a more connected government - noufexpo.com.kwnoufexpo.com.kw/egov1/images/thirteen.pdf · the...

A more connected governmentAnywhere, any time

CloudSocialMobility Big data

Mobility as a megatrendThe influence of consumer technology and always-on connectivity

Changing

work styles

The mobile

citizen

Consumerization:

95% of information

workers use at least one self-

purchased device for work

Nearly

80% of

workers spend at

least some

portion of their

time working out

of the office

By

2016,

smartphones and

tablets will put power in

the pockets of a

billionglobal citizens

in 2013,

45%of new local government

applications will be mobile.

Support work use

of personal and

companion

devices

Provide field

workers with

small PCs, tablets

and smartphones

Use policies to manage access:

Identity | Device | Location | App/data

+

Support ANY compliant device… …without overloading IT

Embrace device choice Enable people to use the devices they want without compromising security

Embrace a growing, global, always-on mobile user communityBuild scalable, continuously-connected cloud services

Application Layer

Operating System

Layer

Hardware Layer

Infrastructure Layer

Mob

ile S

ecu

rity

Mobile Carriers

Handset

Manufacturers

Mobile Platform

Providers

Developers /

Application Providers

• Data loss

• Data Protection

Laws violation

• Data corruption

• Network sniffing – Logging /

Impersonation/illegal

transactions

• Tracking Passwords

• Self-propagating /

Spamming using Phone’s

contact list

Unsafe / Untested applications

could lead to device infection /

damage (e.g. change in

settings)

Application flaws – Buffer

Overflows, Cross-site scripting

– could compromise enterprise

data

Defcon & BlackHat conferences, summer 2013• Mactans: Injecting Malware into iOS

Devices via Malicious Chargers Mobile rootkits: Exploiting and rootkitting ARM TrustZone

• Torturing Open Government Systems for Fun, Profit and Time Travel

• Defeating SEAndroid

• A Practical Attack against MDM Solutions

• Android: one root to own them all

• BlackBerryOS 10 from a security perspective

• Bluetooth Smart: The Good, The Bad, The Ugly, and The Fix!

• How to Build a SpyPhone

I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell

Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot

Rooting SIM cards

Abusing Web APIs Through Scripted Android Applications

LTE BOOMS WITH VULNERABILITIES

Mobile Malware: Why the traditional AV paradigm is doomed and how to use physics to detect undesirable routines…

Deploying and managing applications across platforms is difficult.

Apps

Users expect to be able to work in any location and have access to all their work resources.

Users Data

Users need to be productive while maintaining compliance and reducing risk.

The explosion of devices is eroding the standards-based approach to corporate IT.

Devices

Bring Your Owm Device (BYOD)

• Cost savings

• Employee satisfaction and productivity

• Take advantage of the latest devices

• Faster refresh cycles

• Policy with minimum security requirements

• Compliance and ownership of data

• Segregating and retrieving company data

BYOD

• “This is a data, not a device discussion” Tony Scott, Microsoft CIO

• Start with a policy

Security and management Centralized management across platforms

MDMPC & Mac

Management

Multi-device application deliveryDetermine user access rights, then deliver based on device type.

Same user, same app, different device

Cloud-based Self-service Portal

Securely provision application from anywhere

Single point for application requests

Users only see the software they have permission to request

IT can publish access to resources with the Web Application Proxybased on device awareness and the users identity

IT can provide seamless corporate access with DirectAccess and automatic VPN connections.

Users can work from anywhere on their device with access to their corporate resources.

Users can register devices for single sign-on and access to corporate data with Workplace Join

Users can enroll devices for access to the Company Portal for easy access to corporate applications

IT can publish Desktop Virtualization (VDI) for access to centralized resources