81% of companies have employee owned devices accessing their networks, but only 48% claim to have a well-defined mobile security strategy. To secure today’s mobile workforce businesses must consider adopting a framework to enable the use of mobile technology while minimizing the risks to both their employees and their customers. In this presentation, we review the unique challenges we all face and IBM’s approach to securing and managing the mobile enterprise.
http://securityintelligence.com/events/live-from-impact-2014-ibm-mobile-security-a-comprehensive-approach-to-securing-and-managing-the-mobile-enterprise/#.VMvT2vMo6Mo
Welcome to this discussion of security in a mobile world. Both mobile technology and data security are major components of business today. The question is: where do the two converge in a way that benefits both the customer, and the business?Let’s take a deeper look at the rapidly evolving mobile technology space – and the security strategies that will be most effective in the future.Questions to consider asking the audience: Is mobile technology important to your business strategy? Is the security of your company and customer data important to your business strategy? Do you believe your mobile security strategy is good enough – or can it be improved?
The number of mobile subscribers continues to grow at astonishing rates. In 2000, there were approximately 720 million subscribers around the world. In 2012, that number reached six billion.Let’s also consider these statistics: In 2014 the number of cell phones (7.3 billion) will exceed the number of people on the planet (7 billion).1 Mobile downloads will increase to108 billionby 2017. 2 Mobile malware is growing. Malicious code is infecting more than11.6 millionmobile devices at any given time. 3 Mobile devices and the apps we rely on are under attack. 90% of the top mobile apps have been hacked. 4While the proliferation of mobile devices provides great flexibility and agility for organizations, it also increases the complexity of device management and data protection. As mobile grows, so too does the security threat landscape.1. International Telecommunications Union – January 2013: http://www.siliconindia.com/magazine_articles/World_to_have_more_cell_phone_accounts_than_people_by_2014-DASD767476836.html2. Berg Insight Report – February 2013 : http://cloudtimes.org/2013/02/25/berg-insight-mobile-app-downloads-to-reach-108-billion-by-2017/3. InfoSec – January 2014 http://www.infosecurity-magazine.com/view/36686/mobile-malware-infects-millions-lte-spurs-growth/4. Axran Technologies - 2012 http://www.arxan.com/app-economy-under-attack-report-reveals-more-than-90-percent-of-the-top-100-mobile-apps-have-been-hacked/
In order to gain a competitive advantage, business must embrace the opportunities afforded by mobile and cloud technology. However, security within these spaces is an all-consuming and all too legitimate concern. Business leaders must craft effective mobile security strategies that can be quickly and affordably implemented in order to reap the benefits of mobile business.Today’s Chief Information Security Officers (CISOs) are asking themselves, “How can we benefit from mobile and cloud technology – securely?” Risk and security officers are often placed in the role of public defender for corporations. They are charged with proactively protecting the enterprise from a variety of cyber threats while the business continues to evolve. This broad responsibility becomes even more challenging when companies adopt new technology without a security strategy.IBM’s 2013 CISO Assessment interviews security leaders to get there perspective and priorities. Businesses around the globe are embracing mobile and cloud technology at a rapid pace and yet 76% of respondents say that the loss of an employee owned mobile device with access to their corporate network could result in a significant security event. Investment in new technology can be a tremendous asset to business growth and efficiency but the reality is that few companies are as prepared as they need to be.
IBM offers integrated security intelligence and industry-leading experience enabled by the IBM Security Framework solution capabilities.These capabilities are delivered through a comprehensive and robust set of tools and best practices (including software and hardware) that are supported by the services needed to address:Intelligence: Through a common and intuitive view that combines deep analytics with real-time security intelligence.Innovation: Through a more proactive and trusted source of truth in order to stay ahead of emerging threats and risks.Integration: Through unifying existing tools and infrastructures with new forms of defense in order to reduce complexity and lower the cost of maintaining a strong security posture.Addressing these three key imperatives enables a more holistic, comprehensive perspective and can enhance your security maturity.
In the past, private data, software and code could be reasonably protected behind a network perimeter of security. With the rise of mobile, that perimeter can no longer be the most important line of defense when it comes to security threats. Organizations must develop mobile security strategies that go beyond the perimeter of the enterprise and into the mobile sphere.
