securing mobile - a business centric approach
DESCRIPTION
Securing Mobile - A Business Centric Approach For a higher quality version, visit: http://decklaration.com/verizon Presentation given by Omar Khawaja (of Verizion) at Verizon the 2013 Mobile World Congress in Barcelona.TRANSCRIPT
Securing Mobile:A Business-Centric Approach
Omar KhawajaFebruary 2013
1970
Information Revolution
Starts
Main frame (Green
Terminals)
@smallersecurity
Personal Computing
19801970
Thick Client & Mobile
Revolution Starts
@smallersecurity
1980 19901970
Web based computing
and Mobile truly goes mobile
Advent of the Web
@smallersecurity
1980 19901970 2000
Web and Mobile mature
Mobile Matures
@smallersecurity
1980 19901970 20102000
Mobile Revolution
Information Revolution becomes the Mobile
Revolution
@smallersecurity
Mobile
is no longer
optional
@smallersecurity
Btw, is
securing
various platform
really that different?
@smallersecurity
1980 19901970 20102000
Difference?
Have a closer look: its really not that different.
@smallersecurity
Top
Business
Technology
TrendsVideo
Social Enterprise
Big Data
Enterprise Clouds
High-IQ Networks
M2M2P
Compliance
Energy Efficiency
Consumerization of IT
Personalization of Service
@smallersecurity
What’s
the common
theme across top
technology trends?
@smallersecurity
Video
Big Data
Enterprise Clouds
High-IQ Networks
M2M2P
Compliance
Social Enterprise Energy Efficiency
Consumerization of IT
Personalization of Service
DATA
@smallersecurity
Mobility
and Cloud
fuel each
of these trends.
@smallersecurity
Security is about
Risk
ThreatsVulnerabilitiesAssets‘Risk’
@smallersecurity
How do
we
secure
mobile
today?@smallersecurity
17
Programs and
Technologies
@smallersecurity
18
Programs and
Technologies
Risk Assessment Security Policy Organization of Info Security
Asset Management Human Resources Management Physical & Environment Security
Communication & Ops Mgmt Access Control Info Systems Acquisition, Dev, & Maintenance
Info Security Incident Management
Business Continuity Management Compliance
@smallersecurity
19
Programs and
Technologies
App Security Anti-X Configuration Management
DLP Encryption IAM, NAC
Patching Policy Management Threat Management
VPN Vulnerability Management …
@smallersecurity
MultipleSingle
Security Technology Sets
Single
Multiple
Security Programs
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
App Security Anti-X Config
Mgmt
DLP Encryption IAM, NAC
Patching Policy Mgmt
Threat Mgmt
VPN Vuln. Mgmt …
Risk Assessment
Security Policy
Organization of Info
Security
Asset Management
Human Resources
Management
Physical & Environment
Security
Comms & Ops Mgmt
Access Control
Info Systems Acquisition,
Dev, & Maint.
Info Security Incident
Management
Business Continuity
ManagementCompliance
Multiple Approaches
Worst Case
Nirvana Good
Really?
@smallersecurity
Here’s an approach…
@smallersecurity
Data-
Centric
Approach(Follow the
data)
Inventory (must)
Classify (must)
Destroy* (ideal)
Protect
Monitor
@smallersecurity
Data-Centric Security
Model
Data-centric
security is
business-
centric security
@smallersecurity
To protect the
data, protect
what’s around
it too
Data-Centric Security
Model
@smallersecurity
GRC and
Intelligence
define security
program
Data-Centric Security
Model
@smallersecurity
Start with
assets,
end with the
controls
Data-Centric Security
Model
@smallersecurity
How do we execute?
@smallersecurity
Data-
Centric
Security:
A RecipeImplement Control Requirements
Monitor Control Effectiveness
Entitlement Definition
Mobile Environment Definition
Inventory Users
Define Business Processes
Destroy Data
Inventory Data
Categorize Data
@smallersecurity
What about Apps?
@smallersecurity
What about Apps?
Can’t impede
app
proliferation,
but how do you
know which to
trust?
30 billion app downloads from Apple's App Store
Apps have overtaken browsing
@smallersecurity
What about the Network?(It’s not just for transport)
@smallersecurity
Key security imperatives:1) Data Governance2) Application Governance
@smallersecurity
Doing things right
&
Doing the right thingsBusiness Context
Follow the data
Network can help
Simplify security program
Apps matter
@smallersecurity
Question
and
Answers
@smallersecurity
Thank
Youomar.khawaja@
verizonbusiness.com
@smallersecurity
This document and any attached materials are the sole
property of Verizon and are not to be used by you other than
to evaluate Verizon’s service.
This document and any attached materials are not to be
disseminated, distributed, or otherwise conveyed throughout
your organization to employees without a need for this
information or to any third parties without the express written
permission of Verizon.
© 2011 Verizon. All Rights Reserved. The Verizon and
Verizon Business names and logos and all other names,
logos,
and slogans identifying Verizon’s products and services are
trademarks and service marks or registered trademarks and
service marks of Verizon Trademark Services LLC or its
affiliates in the United States and/or other countries. All
other trademarks and service marks are the property of their
respective owners.
PROPRIETARY STATEMENT
@smallersecurity
38
Salahuddin KhawajaDeveloped and Designed by
More at Decklaration.com
ABOUT THE AUTHOR
Salah has 14 years of experience, primarily in the
Financial Services Industry. Before joining JP Morgan
he spent 11 years at Deloitte & Touche helping Fortune
500 clients with various types of Strategic Initiatives.
He is currently is based in Hong Kong with responsibility
for delivering the next generation platform for Securities
Processing.
Areas of Expertise: Strategy Development, Business
Transformation, System Integration, Program & Project
Management, Mobile Strategy, Data Analytics, Executive
Presentations
Sample Clients: Bank of America, Citi , MasterCard