SlideShare uma empresa Scribd logo

Security considerations while being Social and Mobile

Transferir como PPTX, PDF
N
Nalneesh Gaur
TecnologiaNegócios
1 de 26
www.pwc.com The Intersection Security considerations for being social & mobile while riding the cloud Nalneesh Gaur, PwC Web Forum, Information Management Forum March 2, 2012
Cloud, mobile and social media synergies increasingly exploited Case study 1: Construction safety Case study 2: The board room PwC 2
About this talk • Context and Emerging Trends • Pain Points/Imperatives • Response Framework PwC 3
Context and Emerging Trends What insights can we glean from emerging trends? PwC 4
The Context Mobile Device Local/Proximity Context Install/Access/Use Application Access/Store Data locally Exchange Information Use Location Based Services Remote Context Cloud Access/Use Applications Applications, Data and Download/Upload Content Services Conduct Mobile Commerce Social Media Community Interactions PwC 5
Japan’s social networking trends show importance of mobile – mobile page views = 85% vs. 14% 4.5 years ago One of Japan’s leading social network monthly page views, mobile vs. PC, CQ2:06-CQ4:10 85% 30,000 25,000 Monthly Page Views (MM) CQ3:09 – Platform opened 20,000 to 3rd-party developers 15,000 10,000 14% 5,000 86% 15% 0 2Q06 3Q06 4Q06 1Q07 2Q07 3Q07 4Q07 1Q08 2Q08 3Q08 4Q08 1Q09 2Q09 3Q09 4Q09 1Q10 2Q10 3Q10 4Q10 Mobile Page Views Desktop Page Views Source: Morgan Stanley Research PwC 6
Strong mobile trends for leading social companies Facebook 200MM mobile active users vs. Mobile = 50% of total active users. 50M in 9/09 Vs. 25% Y/Y 2x more active than desktop-only users Mobile = 40% of all tweets Introduction of mobile product drove 2x conversion ratio from free to paying subscribers Mobile users = 25-30% total users in mature markets SHAZAM Pandora 100MM mobile users vs. Adding 3MM users per month 50MM Y/Y 50% of all users subscribe on mobile Source: Kleiner Perkins: 2011 Top 10 Mobile Trends-Feb-2011 PwC 7
Convenience and ubiquity are driving mobility Computing growth drivers over time, 1960-2020E More than Just Phones 1,000,000 iPad Mobile Internet 100,000 Smartphone Kindle Desktop Internet Tablet 10,000 10B+Units??? MP3 Cell phone/PDA 1,000 Pc Car Electronics 1B+Units/Users GPS, ABS, A/V 100 Mobile Video Minicomputer 100MM+Units Home Entertainment 10 Games 10MM+Units Mainframe Wireless Home 1 Appliances 1MM+Units 1960 1970 1980 1990 2000 2010 2020 Note: PC installed base reached 100MM in 1993, cellphone/Internet users reached 1B in 2002/2005 respectively; Source: ITU, Mark Lipacis, Morgan Stanley Research. PwC 8
Mobile is shaping new behaviors Average Time Spent on Various Mobile Functions, 1/11 10 minutes (12%) New Activity Web/Web Apps 40 minutes (47%) All Other • Maps 27 minutes (32%) • Games Telephony • Social Networking • Phone • Utilities • Skype • More • Messages 7 minutes (9%) Mail App Source: AppsFire 1/11 PwC 9
Forecast: Global public cloud market size, 2011 To 2020 $180 $160 $140 $120 Total public $100 cloud markets $80 (US$ billions) $60 $40 $20 $0 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 BPaaS ($) 0.15 0.23 0.35 0.53 0.8 1.26 1.95 2.93 4.28 6 7.66 9.08 10.02 SaaS ($) 5.56 8.09 13.4 21.21 33.09 47.22 63.19 78.43 92.75 105.49 116.39 125.52 132.57 PaaS ($) 0.05 0.12 0.31 0.82 2.08 4.38 7.39 9.8 11.26 11.94 12.15 12.1 11.91 IaaS ($) 0.06 0.24 1.02 2.94 4.99 5.75 5.89 5.82 5.65 5.45 5.23 5.01 4.78 Source: Forrester, April 2011 “Sizing The Cloud” PwC 10
Cloud computing: Many want better enforcement of provider security policies. Four out of ten (41%) respondents say their organization uses cloud services – and 54% of those that do say the cloud has improved their information security. The greatest risks associated with cloud computing? An uncertain ability to enforce provider security policies and inadequate training and IT auditing are top concerns. 40% 32% 20% 19% 15% 11% 9% 0% Uncertain ability to Inadequate training Questionable privileged Proximity of data to Uncertain ability to enforce provider site and IT auditing access control someone else's recover data security policies at provider site Question 41: “Does your organization currently use cloud services such as Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), or Infrastructure-as-a-Service (IaaS)?” Question 41c: “What impact has cloud computing had on your company’s information security?” Question 41b: “What is the greatest security risk to your cloud computing strategy?” (Not all factors shown. Total does not add up to 100%.) PwC 11
88 percent of mobile professionals use social networks 14 percent have used cloud computing in the past year Source: The Business Journals reveals the business habits of the rising number of SMB mobile professionals, 2011 PwC 12
In a cloud services environment, providers and consumers must address familiar security and risk challenges Control access to Provision and deprovision Audit and report user Access Control user access access and data use sensitive data Ensure the viability of the Provide business Business continuity provider and contingency continuity and of the consumer’s services disaster recovery Document, audit processes Maintain compliance Compliance with regulatory and procedures for data access protection Implement data Prevent unauthorized data Maintain data Data protection and classification scheme Securely dispose of data exposure, loss or segregation in multi-tenet segregation corruption environment and processes for handling no longer required sensitive data Events - Incident Cooperate during Detect and correct response and security events investigations and investigation incident responses PwC 13
Recap: Key trends at the Intersection Business drivers Key trends 1. Mobile Devices with Advanced Capabilities and Fast Network 1 BYOD/Approved Corporate Mobile devices Connectivity 2. User Driven Change 2 Compelling Mobile Applications - Board Room and Senior Identity as a Service, Strong Executives driving usage 3 Authentication - Users demanding enhanced collaboration and productivity 4 Cloud Applications, Data and Services 3. Greater convenience Social Networking for Marketing and 5 Customer Interaction - Applications moving beyond Email/Contacts/Calendars 6 Social Media Monitoring/Analytics - Rich content enables quick decisioning PwC 14
Pain points (Imperatives) Business Context: What other businesses are experiencing? PwC 15
“Nearly 30% of companies experienced a breach due to unauthorized mobile device use.” Source: Q1 Enterprise and SMB Survey, 2009 - Forrester Research PwC 16
Malware by mobile OS New Mobile Malware Q2 2011 Android “The MM revolution started Jave ME principally in 2004 with the Symbian release of the Cabir. A Blackberry worm, SymbianOS. Some MSIL MM were released before Python this date, but it was Cabir VBS and the release of its source code that caused an Growth in Mobile Malware explosion of new MM to Complete device Serious attacks control emerge.” – Ken emerge Dunham, Mobile Malware Attacks and Defense Source: McAffee Threats Report: Second Quarter 2011 PwC 17
Complicating factors for security Device Diversity/Complexity Application Explosion Data Explosion Advanced Persistent Threats Data Transference and Inference PwC 18
Response framework Leading practices: How other businesses are responding PwC 19
Mobile devices and social media: New rules and new risks 50% 40% 43% 37% 30% 32% 20% 10% Have a security strategy for Have a security strategy Have a security strategy employee use of personal devices for mobile devices for social media Source: PwC/CXO media 2012 Global State of Information Security Survey Question 17: “What process information security safeguards does your organization currently have in place?” (Not all factors shown. Total does not add up to 100%.) PwC 20
Guiding principles PwC 21
Governance PwC 22
Process PwC 23
Technology PwC 24
Key questions remain • Which policies are enforceable? • How will we educate our customers, employers and partners? • Which process and tools to evolve? How to address gaps? • How to balance productivity, opportunity and risks? • What is the right approach to changing culture – grass roots, leadership, hybrid? • Others? PwC 25
Thank you Nalneesh Gaur, Director PwC Nalneesh.Gaur@us.pwc.com © 2012 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers LLP, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisor PwC 26

