SlideShare une entreprise Scribd logo

Mobile First? Security First? It's a Tie and Here's Why!

Télécharger en tant que PPTX, PDF
Globo Plc
Globo Plc

Leveraging mobility does not have to mean sacrificing security.

Technologie
1  sur  29
Mobile First? Security First? It’s a Tie and Here’s Why! Presented by Paul DePond VP of Innovation & Technology
globoplc.com© 2014 About Globo GLOBO is an international leader and technology innovator delivering Enterprise Mobility Management and Mobile Application Development solutions and services. Subsidiaries & offices: USA | UK | UAE | Singapore | Greece | Cyprus | Romania 2 2 REVENUE GROWTH 2013: $98.6m 2012: $80.3m 2011: $45.9m Founded in 1997 Listed on AIM LSE:GBO 2.9m active users of consumer services 340k enterprise users 13m+ device licenses for consumer apps Deployments in 50+ countries Latest acquisitions:
globoplc.com Empowering Mobility In Regulated Industries © 2014 3 Globo is the only new vendor to be added to Gartner's new Magic Quadrant for EMM report for 2014. “Unique among its peers… GLOBO is a good fit for organizations looking for a single product that provides MADP and EMM.” Globo has been evaluated and recognized as a major “Market Challenger” amongst the top 11 EMM vendors and close to the “Market Leaders” space in OVUM’s Decision Matrix for EMM. "Globo offers a well-rounded, end-to-end EMM solution, and is one of very few vendors to offer five out of six of our defined components." Globo Recognized by Leading Analysts
globoplc.com© 2014 Identity Theft Report 2014 4 4 • More than 81 million records have been compromised in 2014 in approximately 679 breaches. • In 2013 only 439 breaches had been reported, representing a 36 percent increase. • The breach count was last updated on October 3, 2014 by JP Morgan Chase the filing to the SEC that the data of approximately 76 million households and 7 million small businesses that have accounts with the bank has been compromised. • The nonprofit group counts social security numbers, driver's license numbers, medical records, or payment card information as a record. • In 2014, medical and health care organizations accounted for the majority of breaches, at 43.5 percent. • In 2013, businesses accounted for 84 percent of breaches. The dramatic switch in targets, or impacted industries, could be indicative of a lack of education or resources in the health care field. Source: Identity Theft Resource Center Nov 2014
globoplc.com© 2014 Security Requirements Are Increasing Security Government Healthcare Financial Utilities 5
globoplc.com© 2014 Encryption is Now Mandated • Government – Federal Agencies and DOD • HealthCare  HIPAA - Health Insurance Portability and Accountability Act  HITECH - Health Information Technology for Economic and Clinical Health • Financial - SOX, GLB, FINRA, PCI DSS • Utilities - FERC, NERC 6
globoplc.com© 2014 Definitions • FISMA - Federal Information Security Management Act defines a framework for managing information security that must be followed for all information systems used or operated by a U.S. federal government agency in the executive or legislative branches, or by a contractor or other organization on behalf of a federal agency in those branches. This framework is further defined by the standards and guidelines developed by NIST. • NIST – National Institute of Standards and Testing is a non-regulatory federal agency within the U.S. Department of Commerce. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing FISMA requirements and to protect their information and information systems. • FIPS – Federal Information Processing Standards are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non- military government agencies and by government contractors and vendors who work with the agencies. Federal Information Processing Standards Publications (FIPS PUBS) are issued by NIST after approval by the Secretary of Commerce pursuant to the Federal Information Security Management Act (FISMA) of 2002 7
globoplc.com© 2014 Definitions • FIPS 140-2, is a Federal Information Processing Standard for Security Requirements for Cryptographic Modules, specifies the security requirements that are to be satisfied by the cryptographic module utilized within a security system protecting sensitive information within computer and telecommunications systems (including voice systems • FIPS 199, is a Federal Information Processing Standard for Security Categorization of Federal Information and Information Systems, approved by the Secretary of Commerce in February 2004, is the first of two mandatory security standards required by the FISMA legislation. FIPS 199 requires Federal agencies to assess their information systems in each of the categories of confidentiality, integrity and availability, rating each system as low, moderate or high impact in each category. The most severe rating from any category becomes the information system's overall security categorization. 8
globoplc.com© 2014 • FIPS 200 - Minimum Security Requirements for Federal Information and Information Systems the second of the mandatory security standards, specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements. • NIST SP 800-53 covers the steps in the Risk Management Framework that address security control selection for federal information systems in accordance with the security requirements in FIPS 200. This includes selecting an initial set of baseline security controls based on a FIPS 199 worst-case impact analysis, tailoring the baseline security controls, and supplementing the security controls based on an organizational assessment of risk. The security rules cover 17 areas including access control, incident response, business continuity, and disaster recoverability. 9 Definitions
