28, 2014
McKinsey MassTLC Big Data Seminar Keynote - February 28, 2014McKinsey MassTLC Big Data Seminar Keynote - February 28, 2014
McKinsey MassTLC Big Data Seminar Keynote - February 28, 2014
MassTLC
 
BI & Big data use case for banking - by rully feranata
BI & Big data use case for banking - by rully feranataBI & Big data use case for banking - by rully feranata
BI & Big data use case for banking - by rully feranata
Rully Feranata
 
Leveraging Big Data to Drive Bank Customer Engagement and Loyalty
Leveraging Big Data to Drive Bank Customer Engagement and LoyaltyLeveraging Big Data to Drive Bank Customer Engagement and Loyalty
Leveraging Big Data to Drive Bank Customer Engagement and Loyalty
Jim Marous
 
Big Data in Banking (White paper)
Big Data in Banking (White paper)Big Data in Banking (White paper)
Big Data in Banking (White paper)
InData Labs
 

Recommended

Big data research
Big data researchBig data research
Big data research
Ratan Agarwal
 
IoT Big Data Analytics Insights from Patents
IoT Big Data Analytics Insights from PatentsIoT Big Data Analytics Insights from Patents
IoT Big Data Analytics Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
InterConnect 2013 Big Data & Analytics Keynote: Mychelle Mollot
InterConnect 2013 Big Data & Analytics Keynote: Mychelle MollotInterConnect 2013 Big Data & Analytics Keynote: Mychelle Mollot
InterConnect 2013 Big Data & Analytics Keynote: Mychelle Mollot
IBM Events
 
Understanding the impact of your fraud strategy
Understanding the impact of your fraud strategy Understanding the impact of your fraud strategy
Understanding the impact of your fraud strategy
European Merchant Services
 
McKinsey MassTLC Big Data Seminar Keynote - February 28, 2014
McKinsey MassTLC Big Data Seminar Keynote - February 28, 2014McKinsey MassTLC Big Data Seminar Keynote - February 28, 2014
McKinsey MassTLC Big Data Seminar Keynote - February 28, 2014
MassTLC
 
BI & Big data use case for banking - by rully feranata
BI & Big data use case for banking - by rully feranataBI & Big data use case for banking - by rully feranata
BI & Big data use case for banking - by rully feranata
Rully Feranata
 
Leveraging Big Data to Drive Bank Customer Engagement and Loyalty
Leveraging Big Data to Drive Bank Customer Engagement and LoyaltyLeveraging Big Data to Drive Bank Customer Engagement and Loyalty
Leveraging Big Data to Drive Bank Customer Engagement and Loyalty
Jim Marous
 
Big Data in Banking (White paper)
Big Data in Banking (White paper)Big Data in Banking (White paper)
Big Data in Banking (White paper)
InData Labs
 
Protect Your Revenue Streams: Big Data & Analytics in Tax
Protect Your Revenue Streams: Big Data & Analytics in TaxProtect Your Revenue Streams: Big Data & Analytics in Tax
Protect Your Revenue Streams: Big Data & Analytics in Tax
Capgemini
 
ACFE Presentation on Analytics for Fraud Detection and Mitigation
ACFE Presentation on Analytics for Fraud Detection and MitigationACFE Presentation on Analytics for Fraud Detection and Mitigation
ACFE Presentation on Analytics for Fraud Detection and Mitigation
Scott Mongeau
 
How Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its CustomersHow Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its Customers
Brian Griffith
 
Big Data in Financial Services
Big Data in Financial ServicesBig Data in Financial Services
Big Data in Financial Services
Eikos Partners
 
Big Data: Banking Industry Use Case
Big Data: Banking Industry Use Case Big Data: Banking Industry Use Case
Big Data: Banking Industry Use Case
Ramandeep Kaur Bagri
 
Big Data Analytics and its Application in E-Commerce
Big Data Analytics and its Application in E-CommerceBig Data Analytics and its Application in E-Commerce
Big Data Analytics and its Application in E-Commerce
Uyoyo Edosio
 