Recomendados

Mobile Takeover
Mobile Takeover Mobile Takeover
Mobile Takeover Squeaky Wheel Media
 
The Importance of Integrating Mobile
The Importance of Integrating MobileThe Importance of Integrating Mobile
The Importance of Integrating Mobilefivebyfive
 
The future is mobile_gemiusMobile_presentation_10.2010
The future is mobile_gemiusMobile_presentation_10.2010The future is mobile_gemiusMobile_presentation_10.2010
The future is mobile_gemiusMobile_presentation_10.2010Gemius
 
China’s Innovations on the Web
China’s Innovations on the WebChina’s Innovations on the Web
China’s Innovations on the WebDayDayUp
 
Van wyk hothouse mobile 2012 sydney
Van wyk hothouse mobile 2012 sydneyVan wyk hothouse mobile 2012 sydney
Van wyk hothouse mobile 2012 sydneyiStrategy
 
Kelsey: Top 5 Mobile Trends
Kelsey: Top 5 Mobile TrendsKelsey: Top 5 Mobile Trends
Kelsey: Top 5 Mobile TrendsBen Allen
 
Value And Pricing Strategies For Mobile Operators
Value And Pricing Strategies For Mobile OperatorsValue And Pricing Strategies For Mobile Operators
Value And Pricing Strategies For Mobile OperatorsLoïc Le Corre
 
Mobile Megatrends 2010 (VisionMobile)
Mobile Megatrends 2010 (VisionMobile)Mobile Megatrends 2010 (VisionMobile)
Mobile Megatrends 2010 (VisionMobile)SlashData
 

Recomendados

Mobile Takeover
Mobile Takeover Mobile Takeover
Mobile Takeover Squeaky Wheel Media
 
The Importance of Integrating Mobile
The Importance of Integrating MobileThe Importance of Integrating Mobile
The Importance of Integrating Mobilefivebyfive
 
The future is mobile_gemiusMobile_presentation_10.2010
The future is mobile_gemiusMobile_presentation_10.2010The future is mobile_gemiusMobile_presentation_10.2010
The future is mobile_gemiusMobile_presentation_10.2010Gemius
 
China’s Innovations on the Web
China’s Innovations on the WebChina’s Innovations on the Web
China’s Innovations on the WebDayDayUp
 
Van wyk hothouse mobile 2012 sydney
Van wyk hothouse mobile 2012 sydneyVan wyk hothouse mobile 2012 sydney
Van wyk hothouse mobile 2012 sydneyiStrategy
 
Kelsey: Top 5 Mobile Trends
Kelsey: Top 5 Mobile TrendsKelsey: Top 5 Mobile Trends
Kelsey: Top 5 Mobile TrendsBen Allen
 
Value And Pricing Strategies For Mobile Operators
Value And Pricing Strategies For Mobile OperatorsValue And Pricing Strategies For Mobile Operators
Value And Pricing Strategies For Mobile OperatorsLoïc Le Corre
 
Mobile Megatrends 2010 (VisionMobile)
Mobile Megatrends 2010 (VisionMobile)Mobile Megatrends 2010 (VisionMobile)
Mobile Megatrends 2010 (VisionMobile)SlashData
 
Roadshow asia nick lane content services & apps
Roadshow asia nick lane content services & appsRoadshow asia nick lane content services & apps
Roadshow asia nick lane content services & appsmobilesquared Ltd
 
State of the Net issue 23 PDF
State of the Net issue 23 PDFState of the Net issue 23 PDF
State of the Net issue 23 PDFAMAS
 
Taptu: Mobile Touch Web Report 'Government & Non-Profit' Update Mar 2010
Taptu: Mobile Touch Web Report 'Government & Non-Profit' Update Mar 2010Taptu: Mobile Touch Web Report 'Government & Non-Profit' Update Mar 2010
Taptu: Mobile Touch Web Report 'Government & Non-Profit' Update Mar 2010Taptu Touch Search
 
The Mobile Landscape in France and Europe
The Mobile Landscape in France and EuropeThe Mobile Landscape in France and Europe
The Mobile Landscape in France and Europeservicesmobiles.fr
 
China's Mobile Internet Market Overview 201001
China's Mobile Internet Market Overview 201001China's Mobile Internet Market Overview 201001
China's Mobile Internet Market Overview 201001Great Wall Club
 
Hot house istrategy_presentation_february_2012_original-1
Hot house istrategy_presentation_february_2012_original-1Hot house istrategy_presentation_february_2012_original-1
Hot house istrategy_presentation_february_2012_original-1iStrategy
 
Gwc Chinas Mobile Internet Market Overview 201001
Gwc Chinas Mobile Internet Market Overview 201001Gwc Chinas Mobile Internet Market Overview 201001
Gwc Chinas Mobile Internet Market Overview 201001guest9313f4
 
Mobile Developer 101 (mHealth Edition)
Mobile Developer 101 (mHealth Edition)Mobile Developer 101 (mHealth Edition)
Mobile Developer 101 (mHealth Edition)Caroline Lewko
 
NEC Mobile meets the Cloud
NEC Mobile meets the CloudNEC Mobile meets the Cloud
NEC Mobile meets the CloudDiego Sánchez-Aparisi Moral
 