globoplc.com© 2014 • With the passage of the Federal Information Security Management Act of 2002, there is no longer a statutory provision to allow for agencies to waive mandatory Federal Information Processing Standards (FIPS). • FISMA mandates the categorization and security requirements of FIPS 199, FIPS 200 and NIST SP 800-53 for all federal information systems. 10 Changes in Federal Government
globoplc.com© 2014 • FIPS 140-2 precludes the use of unvalidated cryptography for the cryptographic protection of sensitive or valuable data within Federal systems. • Unvalidated cryptography is viewed by NIST as providing no protection to the information or data - in effect the data would be considered unprotected plaintext. • If the agency specifies that the information or data be cryptographically protected, then FIPS 140-2 is applicable. In essence, if cryptography is required, then it must be validated. 11 Unvalidated Cryptographic Modules
globoplc.com© 2014 • The U.S. Department of the Health and Human Services (HHS) issued guidance wherein "unsecure protected health information (PHI)" is essentially any PHI that is not encrypted or destroyed. • The introduction of HITECH's breach notification initiative, which requires HIPAA - covered entities to send notification letters if there is a breach of unsecured PHI. 12 Department of Health and Human Services
globoplc.com© 2014 • HIPAA-covered entities can expect safe harbor if, and only if, they adhere to specified strict standards and guidelines. • The fact that a company's data is encrypted is meaningless without taking into account the NIST requirements. • Organizations that properly adhere to HIPAA standards understand the impact of breach notifications. • By proactively leveraging the proper encryption technologies, companies of all sizes can avoid these breach notifications while ensuring the security of their sensitive data. 13 HIPAA Safe Harbor
globoplc.com© 2014 14 • Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside of the corporate network.  Data in-use  Data in-motion  Data at-rest • Sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry Data Loss Prevention
globoplc.com© 2014 Optional Encryption Basic Encryption Strong Encryption 15 Compliance Demands More Data Protection
globoplc.com© 2014 16 FIPS 140-2 Confusion o We are FIPS certified o We are FIPS compliant o We are FIPS conforming o We are FIPS validated
globoplc.com© 2014 • FIPS Validated = FIPS Certified • FIPS Validated = Four Step Process • FIPS Compliant = using FIPS validated modules within the product which itself has not been validated therefore the overall product is not FIPS validated. • FIPS Compliant = FIPS Enabled = FIPS Conforming = NOT an actual VALIDATED product 17 Sorting Out the Confusion
globoplc.com© 2014 18 FIPS 140-2 Level 1 The lowest level, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent FIPS 140-2 Level 3 Adds requirements for physical tamper-resistance and identity-based authentication, and for a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces FIPS 140-2 Level 2 Adds requirements for physical tamper-evidence and role-based authentication. FIPS 140-2 Level 4 Makes the physical security requirements more stringent, and requires robustness against environmental attacks. Level 4 is currently not being utilized in the market Description of FIPS 140-2 Levels
globoplc.com© 2014 CMVP - the National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standards (FIPS) 140-2 Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. The CMVP is a joint effort between NIST and the Communications Security Establishment Canada (CSEC). 19 Who Validates FIPS 140-2?
globoplc.com© 2014 20 The FIPS 140-2 Validation Process
globoplc.com© 2014 21 The phrase FIPS 140-2 Validated and the FIPS 140-2 Logo are ONLY intended for use in association with cryptographic modules validated by the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) as complying with FIPS 140-2, Security Requirements for Cryptographic Modules. Guidelines for Using FIPS 140-2 Logo
globoplc.com© 2014 22 FIPS 140-2 Validation Certificate
globoplc.com© 2014 • Organizations are advised to refer to the FIPS 140-1 and FIPS 140-2 validation list. http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm • A product or implementation does not meet the FIPS 140-2 applicability requirements by simply implementing an approved security function and acquiring algorithm validation certificates. 23 How to Verify a FIPS 140-2 Validated Vendor
globoplc.com Empowering Mobility in Regulated Industries © 2014 24 • Data At Rest Encryption • Data in Motion Encryption • Mobile Content Management • Enterprise Instant Messaging • Secure Browser • Secure Camera • Secure Applications A Secure Workspace Should Include
globoplc.com© 2014 25 SSL AES 256 bits AES 256 bits + Internet AES 256 bits AES 256 bits AES 256 bits CRMERP DatabaseEmail End to End FIPS 140-2 Validation Encryption
globoplc.com© 2014 26 GO!Enterprise Example Distribute GO!App CRM ERP Database Internet Developer Administrator User device Administration Integration Engine GO!Apps Repository AppZone Studio Enterprise Server Enterprise Menu
globoplc.com© 2014 27 Customer Examples
globoplc.com© 2014 • Data Loss Protection is a real issue and data breaches continue to escalate. • Many organizations are requiring vendors to prove they are meeting their compliance requirements. • Understand the difference between validated and all other terms describing a vendors support of FIPS 140-2 certification. • Consider a secure mobile workspace for your enterprise mobile management solution that provides validated FIPS 140-2 encryption providing end to end security 28 Takeaways
globoplc.com Empowering Mobility In Regulated Industries © 2014 29 Paul DePond VP of Innovation & Technology – Globo pdepond@globoplc.com Thank You

