SlideShare uma empresa Scribd logo
1 de 17
Baixar para ler offline
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 1
OpenWorld 2015
Mobile Security beyond the
corporate perimeter
Indus Khaitan
Product Management, Oracle Mobile
Ali Ahmed
Mobile Security Architect, Oracle
October 28, 2015
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.
2
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Agenda
1
2
3
4
3
The Classic Perimeter and Mobile + Cloud
Architecture of a Perimeter-less organization
Short & Long term solutions and challenges
Q&A
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
The Classic Perimeter
Firewalls, NAC appliances, Gateways, Moats, Snake pits, Fire pits
• Physical Security using network separation
• Bad guys outside, good guys inside
• Implicit privileged access to good guys
• VPNs bring you inside and implicit authorization
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Mobile & Cloud in a perimeter world
• Devices need unfettered access
– VPNs were designed for a wired world
• Cloud Security has limited IT control
• Data is rapidly moving to mobile & cloud
• BYOD compounds problems
5
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Problems with Classic Perimeter in the new world
• Few tightly controlled gates
• Mobile devices are the weak link
• Inside attacks
• Application access based on IP and/or ports
– Legacy applications use “remote host” to elevate user privilege
6
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
1
2
3
4
7
The Classic Perimeter and Mobile + Cloud
Architecture of a Perimeter-less organization
Short & Long term solutions and challenges
Q&A
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Architecture requirements of a Perimeter-less organization
• Security is a key driver
• Access based on risk profile
– End point trust
– Geo information
• Identity based on risk profile.
– Adaptive risk based multi factor auth
– Step-up auth
• Federated Identity
– SSO to cloud and intranet apps
8
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Architecture requirements of a Perimeter-less organization
• Data security
– Data encryption at rest
– Transport security for data in motion
• Device level trust for managed devices
– Integrity / compliance
• App level trust for unmanaged devices
– Integrity / compliance
9
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Architecture Components of a Perimeter-less Organization
10
Proxy and
Security Policy
Enforcement
Intranet
applications
Device / App
Management
Federated
Identity
Identity /
Policy
Management
Cloud
Applications
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Risk Aware Access and Apps
Enterprise use-case for access based on risk profile
Address Book (Low Risk) CRM (Medium Risk) BI - Sales Booking Data
(High Risk)
Managed / Unmanaged Access allowed on Both Access allowed on Both Managed
User Authentication Yes Step-up on Unmanaged Yes
Policy based (e.g: location) Not required Geo fence Yes
Lock/Wipe Yes Yes Yes
11
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
1
2
3
4
12
The Classic Perimeter and Mobile + Cloud
Architecture of a Perimeter-less organization
Short & Long term solutions and challenges
Q&A
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Short-term and long term Solutions
13
Short-term Long-term
Device Management EMM, App Container. Device control, app control and
data control.
Policy Management App level policies exist today in
IDM as well as EMM products.
App and data level policies.
Authentication SSO. Single switch to revoke
access. Multiple Identities across
application vendor boundaries.
Federation. Single ID. Federation
across channels and app
boundaries.
Authorization Light weight authorization policies.
Part of the proxy business logic.
Data level policies.
Cloud Security SSO is primary control point.
Application specific policies.
Cloud-access broker. Traffic goes
through a forward proxy in the
middle.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Adoption and Implementation Challenges
• Fragmented Devices (esp. Android, hard to inventory)
• Certificate-based authentication is brittle
• User-credentials are a starting point
• Network latency issues in weak connectivity areas
• Legacy application rely on desktop-based controls and trusted remote IP
• Not easy to put a proxy in front of cloud applications
• IT rethinking needed to remove VPN
14
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Oracle Mobile Security for 24x7 unfettered access to corporate data
Oracle Mobile Platform
MANAGE
Custom Mobile Apps Packaged Mobile Apps Partner Built Mobile Apps
15Oracle Confidential – Highly Restricted
DEVELOP INTEGRATE
ANALYSE SECURE
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 16
Questions?
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the Corporate Perimeter

Mais conteúdo relacionado

Mais procurados

INTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSINTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSIvanti
 
Internet of Things Experts Share Perspectives on Monetizing the Internet of T...
Internet of Things Experts Share Perspectives on Monetizing the Internet of T...Internet of Things Experts Share Perspectives on Monetizing the Internet of T...
Internet of Things Experts Share Perspectives on Monetizing the Internet of T...Flexera
 
