Soumettre la recherche
Mettre en ligne
Mobile First? Security First? It's a Tie and Here's Why!
•
Télécharger en tant que PPTX, PDF
•
0 j'aime
•
871 vues
Globo Plc
Suivre
Leveraging mobility does not have to mean sacrificing security.
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 29
Télécharger maintenant
Recommandé
Empowering Secure Mobility in Regulated Industries
Empowering Secure Mobility in Regulated Industries
Globo Plc
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-Brief
Jonathan Reyes
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC
Infosec Law (Feb 2006)
Infosec Law (Feb 2006)
Lance Michalson
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQL
Rajni Baliyan
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Government Technology and Services Coalition
eGRC for Information Export Control
eGRC for Information Export Control
NextLabs, Inc.
GDPR Webinar - feb
GDPR Webinar - feb
Sophos Benelux
Recommandé
Empowering Secure Mobility in Regulated Industries
Empowering Secure Mobility in Regulated Industries
Globo Plc
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-Brief
Jonathan Reyes
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC
Infosec Law (Feb 2006)
Infosec Law (Feb 2006)
Lance Michalson
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQL
Rajni Baliyan
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Government Technology and Services Coalition
eGRC for Information Export Control
eGRC for Information Export Control
NextLabs, Inc.
GDPR Webinar - feb
GDPR Webinar - feb
Sophos Benelux
Data Risks In A Digital Age
Data Risks In A Digital Age
padler01
Imation Defender Collection
Imation Defender Collection
guest305ef9
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security Controls
Kristian Alisasis Pura
Protecting Donor Privacy
Protecting Donor Privacy
Raymond Cunningham
Sms compliance white paper for mobile communications
Sms compliance white paper for mobile communications
TextGuard
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-
IT Strategy Group
Data Security and Regulatory Compliance
Data Security and Regulatory Compliance
Lifeline Data Centers
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance Requirements
DoubleHorn
Mobile Device Policy Template
Mobile Device Policy Template
Demand Metric
needforsecurity
needforsecurity
David Joao Vieira Carvalho
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec
IT Security Essentials
IT Security Essentials
Skoda Minotti
Ict Compliance @ Gartner (August 2005)
Ict Compliance @ Gartner (August 2005)
Lance Michalson
Healthcare Industry Security Whitepaper
Healthcare Industry Security Whitepaper
Casey Lucas
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security Practices
Jerry Harding
Don't let them take a byte
Don't let them take a byte
lgcdcpas
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
Jessica Santamaria
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec
About Zero Point Risk Research Llc
About Zero Point Risk Research Llc
lrschade
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec
Data-Centric Security | Seclore
Data-Centric Security | Seclore
Seclore
Finjan_Investor_Presentation_May2014
Finjan_Investor_Presentation_May2014
Finjan Holdings, Inc.
Contenu connexe
Tendances
Data Risks In A Digital Age
Data Risks In A Digital Age
padler01
Imation Defender Collection
Imation Defender Collection
guest305ef9
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security Controls
Kristian Alisasis Pura
Protecting Donor Privacy
Protecting Donor Privacy
Raymond Cunningham
Sms compliance white paper for mobile communications
Sms compliance white paper for mobile communications
TextGuard
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-
IT Strategy Group
Data Security and Regulatory Compliance
Data Security and Regulatory Compliance
Lifeline Data Centers
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance Requirements
DoubleHorn
Mobile Device Policy Template
Mobile Device Policy Template
Demand Metric
needforsecurity
needforsecurity
David Joao Vieira Carvalho
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec
IT Security Essentials
IT Security Essentials
Skoda Minotti
Ict Compliance @ Gartner (August 2005)
Ict Compliance @ Gartner (August 2005)
Lance Michalson
Healthcare Industry Security Whitepaper
Healthcare Industry Security Whitepaper
Casey Lucas
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security Practices
Jerry Harding
Don't let them take a byte
Don't let them take a byte
lgcdcpas
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
Jessica Santamaria
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec
About Zero Point Risk Research Llc
About Zero Point Risk Research Llc
lrschade
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec
Tendances
(20)
Data Risks In A Digital Age
Data Risks In A Digital Age
Imation Defender Collection
Imation Defender Collection
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security Controls
Protecting Donor Privacy
Protecting Donor Privacy
Sms compliance white paper for mobile communications
Sms compliance white paper for mobile communications
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-
Data Security and Regulatory Compliance
Data Security and Regulatory Compliance
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance Requirements
Mobile Device Policy Template
Mobile Device Policy Template
needforsecurity
needforsecurity
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
IT Security Essentials
IT Security Essentials
Ict Compliance @ Gartner (August 2005)
Ict Compliance @ Gartner (August 2005)
Healthcare Industry Security Whitepaper
Healthcare Industry Security Whitepaper
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security Practices
Don't let them take a byte
Don't let them take a byte
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
About Zero Point Risk Research Llc
About Zero Point Risk Research Llc
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Similaire à Mobile First? Security First? It's a Tie and Here's Why!