Reshaping Retail with Mobility
Reshaping Retail with MobilityReshaping Retail with Mobility
Reshaping Retail with MobilityCisco Services
 
Why look at Asia's mobile internet market?
Why look at Asia's mobile internet market?Why look at Asia's mobile internet market?
Why look at Asia's mobile internet market?Great Wall Club
 
Your customers are on mobile - where are you?
Your customers are on mobile - where are you?Your customers are on mobile - where are you?
Your customers are on mobile - where are you?Vacasa
 
5 mobile trends (2009)
5 mobile trends (2009)5 mobile trends (2009)
5 mobile trends (2009)MobileMonday Switzerland
 
Gport GMIC Roadshow USA Report -EN
Gport GMIC Roadshow USA Report -ENGport GMIC Roadshow USA Report -EN
Gport GMIC Roadshow USA Report -ENGreat Wall Club
 
China and Japan's mobile internet
China and Japan's mobile internetChina and Japan's mobile internet
China and Japan's mobile internetGreat Wall Club
 
Dreamforce Debrief - Next generation cloud adoption
Dreamforce Debrief - Next generation cloud adoptionDreamforce Debrief - Next generation cloud adoption
Dreamforce Debrief - Next generation cloud adoptionCapgemini
 
Building a Long Term Strategy for Mobile - BDI 1/26/12 Mobile Healthcare Comm...
Building a Long Term Strategy for Mobile - BDI 1/26/12 Mobile Healthcare Comm...Building a Long Term Strategy for Mobile - BDI 1/26/12 Mobile Healthcare Comm...
Building a Long Term Strategy for Mobile - BDI 1/26/12 Mobile Healthcare Comm...Business Development Institute
 
M2 roadshow europe nick lane mobile squared
M2 roadshow europe nick lane mobile squaredM2 roadshow europe nick lane mobile squared
M2 roadshow europe nick lane mobile squaredmobilesquared Ltd
 
Omma mobile 1500 hans fredericks
Omma mobile 1500 hans fredericksOmma mobile 1500 hans fredericks
Omma mobile 1500 hans fredericksMediaPost
 
CIM mobile marketing overview May 2012
CIM mobile marketing overview May 2012CIM mobile marketing overview May 2012
CIM mobile marketing overview May 2012Jason Cross
 
Mobile is NOT a Channel - Rob Griffin at IMMAP Summit, 2012
Mobile is NOT a Channel - Rob Griffin at IMMAP Summit, 2012Mobile is NOT a Channel - Rob Griffin at IMMAP Summit, 2012
Mobile is NOT a Channel - Rob Griffin at IMMAP Summit, 2012Havas Media
 
Mobile Developer 101 (mHealth 2012 Edition)
Mobile Developer 101 (mHealth 2012 Edition) Mobile Developer 101 (mHealth 2012 Edition)
Mobile Developer 101 (mHealth 2012 Edition) wipjam
 

Mais conteúdo relacionado

Mais procurados

Roadshow asia nick lane content services & apps
Roadshow asia nick lane content services & appsRoadshow asia nick lane content services & apps
Roadshow asia nick lane content services & appsmobilesquared Ltd
 
State of the Net issue 23 PDF
State of the Net issue 23 PDFState of the Net issue 23 PDF
State of the Net issue 23 PDFAMAS
 
Taptu: Mobile Touch Web Report 'Government & Non-Profit' Update Mar 2010
Taptu: Mobile Touch Web Report 'Government & Non-Profit' Update Mar 2010Taptu: Mobile Touch Web Report 'Government & Non-Profit' Update Mar 2010
Taptu: Mobile Touch Web Report 'Government & Non-Profit' Update Mar 2010Taptu Touch Search
 
The Mobile Landscape in France and Europe
The Mobile Landscape in France and EuropeThe Mobile Landscape in France and Europe
The Mobile Landscape in France and Europeservicesmobiles.fr
 
China's Mobile Internet Market Overview 201001
China's Mobile Internet Market Overview 201001China's Mobile Internet Market Overview 201001
China's Mobile Internet Market Overview 201001Great Wall Club
 
Hot house istrategy_presentation_february_2012_original-1
Hot house istrategy_presentation_february_2012_original-1Hot house istrategy_presentation_february_2012_original-1
Hot house istrategy_presentation_february_2012_original-1iStrategy
 
Gwc Chinas Mobile Internet Market Overview 201001
Gwc Chinas Mobile Internet Market Overview 201001Gwc Chinas Mobile Internet Market Overview 201001
Gwc Chinas Mobile Internet Market Overview 201001guest9313f4
 
Mobile Developer 101 (mHealth Edition)
Mobile Developer 101 (mHealth Edition)Mobile Developer 101 (mHealth Edition)
Mobile Developer 101 (mHealth Edition)Caroline Lewko
 
Reshaping Retail with Mobility
Reshaping Retail with MobilityReshaping Retail with Mobility
Reshaping Retail with MobilityCisco Services
 
Why look at Asia's mobile internet market?
Why look at Asia's mobile internet market?Why look at Asia's mobile internet market?
Why look at Asia's mobile internet market?Great Wall Club
 
Your customers are on mobile - where are you?
Your customers are on mobile - where are you?Your customers are on mobile - where are you?
Your customers are on mobile - where are you?Vacasa
 
Gport GMIC Roadshow USA Report -EN
Gport GMIC Roadshow USA Report -ENGport GMIC Roadshow USA Report -EN
Gport GMIC Roadshow USA Report -ENGreat Wall Club
 
China and Japan's mobile internet
China and Japan's mobile internetChina and Japan's mobile internet
China and Japan's mobile internetGreat Wall Club
 
Dreamforce Debrief - Next generation cloud adoption
Dreamforce Debrief - Next generation cloud adoptionDreamforce Debrief - Next generation cloud adoption
Dreamforce Debrief - Next generation cloud adoptionCapgemini
 
Building a Long Term Strategy for Mobile - BDI 1/26/12 Mobile Healthcare Comm...
Building a Long Term Strategy for Mobile - BDI 1/26/12 Mobile Healthcare Comm...Building a Long Term Strategy for Mobile - BDI 1/26/12 Mobile Healthcare Comm...
Building a Long Term Strategy for Mobile - BDI 1/26/12 Mobile Healthcare Comm...Business Development Institute
 
M2 roadshow europe nick lane mobile squared
M2 roadshow europe nick lane mobile squaredM2 roadshow europe nick lane mobile squared
M2 roadshow europe nick lane mobile squaredmobilesquared Ltd
 
Omma mobile 1500 hans fredericks
Omma mobile 1500 hans fredericksOmma mobile 1500 hans fredericks
Omma mobile 1500 hans fredericksMediaPost
 

