• No results found

Mobile Security. Luther Knight Mobility Management Technical Specialist, Europe IOT IBM Security April 28, 2015.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Mobile Security. Luther Knight Mobility Management Technical Specialist, Europe IOT IBM Security April 28, 2015."

Copied!
17
0
0

Loading.... (view fulltext now)

Download now ( 17 Page )

Full text

(1)

© 2015 IBM Corporation

IBM Security

1

© 2015 IBM Corporation

Mobile Security

Luther Knight - @lutherLDN

Mobility Management Technical Specialist, Europe IOT

IBM Security

(2)

Where I Started: Blackberry Migration  BYOD

 Bring Your Own Device (BYOD) became popular and grew over the past few years.

 Businesses were expected to adapt to the growing demands of the user.

– Network Access

– Internal Resources

– Corporate Mobile Applications

– Email, Contacts, Calendars

(3)

© 2015 IBM Corporation

IBM Security

3

 Infrastructure expenses for supporting multiple,

mobile operating system platforms and devices.

 Increased risk – how do you maintain device

compliance without impacting usability?

 Security – User needs impact data loss prevention

policy

Security – Monitoring apps for malicious code

BYOD Pain Points

(4)

I Spy… A Naughty Application

large companies are doing a bad job or nothing at all to protect

their consumer applications, including Pharma and Finance

40%

50%

33%

of these companies setting zero budget for mobile security and

therefore they’re only testing half the apps they build

of these companies don’t test their apps at all

(5)

© 2015 IBM Corporation IBM Security 5

Risky Apps

53

%

100

%

 Top applications have been cracked & offered on 3

rd

party ‘App Stores’

 Offered for free but often injected with malware or malicious code

 Android users particularly at risk

(6)

The way to your data, is through your heart

 Sharing personal information

 Access privileges

– Photos

– Location Data

– Contacts

– Calendar

– Camera/Microphone

26 of the top 41

dating apps on Google Play had high

security vulnerabilities

 Poorly coded – credit card info vulnerable

 Phishing Attacks

(7)

7 © 2015 IBM Corporation

What does IBM do?

(8)
(9)

© 2015 IBM Corporation

IBM Security

9

IBM Mobile First Protect

Secure Content

Collaboration

Secure Mobile

Containers

Comprehensive

Mobile Management

Seamless

Enterprise Access

(10)
(11)

© 2015 IBM Corporation

IBM Security

11

(12)
(13)

© 2015 IBM Corporation

IBM Security

13

Powering Productivity

Luther Knight - @lutherLDN

Mail

Content

File Sharing

Editing

Intranet

 Wrapping data loss prevention rules around sensitive information

 Maintaining device compliance

(14)

Mobile Threat Protection - SDK integrated

M

obile

D

ev

ic

e

MobileFirst

Protect

Trusteer Mobile SDK

• Jailbroken /Rooted

• Jailbreak Hiders

• Persistent Device ID

• Malware Infection

• Geo-location

• Unpatched OS

• Unsecure Wi-Fi

• Suspicious Apps

5. Enforce Policy 4. Send Data to Server

3. Analyze risk Data 2. Code the ability to collect

data

1. Integrate Libraries within app code

• Prevent deployment of containers into Jailbroken or Rooted device

• Restrict content sharing between enterprise apps on

malware-infected devices

(15)

© 2015 IBM Corporation

IBM Security

15

How it Works

IBM Mobile First Protect Console

Device Risk

Data

Risk Policy Mgmt.

& Control

Policy

Definitions

Policy

Enforcement

Inbound

OTA Updates

 Define compliance rules

 Trusteer Logic always current

(16)

European Security

 European datacenters – Ireland & Germany

 Adheres to EU security standards, ISO-27001 certified and SOC-2 compliant.

 Information is transmitted over SSL3.0/TLS1.0 with certificated from DigiCert

 Data within the European data centers does not get replicated back to USA.

 Data is 256bit AES encrypted in motion and at rest (on device).

(17)

© 2015 IBM Corporation

IBM Security

17

www.ibm.com/security

© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes

only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and

response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed,

References

Download now ( PDF - 17 Page - 1.82 MB )

Related documents

Determination of blue water footprint in forages crops from irrigation disctrict 017, Comarca Lagunera, Mexico

Se logró el objetivo del estudio al deter- minar la huella hídrica azul de los cultivos forrajeros de la Comarca Lagunera, encon- trándose que la eficiencia y productividad del agua

Two-Storey-Commercial-Building-Electrical-Layout-Plan.pdf

Section 3.3.1.2 of the Philippine Electrical Code specify 180 Watts load limit per convenience outlet. It simply mean that, each convenience outlet, is considered to

ASSAM POWER GENERATION CORPORATION LIMITED

The Consultant is required to study the feasibility of the ERP solution, workout infrastructure requirement, prepare budgetary estimates, Functional

MAPPING OF PROJECT MANAGEMENT METHODS AND TECHNIQUES TO SOFTWARE ENGINEERING PROCESSES

Initiation Planning Execution Controlling Closing Integration Mgmt Scope Mgmt Time Mgmt Cost Mgmt Quality Mgmt Human Resource Management

The social, political, economic, and legal aspects of affirmative action admission litigation from 2002-2007 from five universities

The chapter consists of a history of affirmative action debate and a discussion of the social, political, economic, and legal aspects of affirmative action that have an impact on

IBM Security Network Intrusion Prevention System

Designed with a modular product architecture, IBM Security Network Intrusion Prevention System solutions drive security convergence by adding entirely new modules of protection as

The Forrester Wave : Application Security, Q4 2014

Forrester conducted product evaluations in april 2014 and interviewed 12 vendor and user companies: Beyond Security, checkmarx, contrast Security, coverity, HP Fortify, iBM,

PLC vs DCS vs SCADA

Of course there are many exceptions to these generalities, and many DCS manufacturers have produced systems to deal with COSs (both by producing event driven base systems