Mobile Security: The good, the bad, the way forward

(1)

(2)

Mobile Security: The good,

the bad, the way forward

Get the most out of HP’s Mobility Protection Services

(3)

[email protected]

+32 498946043

Jan's Blogs

Today’s Presenter

Name

Jan De Clercq

Title & organization

Chief Technical Architect, IT Assurance Services, Global TSC Portfolio

IT industry experience

• Military prior to HP

• Years in HP – 15 years

• Security, Identity and Access Management, Microsoft Security, Microsoft infrastructure, Messaging

Professional information

• Masters IT, Masters Criminology

• HP TCP Master

• CISSP, CCSK, Microsoft Certified Architect, Microsoft and Cisco certifications

• Author of Microsoft security books and articles, contributor to “Cloud Computing Protected: Security

Assessment Handbook”

Current responsibilities

• Cloud Protection, Big Data Protection, Mobility Protection

• ITA Service Portfolio Sales & Pursuit Assistance

• ITA Consultant Training & Mentoring

(4)

Today’s Presenter

Name

Félix Martín

Title & organization

EMEA Pursuit Lead IT Infrastructure and Cloud Assurance

IT industry experience

• Years in HP – 14 years

• Security Operations, Security Governance, Cloud Security

Professional information

• MBA

• CISSP, Certified Information System Security Professional

• CCSK, Certified of Cloud Security Knowledge

• PMP, Project Management Professional

• ITIL expert in IT Service Management

Current responsibilities

• ITA Business development for Iberia

• ITA Business development for EMEA

[email protected]

+34 609112075

(5)

Agenda

1. Definition of Terms

2. Scope of Mobile Device Computing

3. The Security Problems with Mobile Devices

4. Mobile Device Security Strategies

5. Putting it all Together

6. Mobility Protection Reference Architecture

7. Conclusion

(6)

(7)

BYOA – Bring Your Own Acronym

Definitions

1.Consumerization

• Technology that starts from the consumer market and spreads

to the business and government sectors

2.MDM

• Mobile Device Management –Controls on mobile devices to

protect devices and corporation assets

3.MAM

• Mobile Application Management – Controls targeted at mobile

applications, irrespective of the device they run on

4.NAC

• Network Access Control –Controls at the network level to meet

security policy

5.BYOD

• Bring Your Own Device – Any device, any time, from anywhere

Mobile

Device

Management

Network

Access

Control

Mobile

Application

Management

Company

Liable

Employee

Liable

(8)

(9)

Mobile Device Proliferation

Apple IOS – Closed platform, strong

customer loyalty, most apps

iPod Touch, iPhone, iPad

Google Android – Open platform, lower

price point, 2

nd

_{most apps}

Too many devices to list

Phones & Tablets

Microsoft – Open APIs, strong tie to

desktop, coming on strong

(10)

Evolution of Mobility

Tomorrow

•New Devices

•New Usage Types

Today’s

Usage

•PIM

•Web Browsing

•Music

•Consumer Apps

•Business Apps

•Games

Today’s

Devices

•Laptop, Desktops

•Smartphones

•Tablets

•Printers

Point of Sale

• Proximity payment embedded

systems

Convergence

• Automobiles & Smartphones

• Hotels & Cars

• Smart Grid Devices & Smartphones

• Home Automation and Security

• Payment Systems & Smartphones

Enterprise

• Integrated collaboration

(11)

The Security Problems with Mobile

Devices

(12)

Device Overload

• Ever-Changing Types,

OSs and Security

Features

Data Threats

• Sensitive Data Leakage

• Device Lost or Employee

Leaves

• Acting in

Non-Compliant /

Wrongful

Ways

User Threats

App Threats

• Insecure Access to

Corporate Apps

• Lack of Reliability

Network Threats

• Usage of Many Secure

and Unsecure Networks

• Lack of Mobile Network

Visibility

• Corporate Network

Vulnerability to Mobile

Threats

Threat Landscape

(13)

(14)

Making long term choices is hard as technology is moving so fast

Shifting Landscape will impact Management

B2C

B2E

B2B

BYOD

MDM

MAM

(15)

Evolving MDM taxonomy

Mobile

Security

Mobile

Application

Management

Core MDM

Functions

Mobile Device

Management

App

Management

& Control

Documents

and

Information

Management

Network and

Security

Intelligence /

MSM

Mobile

Transport

Security, QoS

Wifi / VPN /

WWAN /

Roaming

Control

Hardware

Inventory /

Asset Mgt /

Provisioning

Basic Device

Enrollment /

Cross-Platform

support

(16)

MAM Architecture

Hosted Data center

Security Services

Virtualized

Infrastructure

Software layer

Email Services

Collaboration

Business (SAP?)