The imperatives to securing a mobile enterprise within an organization are unique.Whether you’re the CISO trying to…Mitigate security risk across devices, applications, content and transactionsComprehensively understand enterprise security across all endpointsComprehensive enterprise mobility managementOr an IT Operations Manager required to…Secure the device so you can manage the entire mobile enterprise with BYOD, BYOA, secure e-mail and document sharingThen expand that security to securing the contentso you can secure the file and document sharing across devices and employees including integration with SharePointOr how about the Line-of-Business or Application Developer that’s trying to secure the app in order to…Instrument applications with security protection by designScan new and existing application for vulnerabilitiesAnd finally the Security Specialist trying to secure all the transactions, it’s imperative he …Secures mobile transactions from customers, partners and suppliersCorrelate mobile security events with broader infrastructure for proactive threat avoidanceIBM understands these unique and individual needs of your organization, and we’re here to help.
IBM offers the capabilities that are most requested to address today’s mobile challenges: Device Security:Solutions to manage a diverse set of mobile devices from corporate owned assets to BYOD, all from the cloud.Content Security : Secure file and document sharing across devices and employees including integration with SharePoint.Application Security :Developer solutions to secure applications by design early in the development process. Protect enterprise data in both the applications being built and the applications bought. Transaction Security: Solutions to protect mobile transactions with customers, business partners and temporary workers that are not part of your enterprise mobile management framework. Security Intelligence:Provide a unified architecture for integrating mobile security information and event management (SIEM), log management, anomaly detection, and configuration and vulnerability management.
IBM Security feature capabilities for the mobile enterprise encompass a range of benefits.Protecting the Device: Enrolling, provisioning, configuring, monitoring, ability to locate the device, fingerprint access and remote wiping.Safeguarding Content:Secure file and document sharing across devices and employees including integration with SharePoint.Restricting copy, paste and share, and integration with SharePoint.Securing the Application: Developer solutions to secure applications by design early in the development process. Protect enterprise data in both the applications being built and the applications bought. App Wrapping or SDK, End-to-end Mobile Content Security, Run-time Risk Detection, iOS / Android Static Scanning, Integrated Development Environment, Experience Management, Tamper Proofing, Whitelist / Blacklist ApplicationsSafeguarding Transactions: Solutions to protect mobile transactions with customers, business partners, and temporary workers that are not part of your enterprise mobile management framework. Account Takeover Detection, Mobile Fraud Risk Detection, Cross-channel Risk Detection, Mobile Access Management, Identity Federation, Application Level VPN, Secure API Connectivity, Secure Browser / URL FilteringSECURITY INTELLIGENCE: Advanced threat detection with greater visibility.
IBM mobile security is provided by a wide range of powerful solutions, including Maas360, Worklight, IBM Security AppScan, IBM Security Access Manager and Trusteer. Robust security intelligence can be achieved by deploying the IBM QRadar Security Intelligence Platform.
Here is an overview of the typical business challenge, solution and benefits that Fiberlink address with MaaS 360. With Fiberlink, IBM offers a comprehensive mobility enterprise management solution which is proven, powerful, secure, seamless and simple – all of which help to deliver a low-cost, highly productive and secure environment.MaaS360 is an Enterprise Mobility Management platform that helps any size business, subsidiary or department to quickly and securely manage mobile devices. Fiberlink’s long time expertise and focus on delivering enterprise mobile computing solutions for over two decades translates to best practices that accelerate deployment, eliminate risk and simplify Mobile Enterprise Management. MaaS360 is the only solution in the market with the credentials to give customers confidence in the areas that matter most: Simple and fast deployments with an exceptional customer experience for IT and employees Powerful management and security capabilities to address the full mobility lifecycle Flexible mobile application container options to separate work and personal data Seamless integration with existing enterprise systems such as email, directories, and certificate authorities The most trusted and proven approach to delivering Enterprise Mobility Management
This chart provides an overview of the typical business challenge, solution and benefits from Trusteer. Trusteer’s Cybercrime Prevention Architecture is a differentiator in IBM’s technology foundation of mobile security. These solutions tackle online and mobile fraud both at the application and transaction level. The Mobile SDK and Mobile App offerings are built upon real-time intelligence and threat research.