Recommandé

Empowering Secure Mobility in Regulated Industries
Empowering Secure Mobility in Regulated IndustriesEmpowering Secure Mobility in Regulated Industries
Empowering Secure Mobility in Regulated IndustriesGlobo Plc
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefJonathan Reyes
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC
 
Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Lance Michalson
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLRajni Baliyan
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyGovernment Technology and Services Coalition
 
eGRC for Information Export Control
eGRC for Information Export ControleGRC for Information Export Control
eGRC for Information Export ControlNextLabs, Inc.
 
GDPR Webinar - feb
GDPR Webinar - febGDPR Webinar - feb
GDPR Webinar - febSophos Benelux
 

Recommandé

Empowering Secure Mobility in Regulated Industries
Empowering Secure Mobility in Regulated IndustriesEmpowering Secure Mobility in Regulated Industries
Empowering Secure Mobility in Regulated IndustriesGlobo Plc
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefJonathan Reyes
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC
 
Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Lance Michalson
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLRajni Baliyan
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyGovernment Technology and Services Coalition
 
eGRC for Information Export Control
eGRC for Information Export ControleGRC for Information Export Control
eGRC for Information Export ControlNextLabs, Inc.
 
GDPR Webinar - feb
GDPR Webinar - febGDPR Webinar - feb
GDPR Webinar - febSophos Benelux
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Imation Defender Collection
Imation Defender Collection Imation Defender Collection
Imation Defender Collection guest305ef9
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsKristian Alisasis Pura
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor PrivacyRaymond Cunningham
 
Sms compliance white paper for mobile communications
Sms compliance white paper for mobile communicationsSms compliance white paper for mobile communications
Sms compliance white paper for mobile communicationsTextGuard
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsDoubleHorn
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
needforsecurity
needforsecurityneedforsecurity
needforsecurityDavid Joao Vieira Carvalho
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security EssentialsSkoda Minotti
 
Ict Compliance @ Gartner (August 2005)
Ict Compliance @ Gartner (August 2005)Ict Compliance @ Gartner (August 2005)
Ict Compliance @ Gartner (August 2005)Lance Michalson
 
Healthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperHealthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperCasey Lucas
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesJerry Harding
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
 
About Zero Point Risk Research Llc
About Zero Point Risk Research LlcAbout Zero Point Risk Research Llc
About Zero Point Risk Research Llclrschade
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
 
Data-Centric Security | Seclore
Data-Centric Security | Seclore Data-Centric Security | Seclore
Data-Centric Security | Seclore Seclore
 
Finjan_Investor_Presentation_May2014
Finjan_Investor_Presentation_May2014Finjan_Investor_Presentation_May2014
Finjan_Investor_Presentation_May2014Finjan Holdings, Inc.
 