Advanced Analytics in Banking, CITI
Advanced Analytics in Banking, CITIAdvanced Analytics in Banking, CITI
Advanced Analytics in Banking, CITI
Innovation Enterprise
 
Customer Journey Analytics and Big Data
Customer Journey Analytics and Big DataCustomer Journey Analytics and Big Data
Customer Journey Analytics and Big Data
McKinsey on Marketing & Sales
 
Rulex big data and analytics
Rulex big data and analyticsRulex big data and analytics
Rulex big data and analytics
Ordine Ingegneri Savona
 
From Business Idea to Successful Delivery by Serhiy Haziyev & Olha Hrytsay, S...
From Business Idea to Successful Delivery by Serhiy Haziyev & Olha Hrytsay, S...From Business Idea to Successful Delivery by Serhiy Haziyev & Olha Hrytsay, S...
From Business Idea to Successful Delivery by Serhiy Haziyev & Olha Hrytsay, S...
SoftServe
 
Big Data en Retail
Big Data en RetailBig Data en Retail
Big Data en Retail
SAP Latinoamérica
 
How advanced analytics is impacting the banking sector
How advanced analytics is impacting the banking sectorHow advanced analytics is impacting the banking sector
How advanced analytics is impacting the banking sector
Michael Haddad
 
Big Data Analytics in light of Financial Industry
Big Data Analytics in light of Financial Industry Big Data Analytics in light of Financial Industry
Big Data Analytics in light of Financial Industry
Capgemini
 
Big Data in Financial Services: How to Improve Performance with Data-Driven D...
Big Data in Financial Services: How to Improve Performance with Data-Driven D...Big Data in Financial Services: How to Improve Performance with Data-Driven D...
Big Data in Financial Services: How to Improve Performance with Data-Driven D...
Perficient, Inc.
 
Keyrus US Information
Keyrus US InformationKeyrus US Information
Keyrus US Information
Julian Tong
 
Analytics in banking preview deck - june 2013
Analytics in banking preview deck - june 2013Analytics in banking preview deck - june 2013
Analytics in banking preview deck - june 2013
Everest Group
 
Data Monetization: Leveraging Subscriber Data to Create New Opportunities
Data Monetization: Leveraging Subscriber Data to Create New OpportunitiesData Monetization: Leveraging Subscriber Data to Create New Opportunities
Data Monetization: Leveraging Subscriber Data to Create New Opportunities
Cartesian (formerly CSMG)
 
How to get started in extracting business value from big data 1 of 2 oct 2013
How to get started in extracting business value from big data 1 of 2 oct 2013How to get started in extracting business value from big data 1 of 2 oct 2013
How to get started in extracting business value from big data 1 of 2 oct 2013
Jaime Nistal
 
TechConnex Big Data Series - Big Data in Banking
TechConnex Big Data Series - Big Data in BankingTechConnex Big Data Series - Big Data in Banking
TechConnex Big Data Series - Big Data in Banking
Andre Langevin
 
Big Data: Real-life Examples of Business Value Generation
Big Data: Real-life Examples of Business Value GenerationBig Data: Real-life Examples of Business Value Generation
Big Data: Real-life Examples of Business Value Generation
Capgemini
 
Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)
Huntsman Security
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
DMIMarketing
 

More Related Content

What's hot

Big Data: Banking Industry Use Case
Big Data: Banking Industry Use Case Big Data: Banking Industry Use Case
Big Data: Banking Industry Use Case
Ramandeep Kaur Bagri
 
Big Data Analytics and its Application in E-Commerce
Big Data Analytics and its Application in E-CommerceBig Data Analytics and its Application in E-Commerce
Big Data Analytics and its Application in E-Commerce
Uyoyo Edosio
 
Big Data Analytics in light of Financial Industry
Big Data Analytics in light of Financial Industry Big Data Analytics in light of Financial Industry
Big Data Analytics in light of Financial Industry
Capgemini
 
Keyrus US Information
Keyrus US InformationKeyrus US Information
Keyrus US Information
Julian Tong
 
How to get started in extracting business value from big data 1 of 2 oct 2013
How to get started in extracting business value from big data 1 of 2 oct 2013How to get started in extracting business value from big data 1 of 2 oct 2013
How to get started in extracting business value from big data 1 of 2 oct 2013
Jaime Nistal
 