The how and why of patch management by N-able
The how and why of patch management by N-able The how and why of patch management by N-able
The how and why of patch management by N-able Solarwinds N-able
 
Hardware Lab. Andrew Kokhanovskyi. Kaa introduction
Hardware Lab. Andrew Kokhanovskyi. Kaa introductionHardware Lab. Andrew Kokhanovskyi. Kaa introduction
Hardware Lab. Andrew Kokhanovskyi. Kaa introductionGeeksLab Odessa
 
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan   introducing cisco dna assurance-...[Cisco Connect 2018 - Vietnam] 1. lam doan   introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...Nur Shiqim Chok
 
TechWiseTV Workshop: Operational Insights
TechWiseTV Workshop: Operational InsightsTechWiseTV Workshop: Operational Insights
TechWiseTV Workshop: Operational InsightsRobb Boyd
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Insights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle EastInsights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle EastIvanti
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingPro Mrkt
 
NetIQ AppManager & NetIQ Operations Center. NCU Ltd
NetIQ AppManager & NetIQ Operations Center. NCU LtdNetIQ AppManager & NetIQ Operations Center. NCU Ltd
NetIQ AppManager & NetIQ Operations Center. NCU LtdNCU Ltd
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution TaarakMohit8780
 
Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways IISPEastMids
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti
 
Invea - Jiri Tobola
Invea - Jiri TobolaInvea - Jiri Tobola
Invea - Jiri TobolaJan Fried
 

Mais procurados (20)

Webinar IoT Cloud Platforms and Middleware for Rapid Application Development
Webinar IoT Cloud Platforms and Middleware for Rapid Application DevelopmentWebinar IoT Cloud Platforms and Middleware for Rapid Application Development
Webinar IoT Cloud Platforms and Middleware for Rapid Application Development
 
INTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONSINTRODUCTION TO IVANTI NEURONS
INTRODUCTION TO IVANTI NEURONS
 
Internet of Things Experts Share Perspectives on Monetizing the Internet of T...
Internet of Things Experts Share Perspectives on Monetizing the Internet of T...Internet of Things Experts Share Perspectives on Monetizing the Internet of T...
Internet of Things Experts Share Perspectives on Monetizing the Internet of T...
 
The how and why of patch management by N-able
The how and why of patch management by N-able The how and why of patch management by N-able
The how and why of patch management by N-able
 
Hardware Lab. Andrew Kokhanovskyi. Kaa introduction
Hardware Lab. Andrew Kokhanovskyi. Kaa introductionHardware Lab. Andrew Kokhanovskyi. Kaa introduction
Hardware Lab. Andrew Kokhanovskyi. Kaa introduction
 
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan   introducing cisco dna assurance-...[Cisco Connect 2018 - Vietnam] 1. lam doan   introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
 
TechWiseTV Workshop: Operational Insights
TechWiseTV Workshop: Operational InsightsTechWiseTV Workshop: Operational Insights
TechWiseTV Workshop: Operational Insights
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
Insights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle EastInsights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle East
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Fortinet Perspectiva Coporativa
Fortinet Perspectiva CoporativaFortinet Perspectiva Coporativa
Fortinet Perspectiva Coporativa
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
 
NetIQ AppManager & NetIQ Operations Center. NCU Ltd
NetIQ AppManager & NetIQ Operations Center. NCU LtdNetIQ AppManager & NetIQ Operations Center. NCU Ltd
NetIQ AppManager & NetIQ Operations Center. NCU Ltd
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-review
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation Firewalls
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution Taarak
 
Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learn
 
Invea - Jiri Tobola
Invea - Jiri TobolaInvea - Jiri Tobola
Invea - Jiri Tobola
 

Semelhante a Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the Corporate Perimeter

Oracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
Oracle OpenWorld 2015 | CON9456 Mobile Security in the CloudOracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
Oracle OpenWorld 2015 | CON9456 Mobile Security in the CloudIndus Khaitan
 
Enabling the-Connected-Car-Java
Enabling the-Connected-Car-JavaEnabling the-Connected-Car-Java
Enabling the-Connected-Car-Javaterrencebarr
 
JavaOne 2015: CON3434 - Bringing IoT Cloud Services ...
JavaOne 2015: CON3434 - Bringing IoT Cloud Services ...JavaOne 2015: CON3434 - Bringing IoT Cloud Services ...
JavaOne 2015: CON3434 - Bringing IoT Cloud Services ...terrencebarr
 
