the overlooked vulnerability: byod adoption tests enterprise network security
TRANSCRIPT
The BYOD Threat Facing the Enterprise The BYOD Threat Facing the Enterprise NetworkNetwork
Secure Mobile Strategies Minimize Risk and Improve ProductivitySecure Mobile Strategies Minimize Risk and Improve Productivity
Chris Rodriguez, Industry AnalystNetwork SecurityAugust 28, 2013
© 2012 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied or otherwise reproduced without the written approval of Frost & Sullivan.
2
Today’s Presenter
•Experience base in the information and communication technologies (ICT) sector, specializing in the areas of:
Enterprise firewall, next generation firewall (NGFW) and unified threat management (UTM), vulnerability management, vulnerability research, intrusion prevention systems (IPS), network access control (NAC), endpoint security software
•Six years of Industry Analyst experience
Chris Rodriguez
Industry AnalystFrost & Sullivan
Follow me on:https://twitter.com/CRodriguezS20
www.linkedin.com/pub/chris-rodriguez/20/46b/309/
3
Focus Points
• Why the Urgency? • But iPhones (and Other Mobile Devices) Are Impervious to
Malware, and Other Fairy Tales• Real Talk: Security is Not Easy• What are my Options? • But What Does This Mean for Me?• Q and A• Poll Results and Conclude
4
Poll Question
Why are you interested in mobile security?
A. To empower employee mobility and productivity with secure BYOD strategies
B. To defend against the mobile threat vector
C. To achieve compliance with regulatory requirements
D. To enhance asset management processes
5
Why the Urgency?
• The explosive growth in mobile device sales is unmanageable• Your organization cannot avoid the BYOD and mobility trend• BYOD introduces more risk
Source: Frost & Sullivan Analysis.
6
But iPhones (and Other Mobile Devices) Are Impervious to Malware, and Other Fairy Tales
Mobile malware is real and becoming commoditized.
1. There is no such thing as a secure operating system
2. Android operating system has more malware than Apple iOS devices
3. Mobile malware is becoming more commoditized and more pervasive
Source: The Android Malware Genome Project and Frost & Sullivan Analysis
7
But iPhones (and Other Mobile Devices) Are Impervious to Malware, and Other Fairy Tales (continued)
Source: Frost & Sullivan analysis.
Mobile devices are platforms to transmit traditional malware and APTs, even through legitimate apps such as Dropbox.
1. These apps are bypassing email security and firewall inspection points
2. Legitimate apps can be leveraged by advanced persistent threats
8
But iPhones (and Other Mobile Devices) Are Impervious to Malware, and Other Fairy Tales (continued)
Mobile fraud is everyone’s problem.
1. Greyware can push ads, or collect a little bit too much information, or charge for premium services
2. It is easy to overlook these excessive permissions or these disclaimers
3. BYOD practices ensure that fraudulent activity also affects businesses
Source: Frost & Sullivan analysis.
9
Real Talk: Security is Not Easy
Mobile threats require holistic solutions including data, device, and network protection.
1. Mobile devices present many challenges because of their ubiquitous and always connected nature
2. Mobile security has elements of data security, device security, and network-based protection
Source: Frost & Sullivan analysis.
10
Real Talk: Security is Not Easy (continued)
Mobile security cannot impede the end-user experience.
1. The biggest challenge is to avoid reducing functionality and accessibility
2. Some solutions separate the corporate data from personal data using a concept of containers or application wrapping
Source: Frost & Sullivan analysis.
11
Real Talk: Security is Not Easy (continued)
Budgetary constraints.
1. Ideally, mobile and BYOD security will follow a defense-in-depth strategy
2. Many organizations cannot afford large deployments of cutting-edge security technologies
Source: Frost & Sullivan analysis.
12
What are my Options?
Network security solutions – NAC, NGFW, data protection.
1. NGFW adds much more contextual data with which to create policies
2. Content security solutions follow a data-centric approach with decisions being made for particular sets of data
3. NAC is a powerful tool that enables companies to leverage comprehensive and real-time endpoint intelligence in their access policies
Source: Frost & Sullivan analysis.
13
What are my Options? (continued)
Mobile endpoint security software – e.g. Symantec, Webroot, McAfee, and ESET.
1. Protects against threats and malware
2. Helps end-users to understand which apps are high risk
3. Also protects against theft and loss
Source: Frost & Sullivan analysis.
14
What are my Options? (continued)
MDM offers some security but no native cyber threat protection capabilities.
1. MDM is focused on asset management capabilities including user identity management and remote management capabilities
2. A proper mobile endpoint security strategy will involve a combination of endpoint-based security software in tandem with network-based tools
Source: Frost & Sullivan analysis.
15
But What Does This Mean for Me?
Information security is a team sport from consumers to enterprise organizations to security vendors.
1. Unfortunately, the hackers are getting really good at this team sport
2. Further education is necessary to ensure that users understand the risks associated with jailbreaking and rooting their devices, and side-loading apps
3. BYOD means securing the devices that they do not control or own using network-based solutions
Source: Frost & Sullivan analysis.
16
But What Does This Mean for Me? (continued)
Mobile device security is a critical Greenfield opportunity for traditional security companies.
1. Low-priced security apps enable consumers to try multiple solutions
2. Smaller vendors with quality security apps can quickly gain a large install base and make a strong brand name in the security industry
Source: Frost & Sullivan market study entitled Analysis of the Global Mobile Endpoint Protection Market, 2013.
17
But What Does This Mean for Me? (continued)
Security vendors are developing MDM capabilities so MDM vendors must partner with or acquire security capabilities.
1. MDM vendors lack experience with threat prevention and malware detection capabilities
2. Endpoint security companies are developing MDM capabilities for their solutions
Source: Frost & Sullivan analysis.
18
Questions and Answers
19
Next Steps
Develop Your Visionary and Innovative SkillsGrowth Partnership Service Share your growth thought leadership and ideas or
join our GIL Global Community
Join our GIL Community Newsletter Keep abreast of innovative growth opportunities
Phone: 1-877-GOFROST (463-7678) Email: [email protected]
20
Your Feedback is Important to Us
Growth Forecasts?
Competitive Structure?
Emerging Trends?
Strategic Recommendations?
Other?
Please inform us by “Rating” this presentation.
What would you like to see from Frost & Sullivan?
21
http://twitter.com/frost_sullivan
Follow Frost & Sullivan on Facebook, LinkedIn, SlideShare, and Twitter
http://www.facebook.com/FrostandSullivan
https://www.linkedin.com/groups?gid=4480787
http://www.slideshare.net/FrostandSullivan
22
For Additional Information
Britni MyersCorporate CommunicationsICT (210) [email protected]
Chris RodriguezIndustry AnalystICT (210) [email protected]
Michael SubyVP of ResearchICT Stratecast(720) [email protected]
Craig HaysSales ManagerICT(210) [email protected]