Mais procurados (19)

Roadshow asia nick lane content services & apps
Roadshow asia nick lane content services & appsRoadshow asia nick lane content services & apps
Roadshow asia nick lane content services & apps
 
State of the Net issue 23 PDF
State of the Net issue 23 PDFState of the Net issue 23 PDF
State of the Net issue 23 PDF
 
Taptu: Mobile Touch Web Report 'Government & Non-Profit' Update Mar 2010
Taptu: Mobile Touch Web Report 'Government & Non-Profit' Update Mar 2010Taptu: Mobile Touch Web Report 'Government & Non-Profit' Update Mar 2010
Taptu: Mobile Touch Web Report 'Government & Non-Profit' Update Mar 2010
 
The Mobile Landscape in France and Europe
The Mobile Landscape in France and EuropeThe Mobile Landscape in France and Europe
The Mobile Landscape in France and Europe
 
China's Mobile Internet Market Overview 201001
China's Mobile Internet Market Overview 201001China's Mobile Internet Market Overview 201001
China's Mobile Internet Market Overview 201001
 
Hot house istrategy_presentation_february_2012_original-1
Hot house istrategy_presentation_february_2012_original-1Hot house istrategy_presentation_february_2012_original-1
Hot house istrategy_presentation_february_2012_original-1
 
Gwc Chinas Mobile Internet Market Overview 201001
Gwc Chinas Mobile Internet Market Overview 201001Gwc Chinas Mobile Internet Market Overview 201001
Gwc Chinas Mobile Internet Market Overview 201001
 
Mobile Developer 101 (mHealth Edition)
Mobile Developer 101 (mHealth Edition)Mobile Developer 101 (mHealth Edition)
Mobile Developer 101 (mHealth Edition)
 
NEC Mobile meets the Cloud
NEC Mobile meets the CloudNEC Mobile meets the Cloud
NEC Mobile meets the Cloud
 
Reshaping Retail with Mobility
Reshaping Retail with MobilityReshaping Retail with Mobility
Reshaping Retail with Mobility
 
Why look at Asia's mobile internet market?
Why look at Asia's mobile internet market?Why look at Asia's mobile internet market?
Why look at Asia's mobile internet market?
 
Your customers are on mobile - where are you?
Your customers are on mobile - where are you?Your customers are on mobile - where are you?
Your customers are on mobile - where are you?
 
5 mobile trends (2009)
5 mobile trends (2009)5 mobile trends (2009)
5 mobile trends (2009)
 
Gport GMIC Roadshow USA Report -EN
Gport GMIC Roadshow USA Report -ENGport GMIC Roadshow USA Report -EN
Gport GMIC Roadshow USA Report -EN
 
China and Japan's mobile internet
China and Japan's mobile internetChina and Japan's mobile internet
China and Japan's mobile internet
 
Dreamforce Debrief - Next generation cloud adoption
Dreamforce Debrief - Next generation cloud adoptionDreamforce Debrief - Next generation cloud adoption
Dreamforce Debrief - Next generation cloud adoption
 
Building a Long Term Strategy for Mobile - BDI 1/26/12 Mobile Healthcare Comm...
Building a Long Term Strategy for Mobile - BDI 1/26/12 Mobile Healthcare Comm...Building a Long Term Strategy for Mobile - BDI 1/26/12 Mobile Healthcare Comm...
Building a Long Term Strategy for Mobile - BDI 1/26/12 Mobile Healthcare Comm...
 
M2 roadshow europe nick lane mobile squared
M2 roadshow europe nick lane mobile squaredM2 roadshow europe nick lane mobile squared
M2 roadshow europe nick lane mobile squared
 
Omma mobile 1500 hans fredericks
Omma mobile 1500 hans fredericksOmma mobile 1500 hans fredericks
Omma mobile 1500 hans fredericks
 

Semelhante a Security considerations while being Social and Mobile

CIM mobile marketing overview May 2012
CIM mobile marketing overview May 2012CIM mobile marketing overview May 2012
CIM mobile marketing overview May 2012Jason Cross
 
Mobile is NOT a Channel - Rob Griffin at IMMAP Summit, 2012
Mobile is NOT a Channel - Rob Griffin at IMMAP Summit, 2012Mobile is NOT a Channel - Rob Griffin at IMMAP Summit, 2012
Mobile is NOT a Channel - Rob Griffin at IMMAP Summit, 2012Havas Media
 
Mobile Developer 101 (mHealth 2012 Edition)
Mobile Developer 101 (mHealth 2012 Edition) Mobile Developer 101 (mHealth 2012 Edition)
Mobile Developer 101 (mHealth 2012 Edition) wipjam
 
MeasureWorks eFinancials - Best practices for a successfull mobile experienc...
MeasureWorks eFinancials - Best practices for a successfull mobile experienc...MeasureWorks eFinancials - Best practices for a successfull mobile experienc...
MeasureWorks eFinancials - Best practices for a successfull mobile experienc...MeasureWorks
 
App To The Future - What Next November 2010
App To The Future - What Next November 2010App To The Future - What Next November 2010
App To The Future - What Next November 2010BCM Group
 
Optimizing Email for Mobile Devices
Optimizing Email for Mobile DevicesOptimizing Email for Mobile Devices
Optimizing Email for Mobile DevicesSilverpop
 
Yoc camerjam mobile finance masterclass
Yoc camerjam mobile finance masterclassYoc camerjam mobile finance masterclass
Yoc camerjam mobile finance masterclassJames Cameron
 
Wi-Fi Driving Mobile Internet Explosion in Next Generation Networks
Wi-Fi Driving Mobile Internet Explosion in Next Generation NetworksWi-Fi Driving Mobile Internet Explosion in Next Generation Networks
Wi-Fi Driving Mobile Internet Explosion in Next Generation NetworksGreen Packet
 
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Monitise: Mobi...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Monitise: Mobi...121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Monitise: Mobi...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Monitise: Mobi...spirecorporate
 
ChaCha ThinkLA Mobile Breakfast Keynote - Scott A. Jones
ChaCha ThinkLA Mobile Breakfast Keynote - Scott A. JonesChaCha ThinkLA Mobile Breakfast Keynote - Scott A. Jones
ChaCha ThinkLA Mobile Breakfast Keynote - Scott A. JonesChaCha
 
Telco Evolution Sample
Telco Evolution SampleTelco Evolution Sample
Telco Evolution SampleAlan Quayle
 
WiFi Offload Strategy for Telcos-Operators
WiFi Offload Strategy for Telcos-OperatorsWiFi Offload Strategy for Telcos-Operators
WiFi Offload Strategy for Telcos-OperatorsGreen Packet
 