Contenu connexe

Tendances

Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Imation Defender Collection
Imation Defender Collection Imation Defender Collection
Imation Defender Collection guest305ef9
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsKristian Alisasis Pura
 
Sms compliance white paper for mobile communications
Sms compliance white paper for mobile communicationsSms compliance white paper for mobile communications
Sms compliance white paper for mobile communicationsTextGuard
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsDoubleHorn
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security EssentialsSkoda Minotti
 
Ict Compliance @ Gartner (August 2005)
Ict Compliance @ Gartner (August 2005)Ict Compliance @ Gartner (August 2005)
Ict Compliance @ Gartner (August 2005)Lance Michalson
 
Healthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperHealthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperCasey Lucas
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesJerry Harding
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
 
About Zero Point Risk Research Llc
About Zero Point Risk Research LlcAbout Zero Point Risk Research Llc
About Zero Point Risk Research Llclrschade
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
 

Tendances (20)

Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Imation Defender Collection
Imation Defender Collection Imation Defender Collection
Imation Defender Collection
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security Controls
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Sms compliance white paper for mobile communications
Sms compliance white paper for mobile communicationsSms compliance white paper for mobile communications
Sms compliance white paper for mobile communications
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance Requirements
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template
 
needforsecurity
needforsecurityneedforsecurity
needforsecurity
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
 
Ict Compliance @ Gartner (August 2005)
Ict Compliance @ Gartner (August 2005)Ict Compliance @ Gartner (August 2005)
Ict Compliance @ Gartner (August 2005)
 
Healthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperHealthcare Industry Security Whitepaper
Healthcare Industry Security Whitepaper
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security Practices
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
 
About Zero Point Risk Research Llc
About Zero Point Risk Research LlcAbout Zero Point Risk Research Llc
About Zero Point Risk Research Llc
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
 

Similaire à Mobile First? Security First? It's a Tie and Here's Why!

Data-Centric Security | Seclore
Data-Centric Security | Seclore Data-Centric Security | Seclore
Data-Centric Security | Seclore Seclore
 
Finjan_Investor_Presentation_May2014
Finjan_Investor_Presentation_May2014Finjan_Investor_Presentation_May2014
Finjan_Investor_Presentation_May2014Finjan Holdings, Inc.
 
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...confluent
 
Preparing for GDPR Compliance...
Preparing for GDPR Compliance...Preparing for GDPR Compliance...
Preparing for GDPR Compliance...James Ward
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO Alliance
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?IBM Security
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
 
Global Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong AuthenticationGlobal Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong AuthenticationFIDO Alliance
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
 
Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...David Bustin
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 

Similaire à Mobile First? Security First? It's a Tie and Here's Why! (20)

Data-Centric Security | Seclore
Data-Centric Security | Seclore Data-Centric Security | Seclore
Data-Centric Security | Seclore
 
Finjan_Investor_Presentation_May2014
Finjan_Investor_Presentation_May2014Finjan_Investor_Presentation_May2014
Finjan_Investor_Presentation_May2014
 
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
 
Preparing for GDPR Compliance...
Preparing for GDPR Compliance...Preparing for GDPR Compliance...
Preparing for GDPR Compliance...
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
 
PREPARING FOR THE GDPR
PREPARING FOR THE GDPRPREPARING FOR THE GDPR
PREPARING FOR THE GDPR
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
 
Global Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong AuthenticationGlobal Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong Authentication
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
Is it time for an IT Assessment?
Is it time for an IT Assessment?Is it time for an IT Assessment?
Is it time for an IT Assessment?
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
 
Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
 

Dernier

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Dernier (20)

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Mobile First? Security First? It's a Tie and Here's Why!

