2. Vijay Dheap
Global Product Manager, IBM Mobile Security Solutions
IBM Master Inventor
IBM Mobile Management & Security
DELIVERING CONFIDENCE
3. It’s a (Smarter) Mobile World!
In 2011 sales of smartphones surpassed that of
PCs, soon they will dwarf the sales of PCs
- Business Insider
Users are increasingly adopting smartphones over
feature phones – as of this year there is a greater
percentage of smartphone users in the US than
feature phone users. This trend is accelerating
worldwide
4. Employees Bringing Smart Devices To Work…
By 2015 40% of Enterprise devices will be mobile devices
- IBM Projection
Bring Your Own Device (BYOD)
The trajectory of adoption is coming from the consumer
space into the enterprise.
Greater propensity for users of smartphones and tablets to
use their personal devices for work
Organizations starting to view BYOD for its business value
and organizations recognizing the competitive
differentiation it can offer
5. Mobility as an Enabler
Business value driven by mobility is opening up unique opportunities
European Bank improves employee productivity by enabling transactions
via mobile devices and earns greater customer loyalty through convenient
banking options via mobile devices
US Utility Company achieves greater responsiveness by empowering field
employees to derive solutions to address operational issues by enabling
mobile access and collaboration
6. IBM strategy addresses client mobile initiatives
Extend & Transform Build & Connect
Extend existing business Build mobile applications
capabilities to mobile devices Connect to, and run backend
Transform the business by systems in support of mobile
creating new opportunities
Manage & Secure
Manage mobile devices and applications
Secure my mobile business
7. Uniqueness of Mobile…
Mobile devices Mobile devices Mobile devices Mobile devices Mobile devices
are shared more have multiple are diverse are used in more prioritise the
.
often personas locations user
• Personal phones and • Work tool • OS immaturity for • A single location could • Conflicts with user
tablets shared with • Entertainment device enterprise mgmt offer public, private, experience not
family • BYOD dictates and cell connections tolerated
• Personal organiser
• Enterprise tablet multiple OSs • Anywhere, anytime • OS architecture puts
• Security profile per
shared with co- • Vendor / carrier • Increasing reliance on the user in control
persona?
workers control dictates enterprise WiFi • Difficult to enforce
• Social norms of mobile multiple OS versions • Devices more likely to policy, app lists
apps vs. file systems • Diverse app be lost/stolen • Security policies have
development/delivery less of a chance of
model dictating experience
8. Mobile Security Risks, Concerns & Emerging Threats
OWASP Mobile Security Project:
Top 10 Mobile Risks, (Release Candidate v1.0)
1.Insecure Data Storage
2.Weak Server Side Controls
3.Insufficient Transport Layer Protection
4.Client Side Injection
5.Poor Authorization and Authentication
6.Improper Session Handling
7.Security Decisions Via Untrusted Inputs
8.Side Channel Data Leakage Emerging Mobile Threats
Social Engineering Mobile Borne DoS Attacks
9.Broken Cryptography
Rogue Apps Identity Theft
10.Sensitive Information Disclosure Malicious Websites Man-in-the-Middle Attacks
9. Mobile Security Challenges Faced By Enterprises
Personal vs corporate
Achieving Data Separation & Data leakage into and out of the enterprise
Providing Data Protection Partial wipe vs. device wipe vs legally defensible wipe
Data policies
Multiple device platforms and variants
Multiple providers
Adapting to the BYOD/ Managed devices (B2E)
Unmanaged devices (B2B,B2E, B2C)
Consumerization of IT Trend Endpoint policies
Threat protection
Identity of user and devices
Providing secure access to Authentication, Authorization and Federation
enterprise applications & data User policies
Secure Connectivity
Application life-cycle
Developing Secure Applications Vulnerability & Penetration testing
Application Management
Application policies
Designing & Instituting an Policy Management: Location, Geo, Roles, Response, Time policies
Security Intelligence
Adaptive Security Posture Reporting
10. Visualizing Mobile Security
WiFi Mobile
apps Develop, test and
deliver safe
Web applications
