2015 mobile security trends: are you ready?
TRANSCRIPT
© 2015 IBM Corporation
IBM Security
0 IBM Security Systems© 2015 IBM Corporation
2015 Mobile Security Trends:
Are You Ready?
Jason Hardy
Market Segment Manager, Mobile Security
IBM Security Systems
David Lingenfelter
Information Security Officer, MaaS360 by Fiberlink
IBM Security
© 2015 IBM Corporation
IBM Security
1 IBM Security Systems
Agenda
What’s Happening in Mobile
Introduce the IBM Mobile Security Framework
Trends from “The State of Mobile Security Maturity”
Tackling Mobile Security with a Layered Defense
1
© 2015 IBM Corporation
IBM Security
2 IBM Security Systems
“Enterprise mobility will continue to be one of the hottest topics in IT, and high on the list of priorities for all CIOs.”
“IT organizations will dedicate at
least 25% of their software
budget to mobile application
development, deployment,
and management by 2017.”
Enterprise Mobility is HOT Mobile Security is a CHALLENGE
© 2015 IBM Corporation
IBM Security
3 IBM Security Systems
3Mobile Enterprise: A 2015 HorizonWatching Trend Report
“Mobile reached a tipping point in 2014 as it solidified its position as one of the most disruptive technologies for businesses in decades. Not since the advent of the Internet has a technology forced businesses to rethink completely how they win, serve, and retain customers. The new competitive battleground is the mobile moment.” Forrester
“Enterprise mobility will continue to be one of the hottest topics in IT, and high on the list of priorities for all CIOs” Ovum
Interest in Mobile continues to grow as business professionals are increasingly using their mobile device over traditional laptops
GSMA
“Mobility spending plans are trending up, with 73% of companies planning to increase mobility spending over the next 12 months, 25% planning to spend at the same rate, and only 2% planning to spend less.” Current Analysis
“Gartner studies show that mobile devices are
increasingly becoming the first go-to device for
communications and content consumption
used by most people on the planet who can
afford such devices” Gartner
© 2015 IBM Corporation
IBM Security
4 IBM Security Systems
Mobile Security Threats Are Exploding
Mobile malware is
growing; malicious
code is infecting
more than
11.6 millionmobile devices at
any given time3
Mobile devices
and the apps we
rely on are under
attack
90% of the top
mobile apps have
been hacked4
“With the growing penetration of
mobile devices in the enterprise,
security testing and protection of
mobile applications and data
become mandatory ` Gartner
“Enterprise mobility … new systems of
engagement. These new systems
help firms empower their customers,
partners, and employees with
context-aware apps and smart
products.” Forrester
© 2015 IBM Corporation
IBM Security
5 IBM Security Systems
Are Mobile Enterprise Apps Secure?
© 2015 IBM Corporation
IBM Security
6 IBM Security Systems
MobileFirst
Protect (MaaS360)
AppScan, Arxan, Trusteer M;
bile SDK
Security Access Manager
for Mobile, Trusteer Pinpoint
Extend Security Intelligence
Enterprise Applications
and Cloud Services
Identity, Fraud,
and Data Protection
Protect Content & Data
Safeguard Applications
Manage Access & Fraud
Secure the Device
DATA
Personal and Consumer
Enterprise
IBM Mobile Security Framework
QRadar Security Intelligence Platform
AirWatch, MobileIron, Good,
Citrix, Microsoft, MocanaHP Fortify, Veracode, Proguard CA, Oracle, RSA
Secure the Device Protect Content & Data Safeguard Applications Manage Access & Fraud
Provision, manage and
secure Corporate and
BYOD devices
Segregate enterprise
and personal data;
ensure shared content
is protected
Develop secure,
vulnerability free,
hardened and risk
aware applications
Secure access and
transactions for
customers, partners
and employees
Security Intelligence
A unified architecture for integrating mobile security information & event management (SIEM), log
management, anomaly detection, and configuration & vulnerability management
© 2015 IBM Corporation
IBM Security
7 IBM Security Systems
The Roadmap to Effective Mobile Security
The State of Mobile Security MaturityFindings from the ISMG Survey Sponsored by IBM
Link to report
© 2015 IBM Corporation
IBM Security
8 IBM Security Systems
Tackling Mobile Security with a Layered Defense
David Lingenfelter
@Simply_Security
© 2015 IBM Corporation
IBM Security
9 IBM Security Systems
Layered Defense
© 2015 IBM Corporation
IBM Security
10 IBM Security Systems
Change is inevitable
© 2015 IBM Corporation
IBM Security
11 IBM Security Systems
Mobile technologies are more empowering
of employed adults use at least one personally-owned mobile device for business
Mobile workers will use at least one business-focused app this year
yearly increase in revenue from people using mobile devices to purchase items.