Data-Centric Security | Seclore
Data-Centric Security | Seclore
Seclore
Finjan_Investor_Presentation_May2014
Finjan_Investor_Presentation_May2014
Finjan Holdings, Inc.
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
confluent
Preparing for GDPR Compliance...
Preparing for GDPR Compliance...
James Ward
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO Alliance
Personally Identifiable Information Protection
Personally Identifiable Information Protection
PECB
Maintain data privacy during software development
Maintain data privacy during software development
MuhammadArif823
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?
Raffa Learning Community
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
IBM Security
PREPARING FOR THE GDPR
PREPARING FOR THE GDPR
Annelore van der Lint
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
Cyril Soeri
Global Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong Authentication
FIDO Alliance
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
padler01
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
Is it time for an IT Assessment?
Is it time for an IT Assessment?
Raffa Learning Community
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
Precisely
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
Financial Poise
Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...
David Bustin
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Raleigh ISSA
DFARS & CMMC Overview
DFARS & CMMC Overview
Ignyte Assurance Platform
Similaire à Mobile First? Security First? It's a Tie and Here's Why!
(20)
Data-Centric Security | Seclore
Data-Centric Security | Seclore
Finjan_Investor_Presentation_May2014
Finjan_Investor_Presentation_May2014
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Preparing for GDPR Compliance...
Preparing for GDPR Compliance...
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
Personally Identifiable Information Protection
Personally Identifiable Information Protection
Maintain data privacy during software development
Maintain data privacy during software development
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
PREPARING FOR THE GDPR
PREPARING FOR THE GDPR
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
Global Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong Authentication
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Is it time for an IT Assessment?
Is it time for an IT Assessment?
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
DFARS & CMMC Overview
DFARS & CMMC Overview
Dernier
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
gurkirankumar98700
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
Sujit Pal
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
soniya singh
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Dernier
(20)
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Slack Application Development 101 Slides
Slack Application Development 101 Slides
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Mobile First? Security First? It's a Tie and Here's Why!
1.
Mobile First? Security
First? It’s a Tie and Here’s Why! Presented by Paul DePond VP of Innovation & Technology
2.
globoplc.com© 2014 About Globo GLOBO
is an international leader and technology innovator delivering Enterprise Mobility Management and Mobile Application Development solutions and services. Subsidiaries & offices: USA | UK | UAE | Singapore | Greece | Cyprus | Romania 2 2 REVENUE GROWTH 2013: $98.6m 2012: $80.3m 2011: $45.9m Founded in 1997 Listed on AIM LSE:GBO 2.9m active users of consumer services 340k enterprise users 13m+ device licenses for consumer apps Deployments in 50+ countries Latest acquisitions:
3.
globoplc.com Empowering Mobility In
Regulated Industries © 2014 3 Globo is the only new vendor to be added to Gartner's new Magic Quadrant for EMM report for 2014. “Unique among its peers… GLOBO is a good fit for organizations looking for a single product that provides MADP and EMM.” Globo has been evaluated and recognized as a major “Market Challenger” amongst the top 11 EMM vendors and close to the “Market Leaders” space in OVUM’s Decision Matrix for EMM. "Globo offers a well-rounded, end-to-end EMM solution, and is one of very few vendors to offer five out of six of our defined components." Globo Recognized by Leading Analysts
4.