WiFi Offload Guide / Strategies for Telcos
WiFi Offload Guide / Strategies for TelcosWiFi Offload Guide / Strategies for Telcos
WiFi Offload Guide / Strategies for TelcosJustus @GreenPacket
 
A Platform for Mobile Enterprise Management: Build, Run and Manage Your Mobil...
A Platform for Mobile Enterprise Management: Build, Run and Manage Your Mobil...A Platform for Mobile Enterprise Management: Build, Run and Manage Your Mobil...
A Platform for Mobile Enterprise Management: Build, Run and Manage Your Mobil...Antenna Software
 
Future of mobile media @ Future Ideas by h.kienhuis (sanoma)
Future of mobile media @ Future Ideas by h.kienhuis (sanoma)Future of mobile media @ Future Ideas by h.kienhuis (sanoma)
Future of mobile media @ Future Ideas by h.kienhuis (sanoma)Herman Kienhuis
 
GfK NIS and nurago: Measuring Digital Consumer Journeys
GfK NIS and nurago: Measuring Digital Consumer JourneysGfK NIS and nurago: Measuring Digital Consumer Journeys
GfK NIS and nurago: Measuring Digital Consumer Journeysnurago
 
Why you should get serious about the mobile web
Why you should get serious about the mobile webWhy you should get serious about the mobile web
Why you should get serious about the mobile webTijs Vrolix
 
future of mobile media (kienhuis) @ mobile convention amsterdam
future of mobile media (kienhuis) @ mobile convention amsterdamfuture of mobile media (kienhuis) @ mobile convention amsterdam
future of mobile media (kienhuis) @ mobile convention amsterdamHerman Kienhuis
 
Wi-Fi for a Connected World Towards Next Generation Networks
Wi-Fi for a Connected World Towards Next Generation NetworksWi-Fi for a Connected World Towards Next Generation Networks
Wi-Fi for a Connected World Towards Next Generation NetworksGreen Packet
 

Semelhante a Security considerations while being Social and Mobile (20)

CIM mobile marketing overview May 2012
CIM mobile marketing overview May 2012CIM mobile marketing overview May 2012
CIM mobile marketing overview May 2012
 
Mobile is NOT a Channel - Rob Griffin at IMMAP Summit, 2012
Mobile is NOT a Channel - Rob Griffin at IMMAP Summit, 2012Mobile is NOT a Channel - Rob Griffin at IMMAP Summit, 2012
Mobile is NOT a Channel - Rob Griffin at IMMAP Summit, 2012
 
Mobile Developer 101 (mHealth 2012 Edition)
Mobile Developer 101 (mHealth 2012 Edition) Mobile Developer 101 (mHealth 2012 Edition)
Mobile Developer 101 (mHealth 2012 Edition)
 
MeasureWorks eFinancials - Best practices for a successfull mobile experienc...
MeasureWorks eFinancials - Best practices for a successfull mobile experienc...MeasureWorks eFinancials - Best practices for a successfull mobile experienc...
MeasureWorks eFinancials - Best practices for a successfull mobile experienc...
 
App To The Future - What Next November 2010
App To The Future - What Next November 2010App To The Future - What Next November 2010
App To The Future - What Next November 2010
 
Optimizing Email for Mobile Devices
Optimizing Email for Mobile DevicesOptimizing Email for Mobile Devices
Optimizing Email for Mobile Devices
 
Yoc camerjam mobile finance masterclass
Yoc camerjam mobile finance masterclassYoc camerjam mobile finance masterclass
Yoc camerjam mobile finance masterclass
 
Wi-Fi Driving Mobile Internet Explosion in Next Generation Networks
Wi-Fi Driving Mobile Internet Explosion in Next Generation NetworksWi-Fi Driving Mobile Internet Explosion in Next Generation Networks
Wi-Fi Driving Mobile Internet Explosion in Next Generation Networks
 
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Monitise: Mobi...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Monitise: Mobi...121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Monitise: Mobi...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Monitise: Mobi...
 
ChaCha ThinkLA Mobile Breakfast Keynote - Scott A. Jones
ChaCha ThinkLA Mobile Breakfast Keynote - Scott A. JonesChaCha ThinkLA Mobile Breakfast Keynote - Scott A. Jones
ChaCha ThinkLA Mobile Breakfast Keynote - Scott A. Jones
 
Telco Evolution Sample
Telco Evolution SampleTelco Evolution Sample
Telco Evolution Sample
 
WiFi Offload Strategy for Telcos-Operators
WiFi Offload Strategy for Telcos-OperatorsWiFi Offload Strategy for Telcos-Operators
WiFi Offload Strategy for Telcos-Operators
 
WiFi Offload Guide / Strategies for Telcos
WiFi Offload Guide / Strategies for TelcosWiFi Offload Guide / Strategies for Telcos
WiFi Offload Guide / Strategies for Telcos
 
A Platform for Mobile Enterprise Management: Build, Run and Manage Your Mobil...
A Platform for Mobile Enterprise Management: Build, Run and Manage Your Mobil...A Platform for Mobile Enterprise Management: Build, Run and Manage Your Mobil...
A Platform for Mobile Enterprise Management: Build, Run and Manage Your Mobil...
 
Future of mobile media @ Future Ideas by h.kienhuis (sanoma)
Future of mobile media @ Future Ideas by h.kienhuis (sanoma)Future of mobile media @ Future Ideas by h.kienhuis (sanoma)
Future of mobile media @ Future Ideas by h.kienhuis (sanoma)
 
GfK NIS and nurago: Measuring Digital Consumer Journeys
GfK NIS and nurago: Measuring Digital Consumer JourneysGfK NIS and nurago: Measuring Digital Consumer Journeys
GfK NIS and nurago: Measuring Digital Consumer Journeys
 
Why you should get serious about the mobile web
Why you should get serious about the mobile webWhy you should get serious about the mobile web
Why you should get serious about the mobile web
 
future of mobile media (kienhuis) @ mobile convention amsterdam
future of mobile media (kienhuis) @ mobile convention amsterdamfuture of mobile media (kienhuis) @ mobile convention amsterdam
future of mobile media (kienhuis) @ mobile convention amsterdam
 
WiFi data offloading whitepaper
WiFi data offloading whitepaperWiFi data offloading whitepaper
WiFi data offloading whitepaper
 
Wi-Fi for a Connected World Towards Next Generation Networks
Wi-Fi for a Connected World Towards Next Generation NetworksWi-Fi for a Connected World Towards Next Generation Networks
Wi-Fi for a Connected World Towards Next Generation Networks
 

Último

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Último (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Security considerations while being Social and Mobile