  • 1. Mobile First? Security First? It’s a Tie and Here’s Why! Presented by Paul DePond VP of Innovation & Technology
  • 2. globoplc.com© 2014 About Globo GLOBO is an international leader and technology innovator delivering Enterprise Mobility Management and Mobile Application Development solutions and services. Subsidiaries & offices: USA | UK | UAE | Singapore | Greece | Cyprus | Romania 2 2 REVENUE GROWTH 2013: $98.6m 2012: $80.3m 2011: $45.9m Founded in 1997 Listed on AIM LSE:GBO 2.9m active users of consumer services 340k enterprise users 13m+ device licenses for consumer apps Deployments in 50+ countries Latest acquisitions:
  • 3. globoplc.com Empowering Mobility In Regulated Industries © 2014 3 Globo is the only new vendor to be added to Gartner's new Magic Quadrant for EMM report for 2014. “Unique among its peers… GLOBO is a good fit for organizations looking for a single product that provides MADP and EMM.” Globo has been evaluated and recognized as a major “Market Challenger” amongst the top 11 EMM vendors and close to the “Market Leaders” space in OVUM’s Decision Matrix for EMM. "Globo offers a well-rounded, end-to-end EMM solution, and is one of very few vendors to offer five out of six of our defined components." Globo Recognized by Leading Analysts
  • 4. globoplc.com© 2014 Identity Theft Report 2014 4 4 • More than 81 million records have been compromised in 2014 in approximately 679 breaches. • In 2013 only 439 breaches had been reported, representing a 36 percent increase. • The breach count was last updated on October 3, 2014 by JP Morgan Chase the filing to the SEC that the data of approximately 76 million households and 7 million small businesses that have accounts with the bank has been compromised. • The nonprofit group counts social security numbers, driver's license numbers, medical records, or payment card information as a record. • In 2014, medical and health care organizations accounted for the majority of breaches, at 43.5 percent. • In 2013, businesses accounted for 84 percent of breaches. The dramatic switch in targets, or impacted industries, could be indicative of a lack of education or resources in the health care field. Source: Identity Theft Resource Center Nov 2014
  • 5. globoplc.com© 2014 Security Requirements Are Increasing Security Government Healthcare Financial Utilities 5
  • 6. globoplc.com© 2014 Encryption is Now Mandated • Government – Federal Agencies and DOD • HealthCare  HIPAA - Health Insurance Portability and Accountability Act  HITECH - Health Information Technology for Economic and Clinical Health • Financial - SOX, GLB, FINRA, PCI DSS • Utilities - FERC, NERC 6
  • 7. globoplc.com© 2014 Definitions • FISMA - Federal Information Security Management Act defines a framework for managing information security that must be followed for all information systems used or operated by a U.S. federal government agency in the executive or legislative branches, or by a contractor or other organization on behalf of a federal agency in those branches. This framework is further defined by the standards and guidelines developed by NIST. • NIST – National Institute of Standards and Testing is a non-regulatory federal agency within the U.S. Department of Commerce. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing FISMA requirements and to protect their information and information systems. • FIPS – Federal Information Processing Standards are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non- military government agencies and by government contractors and vendors who work with the agencies. Federal Information Processing Standards Publications (FIPS PUBS) are issued by NIST after approval by the Secretary of Commerce pursuant to the Federal Information Security Management Act (FISMA) of 2002 7
  • 8. globoplc.com© 2014 Definitions • FIPS 140-2, is a Federal Information Processing Standard for Security Requirements for Cryptographic Modules, specifies the security requirements that are to be satisfied by the cryptographic module utilized within a security system protecting sensitive information within computer and telecommunications systems (including voice systems • FIPS 199, is a Federal Information Processing Standard for Security Categorization of Federal Information and Information Systems, approved by the Secretary of Commerce in February 2004, is the first of two mandatory security standards required by the FISMA legislation. FIPS 199 requires Federal agencies to assess their information systems in each of the categories of confidentiality, integrity and availability, rating each system as low, moderate or high impact in each category. The most severe rating from any category becomes the information system's overall security categorization. 8
  • 9. globoplc.com© 2014 • FIPS 200 - Minimum Security Requirements for Federal Information and Information Systems the second of the mandatory security standards, specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements. • NIST SP 800-53 covers the steps in the Risk Management Framework that address security control selection for federal information systems in accordance with the security requirements in FIPS 200. This includes selecting an initial set of baseline security controls based on a FIPS 199 worst-case impact analysis, tailoring the baseline security controls, and supplementing the security controls based on an organizational assessment of risk. The security rules cover 17 areas including access control, incident response, business continuity, and disaster recoverability. 9 Definitions