globoplc.com© 2014 Identity Theft
Report 2014 4 4 • More than 81 million records have been compromised in 2014 in approximately 679 breaches. • In 2013 only 439 breaches had been reported, representing a 36 percent increase. • The breach count was last updated on October 3, 2014 by JP Morgan Chase the filing to the SEC that the data of approximately 76 million households and 7 million small businesses that have accounts with the bank has been compromised. • The nonprofit group counts social security numbers, driver's license numbers, medical records, or payment card information as a record. • In 2014, medical and health care organizations accounted for the majority of breaches, at 43.5 percent. • In 2013, businesses accounted for 84 percent of breaches. The dramatic switch in targets, or impacted industries, could be indicative of a lack of education or resources in the health care field. Source: Identity Theft Resource Center Nov 2014
5.
globoplc.com© 2014 Security Requirements
Are Increasing Security Government Healthcare Financial Utilities 5
6.
globoplc.com© 2014 Encryption is
Now Mandated • Government – Federal Agencies and DOD • HealthCare HIPAA - Health Insurance Portability and Accountability Act HITECH - Health Information Technology for Economic and Clinical Health • Financial - SOX, GLB, FINRA, PCI DSS • Utilities - FERC, NERC 6
7.
globoplc.com© 2014 Definitions • FISMA
- Federal Information Security Management Act defines a framework for managing information security that must be followed for all information systems used or operated by a U.S. federal government agency in the executive or legislative branches, or by a contractor or other organization on behalf of a federal agency in those branches. This framework is further defined by the standards and guidelines developed by NIST. • NIST – National Institute of Standards and Testing is a non-regulatory federal agency within the U.S. Department of Commerce. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing FISMA requirements and to protect their information and information systems. • FIPS – Federal Information Processing Standards are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non- military government agencies and by government contractors and vendors who work with the agencies. Federal Information Processing Standards Publications (FIPS PUBS) are issued by NIST after approval by the Secretary of Commerce pursuant to the Federal Information Security Management Act (FISMA) of 2002 7
8.
globoplc.com© 2014 Definitions • FIPS
140-2, is a Federal Information Processing Standard for Security Requirements for Cryptographic Modules, specifies the security requirements that are to be satisfied by the cryptographic module utilized within a security system protecting sensitive information within computer and telecommunications systems (including voice systems • FIPS 199, is a Federal Information Processing Standard for Security Categorization of Federal Information and Information Systems, approved by the Secretary of Commerce in February 2004, is the first of two mandatory security standards required by the FISMA legislation. FIPS 199 requires Federal agencies to assess their information systems in each of the categories of confidentiality, integrity and availability, rating each system as low, moderate or high impact in each category. The most severe rating from any category becomes the information system's overall security categorization. 8
9.
globoplc.com© 2014 • FIPS
200 - Minimum Security Requirements for Federal Information and Information Systems the second of the mandatory security standards, specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements. • NIST SP 800-53 covers the steps in the Risk Management Framework that address security control selection for federal information systems in accordance with the security requirements in FIPS 200. This includes selecting an initial set of baseline security controls based on a FIPS 199 worst-case impact analysis, tailoring the baseline security controls, and supplementing the security controls based on an organizational assessment of risk. The security rules cover 17 areas including access control, incident response, business continuity, and disaster recoverability. 9 Definitions
10.
globoplc.com© 2014 • With
the passage of the Federal Information Security Management Act of 2002, there is no longer a statutory provision to allow for agencies to waive mandatory Federal Information Processing Standards (FIPS). • FISMA mandates the categorization and security requirements of FIPS 199, FIPS 200 and NIST SP 800-53 for all federal information systems. 10 Changes in Federal Government
11.
globoplc.com© 2014 • FIPS
140-2 precludes the use of unvalidated cryptography for the cryptographic protection of sensitive or valuable data within Federal systems. • Unvalidated cryptography is viewed by NIST as providing no protection to the information or data - in effect the data would be considered unprotected plaintext. • If the agency specifies that the information or data be cryptographically protected, then FIPS 140-2 is applicable. In essence, if cryptography is required, then it must be validated. 11 Unvalidated Cryptographic Modules
12.
globoplc.com© 2014 • The
U.S. Department of the Health and Human Services (HHS) issued guidance wherein "unsecure protected health information (PHI)" is essentially any PHI that is not encrypted or destroyed. • The introduction of HITECH's breach notification initiative, which requires HIPAA - covered entities to send notification letters if there is a breach of unsecured PHI. 12 Department of Health and Human Services
13.
globoplc.com© 2014 • HIPAA-covered
entities can expect safe harbor if, and only if, they adhere to specified strict standards and guidelines. • The fact that a company's data is encrypted is meaningless without taking into account the NIST requirements. • Organizations that properly adhere to HIPAA standards understand the impact of breach notifications. • By proactively leveraging the proper encryption technologies, companies of all sizes can avoid these breach notifications while ensuring the security of their sensitive data. 13 HIPAA Safe Harbor
14.
globoplc.com© 2014 14 • Data
loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside of the corporate network. Data in-use Data in-motion Data at-rest • Sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry Data Loss Prevention
15.
globoplc.com© 2014 Optional Encryption Basic Encryption Strong Encryption 15 Compliance Demands
More Data Protection
16.
globoplc.com© 2014 16 FIPS 140-2
Confusion o We are FIPS certified o We are FIPS compliant o We are FIPS conforming o We are FIPS validated
17.
globoplc.com© 2014 • FIPS
Validated = FIPS Certified • FIPS Validated = Four Step Process • FIPS Compliant = using FIPS validated modules within the product which itself has not been validated therefore the overall product is not FIPS validated. • FIPS Compliant = FIPS Enabled = FIPS Conforming = NOT an actual VALIDATED product 17 Sorting Out the Confusion
18.
globoplc.com© 2014 18 FIPS 140-2
Level 1 The lowest level, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent FIPS 140-2 Level 3 Adds requirements for physical tamper-resistance and identity-based authentication, and for a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces FIPS 140-2 Level 2 Adds requirements for physical tamper-evidence and role-based authentication. FIPS 140-2 Level 4 Makes the physical security requirements more stringent, and requires robustness against environmental attacks. Level 4 is currently not being utilized in the market Description of FIPS 140-2 Levels
19.
globoplc.com© 2014 CMVP -
the National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standards (FIPS) 140-2 Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. The CMVP is a joint effort between NIST and the Communications Security Establishment Canada (CSEC). 19 Who Validates FIPS 140-2?
20.
globoplc.com© 2014 20 The FIPS
140-2 Validation Process
21.
globoplc.com© 2014 21 The phrase
FIPS 140-2 Validated and the FIPS 140-2 Logo are ONLY intended for use in association with cryptographic modules validated by the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) as complying with FIPS 140-2, Security Requirements for Cryptographic Modules. Guidelines for Using FIPS 140-2 Logo
22.
globoplc.com© 2014 22 FIPS 140-2
Validation Certificate
23.
globoplc.com© 2014 • Organizations
are advised to refer to the FIPS 140-1 and FIPS 140-2 validation list. http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm • A product or implementation does not meet the FIPS 140-2 applicability requirements by simply implementing an approved security function and acquiring algorithm validation certificates. 23 How to Verify a FIPS 140-2 Validated Vendor
24.
globoplc.com Empowering Mobility in
Regulated Industries © 2014 24 • Data At Rest Encryption • Data in Motion Encryption • Mobile Content Management • Enterprise Instant Messaging • Secure Browser • Secure Camera • Secure Applications A Secure Workspace Should Include
25.
globoplc.com© 2014 25 SSL AES 256 bits AES 256
bits + Internet AES 256 bits AES 256 bits AES 256 bits CRMERP DatabaseEmail End to End FIPS 140-2 Validation Encryption
26.
globoplc.com© 2014 26 GO!Enterprise Example Distribute GO!App CRM ERP Database Internet Developer Administrator User
device Administration Integration Engine GO!Apps Repository AppZone Studio Enterprise Server Enterprise Menu
27.
globoplc.com© 2014 27 Customer Examples
28.
globoplc.com© 2014 • Data
Loss Protection is a real issue and data breaches continue to escalate. • Many organizations are requiring vendors to prove they are meeting their compliance requirements. • Understand the difference between validated and all other terms describing a vendors support of FIPS 140-2 certification. • Consider a secure mobile workspace for your enterprise mobile management solution that provides validated FIPS 140-2 encryption providing end to end security 28 Takeaways
29.
globoplc.com Empowering Mobility In
Regulated Industries © 2014 29 Paul DePond VP of Innovation & Technology – Globo pdepond@globoplc.com Thank You
Télécharger maintenant