Beyond Brute ForceStrategies for Securely leveraging Mobile Devices
Rajesh Pakkath, Sr. Product Manager, Oracle
Bob Beach, CIO, Chevron
October, 2014
Oracle Confidential – Internal/Restricted/Highly RestrictedCopyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 3
Safe Harbor StatementThe following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 4
Enterprise Mobility - Trends and Challenges
Strategies to Secure the Mobile Enterprise
Oracle Solution
Chevron Mobility Program
Q&A
1
2
3
4
Agenda
5
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
The Extended Enterprise
80% OF USER ACCESS WILL BE MOBILE
BY 2020
44% OF ORGANIZATIONS PLAN
TO SOCIAL ENABLE APPLICATIONS
CLOUD COMPUTING WILL BECOME THE BULK OF NEW IT SPEND
BY 2016
THERE WILL BE 26 BILLION
CONNECTED DEVICES BY 2020
Unique Identity Requirements for Each Platform
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 6
Enterprise Mobility Trends
81.9% of companies across the globe believe BYOD is an appropriate strategy for their business
Three
Top barriers to mobility:
1. Security controls
2. Legacy systems
3. Multiple OS’s
Future Mobile Focus:
38% external customers
26% employees
23% senior managersSource: CIO SurveyySource: Citrix
Source: Current Analysis
Global workforce will be mobile by 2016
Source: Gartner
40%
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 7
Enterprise Mobility Challenges
Time spent on mobile security projects• Multiple point solutions93%
Concerned with data loss and other mobile breaches• 113 phones stolen/min in US
• Malware rose by 197%
Store credentials on the device• 10% store password in clear
text
Use Personal Devices at work• 50% Without Permission of
Employers
• 90% not “fully aware” of devices connected to network
Source: Mobile Business Statistics, CSO Online 2014Source: Information Week 2011
Source: CIO Survey 2014, Insight Crime 2014 Source: Triangle Research Survey 2014
2/3
76% 89%
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
• Monolithic & Fragmented• Proprietary & Inconsistent• Un-auditable & Un-reportable• Costly & Complex
State of Mobile Security Today
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Identity Fragmentation
• Disparate User stores
• Inconsistent Access Policies
• Reduced User Experience
• Risk-prone Custom Integrations
• Costly Compliance Enforcement
User Mgt
SSO
Federation
AppEmbedded Identities
SSO, Adaptive Access & Provisioning
Federated Cloud Apps
LDAP LDAP
LDAPLDAP
Custom Integrations
Mobile Device Management
LDAP
Mobile Application Management
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 10
Enterprise Mobility - Trends and Challenges
Strategies to Secure the Mobile Enterprise
Oracle Solution
Chevron Mobility Program
Q&A
1
2
3
4
Agenda
5
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Strategies for the New Digital Economy
• Identify the right solution• Separate personal and corporate data• Extend corporate identity to mobile apps• Mitigate threats pre-emptively• Simplify user experience• Restore IT control while maintaining user
privacy
Mobile Security
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 12
• Lock down the phone and treat it as a corporate asset – no personal data
• Purpose built, company owned, shared devices
Determine the right solution based on your needsDevice Management, Application Management or Hybrid
• Create a secure container that separates corporate data and apps from personal data and apps.
• Company Owned Personally Enabled (COPE), BYOD
Control
Mobile Device Management Mobile Application Management
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Separate Personal and Corporate Data
• Separate, protect and wipe corporate applications and data on mobile devices
• Enforce policies to restrict data movement • Enable “Business Desktop” for access to apps,
applications, files and email• Encrypt data-at-rest, in-transit and in-use• Monitor exceptions and remediate violations• Enforce controls without coding for security
Secure Container
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Leverage Identity Platform for Mobile Enforce Consistent Policies
Access Directory• Location Data • Centralized Auth• Device & User Data
Access• Single-Sign On• AuthN protocols •Strong AuthN
Identity Governance• User Lifecycle
• Access Provisioning• Delegated Admin
• Risk Analytics• Access Certification• Role Management
Mobile• Mobile Device Mgmt• Mobile App Mgmt• Mobile Access Mgmt
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Mitigate threats pre-emptively by becoming context awareTrust but Verify
POINT
• Location aware• Device aware • Time aware• Risk aware • Historical behavior
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Simplify user experience without compromising securitySocial & Single sign-on
TrustRisk
REST API OAuth iOS Android
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Improve Scale by Simplifying Administration Know Your Users, their Devices and Privileges – Restore Control
Administrators
Applications
Cart
• Access on demand• Unified console• Simplify deployment• Reduce audit exposure• Improve visibility
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 18
Enterprise Mobility - Trends and Challenges
Strategies to Secure the Mobile Enterprise
Oracle Solution
Chevron Mobility Program
Q&A
1
2
3
4
Agenda
5
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Identity Management
Mobile Security
Access Management
Governance• Access Request
• Access Governance
• Automated Provisioning
• Privileged Account Management
Directory• Enterprise Directory
• Cloud/Mobile App Directory
• Virtual Directory
• Authentication
• Authorization
• Audit
• Federation
• Mobile App Management
• Mobile Device Management
• Mobile Access Management
Open, Integrated and Best of Breed
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 20
• Device Management• Application Management• Secure Container• Secure Communication
Oracle Mobile Security SolutionComprehensive Enterprise Mobility Management
• Web and Native App SSO• Corporate App Store• Productivity Apps• Unified Self-Service Console
Secure Data & Access Simplify User Experience Restore Control
• Governance & Compliance• Strong Authentication• API Security• RESTful Identity Services
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 21
Enterprise Mobility - Trends and Challenges
Strategies to Secure the Mobile Enterprise
Oracle Solution
Chevron Mobility Program
Q&A
1
2
3
4
Agenda
5
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 22
Enterprise Mobility - Trends and Challenges
Strategies to Secure the Mobile Enterprise
Oracle Solution
Chevron Mobility Program
Q&A
1
2
3
4
Agenda
5
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
2014
ORACLE FUSION MIDDLEWARE INNOVATION
ORACLE FUSION MIDDLEWARE:CELEBRATE THIS YEAR'S MOST INNOVATIVE CUSTOMER SOLUTIONS
Innovation Awards Ceremony set for: Tuesday, September 30, 2014 5:00-5:45pm in the LAM Research Theater (Session ID: CON7029)
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 24
Complimentary eBook Register Now
www.mhprofessional.com/mobsec
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 25
Join the Community
Twittertwitter.com/OracleIDM
Facebookfacebook.com/OracleIDM
Oracle BlogsBlogs.oracle.com/OracleIDM
Oracle IdM Websiteoracle.com/Identity
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 26