  • 10. globoplc.com© 2014 • With the passage of the Federal Information Security Management Act of 2002, there is no longer a statutory provision to allow for agencies to waive mandatory Federal Information Processing Standards (FIPS). • FISMA mandates the categorization and security requirements of FIPS 199, FIPS 200 and NIST SP 800-53 for all federal information systems. 10 Changes in Federal Government
  • 11. globoplc.com© 2014 • FIPS 140-2 precludes the use of unvalidated cryptography for the cryptographic protection of sensitive or valuable data within Federal systems. • Unvalidated cryptography is viewed by NIST as providing no protection to the information or data - in effect the data would be considered unprotected plaintext. • If the agency specifies that the information or data be cryptographically protected, then FIPS 140-2 is applicable. In essence, if cryptography is required, then it must be validated. 11 Unvalidated Cryptographic Modules
  • 12. globoplc.com© 2014 • The U.S. Department of the Health and Human Services (HHS) issued guidance wherein "unsecure protected health information (PHI)" is essentially any PHI that is not encrypted or destroyed. • The introduction of HITECH's breach notification initiative, which requires HIPAA - covered entities to send notification letters if there is a breach of unsecured PHI. 12 Department of Health and Human Services
  • 13. globoplc.com© 2014 • HIPAA-covered entities can expect safe harbor if, and only if, they adhere to specified strict standards and guidelines. • The fact that a company's data is encrypted is meaningless without taking into account the NIST requirements. • Organizations that properly adhere to HIPAA standards understand the impact of breach notifications. • By proactively leveraging the proper encryption technologies, companies of all sizes can avoid these breach notifications while ensuring the security of their sensitive data. 13 HIPAA Safe Harbor
  • 14. globoplc.com© 2014 14 • Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside of the corporate network.  Data in-use  Data in-motion  Data at-rest • Sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry Data Loss Prevention
  • 16. globoplc.com© 2014 16 FIPS 140-2 Confusion o We are FIPS certified o We are FIPS compliant o We are FIPS conforming o We are FIPS validated
  • 17. globoplc.com© 2014 • FIPS Validated = FIPS Certified • FIPS Validated = Four Step Process • FIPS Compliant = using FIPS validated modules within the product which itself has not been validated therefore the overall product is not FIPS validated. • FIPS Compliant = FIPS Enabled = FIPS Conforming = NOT an actual VALIDATED product 17 Sorting Out the Confusion
  • 18. globoplc.com© 2014 18 FIPS 140-2 Level 1 The lowest level, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent FIPS 140-2 Level 3 Adds requirements for physical tamper-resistance and identity-based authentication, and for a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces FIPS 140-2 Level 2 Adds requirements for physical tamper-evidence and role-based authentication. FIPS 140-2 Level 4 Makes the physical security requirements more stringent, and requires robustness against environmental attacks. Level 4 is currently not being utilized in the market Description of FIPS 140-2 Levels
  • 19. globoplc.com© 2014 CMVP - the National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standards (FIPS) 140-2 Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. The CMVP is a joint effort between NIST and the Communications Security Establishment Canada (CSEC). 19 Who Validates FIPS 140-2?
  • 20. globoplc.com© 2014 20 The FIPS 140-2 Validation Process
  • 21. globoplc.com© 2014 21 The phrase FIPS 140-2 Validated and the FIPS 140-2 Logo are ONLY intended for use in association with cryptographic modules validated by the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) as complying with FIPS 140-2, Security Requirements for Cryptographic Modules. Guidelines for Using FIPS 140-2 Logo
  • 22. globoplc.com© 2014 22 FIPS 140-2 Validation Certificate
  • 23. globoplc.com© 2014 • Organizations are advised to refer to the FIPS 140-1 and FIPS 140-2 validation list. http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm • A product or implementation does not meet the FIPS 140-2 applicability requirements by simply implementing an approved security function and acquiring algorithm validation certificates. 23 How to Verify a FIPS 140-2 Validated Vendor
  • 24. globoplc.com Empowering Mobility in Regulated Industries © 2014 24 • Data At Rest Encryption • Data in Motion Encryption • Mobile Content Management • Enterprise Instant Messaging • Secure Browser • Secure Camera • Secure Applications A Secure Workspace Should Include
  • 25. globoplc.com© 2014 25 SSL AES 256 bits AES 256 bits + Internet AES 256 bits AES 256 bits AES 256 bits CRMERP DatabaseEmail End to End FIPS 140-2 Validation Encryption
  • 26. globoplc.com© 2014 26 GO!Enterprise Example Distribute GO!App CRM ERP Database Internet Developer Administrator User device Administration Integration Engine GO!Apps Repository AppZone Studio Enterprise Server Enterprise Menu
  • 28. globoplc.com© 2014 • Data Loss Protection is a real issue and data breaches continue to escalate. • Many organizations are requiring vendors to prove they are meeting their compliance requirements. • Understand the difference between validated and all other terms describing a vendors support of FIPS 140-2 certification. • Consider a secure mobile workspace for your enterprise mobile management solution that provides validated FIPS 140-2 encryption providing end to end security 28 Takeaways
  • 29. globoplc.com Empowering Mobility In Regulated Industries © 2014 29 Paul DePond VP of Innovation & Technology – Globo pdepond@globoplc.com Thank You