mobile device management -...

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 1

Mobile Device Management David Roundtree, CISSP

Identity & Security

Public Sector | State & Local

Date: April 23, 2013


This document is for informational purposes. It is not a commitment to

deliver any material, code, or functionality, and should not be relied upon in

making purchasing decisions. The development, release, and timing of any

features or functionality described in this document remains at the sole

discretion of Oracle. This document in any form, software or printed matter,

contains proprietary information that is the exclusive property of

Oracle. This document and information contained herein may not be

disclosed, copied, reproduced or distributed to anyone outside Oracle

without prior written consent of Oracle. This document is not part of your

license agreement nor can it be incorporated into any contractual

agreement with Oracle or its subsidiaries or affiliates.


Agenda Today’s Security Challenges

2012 Data Breaches

Enterprise Mobility Challenges

Mobile Identity Management

Mobile Identity Standards


INSIDE OUT

SECURITY STEP BY STEP APPROACH

DEFENSE IN DEPTH



Student Services

Business

Transformation


Citizen Services

Remote Mobile Workforce

Online Healthcare

Social Integration

Cloud Services

Most Significant

in


California Dept

of Child Support

Services

Health&Finance

records

STOLEN

800k US Bureau of

Justice

Statistics

Sensitive DB

Leaked 1.7GB

Bank Account #s

leaked 3.8M State of South

Carolina



Attacks cost $$$$ in State Government (2012)

State of South Carolina Dept. of Revenue > Approximately 3.8 million Social Security

numbers, 387,000 credit and debit card numbers and 657,000 business tax filings were exposed in

a recent cyber-attack at the SC Department of Revenue. From http://www.sctax.org


STATE OF UTAH : DATA BREACH UTAH CTO TAKES THE FALL. RESIGNATION SOUGHT BY GOV. HERBERT AFTER BREACH EXPOSES DATA ON 280,000 MEDICAID RECIPIENTS!!!!

“The state has said it will offer free credit monitoring and

identity theft insurance coverage of up to $1 million for

victims of the breach.”

“Some analysts have held up the breach as a classic

example of the dangers weak or default passwords

controlling access to critical systems and

applications pose to enterprises.”


1. Brand Decline = Loss of trust from Citizens!

2. Regulatory Fines

3. Financial Loss



Mobile Devices in the Enterprise

• Employees, Citizens, Students, Vendors

…using mobile devices

Evolution of BYOD > Bring your own device


90% companies with mobile apps in

2014

62% will depend on social networking to connect with customers and prospects

Store passwords 76%

Store passwords

as

10%

Source: Information week Aug 2011


Mobile Security is Beyond Device Management

46% Of organizations that allow

BYOD reported experiencing a

data or security breach

50% Of helpdesks struggle to keep

up with mobile apps support

Source: Mobility Revolution Redux, March 2012

MOBILE SECURITY STARTS FROM INSIDE

Source: Trend Micro Survey, Feb 2012

58% Building corporate app stores

Source: Partnerpedia Survey, Aug 2011


Mobile Identity & Access Challenges

?

Developer

• Limited resources to

support chatty clients

• No SSO across native

mobile applications

• Challenging to secure

access to data stored on

legacy systems

• Risky to allow business

transactions from untrusted

devices


Guess: The cost of remediating a breach

exceeds the cost of preventing a breach by…..

10X

We need to start taking a proactive approach

to security!!!


SS #s

Credit Card Info

Personal Profile

Denial of Service

Fraud

Collaboration

Privacy

PII

PCI

NIST Security Model

IRS 1075

HIPPA/HITECH

Identity Theft Quality of Service Data Security

& Integrity Regulatory Compliance

BUSINESS HAVE


Demystifying Mobile Identity Management and Standards

Shujaat Ali

Principal Security Consultant


This document is for informational purposes. It is not a commitment to

deliver any material, code, or functionality, and should not be relied upon in

making purchasing decisions. The development, release, and timing of any

features or functionality described in this document remains at the sole

discretion of Oracle. This document in any form, software or printed matter,

contains proprietary information that is the exclusive property of

Oracle. This document and information contained herein may not be

disclosed, copied, reproduced or distributed to anyone outside Oracle

without prior written consent of Oracle. This document is not part of your

license agreement nor can it be incorporated into any contractual

agreement with Oracle or its subsidiaries or affiliates.


Integration Internal

Users Only

Not Scaleable

Propr ie tary

Maintenance P o i n t 2 P o i n t Fragmentation

Cu

sto

m

Inflexible

Bri

ttle

Rigid Legacy

First Generat ion

VPN Based

Hard Coded

Status Quo

Slow

C l i e n t S e r v e r

E x p e n s i v e



EMPLOYEE OWNED DEVICES

LIMITED POWER & STORAGE

DESIGNED FOR WIRELESS & 3G

CHANGING MOBILE APPLICATION DEMANDS


APP

APP

APP

NATIVE

APP

APP

APP

APP


APP APP APP

APP APP APP

REST VPN DOES NOT SCALE


State-full

Cross-network

Device

Independent

SIMPLIFIES MOBILE APPS

REST INTERFACES

Lower

Energy Usage


Corporate DMZ Corporate Network

Mobile and Social

Webgate

Data Interfaces /

Oracle Entitlements Server

Oracle Access Manager

Directory Services

API Gateway

Mobile Browser

Native Application

OAM Protected Resource


CONTEXT AWARE AUTHENTICATION

?

Device Aware !

Time Aware !

Location Aware !

Device

Fingerprint

Account

Detail


PATIENT RECORD xxx xx x

PATIENT RECORD


Select Login Authorize


Login with Facebook

or…

Name:

College:

Major:

Minor:

Graduation Date:

Student Advisor:

High School:

Test Date:

Submit

OAUTH

REAL EXAMPLE CONNECTING

COLLEGE TEST PREP STUDENTS


Better Experience

Single Point of Revocation

Blacklist Devices


MONITORING &

REPORTING


Browser & OS statistics

Alerts Location Risk

Access Trends


White Pages

GPS & WIFI Location

Device Registration

Device Tracking

KBA & OTP

User Registration

White\Black List

Access Management

Platform Security Services

Directory Services

Mobile

Interfaces


Pinterest

I ns tagram

G o o g l e +

Facebook Advertisements

Games Curation

Mixi Social Marketing

U R L S h o r t e n e r s

Search Engine Optimization

S o c i a l P u b l i s h i n g

G a d g e t s

Renren

Promotions

LinkedIn

T u m b l r

Twitter Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 32


Pinterest

I ns tagram G o o g l e

Facebook Yahoo!

Mixi flikr

V e r i s i g n

WordPress

M y O p e n I D


MySpace

Yahoo!

AOL


Pinterest

I ns tagram

G o o g l e +

Facebook Advertisements

Games Curation

Mixi Social Marketing

U R L S h o r t e n e r s

Search Engine Optimization

S o c i a l P u b l i s h i n g

G a d g e t s

Renren

Promotions

LinkedIn

T u m b l r

Twitter Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 34


Dropbox

Everno te

G o o g l e

Facebook

MySpace

TripIt

Yahoo! OpenSocial

N e t f l i x

Photobucket

Y a m m e r


SmugMug

Vimeo LinkedIn

Twitter


Questions?


FOR YOUR ATTENTION THANK YOU

Feel free to contact us at

[email protected]

[email protected]

mobile device management -...

Documents