securing cloud and mobile pragmatic enterprise security architecture
DESCRIPTION
Securing Cloud and Mobile Pragmatic Enterprise Security Architecture. Prabath Siriwardena (@prabath) WSO2 Director, Security Architecture. Within the first decade of the 21 st century – internet worldwide increased from 350 million to more than 2 billion . - PowerPoint PPT PresentationTRANSCRIPT
Securing Cloud and Mobile Pragmatic Enterprise Security
Architecture
Prabath Siriwardena (@prabath)WSO2
Director, Security Architecture
Within the first decade of the 21st century – internet worldwide increased from 350 million
to more than 2 billion.
Mobile phone subscribers increased from
750 million to 5 billionToday it’s around 6 billion
Only 30% of mobile users, password protect their mobile devices
Many SaaS providers ignore multifactor authentication for mobile applications
113 cell phones are lost or stolen every minute in the
U.S and $7 million worth of smartphones are lost daily
62% of mobile workers currently use their personal smartphones for
work
http://www.websense.com/assets/reports/websense-2013-threat-report.pdf
Mobile Device Management systems need to be an integral part of the corporate
Identity Management
Cloud service providers are becoming mobile friendly with REST/JSON APIs
OAuth 2.0 dominates Mobile and API security
Avoid using Resource Owner Password OAuth grant type
Mobile applications secured with OAuth can be vulnerable to phishing
Your Facebook or Twitter account credentials can be quite easily phished through your
mobile phone - than from a laptop computer
The need to bake-in client key and the secret key into the mobile app itself is an issue yet to
solve
OAuth has given a better failover capability to mobile applications in case of an attack
It takes an average of 20 seconds for a user to log into a resource
Single Sign On increases user productivity
Browser based Single Sign On
Native App Native Web Browser
Authorization Server (IdP)
Mobile Device
Native Single Sign On
Native App Native IdP App
Mobile Device
OpenID Foundation is working on standardizing Native Single Sign On based on
OpenID Connect
Federated Single Sign On
Native App Native Web Browser
Authorization Server (IdP)
Mobile Device
SAML2 IdP
SAML2 IdP
Federated Single Sign On with heterogeneous Authorization Servers
Secured / Confidential data channels
TLS, JSON Web Encryption (JWE)
Managed Cloud APIs
Mobile App API Gateway
Cloud API
Thank You