securing cloud and mobile pragmatic enterprise security architecture

Report

Post on 12-Feb-2016

56 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

Securing Cloud and Mobile Pragmatic Enterprise Security Architecture. Prabath Siriwardena (@prabath) WSO2 Director, Security Architecture. Within the first decade of the 21 st century – internet worldwide increased from 350 million to more than 2 billion . - PowerPoint PPT Presentation

TRANSCRIPT

Securing Cloud and Mobile Pragmatic Enterprise Security

Architecture

Prabath Siriwardena (@prabath)WSO2

Director, Security Architecture

Within the first decade of the 21st century – internet worldwide increased from 350 million

to more than 2 billion.

Mobile phone subscribers increased from

750 million to 5 billionToday it’s around 6 billion

Only 30% of mobile users, password protect their mobile devices

Many SaaS providers ignore multifactor authentication for mobile applications

113 cell phones are lost or stolen every minute in the

U.S and $7 million worth of smartphones are lost daily

62% of mobile workers currently use their personal smartphones for

work

http://www.websense.com/assets/reports/websense-2013-threat-report.pdf

Mobile Device Management systems need to be an integral part of the corporate

Identity Management

Cloud service providers are becoming mobile friendly with REST/JSON APIs

OAuth 2.0 dominates Mobile and API security

Avoid using Resource Owner Password OAuth grant type

Mobile applications secured with OAuth can be vulnerable to phishing

Your Facebook or Twitter account credentials can be quite easily phished through your

mobile phone - than from a laptop computer

The need to bake-in client key and the secret key into the mobile app itself is an issue yet to

solve

OAuth has given a better failover capability to mobile applications in case of an attack

It takes an average of 20 seconds for a user to log into a resource

Single Sign On increases user productivity

Browser based Single Sign On

Native App Native Web Browser

Authorization Server (IdP)

Mobile Device

Native Single Sign On

Native App Native IdP App

Mobile Device

OpenID Foundation is working on standardizing Native Single Sign On based on

OpenID Connect

Federated Single Sign On

Native App Native Web Browser

Authorization Server (IdP)

Mobile Device

SAML2 IdP

SAML2 IdP

Federated Single Sign On with heterogeneous Authorization Servers

Secured / Confidential data channels

TLS, JSON Web Encryption (JWE)

Managed Cloud APIs

Mobile App API Gateway

Cloud API

Thank You

top related

intactphone: securing the mobile enterprise
Documents
securing the new digital enterprise infographic
Technology
transforming enterprise it with the cloud: a pragmatic guide
Technology
securing data across the extended enterprise
Documents
securing hadoop in an enterprise context (v2)
Software
pragmatic enterprise architecture framework (peaf
Documents
managing and securing the enterprise
Education
best practices securing android in the enterprise
Technology
a pragmatic strategy for oracle enterprise content...
Technology
securing your web applications a pragmatic approach
Technology
connected futures: securing the mobile enterprise
Technology
securing enterprise data
Documents
securing privileged access for the modern enterprise
Documents
a pragmatic strategy for oracle enterprise content...
Technology
pragmatic enterprise application migration to aws
Technology
securing a mobile oriented enterprise...securing a mobile...
Documents
securing the mobile enterprise
Technology
a pragmatic approach to scaling agile in the enterprise
Software
enterprise security: a data-centric approach to securing...
Documents
securing enterprise securing enterprise securing enterprise
Technology