  • 1. www.pwc.com The Intersection Security considerations for being social & mobile while riding the cloud Nalneesh Gaur, PwC Web Forum, Information Management Forum March 2, 2012
  • 2. Cloud, mobile and social media synergies increasingly exploited Case study 1: Construction safety Case study 2: The board room PwC 2
  • 3. About this talk • Context and Emerging Trends • Pain Points/Imperatives • Response Framework PwC 3
  • 4. Context and Emerging Trends What insights can we glean from emerging trends? PwC 4
  • 5. The Context Mobile Device Local/Proximity Context Install/Access/Use Application Access/Store Data locally Exchange Information Use Location Based Services Remote Context Cloud Access/Use Applications Applications, Data and Download/Upload Content Services Conduct Mobile Commerce Social Media Community Interactions PwC 5
  • 6. Japan’s social networking trends show importance of mobile – mobile page views = 85% vs. 14% 4.5 years ago One of Japan’s leading social network monthly page views, mobile vs. PC, CQ2:06-CQ4:10 85% 30,000 25,000 Monthly Page Views (MM) CQ3:09 – Platform opened 20,000 to 3rd-party developers 15,000 10,000 14% 5,000 86% 15% 0 2Q06 3Q06 4Q06 1Q07 2Q07 3Q07 4Q07 1Q08 2Q08 3Q08 4Q08 1Q09 2Q09 3Q09 4Q09 1Q10 2Q10 3Q10 4Q10 Mobile Page Views Desktop Page Views Source: Morgan Stanley Research PwC 6
  • 7. Strong mobile trends for leading social companies Facebook 200MM mobile active users vs. Mobile = 50% of total active users. 50M in 9/09 Vs. 25% Y/Y 2x more active than desktop-only users Mobile = 40% of all tweets Introduction of mobile product drove 2x conversion ratio from free to paying subscribers Mobile users = 25-30% total users in mature markets SHAZAM Pandora 100MM mobile users vs. Adding 3MM users per month 50MM Y/Y 50% of all users subscribe on mobile Source: Kleiner Perkins: 2011 Top 10 Mobile Trends-Feb-2011 PwC 7
  • 8. Convenience and ubiquity are driving mobility Computing growth drivers over time, 1960-2020E More than Just Phones 1,000,000 iPad Mobile Internet 100,000 Smartphone Kindle Desktop Internet Tablet 10,000 10B+Units??? MP3 Cell phone/PDA 1,000 Pc Car Electronics 1B+Units/Users GPS, ABS, A/V 100 Mobile Video Minicomputer 100MM+Units Home Entertainment 10 Games 10MM+Units Mainframe Wireless Home 1 Appliances 1MM+Units 1960 1970 1980 1990 2000 2010 2020 Note: PC installed base reached 100MM in 1993, cellphone/Internet users reached 1B in 2002/2005 respectively; Source: ITU, Mark Lipacis, Morgan Stanley Research. PwC 8
  • 9. Mobile is shaping new behaviors Average Time Spent on Various Mobile Functions, 1/11 10 minutes (12%) New Activity Web/Web Apps 40 minutes (47%) All Other • Maps 27 minutes (32%) • Games Telephony • Social Networking • Phone • Utilities • Skype • More • Messages 7 minutes (9%) Mail App Source: AppsFire 1/11 PwC 9
  • 10. Forecast: Global public cloud market size, 2011 To 2020 $180 $160 $140 $120 Total public $100 cloud markets $80 (US$ billions) $60 $40 $20 $0 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 BPaaS ($) 0.15 0.23 0.35 0.53 0.8 1.26 1.95 2.93 4.28 6 7.66 9.08 10.02 SaaS ($) 5.56 8.09 13.4 21.21 33.09 47.22 63.19 78.43 92.75 105.49 116.39 125.52 132.57 PaaS ($) 0.05 0.12 0.31 0.82 2.08 4.38 7.39 9.8 11.26 11.94 12.15 12.1 11.91 IaaS ($) 0.06 0.24 1.02 2.94 4.99 5.75 5.89 5.82 5.65 5.45 5.23 5.01 4.78 Source: Forrester, April 2011 “Sizing The Cloud” PwC 10
  • 11. Cloud computing: Many want better enforcement of provider security policies. Four out of ten (41%) respondents say their organization uses cloud services – and 54% of those that do say the cloud has improved their information security. The greatest risks associated with cloud computing? An uncertain ability to enforce provider security policies and inadequate training and IT auditing are top concerns. 40% 32% 20% 19% 15% 11% 9% 0% Uncertain ability to Inadequate training Questionable privileged Proximity of data to Uncertain ability to enforce provider site and IT auditing access control someone else's recover data security policies at provider site Question 41: “Does your organization currently use cloud services such as Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), or Infrastructure-as-a-Service (IaaS)?” Question 41c: “What impact has cloud computing had on your company’s information security?” Question 41b: “What is the greatest security risk to your cloud computing strategy?” (Not all factors shown. Total does not add up to 100%.) PwC 11
  • 12. 88 percent of mobile professionals use social networks 14 percent have used cloud computing in the past year Source: The Business Journals reveals the business habits of the rising number of SMB mobile professionals, 2011 PwC 12
  • 13. In a cloud services environment, providers and consumers must address familiar security and risk challenges Control access to Provision and deprovision Audit and report user Access Control user access access and data use sensitive data Ensure the viability of the Provide business Business continuity provider and contingency continuity and of the consumer’s services disaster recovery Document, audit processes Maintain compliance Compliance with regulatory and procedures for data access protection Implement data Prevent unauthorized data Maintain data Data protection and classification scheme Securely dispose of data exposure, loss or segregation in multi-tenet segregation corruption environment and processes for handling no longer required sensitive data Events - Incident Cooperate during Detect and correct response and security events investigations and investigation incident responses PwC 13
  • 14. Recap: Key trends at the Intersection Business drivers Key trends 1. Mobile Devices with Advanced Capabilities and Fast Network 1 BYOD/Approved Corporate Mobile devices Connectivity 2. User Driven Change 2 Compelling Mobile Applications - Board Room and Senior Identity as a Service, Strong Executives driving usage 3 Authentication - Users demanding enhanced collaboration and productivity 4 Cloud Applications, Data and Services 3. Greater convenience Social Networking for Marketing and 5 Customer Interaction - Applications moving beyond Email/Contacts/Calendars 6 Social Media Monitoring/Analytics - Rich content enables quick decisioning PwC 14
  • 15. Pain points (Imperatives) Business Context: What other businesses are experiencing? PwC 15
  • 16. “Nearly 30% of companies experienced a breach due to unauthorized mobile device use.” Source: Q1 Enterprise and SMB Survey, 2009 - Forrester Research PwC 16
  • 17. Malware by mobile OS New Mobile Malware Q2 2011 Android “The MM revolution started Jave ME principally in 2004 with the Symbian release of the Cabir. A Blackberry worm, SymbianOS. Some MSIL MM were released before Python this date, but it was Cabir VBS and the release of its source code that caused an Growth in Mobile Malware explosion of new MM to Complete device Serious attacks control emerge.” – Ken emerge Dunham, Mobile Malware Attacks and Defense Source: McAffee Threats Report: Second Quarter 2011 PwC 17
  • 18. Complicating factors for security Device Diversity/Complexity Application Explosion Data Explosion Advanced Persistent Threats Data Transference and Inference PwC 18
  • 19. Response framework Leading practices: How other businesses are responding PwC 19
  • 20. Mobile devices and social media: New rules and new risks 50% 40% 43% 37% 30% 32% 20% 10% Have a security strategy for Have a security strategy Have a security strategy employee use of personal devices for mobile devices for social media Source: PwC/CXO media 2012 Global State of Information Security Survey Question 17: “What process information security safeguards does your organization currently have in place?” (Not all factors shown. Total does not add up to 100%.) PwC 20
  • 25. Key questions remain • Which policies are enforceable? • How will we educate our customers, employers and partners? • Which process and tools to evolve? How to address gaps? • How to balance productivity, opportunity and risks? • What is the right approach to changing culture – grass roots, leadership, hybrid? • Others? PwC 25
  • 26. Thank you Nalneesh Gaur, Director PwC Nalneesh.Gaur@us.pwc.com © 2012 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers LLP, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisor PwC 26