Internet sites
Telecom
Secure Provider
endpoint
device and
Security Corporate
data Gateway Intranet &
Achieve Visibility and Enable Systems
Adaptive Security Posture Secure access to enterprise
applications and data
11. Getting Started with Mobile Security Solutions…
Business Need: Business Need: Business Need:
Protect Data & Applications on the Protect Enterprise Systems & Deliver Build, Test and Run Secure Mobile
Device Secure Access Apps
Prevent Loss or Leakage of Enterprise Provide secure access to enterprise Enforce Corporate Development Best
Data systems Practices
Wipe VPN Development tools
Local Data Encryption Prevent unauthorized access to enforcing security policies
Protect Access to the Device enterprise systems Testing mobile apps for exposure to
Device lock Identity threats
Mitigate exposure to vulnerabilities Certificate management Penetration Testing
Anti-malware Authentication Vulnerability Testing
Push updates Authorization Provide Offline Access
Detect jailbreak Audit Encrypted Local Storage of
Detect non-compliance Protect users from Internet borne Credentials
Protect Access to Apps threats Deliver mobile apps securely
App disable Threat protection Enterprise App Store
User authentication Enforce Corporate Policies Prevent usage of compromised apps
Enforce Corporate Policies Anomaly Detection Detect and disable
Security challenges for compromised apps
access to sensitive data
12. IBM Mobile Security & Management Solutions
Management & Security of Users, Devices and Apps
IBM Endpoint Manager for Mobile IBM Security Access Manager (ISAM)
• Single management infrastructure for all endpoints • Users & Devices context aware Authentication &
• Gain visibility and control over BYOD devices Authorization
• Core capabilities include: device lock, selective wipe, • Standards Support: OAuth, SAML, OpenID
jailbreak/root detection, password policy enforcement • Single Sign-On & Identity Mediation
IBM AppScan for Mobile IBM Lotus Mobile Connect
• Vulnerability testing of applications • Secure Connectivity
• App level VPN
IBM WebSphere DataPower
• Enterprise applications protection IBM QRadar
• XML security & message protection • System-wide Mobile Security Awareness
• Protocol Transformation & Mediation • Risk Assessment
• Threat Detection
14. Mobile Device Security
IBM Endpoint Manager for Mobile Devices: A highly-scalable, unified solution that delivers device management and security
across device types and operating systems for superior visibility and control
Client Challenge
Managed = Secure
Managing and securing enterprise and BYOD mobile
Common agent devices without additional resources
Unified console
Systems Common Security Key Capabilities
management infrastructure management
Single server • A unified systems and security management solution for
all enterprise devices
• Near-instant deployment of new features and reports in
IBM Endpoint Manager to customer’s environments
• Platform to extend integrations with Service Desk,
CMDB, SIEM, and other information-gathering systems
to mobile devices
• Advanced mobile device management capabilities for
Desktop / laptop / server Mobile Purpose-specific iOS, Android, Symbian, and Windows Mobile, Windows
endpoint endpoint endpoint Phone
• Security threat detection and automated remediation
15. Mobile Access Security
IBM Security Access Manager for Mobile: Delivers user security by authenticating and
authorizing the user and their device
Client Challenge
IBM
Ensuring users and devices are authorized to
Access Access Manager access enterprise resources from that specific
Manager Servers
device.
External Authentication
VPN or
HTTPS
Provider
User registries (i.e. Key Capabilities
LDAP)
• Satisfy complex context-aware authentication
Federated ID
Mgr requirements
• Reverse proxy, authentication, authorization,
and federated identity
• Mobile native, hybrid, and web apps
Application Servers
(WebSphere, WorkLight) • Flexibility in authentication: user id/password,
basic auth, certificate, or custom
• Supports open standards applicable to mobile
Web Services
Web Apps such as OAuth
• Advanced Session Management
16. Mobile Access Security
IBM Lotus® Mobile Connect: Provides features that help deliver a security-rich connection to enterprise
resources from mobile devices.
