Upload
salahuddin-khawaja
View
214
Download
0
Embed Size (px)
Citation preview
8/13/2019 Verizon Mobile Security
1/38
Securing Mobile:
A Business-Centric
Approach
Omar KhawajaFebruary 2013
8/13/2019 Verizon Mobile Security
2/38
1970
Information Revolution Starts
Main frame (Green
Terminals)
@smallersecurity
http://www.iconattitude.com/icons/open_icon_library/devices/png/256/computer-mainframe.png8/13/2019 Verizon Mobile Security
3/38
Personal Computing
19801970
Thick Client
& Mobile Revolution Starts
@smallersecurity
http://www.old-computers.com/museum/photos/Apple_MacPortable_System_s1.jpghttp://www.iconattitude.com/icons/open_icon_library/devices/png/256/computer-mainframe.png8/13/2019 Verizon Mobile Security
4/38
1980 19901970
Web based computing
and Mobile truly goes mobile
Advent of the Web
@smallersecurity
http://www.futuretimeline.net/subject/images/computer-storage-timeline.jpghttp://img.dooyoo.co.uk/GB_EN/175/computers/laptops/ibm_thinkpad_r50_1829.jpghttp://www.old-computers.com/museum/photos/Apple_MacPortable_System_s1.jpghttp://www.iconattitude.com/icons/open_icon_library/devices/png/256/computer-mainframe.png8/13/2019 Verizon Mobile Security
5/38
1980 19901970 2000
Web and Mobile mature
Mobile Matures
@smallersecurity
http://2.bp.blogspot.com/-Hdd_QcOdwec/Tw8BkbGuG6I/AAAAAAAAASA/GrpuiILfDNs/s1600/desktop-pc.jpghttp://www.futuretimeline.net/subject/images/computer-storage-timeline.jpghttp://img.dooyoo.co.uk/GB_EN/175/computers/laptops/ibm_thinkpad_r50_1829.jpghttp://www.old-computers.com/museum/photos/Apple_MacPortable_System_s1.jpghttp://www.iconattitude.com/icons/open_icon_library/devices/png/256/computer-mainframe.png8/13/2019 Verizon Mobile Security
6/38
1980 19901970 20102000
Mobile Revolution
Information Revolution becomes the Mobile
Revolution
@smallersecurity
http://gadgetsin.com/uploads/2011/07/macbook_air_2011_with_thunderbolt_and_backlit_keyboard_1.jpghttp://2.bp.blogspot.com/-Hdd_QcOdwec/Tw8BkbGuG6I/AAAAAAAAASA/GrpuiILfDNs/s1600/desktop-pc.jpghttp://www.futuretimeline.net/subject/images/computer-storage-timeline.jpghttp://img.dooyoo.co.uk/GB_EN/175/computers/laptops/ibm_thinkpad_r50_1829.jpghttp://www.old-computers.com/museum/photos/Apple_MacPortable_System_s1.jpghttp://www.iconattitude.com/icons/open_icon_library/devices/png/256/computer-mainframe.png8/13/2019 Verizon Mobile Security
7/38
Global Mobile Traffic
@smallersecurity
http://www.kpcb.com/insights/2012-internet-trends-updatehttp://www.kpcb.com/insights/2012-internet-trends-update8/13/2019 Verizon Mobile Security
8/38
8/13/2019 Verizon Mobile Security
9/38
Btw, is
securing
various platformreally that different?
@smallersecurity
8/13/2019 Verizon Mobile Security
10/38
1980 19901970 20102000
Difference?
Have a closer look:
its really not that different.
@smallersecurity
http://gadgetsin.com/uploads/2011/07/macbook_air_2011_with_thunderbolt_and_backlit_keyboard_1.jpghttp://2.bp.blogspot.com/-Hdd_QcOdwec/Tw8BkbGuG6I/AAAAAAAAASA/GrpuiILfDNs/s1600/desktop-pc.jpghttp://www.futuretimeline.net/subject/images/computer-storage-timeline.jpghttp://img.dooyoo.co.uk/GB_EN/175/computers/laptops/ibm_thinkpad_r50_1829.jpghttp://www.old-computers.com/museum/photos/Apple_MacPortable_System_s1.jpghttp://www.iconattitude.com/icons/open_icon_library/devices/png/256/computer-mainframe.png8/13/2019 Verizon Mobile Security
11/38
Top Business
Technology
Trends Video
Social Enterprise
Big Data
Enterprise
Clouds
High-IQ Networks
M2M2P
Compliance
Energy Efficiency
Consumerization
of IT
Personalization
of Service
@smallersecurity
8/13/2019 Verizon Mobile Security
12/38
Whats
the common
theme across top
technology trends?
@smallersecurity
8/13/2019 Verizon Mobile Security
13/38
Video
Big Data
Enterprise Clouds
High-IQ Networks
M2M2P
Compliance
Social Enterprise Energy Efficiency
Consumerization of IT
Personalization of
Service
DATA
@smallersecurity
8/13/2019 Verizon Mobile Security
14/38
8/13/2019 Verizon Mobile Security
15/38
Security is about Risk
ThreatsVulnerabilitiesAssetsRisk
@smallersecurity
http://www.hotforsecurity.com/blog/biometrics-to-become-standard-feature-on-smart-mobile-devices-2926.html8/13/2019 Verizon Mobile Security
16/38
How do we
securemobile
today?
