The IntersectionSecurity considerations for being social & mobile while riding the cloudNalneesh Gaur, PwCWeb Forum, Information Management ForumMarch 2, 2012

www.pwc.com

PwC 2

Cloud, mobile and social media synergies increasingly exploited

Case study 1: Construction safety

Case study 2: The board room

PwC 3

About this talk

• Context and Emerging Trends• Pain Points/Imperatives• Response Framework

PwC 4

Context and Emerging Trends

What insights can we glean from emerging trends?

PwC 5

The Context

Local/Proximity Context

Install/Access/Use Application

Access/Store Data locally

Exchange Information

Remote Context

Access/Use Applications

Download/Upload Content

Community Interactions

Conduct Mobile Commerce

Use Location Based Services

Mobile Device

Social Media

Cloud Applications, Data and Services

PwC 6

Japan’s social networking trends show importance of mobile – mobile page views = 85% vs. 14% 4.5 years ago

One of Japan’s leading social network monthly page views, mobile vs. PC, CQ2:06-CQ4:10

Source: Morgan Stanley Research

2Q06 3Q06 4Q06 1Q07 2Q07 3Q07 4Q07 1Q08 2Q08 3Q08 4Q08 1Q09 2Q09 3Q09 4Q09 1Q10 2Q10 3Q10 4Q100

5,000

10,000

15,000

20,000

25,000

30,000

Mobile Page Views Desktop Page Views

CQ3:09 – Platform opened to 3rd-party developers

15%

85%

Mon

thly

Pag

e Vi

ews

(MM

)

86%

14%

PwC 7

Strong mobile trends for leading social companies

Source: Kleiner Perkins: 2011 Top 10 Mobile Trends-Feb-2011

200MM mobile active users vs. 50M in 9/09 2x more active than desktop-only users

Mobile = 50% of total active users.Vs. 25% Y/YMobile = 40% of all tweets

Introduction of mobile product drove 2x conversionratio from free to paying subscribersMobile users = 25-30% total users in mature markets

100MM mobile users vs.50MM Y/Y

Adding 3MM users per month50% of all users subscribe on mobile

Facebook Twitter

Spotify

SHAZAM Pandora

PwC 8

Convenience and ubiquity are driving mobility

Computing growth drivers over time, 1960-2020E

Note: PC installed base reached 100MM in 1993, cellphone/Internet users reached 1B in 2002/2005 respectively;Source: ITU, Mark Lipacis, Morgan Stanley Research.

1

10

100

1,000

10,000

100,000

1,000,000

1960 1970 1980 1990 2000 20202010

Mainframe

Minicomputer

Pc

Desktop Internet

Mobile Internet

Increasin

g Integration

1MM+Units

10MM+Units

100MM+Units

1B+Units/Users

10B+Units???

More than Just Phones

iPad

Kindle

Cell phone/PDA

Mobile Video

Wireless HomeAppliances

Smartphone

Tablet

MP3

Car ElectronicsGPS, ABS, A/V

HomeEntertainment

Games

PwC 9

Mobile is shaping new behaviors

Average Time Spent on Various Mobile Functions, 1/11

Source: AppsFire 1/11

10 minutes (12%)

Web/Web Apps

40 minutes (47%)

All Other• Maps

• Games

• Social Networking

• Utilities

• More

7 minutes (9%)

Mail App

27 minutes (32%)

Telephony

• Phone

• Skype

• Messages

New Activity

PwC 10

Forecast: Global public cloud market size, 2011 To 2020

Source: Forrester, April 2011 “Sizing The Cloud”

2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020$0

$20

$40

$60

$80

$100

$120

$140

$160

$180

Total public cloud markets(US$ billions)

PwC

Cloud computing: Many want better enforcement of provider security policies.

Question 41: “Does your organization currently use cloud services such as Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), or Infrastructure-as-a-Service (IaaS)?” Question 41c: “What impact has cloud computing had on your company’s information security?” Question 41b: “What is the greatest

security risk to your cloud computing strategy?” (Not all factors shown. Total does not add up to 100%.)

