View
603
Download
2
Category
Tags:
Preview:
DESCRIPTION
Citation preview
Total Mobility: Still Evolving
4th Annual
Dr. Michael Valivullah, CTO, NASS, USDA
Feb. 27, 2014
What is Total Mobility? • An ability to perform work from
anywhere, on any device, at any time and access data or information securely and efficiently
• Also known as Nomadic Computing
2Dr. Valivullah - Mobility
Mobility – Three segments1. End Point – Device/User Experience – Ease of
Use, Accessibility, Availability, Latency, Data at Rest…
2. Mobile Connectivity – Capacity, Reliability, Ubiquity 24/7 , Weather, Tunnels, Buildings, Data in Transit…
3. Back-End Systems – Data, Applications, Access Control, Response Time, Cloud, Middleware…
3Dr. Valivullah - Mobility
Impact• PEOPLE: Feds & Customers – Services
and Support (Consumers and Providers)• PROCESS: Rules & Regulations, Policy &
Procedures, and Operations• TECHNOLOGY: Databases, Applications,
and Networks & End Points - Devices
4Dr. Valivullah - Mobility
Mobility Evolution (ME)
Where are we in the Mobile Evolution?
All of us are moving towards mobile maturity…Exploration, Acceleration, Innovation (IDC 2011)
5Dr. Valivullah - Mobility
Adapting to Change
From: Bing
6Dr. Valivullah - Mobility
Environmental Pressure - 1• Unprecedented number of mobile devices
are connecting to the enterprise network• Numbers are continuing to increase• Over a billion mobile devices sold
7Dr. Valivullah - Mobility
Environmental Pressure - 2• Powerful Smartphones and Tablets are
trying to outdo conventional PCs in the work place
• People are demanding to use them, especially younger workers - BYOD
8Dr. Valivullah - Mobility
Environmental Pressure - 3• Organizations are expanding beyond email and
calendars into• Backend systems – supporting the core mission –
with access to• Customer Support, Workflow, Business
Intelligence, Corporate data/information – to serve the public efficiently
9Dr. Valivullah - Mobility
Environmental Pressure - 4• Leverage consumer mobile technology for
broader access• Increase Agility, Productivity, Faster Response to
customer request, decrease cycle time • Reduce Cost• Increase Employee and Customer Satisfaction
10Dr. Valivullah - Mobility
Environmental Challenge - 1• Lost or Stolen Device• Dealing with Confidential or Sensitive
Data on the Device and in Transit
11Dr. Valivullah - Mobility
Environmental Challenge - 2• Different Mobile Platforms / OSs /
Devices / Apps– Different levels of vulnerability to– Malicious code and Malware– Enticing Targets to Hackers – Provide more Vectors for malicious payload
12Dr. Valivullah - Mobility
Environmental Challenge - 3• APT (Advanced Persistent Threat) is on the rise• Nation State-sponsored threats• Mobile traffic – especially wireless traffic – is
fraught with security challenges, dead spaces• Wireless, Bluetooth, insecure Wi-Fi - Airports,
Coffee Shops, Hotel Lobby
13Dr. Valivullah - Mobility
Environmental Challenge - 4• Patching and Upgrades can be plenty and time
consuming to implement• Configuration / Change Management (CM)• Mobile Apps. - Numbers exploding and life-span
is getting shorter
14Dr. Valivullah - Mobility
Environmental Challenge - 5End User Behavior• Corporate email forwarded to personal accounts• Storing mission critical and sensitive corporate
content/data in the public cloud (Dropbox), device without proper security controls
• Agency data co-mingling with personal data, data leaks• Weak passwords
15Dr. Valivullah - Mobility
Environmental Challenge - 6• Complex Compliance needs :
– Infringement of Privacy Laws - PII– HIPAA– CIPSEA– SOX – NIST- Pub 800 Guidelines– Section 508– OMB Circulars, Executive Orders, etc.