Client Challenge Key Capabilities
• Need to protect enterprise data in transit from •Clientless app-level Virtual Public Network (VPN) with a
mobile devices to back-end systems
•Strong authentication and encryption of data in transit
17. Mobile App Security
AppScan: app security testing and risk management
Client Challenge
Applying patches and resolving application
vulnerabilities after apps are Delivered and
Deployed is a very costly and time consuming
exercise
Key Capabilities
• Leverage AppScan for vulnerability testing of
mobile web apps and web elements
(JavaScript, HTML5) of hybrid mobile apps
• Vulnerabilities and coding errors can be
addressed in software development and testing
• Code vulnerable to known threat models can
be identified in testing
• Security designed in vs. bolted on
18. Mobile App Security
WorkLight: Develop, deliver and deploy security-rich mobile apps to streamline business activities while
also delivering a rich user experience
Client Challenge
Efficiently and securely, create and run HTML5,
hybrid and native mobile apps for a broad set of
mobile devices
Key Capabilities
• Integrated secure access to backend
application resources
• Secured by design - develop secure mobile
apps using corporate best practices, code
obfuscation
• Protect mobile app data with encrypted local
storage for data, offline user access, app
authenticity validation, and enforcement of
organizational security policies
• Maximize mobile app performance with
analytics, remote disabling of apps
19. Mobile Security Intelligence
Qradar: Deliver mobile security intelligence by monitoring data collected from other
mobile security solutions – visibility, reporting and threat detection
Client Challenge
Visibility of security events across
the enterprise, to stay ahead of the threat, show
compliance and reduce enterprise risk
Key Capabilities
• Integrated intelligent actionable
platform for
• Searching
• Filtering
• Rule writing
• Reporting functions
• A single user interface for
• Log management
• Risk modeling
• Vulnerability prioritization
• Incident detection
• Impact analysis tasks
22. IBM Case Study
Extending Corporate Access
“IBM's BYOD program “really is about supporting employees in the
way they want to work. They will find the most appropriate tool to
get their job done. I want to make sure I can enable them to do
that, but in a way that safeguards the integrity of our business.”
Jeanette Horan, IBM CIO
Customer Needs Key Features & Outcomes
Support BYOD for a variety of mobile 120,000 mobile devices, 80,000 personally
platforms securely for a highly mobile owned, supported in months
population
Integrated Lotus Traveler, IBM Connections,
Scale to hundreds of thousands of devices IBM Sametime, and IBM Endpoint Manager
23. Leading European Bank
European Bank to Deliver Secure Mobile Internet Banking
AimArs needed to reduce operational complexity and cost with a single, scalable
infrastructure to secure access to various back-end services from multiple mobile apps. A
customized authentication mechanism empowered the bank to guarantee the security of
its customers while safeguarding the trust relationship with a safe app platform that
encrypts local data and delivers app updates immediately.
Customer Needs Key Features & Outcomes
• Extend secure access to banking apps to mobile • Authenticates requests made via HTTPS from
customers hybrid mobile apps running on WorkLight platform
• Enhance productivity of employees to perform to back-end services
secure banking transactions via mobile devices • A custom certificates-based authentication
• Support for iOS, Android, and Windows Mobile mechanism implemented to secure back-end
banking application
24. Major Utility Company
Adding Mobile Devices Without Adding Infrastructure
Serving 4.5 million customers in the southwestern region of the
United States, this electric company of 25,000 employees is a
leader in clean energy while exceeding reliability standards and
keeping consumer costs below average. They are experiencing a
migration from traditional endpoints to mobile devices.
Customer Needs Key Features & Outcomes
• Support 20,000+ mobile devices • Scalability to 250,000 endpoints provides room to grow
• Corporate and employee-owned, many platforms and OS • Added mobile devices to existing IEM deployment in
versions days
• High availability for certain devices used in the field • Ability to integrate with Maximo, Remedy
• Adherence to Internal security policies, external • Responsiveness and agility of product and product team
regulations
Notes de l'éditeur
In today ’s mobile world enterprises are transforming the way they interact with their customers, partners and employees by implementing mobile strategies that enable them to: Build, connect , and run a growing portfolio of mobile apps for customers, partners and employees Manage and secure mobile applications and data on a variety of mobile devices and operating systems Extend and transform the business to yield new opportunities and business models while extending existing business capabilities to mobile employees, customers, and partners IBM offers a comprehensive set of solutions to meet our customer's mobile requirements so they can seize the opportunities that the mobile world provides while reducing cost and complexity. The IBM Mobile Foundation offering was created to provide an open mobile application platform for developing, deploying, and managing mobile apps. IBM Mobile Foundation delivers a range of app development and management capabilities that support a wide variety of mobile devices and mobile app types, while leveraging existing web technologies skills and investments. The IBM Mobile Foundation family of products includes: IBM Worklight: to build, run and manage cross-platform mobile apps WebSphere CastIron: to connect mobile apps to a variety of Cloud and back-end systems IBM Endpoint Manager: to control and manage end-user mobile devices
Author Note: Mandatory Rational closing slide (includes appropriate legal disclaimer). Graphic is available in English only.