Let's Talk Mobile
Let's Talk MobileLet's Talk Mobile
Let's Talk MobileChris Muir
 
IoT Cloud Service & Partner IoT Solution
IoT Cloud Service & Partner IoT Solution IoT Cloud Service & Partner IoT Solution
IoT Cloud Service & Partner IoT Solution harishgaur
 
Approaches for WebLogic Server in the Cloud (OpenWorld, September 2014)
Approaches for WebLogic Server in the Cloud (OpenWorld, September 2014)Approaches for WebLogic Server in the Cloud (OpenWorld, September 2014)
Approaches for WebLogic Server in the Cloud (OpenWorld, September 2014)jeckels
 
Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps EraMike Kavis
 
Con8896 securely enabling mobile access for business transformation - final
Con8896  securely enabling mobile access for business transformation - finalCon8896  securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalOracleIDM
 
Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation  Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation Delivery Centric
 
Integrating Enterprise Controls with the Cloud
Integrating Enterprise Controls with the CloudIntegrating Enterprise Controls with the Cloud
Integrating Enterprise Controls with the CloudAtul Goyal
 
Re-­Think Mobile… Beyond Mobile­‐First: Oracle Mobile Strategy and Overview
Re-­Think Mobile… Beyond Mobile­‐First: Oracle Mobile Strategy and OverviewRe-­Think Mobile… Beyond Mobile­‐First: Oracle Mobile Strategy and Overview
Re-­Think Mobile… Beyond Mobile­‐First: Oracle Mobile Strategy and OverviewGuatemala User Group
 
Solaris 11.4 launch
Solaris 11.4 launchSolaris 11.4 launch
Solaris 11.4 launchScott Lynn
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksSkycure
 
Cloud Visibility & Cloud Data Loss Prevention Approaches
 Cloud Visibility & Cloud Data Loss Prevention Approaches Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention ApproachesCipherCloud
 
Oracle presentation at Tech Summit PR 2014
Oracle presentation at Tech Summit PR 2014Oracle presentation at Tech Summit PR 2014
Oracle presentation at Tech Summit PR 2014Tech Summit PR 2014
 
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...Nadine Schoene
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 

Semelhante a Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the Corporate Perimeter (20)

Oracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
Oracle OpenWorld 2015 | CON9456 Mobile Security in the CloudOracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
Oracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
 
Enabling the-Connected-Car-Java
Enabling the-Connected-Car-JavaEnabling the-Connected-Car-Java
Enabling the-Connected-Car-Java
 
JavaOne 2015: CON3434 - Bringing IoT Cloud Services ...
JavaOne 2015: CON3434 - Bringing IoT Cloud Services ...JavaOne 2015: CON3434 - Bringing IoT Cloud Services ...
JavaOne 2015: CON3434 - Bringing IoT Cloud Services ...
 
Let's Talk Mobile
Let's Talk MobileLet's Talk Mobile
Let's Talk Mobile
 
IoT Cloud Service & Partner IoT Solution
IoT Cloud Service & Partner IoT Solution IoT Cloud Service & Partner IoT Solution
IoT Cloud Service & Partner IoT Solution
 
Approaches for WebLogic Server in the Cloud (OpenWorld, September 2014)
Approaches for WebLogic Server in the Cloud (OpenWorld, September 2014)Approaches for WebLogic Server in the Cloud (OpenWorld, September 2014)
Approaches for WebLogic Server in the Cloud (OpenWorld, September 2014)
 
Monitoring in the DevOps Era
Monitoring in the DevOps EraMonitoring in the DevOps Era
Monitoring in the DevOps Era
 
Con8896 securely enabling mobile access for business transformation - final
Con8896  securely enabling mobile access for business transformation - finalCon8896  securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
 
Oracle Mobile Cloud Service
Oracle Mobile Cloud ServiceOracle Mobile Cloud Service
Oracle Mobile Cloud Service
 
Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation  Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation
 
Integrating Enterprise Controls with the Cloud
Integrating Enterprise Controls with the CloudIntegrating Enterprise Controls with the Cloud
Integrating Enterprise Controls with the Cloud
 
Re-­Think Mobile… Beyond Mobile­‐First: Oracle Mobile Strategy and Overview
Re-­Think Mobile… Beyond Mobile­‐First: Oracle Mobile Strategy and OverviewRe-­Think Mobile… Beyond Mobile­‐First: Oracle Mobile Strategy and Overview
Re-­Think Mobile… Beyond Mobile­‐First: Oracle Mobile Strategy and Overview
 