Big Data: Real-life Examples of Business Value Generation
Big Data: Real-life Examples of Business Value GenerationBig Data: Real-life Examples of Business Value Generation
Big Data: Real-life Examples of Business Value Generation
Capgemini
 

What's hot (20)

Protect Your Revenue Streams: Big Data & Analytics in Tax
Protect Your Revenue Streams: Big Data & Analytics in TaxProtect Your Revenue Streams: Big Data & Analytics in Tax
Protect Your Revenue Streams: Big Data & Analytics in Tax
 
ACFE Presentation on Analytics for Fraud Detection and Mitigation
ACFE Presentation on Analytics for Fraud Detection and MitigationACFE Presentation on Analytics for Fraud Detection and Mitigation
ACFE Presentation on Analytics for Fraud Detection and Mitigation
 
How Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its CustomersHow Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its Customers
 
Big Data in Financial Services
Big Data in Financial ServicesBig Data in Financial Services
Big Data in Financial Services
 
Big Data: Banking Industry Use Case
Big Data: Banking Industry Use Case Big Data: Banking Industry Use Case
Big Data: Banking Industry Use Case
 
Big Data Analytics and its Application in E-Commerce
Big Data Analytics and its Application in E-CommerceBig Data Analytics and its Application in E-Commerce
Big Data Analytics and its Application in E-Commerce
 
Advanced Analytics in Banking, CITI
Advanced Analytics in Banking, CITIAdvanced Analytics in Banking, CITI
Advanced Analytics in Banking, CITI
 
Customer Journey Analytics and Big Data
Customer Journey Analytics and Big DataCustomer Journey Analytics and Big Data
Customer Journey Analytics and Big Data
 
Rulex big data and analytics
Rulex big data and analyticsRulex big data and analytics
Rulex big data and analytics
 
From Business Idea to Successful Delivery by Serhiy Haziyev & Olha Hrytsay, S...
From Business Idea to Successful Delivery by Serhiy Haziyev & Olha Hrytsay, S...From Business Idea to Successful Delivery by Serhiy Haziyev & Olha Hrytsay, S...
From Business Idea to Successful Delivery by Serhiy Haziyev & Olha Hrytsay, S...
 
Big Data en Retail
Big Data en RetailBig Data en Retail
Big Data en Retail
 
How advanced analytics is impacting the banking sector
How advanced analytics is impacting the banking sectorHow advanced analytics is impacting the banking sector
How advanced analytics is impacting the banking sector
 
Big Data Analytics in light of Financial Industry
Big Data Analytics in light of Financial Industry Big Data Analytics in light of Financial Industry
Big Data Analytics in light of Financial Industry
 
Big Data in Financial Services: How to Improve Performance with Data-Driven D...
Big Data in Financial Services: How to Improve Performance with Data-Driven D...Big Data in Financial Services: How to Improve Performance with Data-Driven D...
Big Data in Financial Services: How to Improve Performance with Data-Driven D...
 
Keyrus US Information
Keyrus US InformationKeyrus US Information
Keyrus US Information
 
Analytics in banking preview deck - june 2013
Analytics in banking preview deck - june 2013Analytics in banking preview deck - june 2013
Analytics in banking preview deck - june 2013
 
Data Monetization: Leveraging Subscriber Data to Create New Opportunities
Data Monetization: Leveraging Subscriber Data to Create New OpportunitiesData Monetization: Leveraging Subscriber Data to Create New Opportunities
Data Monetization: Leveraging Subscriber Data to Create New Opportunities
 
How to get started in extracting business value from big data 1 of 2 oct 2013
How to get started in extracting business value from big data 1 of 2 oct 2013How to get started in extracting business value from big data 1 of 2 oct 2013
How to get started in extracting business value from big data 1 of 2 oct 2013
 
TechConnex Big Data Series - Big Data in Banking
TechConnex Big Data Series - Big Data in BankingTechConnex Big Data Series - Big Data in Banking
TechConnex Big Data Series - Big Data in Banking
 