Four out of ten (41%) respondents say their organization uses cloud services – and 54% of those that do say the cloud has improved their information security. The greatest risks associated with cloud computing? An uncertain ability to enforce provider security policies and inadequate training and IT auditing are top concerns.

Uncertain ability to en-force provider site secu-

rity policies

Inadequate trainingand IT auditing

Questionable privileged access controlat provider site

Proximity of data to someone else's

Uncertain ability to recover data

0%

20%

40%

32%

19%15%

11%9%

11

PwC 12

88 percent of mobile professionals use social networks

14 percent have used cloud computing in the past year

Source: The Business Journals reveals the business habits of the rising number of SMB mobile professionals, 2011

PwC 13

Business continuity

Access Control

Compliance

Events - Incident response and investigation

Document, audit processes and

procedures for data access protection

Maintain compliance with regulatory

Detect and correct security events

Cooperate during investigations and incident responses

Audit and report user access and data use

Ensure the viability of the provider and

contingency of the consumer’s services

Control access to sensitive data

Provision and deprovision user access

Data protection and segregation

Provide business continuity and

disaster recovery

Prevent unauthorized data exposure, loss or

corruption

Maintain data segregation in multi-

tenet environment

Implement data classification scheme

and processes for handling sensitive data

Securely dispose of data no longer required

In a cloud services environment, providers and consumers must address familiar security and risk challenges

PwC 14

Recap: Key trends at the Intersection

Business drivers1. Mobile Devices with Advanced

Capabilities and Fast Network Connectivity

2. User Driven Change- Board Room and Senior

Executives driving usage - Users demanding enhanced

collaboration and productivity

3. Greater convenience- Applications moving beyond

Email/Contacts/Calendars- Rich content enables quick

decisioning

Key trends

BYOD/Approved Corporate Mobile devices1

Compelling Mobile Applications2

Identity as a Service, Strong Authentication3

Cloud Applications, Data and Services4

Social Networking for Marketing and Customer Interaction5

Social Media Monitoring/Analytics6

PwC 15

Pain points (Imperatives)

Business Context:What other businesses are experiencing?

PwC 16

“Nearly 30% of companies experienced a breach due to unauthorized mobile device use.”

Source: Q1 Enterprise and SMB Survey, 2009 - Forrester Research

PwC 17

Malware by mobile OS

“The MM revolution started principally in 2004 with the release of the Cabir. A worm, SymbianOS. Some MM were released before this date, but it was Cabir and the release of its source code that caused an explosion of new MM to emerge.” – Ken Dunham, Mobile Malware Attacks and Defense

Source: McAffee Threats Report: Second Quarter 2011

New Mobile Malware Q2 2011AndroidJave MESymbianBlackberryMSILPythonVBS

Growth in Mobile Malware

Serious attacks emerge

Complete device control

PwC 18

Complicating factors for security

Device Diversity/Complexity

Application Explosion

Data Explosion

Advanced Persistent Threats

Data Transference and Inference

PwC 19

Response framework

Leading practices: How other businesses are responding

PwC 20

Mobile devices and social media: New rules and new risks

Have a security strategy foremployee use of personal devices

Have a security strategyfor mobile devices

Have a security strategyfor social media

10%

20%

30%

40%

50%

43%

37%

32%

Question 17: “What process information security safeguards does your organization currently have in place?” (Not all factors shown. Total does not add up to 100%.)

Source: PwC/CXO media 2012 Global State of Information Security Survey

PwC 21

Guiding principles

PwC 22

Governance

PwC 23

Process

PwC 24

Technology

PwC 25

Key questions remain

• Which policies are enforceable?• How will we educate our customers, employers and partners?• Which process and tools to evolve? How to address gaps?• How to balance productivity, opportunity and risks?• What is the right approach to changing culture – grass roots,

leadership, hybrid?• Others?

PwC 26

Thank youNalneesh Gaur, DirectorPwCNalneesh.Gaur@us.pwc.com

© 2012 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers LLP, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.

This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisor