api mobility security

April 09, 2012

API Mobility Security

Copyright © 2012 Deloitte Development LLC. All rights reserved. 1

Mobile computing has been growing at a staggering rate across all age groups,

income groups, industries, geographies and cultures and is widely expected to

continue its exponential growth rate over the next five years.

The mobility landscape

Mobile cellular subscriptions

surpassed 5B in 2010 (Gartner)

300M smartphones sold globally in

2010 (Forrester)

One of the major device vendors has

sold 20M smartphones in Q2 2011

and 15M tablets since product

launch in 2010 (Strategy Analytics)

83% of US population owns

cellphones; 35% of these are

smartphones (Pew Research)

By end of 2011, over 85% of the

handsets will be able to access the

mobile web (Gartner)

Smartphone unit sales will surpass

laptop unit sales in 2012 (Gartner)

Approximately 470M smartphones

will be sold globally in 2011 (IDC)

Approximately 980M smartphones

will be sold globally in 2016 (IMS)

By 2015, global mobile data traffic

volume will be approximately 25

times 2010 volume (FCC)

Current mobile landscape Expected growth

Mobility and mobility services are not only gaining ground among consumers

but also among enterprises


Mobility trends and adoption

At a high level, entities go through three stages of adoption for mobility.

Though mobility offers wide range of products and services, it has its own set

of security vulnerabilities due to the changing threat landscape

Bu

sin

ess Im

pact/

Nu

mb

er

of

Mo

bile A

pp

s

Stage 1 Stage 2 Stage 3

Mobile Veneer:

• Mobile access to existing apps

• No mobile app development

• Result: Poor user experience

(UX) and negligible

productivity, customer

satisfaction or revenue gains

Mobilize Existing

Applications:

• Develop new graphical user

interfaces (GUIs) on top of

existing business logic

• Result: Acceptable UX and

noticeable productivity, CRM

& revenue gains

Mobility-Centric Innovation:

• Develop completely new apps

that leverage mobility benefits

• Result: User-centered UX and

new productivity, CRM and

revenue opportunities


Threats in the mobile ecosystem


Mobility risk categories

Without appropriate due diligence and planning for mobility adoption or expansion,

unintended consequences can quickly ambush business goals, inhibit progress of

critical IT initiatives, devalue business benefits and expose the organization to

significant risk.


Strategies for tackling mobile risks

Data centric

Minimal device data

footprint

Communications

encryption

Virtualization

Data integrity

Device centric

Mobile device

management (MDM)

Strict device policy

enforcement

Local data encryption

Secure

containers/partitions

Application centric

Developer training

System development

life cycle

Primary or multi-

platform IDE

Application distribution

& maintenance

Exam

ple

co

ntr

ols


Key decision points drive strategy and the resulting

architecture…

Other considerations

Manage Security In-House Outsource Security vs.

3rd Party Tools Native Platform Tools vs.

Application Management Application Guidance vs.

Full Data Access Restricted Data Access vs.

Bring-Your-Own Corporate Provided vs.


Mobility reference architecture

Applications Development (Design, Implement, Test) Strategy Development

Business Analysis

(Opportunity ID,

Business Case)

Mobile Enablement

Strategy/Roadmap

Mobility Readiness

Assessment

End-to-end Network

Design

Industry

Regulatory/Compliance/

Security Analysis

Mobile Solution

Architecture

Creative/UX/UI Design

Mobile Middleware

Integration Data Mgmt

Native Development

Objective C (iOS),

Java

Cross-Platform Dev

Sybase SUP,

HTML5, Adobe

Enterprise Systems Integration

ERP, Web/Ecommerce

and Legacy Systems

Reporting/BI/DW

Enablement

Mobile Analytics

Feedback

Security

Mobile application

security

Mobile security policy

and governance

Mobile security strategy

and architecture

Mobile device and

operations security

Deployment, Distribution, Management, Operations

Mobile Device

Management

Enterprise App Store Support Readiness

Operational / Organizational

Readiness Product Mgmt

Enablement IT Governance

Cloud and Social

Business

Strategy

Enterprise Mobility

Infrastructure

App concept to

development

Enterprise

Integration Security

Business Strategy

App Concept to Development

Mobility Infrastructure

Enterprise Integration Strategy

Security, Privacy & Compliance


1. Understand the specific

mobility use cases

2. Understand key mobility

risks that affect the

organization and its

constituents

3. Incorporate key business

drivers and objectives

4. Implement security controls

through both policy and

technology

5. Enable, not disable adoption

of new innovations (it’s not

stopping here…)

Taking an organization and constituent-centric approach

What are early adopters doing?

Questions & Next Steps

api mobility security

Documents