Big Data: Real-life Examples of Business Value Generation
Big Data: Real-life Examples of Business Value GenerationBig Data: Real-life Examples of Business Value Generation
Big Data: Real-life Examples of Business Value Generation
 

Similar to Hidden security and privacy consequences around mobility (Infosec 2013)

Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model
tmbainjr131
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
EnclaveSecurity
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
sraina2
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
EY
 
f6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdff6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdf
Surendhar57
 
Dataguise hortonworks insurance_feb25
Dataguise hortonworks insurance_feb25Dataguise hortonworks insurance_feb25
Dataguise hortonworks insurance_feb25
Hortonworks
 

Similar to Hidden security and privacy consequences around mobility (Infosec 2013) (20)

Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaks
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins
 
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
 
f6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdff6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdf
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
 
Dataguise hortonworks insurance_feb25
Dataguise hortonworks insurance_feb25Dataguise hortonworks insurance_feb25
Dataguise hortonworks insurance_feb25
 

More from Huntsman Security

Infosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPInfosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSP
Huntsman Security
 

More from Huntsman Security (9)

Infosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction SecurityInfosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction Security
 
Infosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security responseInfosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security response
 
Huntsman - Threat intelligence (for IAP2015)
Huntsman - Threat intelligence (for IAP2015)Huntsman - Threat intelligence (for IAP2015)
Huntsman - Threat intelligence (for IAP2015)
 
Huntsman - Internet of things (for IAP2015)
Huntsman - Internet of things (for IAP2015)Huntsman - Internet of things (for IAP2015)
Huntsman - Internet of things (for IAP2015)
 
Internet of Things: Dealing with the enterprise network of things
Internet of Things: Dealing with the enterprise network of thingsInternet of Things: Dealing with the enterprise network of things
Internet of Things: Dealing with the enterprise network of things
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...
 
Infosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPInfosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSP
 
Using automation to improve the effectiveness of security operations
Using automation to improve the effectiveness of security operationsUsing automation to improve the effectiveness of security operations
Using automation to improve the effectiveness of security operations
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)
 

Recently uploaded

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 

Recently uploaded (20)

Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 

Hidden security and privacy consequences around mobility (Infosec 2013)

