This document discusses mobile adoption and security challenges in 2012. It notes that mobile data usage has increased 4,000% and drivers for businesses include quick app development, employee productivity and cost savings. However, mobile use also presents security risks like malware, lost devices accessing private information, and blurring of personal and business data. The document examines trends in the mobile threat landscape and outlines the top mobile security practices for organizations, including protecting device information, authentication, and maintaining security policies.
3. Business Drivers
• Fast route to market (quick app development)
• User productivity (familiarity & use in personal time)
• Cost saving (capex, support costs, contract/data costs)
• Employee satisfaction
• Staff attraction and retention
• Easier to use?
4. Do you ever text and walk? Ever walk into something?
5. What if your camera was on and showed where you were going?
7. • Found on 3rd party sites and torrents
95054
It does two things:
1. Sends info to a remote location
2. Sends an SMS to all your contacts
Android.Walkinwat 7
10. Mobile threat history across major platforms.
Symbian
requires
140 signing
120
20
100 Families
Ikee
80 worms on
41 Variants
60 rooted
iPhones
40
20
0 Android
iPhone
2004 2005 2006 2007
Symbian
2008 2009 2010 2011
Symbian iPhone Android
11. What Is Driving Security?
Industry trends driving security challenges
• Mobile computing
• Social media
• Consumerization of IT
11
12. Business concerns
• Data on the device
• Social networking (blurring personal/business identities)
• Accountability for the device
(responsible/liable when managing)
• Data privacy regulations
• Malware (HTML5 adoption)
• Location controls – social engineering
• Device physical loss
13. BYOD concerns
• 3rd party use of the device (family access to data)
• Basic security controls vs user lockdown
• Apps installed
• Blending of data and identities
• Jail broken devices
• Damaged devices
• Lost/stolen devices
• Privacy of devices in public places
• Other business users devices
14. Symantec research
Top three Mobile Security Practice “Must Haves”
To successfully enable and manage mobile technology, CISOs rated
their top practices and related technologies:
1. Protecting information on devices (90%)
2. Authentication to the network and applications (89%)
3. Setting and maintaining security policies (88%)
Source: 2011 IDG/CSO Quick Poll Survey of 124 Qualified respondents.
15.
16. Business decisions
• Business or user owned
• In-house or managed Data
Protection
Identity
Service Mgmt
• Managed device or managed
applications Security
baseline
• What controls
– What the longer term use
case?
Mobile Security
17. Smart device = Cloud enabled
• Manage
• Enable new devices entitlements
• Consistently govern
cloud services • Hyper-distributed
information
CIO
CISO
18. 03 - The Rise of Cloud Security Brokers
Managed Devices Unmanaged Devices
Governance
Security/protection agents
Protection SYMANTEC O3
Visibility
Security/protection agents
Datacenter/Private-Cloud Public Cloud Services
Consistent identity & information security policy setting & auditing across all cloud services
Context and content aware security gateway enforcing enterprise policies above the clouds
Complete cloud audit trail of who (identity), what (information, services) , how (devices) , when (time)
21. Mobile – Adoption and Adaption in 2012
Discussions on “Mobile” are everywhere right now, from the
street to the boardroom, and it provides a two-sided challenge
for forward-thinking businesses. On one side, how can the
organisation open up new ways of generating engagement and
revenue from its customer base? On the other, how can it open
up new ways of working for its employees that increase their
productivity and improve retention of the best and brightest?
Both of these potentially positive changes must be held up
against increasing expectations of the protection of both
customer and employee information and identity. Derek
O’Carroll from Symantec will host this workshop by first
presenting a viewpoint and leading a discussion into how this is
being addressed today and possible forward-looking strategies.
Notes de l'éditeur
GartnerAccording to Gartner, sales of smartphones will exceed 461 million by the end of the year, surpassing PC shipments in the process. In fact, combined sales of smartphones and tablets will be 44 percent greater than the PC market by the end of 2011. Oracle mobile data report 201116% of mobile customers have purchased a tablet computer and another 41% plan to purchase one in the next 12 months 55% report having downloaded a free mobile application (app), up significantly from 42% in 2010 47% of mobile customers say their data use has increased in the past 12 months (4Gb-64Gb)
Lets look back at some of the moments in Mobile Malware History:I am sure many of you may remember threats like the skulls trojan targeting Symbian that was being carried by many taxidrivers here in Sydney, who were given the gift from their passengers. Ref : http://www.zdnet.com.au/sydney-taxis-infested-with-worms-139182408.htmCode Signing introduced by Symbian started the decline targeting that platform.Rick Rolling Iphone users in 2009Android seems to be where the action is right now <click>
Applied Research fielded this survey by telephone in April and May 2011. These results are based on 3,300 responses.Of the organizations surveyed in April and May, respondents came from companies with a range of 5 to more than 5,000 employees. Of the total responses, 1,225 were from companies with 1,000 employees or greater.This survey has a reliability of 95% confidence with +/- 1.8% margin of error.When we asked companies that question, the top three industry trends they saw affecting the difficulty of providing cybersecurity were: - Mobile computing (47%) - Social media (46%) - Consumerization of IT (45%)
Symantec is spending a lot of time monitoring the mobile threat landscape and you an read in more detail many of our findings