This document discusses mobile adoption and security challenges in 2012. It notes that mobile data usage has increased 4,000% and drivers for businesses include quick app development, employee productivity and cost savings. However, mobile use also presents security risks like malware, lost devices accessing private information, and blurring of personal and business data. The document examines trends in the mobile threat landscape and outlines the top mobile security practices for organizations, including protecting device information, authentication, and maintaining security policies.

1. Mobile – Adoption and Adaption in 2012
Greg Day
Security CTO & Director of strategy

2. Mobile data usage up 4,000%
2

3. Business Drivers
• Fast route to market (quick app development)
• User productivity (familiarity & use in personal time)
• Cost saving (capex, support costs, contract/data costs)
• Employee satisfaction
• Staff attraction and retention
• Easier to use?

4. Do you ever text and walk? Ever walk into something?

5. What if your camera was on and showed where you were going?

6. “There’s an app for that…$1.54”

7. • Found on 3rd party sites and torrents
95054
It does two things:
1. Sends info to a remote location
2. Sends an SMS to all your contacts
Android.Walkinwat 7

8. Typical Mobile Malware
8

9. Apple vulnerabilities – iOS5 – Access to last used app
Hold down the power button

10. Mobile threat history across major platforms.
Symbian
requires
140 signing
120
20
100 Families
Ikee
80 worms on
41 Variants
60 rooted
iPhones
40
20
0 Android
iPhone
2004 2005 2006 2007
Symbian
2008 2009 2010 2011
Symbian iPhone Android

11. What Is Driving Security?
Industry trends driving security challenges
• Mobile computing
• Social media
• Consumerization of IT
11

12. Business concerns
• Data on the device
• Social networking (blurring personal/business identities)
• Accountability for the device
(responsible/liable when managing)
• Data privacy regulations
• Malware (HTML5 adoption)
• Location controls – social engineering
• Device physical loss

13. BYOD concerns
• 3rd party use of the device (family access to data)
• Basic security controls vs user lockdown
• Apps installed
• Blending of data and identities
• Jail broken devices
• Damaged devices
• Lost/stolen devices
• Privacy of devices in public places
• Other business users devices

14. Symantec research
Top three Mobile Security Practice “Must Haves”
To successfully enable and manage mobile technology, CISOs rated
their top practices and related technologies:
1. Protecting information on devices (90%)
2. Authentication to the network and applications (89%)
3. Setting and maintaining security policies (88%)
Source: 2011 IDG/CSO Quick Poll Survey of 124 Qualified respondents.

16. Business decisions
• Business or user owned
• In-house or managed Data
Protection
Identity
Service Mgmt
• Managed device or managed
applications Security
baseline
• What controls
– What the longer term use
case?
Mobile Security

17. Smart device = Cloud enabled
• Manage
• Enable new devices entitlements
• Consistently govern
cloud services • Hyper-distributed
information
CIO
CISO

18. 03 - The Rise of Cloud Security Brokers
Managed Devices Unmanaged Devices
Governance
Security/protection agents
Protection SYMANTEC O3
Visibility
Security/protection agents
Datacenter/Private-Cloud Public Cloud Services
Consistent identity & information security policy setting & auditing across all cloud services
Context and content aware security gateway enforcing enterprise policies above the clouds
Complete cloud audit trail of who (identity), what (information, services) , how (devices) , when (time)

19. 2011 Trends
Mobile Threats
19

20. Thank You!
Greg Day
Security CTO & Director of Strategy
Greg_Day@Symantec.com
07714 388998
GregDaySecurity

21. Mobile – Adoption and Adaption in 2012
Discussions on “Mobile” are everywhere right now, from the
street to the boardroom, and it provides a two-sided challenge
for forward-thinking businesses. On one side, how can the
organisation open up new ways of generating engagement and
revenue from its customer base? On the other, how can it open
up new ways of working for its employees that increase their
productivity and improve retention of the best and brightest?
Both of these potentially positive changes must be held up
against increasing expectations of the protection of both
customer and employee information and identity. Derek
O’Carroll from Symantec will host this workshop by first
presenting a viewpoint and leading a discussion into how this is
being addressed today and possible forward-looking strategies.