  • 1. Copyright © Tier-3 Pty Ltd, 2012. All rights reserved. A world of information Security and privacy implications of mobility Piers Wilson Tier-3 Huntsman® - Head of Product Management
  • 2. Introduc)ons   2  01/05/2013   Piers  Wilson   Head  of  Product  Management   Director  of  IISP   Previously  senior  manager  in  Cyber   Security  prac?ce  at   PricewaterhouseCoopers     Tier-­‐3  Huntsman®  at  Infosec     •  SIEM  /  Event  correla?on  /  “Big  data”  analy?cs   •  Behaviour  Anomaly  Detec?on  (BAD  2.0)   •  Governance,  Risk,  Compliance   •  Cloud/mul?-­‐tenancy  support   Stand  K31  
  • 3. Agenda  and  scope   •  What  this  talk  is  about…   –  Iden?fying  the  informa?on  on  users/ ac?vity  that  has  relevance  for  security  and   an?-­‐fraud  purposes   –  Security  and  fraud  consequences  of  the   wider  business  adop?on  of  mobile   applica?ons   –  Privacy  and  security  versus  business   interest  and  usefulness   •  What  this  talk  is  not  about…   –  Mobile  device  management   –  Mobile  applica?on  security   01/05/2013   3   79%  of  the  UK  popula?on  use  the  internet   anywhere,  on  any  device   Ofcom,  2012     11%  of  businesses  report  all  marke?ng  ac?vi?es   are  truly  integrated  across  online  and  offline   channels   Affilinet,  2011     Four  out  of  five  US  smartphone  owners,  use  the   phone  to  help  with  shopping   Google/Ipsos,  2011     Demand  for  security  informa?on  and  event   management  tools  will  grow  to  more  than  $1   billion  worldwide  by  2015   Frost  &  Sullivan  2011     "There  is  no  subs?tute  for  knowledge.”   W.  Edwards  Deming     “Before  undertaking  monitoring,  iden?fy  clearly   the  purpose(s)  behind  the  monitoring  and  the   specific  benefits  it  is  likely  to  bring”     ICO  BYOD  Guidance,  2013  
  • 4. Background   •  App  “ecosystems”,  consumerisa?on  and   "bring  your  own  device"  are  here   •  Users  /  Customers  increasingly  expect  to   access  systems  via  apps  /  personal   devices   •  Imminent  explosion  in  mobile  payments   •  Opportunity  to  collect,  process  and   understand  considerably  more  data   –  Internal  logs,  external  sources,  user   transac?ons,  staff  movements,  habits,   loca?ons,  ac?vi?es,  wider  contexts,  proximity   01/05/2013   4  
  • 5. However…   Two  big  ques)ons   1.  Can  organisa?ons  iden?fy,  collect   and  effec?vely  analyse  the  data   available  to  them   2.  What  are  the  privacy  and  security   implica?ons  of  collec?ng  data  and   using  it  in  this  way   01/05/2013   5  
  • 6. Business  intelligence  origins   •  Most  businesses  are  comfortable  with:   –  Collec?ng  security  log  and  event  informa?on  from   systems  (tradi?onal  SIEM  technologies)   –  Monitoring  staff  use,  system  ac?vity  and  network  traffic   for  threat  iden?fica?on   –  Gathering  payment  and  transac?on  informa?on  for  fraud   detec?on  and  risk  management  (FMS)   –  Profiling  customer  ac?vity  through  on-­‐line  accounts  and   loyalty  schemes   –  Credit  checking  and  the  concept  of  risk  scoring   01/05/2013   6  
  • 7. What  does  mobility  mean   for  security  and  fraud?   Richer  Data     •  Loca?on  and  ac?vity  informa?on  for   employees/contractors/customers  becomes   more  available  and  more  useful   •  Monitoring  of  browsing  and  buying  habits   can  be  device  and  loca?on  aware   –  Richer  than  just  web-­‐site  analy?cs  for  tracking   customers   –  Loca?on,  proximity  to  outlets  and  real-­‐world   marke?ng  and  loca?ons  of  neighbours/ compe?tor   •  Loyalty  systems  expand  beyond  what  I  buy   (or  what  I  might  like)  or  where  I  shop   (special  offers)  to  being  more  focussed   •  We’ll  see  interest  in  greater  security  and   fraud  insights;  coupled  with  customer   profiling  and  new  flavours  of  data   –  “big  data”   Financial  Drivers     •  Interfaces  between  systems  to  detect   security  incidents,  events  and  fraud  will   become  more  prevalent  in  the  mobile  space   •  Some  intelligence  will  move  from  the  back-­‐ end  to  nearer  the  client  end   –  What  you  can’t  do  in  a  web  page  you  may  be   able  to  do  within  an  app   •  Mobile  payments  will  mean  real  money   flowing  between  real  devices  and/or   terminals   •  Real  world  financial  ac?vity,  coupled  with   on-­‐line  logging  and  monitoring  and  the   ability  to  track  loca?on  becomes  real  ?me   –  Who  gets  the  mobile  payment?   –  Where  are  the  logs?  