Notas do Editor

  1. Two case studies:The first involves a construction project manager utilizing a Mobile applications to perform safety check, upload content and archive to the cloud and use social media to update each other.Second involves a board member who downloaded a board application and while making notes, saved his notes on cloud-based notes application, and used twitter to post a question. Sr. executive also demand access to remote desktop to access applications from their tablet.
  2. Please note that this slide has changed to clarify the usage of services. Important to understand the local and remote usage context to understand where to expect risks. It becomes clear that the potential for data leakage remains high.
  3. Mobile usage is going hand in hand with Social Media:Registration requires a valid Japanese cellphone numberheavily uses open source: Linux, Apache, MySQL, and Perl. It uses several hundred MySQL servershas more than 21.6 million members.Key point Social Media and Mobile usage is correlated and serve as attack vectors
  4. - Like the major Japanese company, the US has also seen a very strong correlation between Mobile and Social Media usage.- Social networking sites are meant to get as many users in one place as possible on one platform, and for attackers there's a lot of return-on-investment in going after them- Trusted is exploited when hacked accounts have been used to send malicious messagesMobile indicators are sometimes indicated on social networksPassword sloth is prevalent across social networks, intentional and unintentional leakage of data because of lack of Separation of Personal and Professional Communications A major U.S. operator of ambulance services and provider of emergency room doctors,‖ was sued after firing an employee for criticizing her supervisor on Facebook. The case was brought by the U.S. National Labor Relations Board. It was determined that employees have the right to discuss their working conditions even if the Union is not involved. It was found that the employee was ―illegally fired and denied union representation.‖ ―Among the issues in the case was whether a worker has the right to criticize a boss on a site such as Facebook if co-workers add comments. The case was the first by the NLRB to assert that employers break the law by disciplining workers who post criticisms on social-networking websites.‖ the company promised not to deny union representation in the future and that employees won‘t be threatened with discipline for requesting union representation. In addition, the company is updating their overly broad social media policies and guidelines. A major auto manufacturer considered ending its relationship with the social media agency that was behind an obscene tweet that was posted to the their brand‘s official Twitter account. Shortly after, the tweet was removed from the company‘s Twitter feed.... ... The auto manufacturer said in a follow-up post that the tweet ―obviously‖ was meant to appear on the employee‘s personal Twitter account, rather than on company's, and that automaker did not demand that person be fired. Other Scenarios to considerA software developer posts to a forum or blog regarding his work on a revolutionary new customer application from the company. The developer reveals too much about his product development, thereby enabling a competitor to steal the idea and get to market sooner with a similar application. A marketing manager tips off Facebook friends of several successes in winning new business and mentions the new clients joining the firm. Such information violates client confidentiality and puts the company at great reputational risk (especially among clients and prospective clients), which ultimately could impede the accomplishment of business goals.
  5. More mobile devices means more mobile data, 10 B+ units @ 100GB is a lot of dataWhen thinking about mobile devices, for security practitioners, our thinking should not just be limited to Smartphone or tablets. For example Diabetes Meters too are being connected to the cloud and there have been incidents where such devices could be attacked for malicious purposes resulting in fatal consequences. Tablets will become even more sophisticated and will replace other traditional computing devices.More Mobile data will eventually reside in cloud for ubiquitous access, the lines between public and private cloud will blur because devices are being used for both personal and work purposes.Greater amounts of data will stress Enterprise Data Protection mechanisms
  6. Mobile behaviors present risks both in terms of activities that we know about and activities that are as yet unimagined.New Apps are designed with the cloud and social media in mind (e.g. send photo to Social networks, social media in car)
  7. - Mobile and Social Media will both drive higher cloud usage, the risks stem from intermingling of data, loss of corporate control across geographies, and employee/partners continuing to access data much after separation.- Limited storage, convenience of access and ubiquitous connectivity are driving increasing cloud usage.
  8. The study also reveals that 88 percent of mobile professionals use social networks, with 60 percent of them leveraging social media platforms to market their businesses. Many mobile professionals, 80 percent of them, feel it is critical to have access to information while outside of the office. Devices and services that help them stay connected while away from their desk include WiFi, text messages, smartphones, apps, notebook/netbook, iPad and cloud computing.In addition, 43 percent of mobile professionals polled in the study are familiar with cloud computing, with 14 percent having used cloud computing in the past year, while 64 percent of SMB owners who are considered mobile professionals spend more than 8 hours connected to their businesses via computer, smartphone or iPad; 38 percent spend 11 hours and more on their devices.
  9. So lets review what changes we are seeing and can expect to see as a result of the intersection
  10. Key concerns are on a) unauthorized devices, b) loss of sensitive data due to lost or stolen devices, c) loss of sensitive data to malware/trojanReal stories from the field:1. In 2010, a major bank’s mobile application accidentally saved account numbers, bill payments and security access codes. 2. The Korean Financial Intelligence Unit has recorded cases of cyber gaming, cross border remittance and swindling using mobile FS channels. 3. In Brazil, poor people were targeted and paid by criminals to open bank accounts equipped with remote access channels (internet or mobile). After the accounts were opened, the authorized users would hand over their passwords to criminals. 4. In India, a Duplicate SIM card was issued to an imposter with the fake driver license of the victim resulting in a loss of roughly $5,000.5. Recent Trojan captures all text messages from phone.
  11. Initially J2ME and Symbian but more attacks are emerging for Android OS. According to McAfee Mobile threat report:One significant change in the first quarter of 2011 was Android’s becoming the third-most targeted platform for mobile malware. This quarter the count of new Android-specific malware moved to number one, with J2ME (Java Micro Edition), coming in second while suffering only a third as many malware.This increase in threats to such a popular platform should make us evaluate our behavior on mobile devices and the security industry’s preparedness to combat this growth.We also saw an increase in for-profit mobile malware, including simple SMS-sending Trojans and complex Trojans that use exploits to compromise smartphones.