Application security is focused around the software development lifecycle and the steps (or stages) of developing software and applications. We have two basic approaches to application security for mobile. The first is essentially catching it as you're developing it. We call it, “static analysis” or “white box testing”. It’s going into the source code going into the coding process and picking up bad security habits in the development process and weeding them out before production. This is the most efficient way to secure code and to protect against his is the most efficient way to secure code to protect yourself against SQL injection and the many application risks that are out there if you code badly. The next approach is a dynamic post-production analysis capability also known as “black box” testing. Testing applications that are in production, penetration test it, is there a way of breaching it? Is there a way of compromising your security through this application? Key themes are that we’ve extended these capabilities to mobile Android and iOS applications. We help you test the security of these apps that you’ve developed for your consumers, partners, and employees to use. We’ve simplified the interface and have made sure that your ROI is even faster for you.
IBM Worklight helps you extend your business to mobile devices. It is designed to provide an open, comprehensive platform to build, run and manage HTML5, hybrid and native mobile apps. IBM Worklight can help you reduce both app development and maintenance costs, improve time-to-market and enhance mobile app governance and security.IBM Worklight is comprised of five components:IBM Worklight Studio is designed to provide a comprehensive environment for advanced, rich, cross-platform mobile app development.IBM Worklight Server is mobile-optimized middleware that serves as a gateway between applications, back-end systems and cloud-based services.IBM Worklight Device Runtime Components offer runtime client application program interfaces (API) designed to enhance security, governance and usability.IBM Worklight Application Center enables you to set up an enterprise app store that manages the distribution of production-ready mobile apps. IBM Worklight Console is an administrative graphical user interface (GUI) for the server, adapters, applications and push services to help you manage, monitor and instrument mobile apps.
Here we have an overview of the typical business challenge, solution and benefits that IBM Security Access Manager for Mobile delivers. IBM offers products and technologies that allow a robust Access Management. These capabilities promote access and entitlement management, single sign-on, and risk-based authentication. An example of this is if I take my mobile device from my normal geography to another part of the world, a second factor of authentication may be required to make sure that you truly are that person because we don't recognize the location you're in as being normal. So again, it’s a great example of intelligence built into access management. Our Identity Management capabilities enable user provisioning, role management, and now privileged identity management solutions; This allows you to monitor the actions of your most “trusted” users as they access your servers, databases, and IT infrastructure from a mobile device. IBM also offers a built in Policy-based Identity and Access Governance capabilities as well as the ability to link to IBM QRadar. Our Security Intelligence layer is a key differentiator for IBM’s Mobile Security Solutions.
This is an overview of the typical business challenge, solution and benefits that IBM Qradar can deliver for mobile security. IBM QRadar Security Intelligence Platform products provide a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, and configuration and vulnerability management. Our security intelligence solutions for mobile foster advanced threat detection, greater ease of use and lower total cost of ownership.
IBM Security Services for Mobile are designed to reduce the risk of going mobile. The challenge today begins with a clear assessment of your organization’s overall security and risk management strategy. Once this assessment is made, IBM security services takes you from planning and design through implementation, testing, monitoring and management of multi-vendor environments. IBM experts can help you better understand your requirements and risk tolerance in order to securely adopt mobile technology. With these services in place, you have the opportunity to utilize the cloud while reducing overall risk and improving visibility. Costs can be minimized, security policies can be enhanced, and hybrid security solutions can be consolidated in order to deliver threat monitoring and global intelligence.
IBM offers an intelligent, innovative and integrated security approach. All of the IBM security offerings are backed by an extensive business partner ecosystem which consists of industry-leading technology, sales and service partners.Our security capabilities are delivered through a comprehensive and robust set of tools and best practices (including software and hardware) that are supported by the services needed to address:Intelligence: Through a common and intuitive view that combines deep analytics with real-time security intelligence.Innovation: Our proactive and trusted source of truth enables us to stay ahead of emerging threats and risks.Integration: Through unifying existing tools and infrastructures with new forms of defense in order to reduce complexity and lower the cost of maintaining a strong security posture.