Solaris 11.4 launch
Solaris 11.4 launchSolaris 11.4 launch
Solaris 11.4 launch
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber Attacks
 
Cloud Visibility & Cloud Data Loss Prevention Approaches
 Cloud Visibility & Cloud Data Loss Prevention Approaches Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention Approaches
 
Oracle Cloud Café IoT 12-APR-2016
Oracle Cloud Café IoT 12-APR-2016Oracle Cloud Café IoT 12-APR-2016
Oracle Cloud Café IoT 12-APR-2016
 
Oracle Cloud Café IOT 12 avril 2016
Oracle Cloud Café IOT 12 avril 2016Oracle Cloud Café IOT 12 avril 2016
Oracle Cloud Café IOT 12 avril 2016
 
Oracle presentation at Tech Summit PR 2014
Oracle presentation at Tech Summit PR 2014Oracle presentation at Tech Summit PR 2014
Oracle presentation at Tech Summit PR 2014
 
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 

Mais de Indus Khaitan

Product marketing in B2B SaaS Startup Indus Khaitan 2018
Product marketing in B2B SaaS Startup Indus Khaitan 2018Product marketing in B2B SaaS Startup Indus Khaitan 2018
Product marketing in B2B SaaS Startup Indus Khaitan 2018Indus Khaitan
 
Bringing Contracts to Life | Keynote session at IACCM Dublin Ireland, May 2015
Bringing Contracts to Life | Keynote session at IACCM Dublin Ireland, May 2015Bringing Contracts to Life | Keynote session at IACCM Dublin Ireland, May 2015
Bringing Contracts to Life | Keynote session at IACCM Dublin Ireland, May 2015Indus Khaitan
 
Lets talk about decision making - UC Berkeley
Lets talk about decision making - UC BerkeleyLets talk about decision making - UC Berkeley
Lets talk about decision making - UC BerkeleyIndus Khaitan
 
Bitzer Mobile TiECON 2013 Pitch Indus Khaitan
Bitzer Mobile TiECON 2013 Pitch Indus KhaitanBitzer Mobile TiECON 2013 Pitch Indus Khaitan
Bitzer Mobile TiECON 2013 Pitch Indus KhaitanIndus Khaitan
 
NSDC at NASSCOM Product Conclave 2010
NSDC at NASSCOM Product Conclave 2010NSDC at NASSCOM Product Conclave 2010
NSDC at NASSCOM Product Conclave 2010Indus Khaitan
 
NSEF India - Why become a social entrepreneur now
NSEF India - Why become a social entrepreneur nowNSEF India - Why become a social entrepreneur now
NSEF India - Why become a social entrepreneur nowIndus Khaitan
 
Building Winning Teams - Jain International Trade Organization Bangalore 06_J...
Building Winning Teams - Jain International Trade Organization Bangalore 06_J...Building Winning Teams - Jain International Trade Organization Bangalore 06_J...
Building Winning Teams - Jain International Trade Organization Bangalore 06_J...Indus Khaitan
 
Disha 2010 Presentation on Entrepreneurship Jan'10 -- Indus Khaitan
Disha 2010 Presentation on Entrepreneurship Jan'10 -- Indus Khaitan Disha 2010 Presentation on Entrepreneurship Jan'10 -- Indus Khaitan
Disha 2010 Presentation on Entrepreneurship Jan'10 -- Indus Khaitan Indus Khaitan
 
Ford Motor Company 1902 Indus Khaitan
Ford Motor Company 1902 Indus KhaitanFord Motor Company 1902 Indus Khaitan
Ford Motor Company 1902 Indus KhaitanIndus Khaitan
 
5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry AboutIndus Khaitan
 
Creating Interactive Olap Applications With My Sql Enterprise And Mondrian Pr...
Creating Interactive Olap Applications With My Sql Enterprise And Mondrian Pr...Creating Interactive Olap Applications With My Sql Enterprise And Mondrian Pr...
Creating Interactive Olap Applications With My Sql Enterprise And Mondrian Pr...Indus Khaitan
 

Mais de Indus Khaitan (13)

Product marketing in B2B SaaS Startup Indus Khaitan 2018
Product marketing in B2B SaaS Startup Indus Khaitan 2018Product marketing in B2B SaaS Startup Indus Khaitan 2018
Product marketing in B2B SaaS Startup Indus Khaitan 2018
 