  12. Device Diversity/Complexity – Explosion in device types will create a management nightmare. Short device lifespans will increase management costs. Employee/partner desire to bring their own device will challenge IT organizations. IT organization will need to govern device proliferation.Application Explosion - The diverse range of applications required by knowledge workers today makes it impractical to “lock down” a device to a list of blessed applications. IT organization will need to govern application proliferation, process and technology to protect applications.Data Explosion – Expect more data to transcend Mobility, Cloud and Social Networks. This means greater effort and reliance on automated mechanisms and analytics. IT organization will need to govern corporate data, process and technology to protect corporate data.Advanced Persistent threats– Lost stolen/device, malware will result greater privacy implications than ever before. Expect to see more cases on Advanced Persistent Threats and corresponding process and technologies to protect against APT. Greater opportunities to launch social media attacks using the Mobile and Social Media vectors.Data transference and inference - Location Based Service will reveal additional personal information Allowing for greater data transference and inference. IT organization will need to govern usage of location based services and improve awareness of risks arising from Cloud/mobility/Social Media usage.
  13. Organizations are beginning to implement strategies to keep pace with employee adoption of mobile devices and social networking, as well as use of personal technology within the enterprise. Yet much remains to be done: In the recent PwC/CSO survey, we found that less than half of respondents have implemented safeguards to protect the enterprise from the security hazards that mobile devices and social media can introduce.
  14. Design solutions for global and local operations from the outset, rather than global or localSeparate enterprise data from personal/other data; Identify appropriate measures when data is comingledAssign highly granular, least privilege-based user access to applications data and services from all technology assetsDeny rogue devices access to the enterprise networkControls and standards shall be extensible to all applications, data and services provided by Social networks, Cloud and on Mobile devicesWipe/Archive enterprise data from device and cloud service provider upon separationSecurity measure should enable agility in responding to changing business requirements Require cloud application, data and service providers to meet Information security compliance requirementsApplications/Services shall be reviewed for Cyber-risks and approved prior to usage
  15. My firm PwC recently conducted a survey regarding the privacy and security implications of using Social Media and Mobile devices within the Healthcare space. We found that“Only fewer than 50% of organizations surveyed noted that they have included the approved uses of social media and mobile devices in company privacy training”Update your Policy to address these:Authentication: How often a password must be changed. How many invalid tries are allowed before the device is disabled. Strong authentication using two factor or certificates. Loss / Theft: Lost or stolen device are remotely wiped and disabling of the device over a defined period of time. Device Support: Define what devices are supported by the institution/organization i.e. Blackberry, IphonesEncryption: Sensitive data must be encrypted or devices is encrypted with Whole disc encryption. Backup/Restore: If a device could be lost or stolen, there should be a defined procedure for backing up and restoring the data to another device. Storage Cards: Storage cards are a convenient way to expand memory, but they're also portable and thus a security risk. Do you ban them? Or, encrypt them? Acceptable Use: A good security policy needs to set limits on what users can install on their devices and what is acceptable use. Enforcement: Consequences if there is violation of the policy. Develop Standards and guidelines in support of the policy:Not having a standard will result in organization developing the standards for youDeveloping a standard without the appropriate involvement will cause you to revisit itExpect to update standards with evolving risk landscapeOversight:Federated vs. central – large geographic entities will do better with regional autonomy but in collaboration; Start a cross/functional dialog with business users, IT, finance, legal, HR, and security people Cost vs. Functionality – Currently cost is a key driver, but competition is also leveraging it for business benefit, security has to be an enablerLarge oversight bodies don’t workKeep an eye on Parallel IT – risks loomChampion grass root efforts without waiting too long, involve securityAccommodate hobbies in a lab setting, involve securityInvolve Marketing, e.g. patients expect to interact with Health care providers and payors but engaing with social media may raise privacy issues.Awareness Training:People generally try to do the right thing, they may not know what they are doing is wrong and how it may impact the company/institution The risks associated with using, transmitting, and storing electronic information Risk of posting information on Social networks – vignettes, case studiesConsequences of violating policyWhat to do when device is lost/stolen?The roles and responsibilities of each community member in protecting Corporate data and systems
  16. 1. Involve security at the Architect stage. Expect more processes to change than originally imaginable. MIT CISR says “One useful perspective is to group the processes to be mobilized into distinct categories based on process requirements, as the architecture for each will be different. Those internal processes for which employees require data and computing power on a device—along with interaction with workflows, data, and applications on the server—will need a platform for building enterprise mobile applications aimed at hundreds or thousands of users.”2. Establish/update process for managing exceptions to the policies and standards. Monitor to ensure that exceptions don’t become the rule.3. Ensure that processes exist for evaluating and approving new cloud services – mostly in conjunction with Innovation center.4. If pursuing Identity Federation in conjunction with Cloud/Mobility/Social Media, anticipate major changes in process for Identity and Access Management, Log management, Forensics and Incident Management. 5. Evaluate risks of having manual processes as compared to automated ones, especially during transition. e.g. Manual MAC address approval of IPads on Corporate Wireless network.
  17. Strong Authentication for Mobile Device accessCentralize Security Policy Manage Process & ToolsWhole Disk Encryption or File Level EncryptionEndpoint Security ToolsDevice lockdown and remote wipe capabilitiesAccess logging and file integrity monitoring with centralize log repository Data leakage controls and logging Three ways to go about isolating corporate data from personal data on mobile devices: Sandboxing it in a secure container Good Technologies- Sybase (Afaria)- Mobile Active Defense (SaaS) - Touchdown, Whisper Systems (Android encryption) 2. Managing the native environment through a trusted approach that checks for policy compliance - AirWatch- Juniper (Smobile)- McAfee (Trust Digital) MobileIron- Zenprise 3. Hosting it in a data center or public cloud and making it accessible via a desktop virtualization client Citrix- VMware Wine (open source)- Virtualbox (opensource)Which technologies control access to cloud services on mobile devices?How to control data leakage to Social Media sites on Mobile devices?What are supporting technologies?Which cloud storage provides strong encryption and support for strong authentication?