  • 8. What  else  does  mobility  mean   for  security  and  fraud?   New  Applica)ons     •  Sector-­‐specific  applica?ons  with  the  ability   to  gather  and  analyse  logs  and  data  sets   which  “mean  something”   –  Searching  for  meaning  in  security  log  data   –  Some  uses  will  have  business/customer  benefits   –  Could  become  intrusive   •  If  we  create  data  with  more  value  the   business  cri?cality  and  the  impact  of  loss/ them/exposure  will  also  increase   –  Driving  security  requirements   •  Some  obvious  examples:   –  Motor  insurance  applica?ons  to  derive  risk   informa?on  or  to  make  post-­‐claim  decisions  –  to   log  accidents  and/or  track  movement/speed/ loca?on/risk  factors  prior  to  crash  or  robbery   –  Applica?ons  that  turn  on  the  hea?ng  when  you   are  close  to  home   Personal  /  Lifestyle     •  Personal  and  social  aspects  of  mobility,   security  and  data  analysis   •  In  many  cases  there  is  (or  will  be)  a  social   and  a  business  interpreta?on  of  the   gathered  data   •  Whose  data  is  this?   –  Work/life  balance  (hours  at  office)   –  Health  (exercise/food  consump?on)   –  Social  interac?ons  (associa?ons/photos/”near   me”)   –  Security  systems  based  on  proximity  between   users/devices/controls   –  Emergency  situa?ons/unrest  and  loca?on/ exposure   01/05/2013   8  
  • 9. Don’t  collect  more  than  you  need  and   then  struggle  to  protect  it   •  Increasing  contextual  data  being  available  to  apps  installed   locally  or  to  back-­‐end  systems   •  Collec?on  and  analysis  may  be  overt  or   could  become  part  of  the  rou?ne  handling   of  ac?vity  and  transac?ons   –  Hence  less  visible   –  What  is  a  security  log  and  what  is  a  customer  ac)vity  log?   •  The  collec?on  and  use  “purposes”  could  get  blurred  …  with   implica?ons  for  privacy  and  security   –  Data  collected  for  fraud  purposes  could  become  useful  for  customer   profiling  and  marke?ng   –  If  you  know  “where  I  am”,  you  also  know  “where  I  am  not”  (at  home,  at   work,  at  the  gym);  and  maybe  “who  I’m  with”  or  “what  I’m  doing”   01/05/2013   9  
  • 10. Deciding  what  informa)on  to  collect   and  why…   Security  teams  are  used  to  drawing  a  balance   between  benefit  and  risk   •  what  data  we  collect  and  its  value     Industry  (more  widely)  is  star?ng  to  invest  in,  and   discover,  the  value  of  data  analy?cs     In  security  the  wider  benefits  of  “big  data”   involves  different  parameters  …  more  data  means:   •  Improved  fraud  detec?on  capability   •  Beqer  customer  profiling   •  More  context   •  Richer  user  experience   AND   •  Greater  visibility  around  security  threats,  risks,   aqacks     01/05/2013   10   Smarter  data   analy?cs   More useful data sources More uses / Bigger audience
  • 11. …  and  then  making  sure  we  can   protect  it   Growth  of  security/customer/fraud/business  data  from  the  emerging  mobile   compu?ng  environment  can:   •  Challenge  privacy  obliga?ons   •  Exceed  expecta?ons  from  users/regulators   •  Give  security  teams  another  (and  higher  impact)  data  set  to  protect   Organisa)ons  need  to  evolve  their  security  stance  -­‐  even  simple  “big  data”   examples  could  raise  the  risk  levels  much  higher     Need  considera?on  of:   •  Balancing  security,  fraud,  privacy  and  func?onality  within  the  mobile  apps/facili?es   used  by  customers  and  staff   •  Protect  data  that  we  collect  –  where  privacy  implica?ons  (to  customers)  or  raw  value   (to  us)  is  heightened   Organisa)ons  must  ensure  they  have  the  right  tools  and  approaches  to  gain  the   maximum  value  from  the  security,  fraud,  ac)vity,  loca)on  data     01/05/2013   11  
  • 12. So  what?   •  The  value  of  (all)  data  is  increasing,  partly  driven  by  a  more   mobile  and  app-­‐oriented  environment   …  security  logs,  behaviour  anomaly  detec?on,  cyber  threat  detec?on   …  businesses  increasingly  using  data  to  drive  efficiencies  and  customer   in?macy  through  mobile  channels   •  We  have  to  acknowledge  these  trends  and  ensure  that  we   adequately  protect  business  informa?on  where  the  privacy  risk,   exposure  and  value  becomes  more  cri?cal   •  Clever  security  technologies  can  really  help,  especially  where   past  controls  become  less  applicable  or  effec?ve  in  a  more   interconnected  space   01/05/2013   12  
  • 13. Copyright © Tier-3 Pty Ltd, 2012. All rights reserved. Finally… Time for questions Or: Find me at Tier-3’s stand K31 piers.wilson@tier-3.com +44 (0) 7800 508517 @only1weasel www.tier-3.com @tier3huntsman