Mobile – Adoption and Adaption in 2012

Greg DaySecurity CTO & Director of strategy

Mobile – Adoption and Adaption in 2012

Mobile data usage up 4,000%

2

Business Drivers

• Fast route to market (quick app development)• User productivity (familiarity & use in personal time)• Cost saving (capex, support costs, contract/data costs)• Employee satisfaction• Staff attraction and retention• Easier to use?

Do you ever text and walk? Ever walk into something?

What if your camera was on and showed where you were going?

“There’s an app for that…$1.54”

• Found on 3rd party sites and torrents

It does two things:1. Sends info to a remote location2. Sends an SMS to all your contacts

IMEI, Name, Phone Number

SMS

Android.Walkinwat 7

95054

Typical Mobile Malware

8

Apple vulnerabilities – iOS5 – Access to last used app

Hold down the power button

2004 2005 2006 2007 2008 2009 2010 2011

0

20

40

60

80

100

120

140

Symbian

iPhone

Android

Symbian iPhone Android

Symbian requires signing

Ikee worms

on rooted

iPhones

20 Families

41 Variants

Mobile threat history across major platforms.

11

What Is Driving Security?Industry trends driving security challenges• Mobile computing• Social media• Consumerization of IT

Business concerns• Data on the device• Social networking (blurring personal/business identities)• Accountability for the device

(responsible/liable when managing)• Data privacy regulations• Malware (HTML5 adoption)• Location controls – social engineering• Device physical loss

BYOD concerns• 3rd party use of the device (family access to data)• Basic security controls vs user lockdown• Apps installed• Blending of data and identities• Jail broken devices• Damaged devices • Lost/stolen devices• Privacy of devices in public places• Other business users devices

Symantec research

Top three Mobile Security Practice “Must Haves”

To successfully enable and manage mobile technology, CISOs rated their top practices and related technologies:

1. Protecting information on devices (90%)2. Authentication to the network and applications (89%)3. Setting and maintaining security policies (88%)

Source: 2011 IDG/CSO Quick Poll Survey of 124 Qualified respondents.

Business decisions• Business or user owned• In-house or managed Service• Managed device or managed

applications• What controls– What the longer term use

case?

Mobile Security

Security baseline

Identity Mgmt

Data Protection

• Enable new devices• Consistently govern

cloud services

• Manage entitlements

• Hyper-distributed information

Cloud Services

Mobile EnterpriseCISO

CIO

Smart device = Cloud enabled

Managed Devices Unmanaged Devices

Datacenter/Private-Cloud Public Cloud Services

Security/protection agents

Security/protection agents

SYMANTEC O3

Governance

Protection

Visibility

03 - The Rise of Cloud Security Brokers

Consistent identity & information security policy setting & auditing across all cloud services

Context and content aware security gateway enforcing enterprise policies above the clouds

Complete cloud audit trail of who (identity), what (information, services) , how (devices) , when (time)

2011 Trends

Mobile Threats

19

Thank You!

Greg DaySecurity CTO & Director of StrategyGreg_Day@Symantec.com07714 388998

GregDaySecurity

Mobile – Adoption and Adaption in 2012Discussions on “Mobile” are everywhere right now, from the street to the boardroom, and it provides a two-sided challenge for forward-thinking businesses. On one side, how can the organisation open up new ways of generating engagement and revenue from its customer base? On the other, how can it open up new ways of working for its employees that increase their productivity and improve retention of the best and brightest? Both of these potentially positive changes must be held up against increasing expectations of the protection of both customer and employee information and identity. Derek O’Carroll from Symantec will host this workshop by first presenting a viewpoint and leading a discussion into how this is being addressed today and possible forward-looking strategies.