Specific Applications

Connection

devices

End

users

Virtualized

Client

w/ Local Apps

Secure

Application

Publishing

Virtual

Desktops

Virtual

Storage

Federated

Identity

(17)

(18)

Mobility protection stack

Security Policies

Applications Protection

Data Protection

Devices Protection

Infrastructure Protection

Governance, Risks, Compliance

BYOD Policies

Access control

Enterprise remote access

Rogue applications

Secure data at rest and in transit

DLP

Data Wipe

Device identification

Malware protection

Perimeter and Network Protection

Cloud Protection

(19)

P

1 _{: People}

P

2 _{: Policies &}

procedures

P

3 _{: Processes}

P

4 _{: Products}

P

5 _{: Proof}

P

5 _Model

Mobility protection requires a holistic protection

approach: HP ISSM P5 Model

(20)

Strategy

Roadmap

Design

Implement

Mobility Protection Reference Architecture

Build

Plan

Secure

Mobility

Protection

Workshop

Mobility

Protection

Roadmap

Mobility

Protection

Design

Mobility

Protection

Implementation

Building security into mobility strategy, design and

implementation

(21)

HP Solution building block

HP Connected Workplace Services

Connected workplace -people-data

Mobile connectivity services

Mobile management services

Mobile platforms

HP FlexNetwork for unified wired and wireless access

Converged Infrastructure delivering VDI

Secure on-boarding, provisioning and monitoring with IMC

User Access

Manager

Admission Defense

Endpoint

Wireless Services

Manager

User Behavior

Analyzer

Network Traffic

Analyzer

(22)

Mobility Protection Reference

Architecture

(23)

Functional view

Customers

Employees

Partners -

Suppliers

Public Cloud Resources

Data Protection

Encrytion Data Loss Prevention

Secure

Communication

VPN Agent PKI Client

Security

Lockdown

Mobile Policy Enforcement Secure Staging Patching Browser security

Application

Securiity

Application Patching Application Poliicy Config Whitelisting Blacklisting

Access Control

Local ID Malware

Perimeter

Security

Application Firewalls DLP Gateways Firewalls / Proxies VPN/SSL Gateways

Mobile Device Management

Mobile Device Policy Management

ID / Authn / Access Control Management

Encryption Management Remote Wiping

Security Management (impacting Mobile Devices)

Malware Protection Management

DLP Management

Patch Management SIEM / Auditing /Activity Monitoring

ID and Access Management

ID Management Access Management

Resource Security Management

ID / Access Control Management Malware Protection Management Backup / DR Backup / DR Management Network IPS Host IPS IDS/IPS Strong Authn

Secure Client Virtualization

Mobile Application Management

Enterprise App Store

Application / Apps Management

Per App VPN management App Policy Management

DDOS Protection Encrypted Data Silo Per App-VPN

Mobile App

Sandboxing

(24)

Mobile Application

Management – XenMobile

Enterprise

(StoreFront + AppController)

Mobile Device Management

– XenMobile Enterprise

(XenMobile Device Manager)

Mobile Content Management

– ShareFile

(StorageZone Controller)

Access Gateway and

(optional) Load Balancing

(NetScaler)

(25)

Technical

view: Mapping

Mobile Policy Enforcement Browser security Application Poliicy Config Whitelisting Blacklisting Mobile Device Policy

Management ID / Authn / Access Control Management Encryption Management Remote Wiping ID Management ID Federation Access Management

Secure Client Virtualization

Enterprise App Store Application / Apps Management Per App VPN management App Policy Management Encrypted Data Silo Per App-VPN Mobile App Sandboxing

Remote Wiping Encrypted

(26)

(27)

For more information and next steps

• Join us in the Security & Risk Management Pavillion to meet experts and get more information.

• Schedule a meeting with experts in the HP Meeting Center

• Visit the Security Transformation Experience Workshop and schedule a session