securing mobile - a business centric approach
DESCRIPTION
Securing Mobile - A Business Centric Approach For a higher quality version, visit: http://decklaration.com/verizon Presentation given by Omar Khawaja (of Verizion) at Verizon the 2013 Mobile World Congress in Barcelona.TRANSCRIPT
![Page 1: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/1.jpg)
Securing Mobile:A Business-Centric Approach
Omar KhawajaFebruary 2013
![Page 2: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/2.jpg)
1970
Information Revolution
Starts
Main frame (Green
Terminals)
@smallersecurity
![Page 3: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/3.jpg)
Personal Computing
19801970
Thick Client & Mobile
Revolution Starts
@smallersecurity
![Page 4: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/4.jpg)
1980 19901970
Web based computing
and Mobile truly goes mobile
Advent of the Web
@smallersecurity
![Page 5: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/5.jpg)
1980 19901970 2000
Web and Mobile mature
Mobile Matures
@smallersecurity
![Page 6: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/6.jpg)
1980 19901970 20102000
Mobile Revolution
Information Revolution becomes the Mobile
Revolution
@smallersecurity
![Page 8: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/8.jpg)
Mobile
is no longer
optional
@smallersecurity
![Page 9: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/9.jpg)
Btw, is
securing
various platform
really that different?
@smallersecurity
![Page 10: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/10.jpg)
1980 19901970 20102000
Difference?
Have a closer look: its really not that different.
@smallersecurity
![Page 11: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/11.jpg)
Top
Business
Technology
TrendsVideo
Social Enterprise
Big Data
Enterprise Clouds
High-IQ Networks
M2M2P
Compliance
Energy Efficiency
Consumerization of IT
Personalization of Service
@smallersecurity
![Page 12: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/12.jpg)
What’s
the common
theme across top
technology trends?
@smallersecurity
![Page 13: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/13.jpg)
Video
Big Data
Enterprise Clouds
High-IQ Networks
M2M2P
Compliance
Social Enterprise Energy Efficiency
Consumerization of IT
Personalization of Service
DATA
@smallersecurity
![Page 14: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/14.jpg)
Mobility
and Cloud
fuel each
of these trends.
@smallersecurity
![Page 15: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/15.jpg)
Security is about
Risk
ThreatsVulnerabilitiesAssets‘Risk’
@smallersecurity
![Page 16: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/16.jpg)
How do
we
secure
mobile
today?@smallersecurity
![Page 17: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/17.jpg)
17
Programs and
Technologies
@smallersecurity
![Page 18: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/18.jpg)
18
Programs and
Technologies
Risk Assessment Security Policy Organization of Info Security
Asset Management Human Resources Management Physical & Environment Security
Communication & Ops Mgmt Access Control Info Systems Acquisition, Dev, & Maintenance
Info Security Incident Management
Business Continuity Management Compliance
@smallersecurity
![Page 19: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/19.jpg)
19
Programs and
Technologies
App Security Anti-X Configuration Management
DLP Encryption IAM, NAC
Patching Policy Management Threat Management
VPN Vulnerability Management …
@smallersecurity
![Page 21: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/21.jpg)
MultipleSingle
Security Technology Sets
Single
Multiple
Security Programs
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
Multiple Approaches
Worst Case
Nirvana Good
Really?
@smallersecurity
![Page 22: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/22.jpg)
Here’s an approach…
@smallersecurity
![Page 23: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/23.jpg)
Data-
Centric
Approach(Follow the
data)
Inventory (must)
Classify (must)
Destroy* (ideal)
Protect
Monitor
@smallersecurity
![Page 24: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/24.jpg)
Data-Centric Security
Model
Data-centric
security is
business-
centric security
@smallersecurity
![Page 25: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/25.jpg)
To protect the
data, protect
what’s around
it too
Data-Centric Security
Model
@smallersecurity
![Page 26: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/26.jpg)
GRC and
Intelligence
define security
program
Data-Centric Security
Model
@smallersecurity
![Page 27: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/27.jpg)
Start with
assets,
end with the
controls
Data-Centric Security
Model
@smallersecurity
![Page 28: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/28.jpg)
How do we execute?
@smallersecurity
![Page 29: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/29.jpg)
Data-
Centric
Security:
A RecipeImplement Control Requirements
Monitor Control Effectiveness
Entitlement Definition
Mobile Environment Definition
Inventory Users
Define Business Processes
Destroy Data
Inventory Data
Categorize Data
@smallersecurity
![Page 30: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/30.jpg)
What about Apps?
@smallersecurity
![Page 31: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/31.jpg)
What about Apps?
Can’t impede
app
proliferation,
but how do you
know which to
trust?
30 billion app downloads from Apple's App Store
Apps have overtaken browsing
@smallersecurity
![Page 32: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/32.jpg)
What about the Network?(It’s not just for transport)
@smallersecurity
![Page 33: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/33.jpg)
Key security imperatives:1) Data Governance2) Application Governance
@smallersecurity
![Page 34: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/34.jpg)
Doing things right
&
Doing the right thingsBusiness Context
Follow the data
Network can help
Simplify security program
Apps matter
@smallersecurity
![Page 35: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/35.jpg)
Question
and
Answers
@smallersecurity
![Page 36: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/36.jpg)
Thank
Youomar.khawaja@
verizonbusiness.com
@smallersecurity
![Page 37: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/37.jpg)
This document and any attached materials are the sole
property of Verizon and are not to be used by you other than
to evaluate Verizon’s service.
This document and any attached materials are not to be
disseminated, distributed, or otherwise conveyed throughout
your organization to employees without a need for this
information or to any third parties without the express written
permission of Verizon.
© 2011 Verizon. All Rights Reserved. The Verizon and
Verizon Business names and logos and all other names,
logos,
and slogans identifying Verizon’s products and services are
trademarks and service marks or registered trademarks and
service marks of Verizon Trademark Services LLC or its
affiliates in the United States and/or other countries. All
other trademarks and service marks are the property of their
respective owners.
PROPRIETARY STATEMENT
@smallersecurity
![Page 38: Securing Mobile - A Business Centric Approach](https://reader030.vdocuments.net/reader030/viewer/2022012913/54c422ed4a795906798b458c/html5/thumbnails/38.jpg)
38
Salahuddin KhawajaDeveloped and Designed by
More at Decklaration.com
ABOUT THE AUTHOR
Salah has 14 years of experience, primarily in the
Financial Services Industry. Before joining JP Morgan
he spent 11 years at Deloitte & Touche helping Fortune
500 clients with various types of Strategic Initiatives.
He is currently is based in Hong Kong with responsibility
for delivering the next generation platform for Securities
Processing.
Areas of Expertise: Strategy Development, Business
Transformation, System Integration, Program & Project
Management, Mobile Strategy, Data Analytics, Executive
Presentations
Sample Clients: Bank of America, Citi , MasterCard