© 2015 IBM Corporation
IBM Security
12 IBM Security Systems
But security threats are even greater
Threats on your
employees
Threats on your
customers
of financial apps on Android have been hacked
of Top 100 Android apps have been hacked
annual cost of crime
© 2015 IBM Corporation
IBM Security
13 IBM Security Systems
Relentless Use
of Multiple Methods
Operational
Sophistication
Near Daily Leaks
of Sensitive Data
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014
IBM X-Force declared
Year of the
Security Breach
40% increase in reported data
breaches and incidents
500,000,000+ records were leaked, while the future
shows no sign of change
2011 2012 2013
Note: Size of circle estimates relative impact of incident in terms of cost to
business.
We are in an era of continuous breaches.
SQL
injection
Spear
phishing
DDoS Third-party
software
Physical
access
Malware XSS Watering
hole
UndisclosedAttack types
© 2015 IBM Corporation
IBM Security
14 IBM Security Systems
IT’s Role and Focus has Changed
Many different
use cases within a
single company
Corporate Owned
BYOD
Shared Devices
Cart Devices
Kiosk Devices
Data Leakage
Apps
Blacklisting
URL filtering
SharePoint/EFSS
Intranet Access
© 2015 IBM Corporation
IBM Security
15 IBM Security Systems
Mobility Is Strategic
Enterprise Mobility Management
has become a Foundation in
every Mobile Strategy
© 2015 IBM Corporation
IBM Security
16 IBM Security Systems
IBM MobileFirst Protect Layered Approach
Secure
the Device
Secure
the Content
Secure
the App
Secure
the Network
Separating Corporate and Personal Lives
© 2015 IBM Corporation
IBM Security
17 IBM Security Systems
Secure the Device
Dynamic security and
compliance features
continuously monitor devices
and take action.
© 2015 IBM Corporation
IBM Security
18 IBM Security Systems
Secure the Container: Mail & Content
An office productivity app with email, calendar, contacts, & content
© 2015 IBM Corporation
IBM Security
19 IBM Security Systems
Secure the App
Enhancing private and public app
security through (SDK or wrapping)
code libraries and policies
© 2015 IBM Corporation
IBM Security
20 IBM Security Systems
Secure the Network
A fully-functional web browser
to enable secure access to
corporate intranet sites and
enforce compliance of policies
© 2015 IBM Corporation
IBM Security
21 IBM Security Systems
IBM MobileFirst Protect Delivers an Integrated Approach
One Platform for All Your Mobile Assets
Secure Content
Collaboration
Secure
Mobile
Containers
Comprehensive
Mobile Management
Seamless
Enterprise
Access
© 2015 IBM Corporation
IBM Security
22 IBM Security Systems
Embrace The New Normal
Mobile is becoming THE IT platform
Go beyond enabling these new devices
– Mobile utilization of corporate network/resources
– Separation of corporate & personal apps/data
– App management & security (and app dev assist)
– Identity, context and more sophisticated policy
© 2015 IBM Corporation
IBM Security
23 IBM Security Systems
Wrap-up
Unlocking productivity with Apps and Content
Capabilities exists today to Enable
Take a Layered approach for Security
You can do it now,
Empower Users
Build Trust
Do it with IBM Mobile First protect
David Lingenfelter
@simply_security
© 2015 IBM Corporation
IBM Security
24 IBM Security Systems
www.ibm.com/security
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response
to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated
or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure
and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to
be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,
products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.