Bringing Contracts to Life | Keynote session at IACCM Dublin Ireland, May 2015
Bringing Contracts to Life | Keynote session at IACCM Dublin Ireland, May 2015Bringing Contracts to Life | Keynote session at IACCM Dublin Ireland, May 2015
Bringing Contracts to Life | Keynote session at IACCM Dublin Ireland, May 2015
 
Lets talk about decision making - UC Berkeley
Lets talk about decision making - UC BerkeleyLets talk about decision making - UC Berkeley
Lets talk about decision making - UC Berkeley
 
Bitzer Mobile TiECON 2013 Pitch Indus Khaitan
Bitzer Mobile TiECON 2013 Pitch Indus KhaitanBitzer Mobile TiECON 2013 Pitch Indus Khaitan
Bitzer Mobile TiECON 2013 Pitch Indus Khaitan
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
NSDC at NASSCOM Product Conclave 2010
NSDC at NASSCOM Product Conclave 2010NSDC at NASSCOM Product Conclave 2010
NSDC at NASSCOM Product Conclave 2010
 
NSEF India - Why become a social entrepreneur now
NSEF India - Why become a social entrepreneur nowNSEF India - Why become a social entrepreneur now
NSEF India - Why become a social entrepreneur now
 
Building Winning Teams - Jain International Trade Organization Bangalore 06_J...
Building Winning Teams - Jain International Trade Organization Bangalore 06_J...Building Winning Teams - Jain International Trade Organization Bangalore 06_J...
Building Winning Teams - Jain International Trade Organization Bangalore 06_J...
 
Disha 2010 Presentation on Entrepreneurship Jan'10 -- Indus Khaitan
Disha 2010 Presentation on Entrepreneurship Jan'10 -- Indus Khaitan Disha 2010 Presentation on Entrepreneurship Jan'10 -- Indus Khaitan
Disha 2010 Presentation on Entrepreneurship Jan'10 -- Indus Khaitan
 
Ford Motor Company 1902 Indus Khaitan
Ford Motor Company 1902 Indus KhaitanFord Motor Company 1902 Indus Khaitan
Ford Motor Company 1902 Indus Khaitan
 
5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About5 Bare Minimum Things A Web Startup CTO Must Worry About
5 Bare Minimum Things A Web Startup CTO Must Worry About
 
Creating Interactive Olap Applications With My Sql Enterprise And Mondrian Pr...
Creating Interactive Olap Applications With My Sql Enterprise And Mondrian Pr...Creating Interactive Olap Applications With My Sql Enterprise And Mondrian Pr...
Creating Interactive Olap Applications With My Sql Enterprise And Mondrian Pr...
 
Practical MySQL
Practical MySQLPractical MySQL
Practical MySQL
 

Último

world Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptxworld Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptxnaveenithkrishnan
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxA_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxjayshuklatrainer
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdfShreedeep Rayamajhi
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
Niche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus BonusNiche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus BonusSkylark Nobin
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilitiesalihassaah1994
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpressssuser166378
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 

Último (15)

world Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptxworld Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptx
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxA_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
Niche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus BonusNiche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus Bonus
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilities
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 

Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the Corporate Perimeter

  • 1. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 1 OpenWorld 2015 Mobile Security beyond the corporate perimeter Indus Khaitan Product Management, Oracle Mobile Ali Ahmed Mobile Security Architect, Oracle October 28, 2015 Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
  • 2. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
  • 3. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Agenda 1 2 3 4 3 The Classic Perimeter and Mobile + Cloud Architecture of a Perimeter-less organization Short & Long term solutions and challenges Q&A
  • 4. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | The Classic Perimeter Firewalls, NAC appliances, Gateways, Moats, Snake pits, Fire pits • Physical Security using network separation • Bad guys outside, good guys inside • Implicit privileged access to good guys • VPNs bring you inside and implicit authorization
  • 5. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Mobile & Cloud in a perimeter world • Devices need unfettered access – VPNs were designed for a wired world • Cloud Security has limited IT control • Data is rapidly moving to mobile & cloud • BYOD compounds problems 5
  • 6. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Problems with Classic Perimeter in the new world • Few tightly controlled gates • Mobile devices are the weak link • Inside attacks • Application access based on IP and/or ports – Legacy applications use “remote host” to elevate user privilege 6
  • 7. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Program Agenda 1 2 3 4 7 The Classic Perimeter and Mobile + Cloud Architecture of a Perimeter-less organization Short & Long term solutions and challenges Q&A
  • 8. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Architecture requirements of a Perimeter-less organization • Security is a key driver • Access based on risk profile – End point trust – Geo information • Identity based on risk profile. – Adaptive risk based multi factor auth – Step-up auth • Federated Identity – SSO to cloud and intranet apps 8
  • 9. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Architecture requirements of a Perimeter-less organization • Data security – Data encryption at rest – Transport security for data in motion • Device level trust for managed devices – Integrity / compliance • App level trust for unmanaged devices – Integrity / compliance 9
  • 10. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Architecture Components of a Perimeter-less Organization 10 Proxy and Security Policy Enforcement Intranet applications Device / App Management Federated Identity Identity / Policy Management Cloud Applications
  • 11. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Risk Aware Access and Apps Enterprise use-case for access based on risk profile Address Book (Low Risk) CRM (Medium Risk) BI - Sales Booking Data (High Risk) Managed / Unmanaged Access allowed on Both Access allowed on Both Managed User Authentication Yes Step-up on Unmanaged Yes Policy based (e.g: location) Not required Geo fence Yes Lock/Wipe Yes Yes Yes 11
  • 12. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Program Agenda 1 2 3 4 12 The Classic Perimeter and Mobile + Cloud Architecture of a Perimeter-less organization Short & Long term solutions and challenges Q&A
  • 13. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Short-term and long term Solutions 13 Short-term Long-term Device Management EMM, App Container. Device control, app control and data control. Policy Management App level policies exist today in IDM as well as EMM products. App and data level policies. Authentication SSO. Single switch to revoke access. Multiple Identities across application vendor boundaries. Federation. Single ID. Federation across channels and app boundaries. Authorization Light weight authorization policies. Part of the proxy business logic. Data level policies. Cloud Security SSO is primary control point. Application specific policies. Cloud-access broker. Traffic goes through a forward proxy in the middle.
  • 14. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Adoption and Implementation Challenges • Fragmented Devices (esp. Android, hard to inventory) • Certificate-based authentication is brittle • User-credentials are a starting point • Network latency issues in weak connectivity areas • Legacy application rely on desktop-based controls and trusted remote IP • Not easy to put a proxy in front of cloud applications • IT rethinking needed to remove VPN 14
  • 15. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Oracle Mobile Security for 24x7 unfettered access to corporate data Oracle Mobile Platform MANAGE Custom Mobile Apps Packaged Mobile Apps Partner Built Mobile Apps 15Oracle Confidential – Highly Restricted DEVELOP INTEGRATE ANALYSE SECURE
  • 16. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 16 Questions?

Notas do Editor

  1. This is a Safe Harbor Front slide, one of two Safe Harbor Statement slides included in this template. One of the Safe Harbor slides must be used if your presentation covers material affected by Oracle’s Revenue Recognition Policy To learn more about this policy, e-mail: Revrec-americasiebc_us@oracle.com For internal communication, Safe Harbor Statements are not required. However, there is an applicable disclaimer (Exhibit E) that should be used, found in the Oracle Revenue Recognition Policy for Future Product Communications. Copy and paste this link into a web browser, to find out more information.   http://my.oracle.com/site/fin/gfo/GlobalProcesses/cnt452504.pdf For all external communications such as press release, roadmaps, PowerPoint presentations, Safe Harbor Statements are required. You can refer to the link mentioned above to find out additional information/disclaimers required depending on your audience.
  2. Device integrity and compliance App integrity and compliance
  3. Device integrity and compliance App integrity and compliance
  4. Speaker’s Notes: Oracle’s Mobile Portfolio provides a complete end to end solution that manages the entire mobile lifecycle. The key tenants to Oracle’s mobile solution is to provide a platform that allows customers to develop, connect, secure, analyze and a manage their mobile applications. With our platform customers, can build customer apps or use and or extend our 100’s of packaged mobile apps. With Mobile Cloud Service ( which now together with Mobile Application framework) we provide all the capabilities needed to build, connect, secure, analyze and manage mobile apps quickly and efficiently. We provide Mobile Security Suite which not only is integrated with MAF/MCS but also tightly integrated with our IDM Suite – is an integral part of our Mobile offering but also can be de-coupled and used as part of a broader enterprise security initiative. Finally Oracle and our partners continue to provide standalone out of the Mobile apps across our on premises and Cloud offerings.