mobile security synthesizing strategy - nymissa · compliance scope has changed compliance in the...
TRANSCRIPT
![Page 1: Mobile Security Synthesizing Strategy - NYMISSA · Compliance Scope Has Changed Compliance in the Traditional Enterprise Compliance in the Mobile, Extended Enterprise Collect + monitor](https://reader031.vdocuments.net/reader031/viewer/2022042011/5e727c23caa029136f6ef2a7/html5/thumbnails/1.jpg)
Mobile Security – Synthesizing Strategy
Steve Ippoliti
December 12, 2012
![Page 2: Mobile Security Synthesizing Strategy - NYMISSA · Compliance Scope Has Changed Compliance in the Traditional Enterprise Compliance in the Mobile, Extended Enterprise Collect + monitor](https://reader031.vdocuments.net/reader031/viewer/2022042011/5e727c23caa029136f6ef2a7/html5/thumbnails/2.jpg)
Companies Run on Documents
CEO Board of
Directors
• SEC filings
• Tax/audit filings
• SOX reports
• Placements
• Board reports
CIO /
CTO
Human
Resources
• Compliance
reports: GLBA,
SOX, PCI, etc.
• Contracts
• Proprietary
systems
• Compensation
• Bonus data
• Employee equity grants
CFO Legal
• Contracts
• Corp Dev/M&A
• eDiscovery Business
Partners
Banking
Customers
Investors
M&A
Companies
• Board Documents
• Strategy Plans
Investment
Banking
• Advisory Services
• M&A deal materials
Market
Research
Real Estate
Services
• Buy-side research
• Sell-side research
Banking
Services
• Loans, Letter of
Credit
• Performance report
• Wealth
Management/
Investment fund
performance data
• Mortgage
documents
• Ecological
assessment
documents
• Property debt
documents
![Page 3: Mobile Security Synthesizing Strategy - NYMISSA · Compliance Scope Has Changed Compliance in the Traditional Enterprise Compliance in the Mobile, Extended Enterprise Collect + monitor](https://reader031.vdocuments.net/reader031/viewer/2022042011/5e727c23caa029136f6ef2a7/html5/thumbnails/3.jpg)
Urgency: “The Box” Syndrome
The average organization has
13 file sync applications in use
76% of organizations send traffic
to Dropbox (2GB/mo. average)
Source: Palo Alto Networks, Ponemon Institute
90% of organizations lost critical,
confidential data this year
![Page 4: Mobile Security Synthesizing Strategy - NYMISSA · Compliance Scope Has Changed Compliance in the Traditional Enterprise Compliance in the Mobile, Extended Enterprise Collect + monitor](https://reader031.vdocuments.net/reader031/viewer/2022042011/5e727c23caa029136f6ef2a7/html5/thumbnails/4.jpg)
Reconciling Post-PC Users and IT
What Users Want
Sync:
Mobile / Tablet /
Desktop / Web /
BYOD
Collaborate:
Share /
Annotate /
Manage
Just Works:
Picture Perfect
Documents,
Fast, Elegant,
Interface
Data Security and
Control
Tracking and
Compliance
Cloud or On
Premise
Deployment
What Enterprise IT Needs
Integration to
Enterprise Systems
![Page 5: Mobile Security Synthesizing Strategy - NYMISSA · Compliance Scope Has Changed Compliance in the Traditional Enterprise Compliance in the Mobile, Extended Enterprise Collect + monitor](https://reader031.vdocuments.net/reader031/viewer/2022042011/5e727c23caa029136f6ef2a7/html5/thumbnails/5.jpg)
Document Security – Current State
Inside the Perimeter
FW
IPS
IAM DLP
MDM
C
A
B
MDM
![Page 6: Mobile Security Synthesizing Strategy - NYMISSA · Compliance Scope Has Changed Compliance in the Traditional Enterprise Compliance in the Mobile, Extended Enterprise Collect + monitor](https://reader031.vdocuments.net/reader031/viewer/2022042011/5e727c23caa029136f6ef2a7/html5/thumbnails/6.jpg)
How Data is Lost vs. Scope of Protection by Product
Lost Device
27
25
12 5
Accidental Sharing
Insider
MDM