16Dr. Valivullah - Mobility
Environmental Challenge - 7• Rapid pace of change on all mobile fronts
– Users, Devices, Networks – wired and wireless, Back ends, Middleware, rules, regulations, peoples, staff skills, resources, expertise, process, technology, malware, hackers, virus, trojans, etc.
– Hard to keep up with simultaneous developments on all fronts
17Dr. Valivullah - Mobility
Environmental Challenge - 8
• Finding and keeping skilled Employees, providing Employee Training and Resources to procure, implement and manage these technologies and threats
18Dr. Valivullah - Mobility
Environmental Challenge - 9• Mobile Governance
– Developing and implementing appropriate policies and procedures
– Selecting and implementing appropriate MDM/EMM solutions
– Protecting data on the device, segregating data containers, controlling mobile devices, allowing selected applications, etc.
– Enforcing enterprise security policies remotely 19Dr. Valivullah - Mobility
Environmental Challenge - 10• Identification, Authentication, and Authorization
– Authentication – 2 factor - fingerprint, tokens, card readers, pictures, voice
– Federated Identity Management – Single SignOn– Cipher Key Management (place, length, life span)– Role-based Access and Authorization to back-end
resources – within agency firewalls, Private Cloud
20Dr. Valivullah - Mobility
Adaptation Set - 1 1. Most important Mobile Policy Decisions
– Who should make them?
2. Lost or Stolen Devices– How to deal with them?
3. Mobile Applications– How to manage them?
4. Malware / Malicious Apps– How to prevent / respond / recover from them?
21Dr. Valivullah - Mobility
Adaptation Set - 2 5. BYOD
– How to deal manage the device configurations / platforms / access controls / data leaks?
6. User Experience and Security– How to secure the agency data / content without infringing
upon device owner’s rights
7. MDM Solution– Cost / Benefit Analysis – Do we really need it?
22Dr. Valivullah - Mobility
Adaptation Set - 3 8. Containerization
- What are the challenges in sand boxes and containers?
9. Mobile Application Security- Which type of Web (HTML 5, js), Native (Java, .NET, Object C),
Hybrid applications / SDKs / OS (iOS, Android, Windows Mobile, Symbian, etc.) to use?
10. Middleware / Cloud (BaaS) – Are the mobile applications accessing the middleware to reach
into corporate data or using Cloud backend (Backend as a Service, BaaS) with APIs
23Dr. Valivullah - Mobility
Adaptation Set - 4 11. Long-term Mobile Strategy
- What is our long term mobile strategy? What do we gain from this strategy? What is the goal we are trying to achieve? What are the metrics we would use to measure our progress?
12. Skills development and training- How do we train our employees to manage this trend and be
successful at it? How much can we do in house and how much can we outsource? Do we have resources and exec. support?
13. Staying put - Will we become irrelevant or extinct (like dinosaurs)?
24Dr. Valivullah - Mobility
Adapt to Survive
From: Bing
25Dr. Valivullah - Mobility
What does the Mobility End Point look like?
From: Bing 26Dr. Valivullah - Mobility
Time will tell….
27Dr. Valivullah - Mobility
survival of the fittest….
From : Google
References1. Cyber Challenge Report (2013) HP2. Predicts 2014: Mobile and Wireless, (2013) Gartner3. BYOD: Facts and Future, (2013) Gartner 4. Enterprise Mobile App Portfolio (2014), TechTarget5. Critical Capabilities of MDM Software (2013) Gartner6. Security for Business Innovation Council – Information Security Shake-Up7. CIO Essentials: Five Stages of Mobility Maturity (2013) IDC8. Several IDC Publications on Mobility (2013, 2014)9. Several FierceIT Security Publications (2013, 2014)10. NIST Pub. 800 -124, Managing Mobile Security, (2013) 11. Google and Bing searches online
28Dr. Valivullah - Mobility
Thank you for your service to the American Public!
Any Questions, Comments?
Contact Info: Michael.Valivullah@nass.USDA.gov
29Dr. Valivullah - Mobility
Recommended