DLP / MAM Typical File Sharing
Source: Forrester Research 9/2012
![Page 7: Mobile Security Synthesizing Strategy - NYMISSA · Compliance Scope Has Changed Compliance in the Traditional Enterprise Compliance in the Mobile, Extended Enterprise Collect + monitor](https://reader031.vdocuments.net/reader031/viewer/2022042011/5e727c23caa029136f6ef2a7/html5/thumbnails/7.jpg)
Document Security – With Document Centric Protection
FW
IPS
IAM DLP
MDM
Inside the Perimeter
A
B
C
MDM
![Page 8: Mobile Security Synthesizing Strategy - NYMISSA · Compliance Scope Has Changed Compliance in the Traditional Enterprise Compliance in the Mobile, Extended Enterprise Collect + monitor](https://reader031.vdocuments.net/reader031/viewer/2022042011/5e727c23caa029136f6ef2a7/html5/thumbnails/8.jpg)
How Data is Lost vs. Scope of Protection by Product
Lost Device
27
25
12 5
Accidental Sharing
Insider
Lost Device
Accidental Sharing
External Attack
Insider Etc
MDM
DLP / MAM Typical File Sharing
Source: Forrester Research 9/2012
Data-Centric Protection
![Page 9: Mobile Security Synthesizing Strategy - NYMISSA · Compliance Scope Has Changed Compliance in the Traditional Enterprise Compliance in the Mobile, Extended Enterprise Collect + monitor](https://reader031.vdocuments.net/reader031/viewer/2022042011/5e727c23caa029136f6ef2a7/html5/thumbnails/9.jpg)
Compliance Scope Has Changed
Compliance in the Traditional Enterprise
Compliance in the Mobile, Extended Enterprise
Collect + monitor system logs, review/alert on issues
Data itself must generate an audit log of every event on
every device for review + alerting
Effective for Regulated Data on:
IT-Managed Infrastructure
Mobile Devices
Third Parties’ Devices /
Infrastructure
Effective for Regulated Data on:
IT-Managed Infrastructure
Mobile Devices
Third Parties’ Devices /
Infrastructure
SIEM
Log Management
GRC
SIEM
Log Management
GRC
![Page 10: Mobile Security Synthesizing Strategy - NYMISSA · Compliance Scope Has Changed Compliance in the Traditional Enterprise Compliance in the Mobile, Extended Enterprise Collect + monitor](https://reader031.vdocuments.net/reader031/viewer/2022042011/5e727c23caa029136f6ef2a7/html5/thumbnails/10.jpg)
Use Case: IP Protection Solution
0
100
200
300
400
500
600
700
800
900
1 3 5 7 9
11
13
15
17
19
21
23
Week
Inte
rna
l U
se
rs
• Use case: IP protection
• Requirements:
- Protect product designs,
manufacturing instructions, and
quality standards
- Full BYOD – must control data on
devices not managed/owned by
Nike
• Rolled out Nike HQ and hundreds of
subcontracted factory users
• Used for millions of product designs
Deployment
![Page 11: Mobile Security Synthesizing Strategy - NYMISSA · Compliance Scope Has Changed Compliance in the Traditional Enterprise Compliance in the Mobile, Extended Enterprise Collect + monitor](https://reader031.vdocuments.net/reader031/viewer/2022042011/5e727c23caa029136f6ef2a7/html5/thumbnails/11.jpg)
Analyst Perspective: Forrester
![Page 12: Mobile Security Synthesizing Strategy - NYMISSA · Compliance Scope Has Changed Compliance in the Traditional Enterprise Compliance in the Mobile, Extended Enterprise Collect + monitor](https://reader031.vdocuments.net/reader031/viewer/2022042011/5e727c23caa029136f6ef2a7/html5/thumbnails/12.jpg)
Corporate Overview
Analyst Recognition Company Background
“Shake[s] up ERM with secure document sharing as a service”
Cool Vendor
Represents “next generation of DLP and DRM solutions”
Customer Base
• Founded in 2008
• Headquartered in Palo Alto, CA
• 80+ employees
• Deep security DNA (EMC/RSA, ArcSight, Check Point, McAfee, Symantec)