@smallersecurity
http://www.hotforsecurity.com/blog/biometrics-to-become-standard-feature-on-smart-mobile-devices-2926.html8/13/2019 Verizon Mobile Security
17/38
16
Programs and Technologies
@smallersecurity
8/13/2019 Verizon Mobile Security
18/38
17
Programs and Technologies
Risk Assessment Security Policy Organization of Info Security
Asset Management Human Resources Management Physical & Environment Security
Communication & Ops Mgmt Access Control Info Systems Acquisition, Dev, &Maintenance
Info Security IncidentManagement
Business ContinuityManagement
Compliance
@smallersecurity
8/13/2019 Verizon Mobile Security
19/38
18
Programs and Technologies
App Security Anti-X Configuration Management
DLP Encryption IAM, NAC
Patching Policy Management Threat Management
VPN Vulnerability Management
@smallersecurity
8/13/2019 Verizon Mobile Security
20/38
19
Multiple Approaches
@smallersecurity
http://gsourceg.com/images/products/product-010.jpghttp://gsourceg.com/images/products/product-010.jpghttp://gsourceg.com/images/products/product-010.jpghttp://gsourceg.com/images/products/product-010.jpg8/13/2019 Verizon Mobile Security
21/38
http://500px.com/photo/131937038/13/2019 Verizon Mobile Security
22/38
Heres an approach
@smallersecurity
http://500px.com/photo/13193703http://500px.com/photo/13193703http://500px.com/photo/13193703http://500px.com/photo/131937038/13/2019 Verizon Mobile Security
23/38
Data-Centric
Approach
(Follow the data)
Inventory (must)
Classify (must)
Destroy* (ideal)
Protect
Monitor
@smallersecurity
8/13/2019 Verizon Mobile Security
24/38
Data-Centric Security Model
Data-centricsecurity is
business-centric
security
@smallersecurity
8/13/2019 Verizon Mobile Security
25/38
To protect thedata, protect
whats around it
too
Data-Centric Security Model
@smallersecurity
8/13/2019 Verizon Mobile Security
26/38
GRC andIntelligence
define security
program
Data-Centric Security Model
@smallersecurity
8/13/2019 Verizon Mobile Security
27/38
Start with
assets,
end with the
controls
Data-Centric Security Model
@smallersecurity
8/13/2019 Verizon Mobile Security
28/38
How do we execute?
@smallersecurity
8/13/2019 Verizon Mobile Security
29/38
Data-Centric
Security:
A Recipe
Implement Control Requirements
Monitor Control Effectiveness
Entitlement Definition
Mobile Environment Definition
Inventory Users
Define Business Processes
Destroy Data
Inventory Data
Categorize Data
@smallersecurity
8/13/2019 Verizon Mobile Security
30/38
What about Apps?
@smallersecurity
8/13/2019 Verizon Mobile Security
31/38
What about Apps?
Cant impede appproliferation, but
how do you know
which to trust?30 billion app downloadsfrom Apple's App Store
Apps have overtaken
browsing
@smallersecurity
http://www.allthingschristmas.com/pics/fibre_Optic1.jpg8/13/2019 Verizon Mobile Security
32/38
What about the Network?(It s not just for transport)
@smallersecurity
http://www.allthingschristmas.com/pics/fibre_Optic1.jpghttp://www.allthingschristmas.com/pics/fibre_Optic1.jpghttp://www.allthingschristmas.com/pics/fibre_Optic1.jpghttp://www.allthingschristmas.com/pics/fibre_Optic1.jpghttp://www.allthingschristmas.com/pics/fibre_Optic1.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpg8/13/2019 Verizon Mobile Security
33/38
Key security imperatives:
1)Data Governance
2)Application Governance
@smallersecurity
http://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpg8/13/2019 Verizon Mobile Security
34/38
Doing things right
&
Doing the right thingsBusiness
Context
Follow the data
Network can
help
Simplify security
program
Apps matter
@smallersecurity
8/13/2019 Verizon Mobile Security
35/38
Question
and
Answers
@smallersecurity
8/13/2019 Verizon Mobile Security
36/38
8/13/2019 Verizon Mobile Security
37/38
This document and any attached materials are the sole
property of Verizon and are not to be used by you other than
to evaluate Verizons service.
This document and any attached materials are not to be
disseminated, distributed, or otherwise conveyed throughout
your organization to employees without a need for this
information or to any third parties without the express written
permission of Verizon.
2011 Verizon. All Rights Reserved. The Verizon and
Verizon Business names and logos and all other names,
logos,
and slogans identifying Verizons products and services are
trademarks and service marks or registered trademarks and
service marks of Verizon Trademark Services LLC or its
affiliates in the United States and/or other countries. All
other trademarks and service marks are the property of their
respective owners.
PROPRIETAR
YSTATEMENT
@smallersecurity
8/13/2019 Verizon Mobile Security
38/38
Salahuddin Khawaja
Developed and Designed by
More at Decklaration.com
ABOUT THE AUTHOR
Salah has 14 years of experience, primarily in the
Financial Services Industry. Before joining JP Morgan he
spent 11 years at Deloitte & Touche helping Fortune 500
clients with various types of Strategic Initiatives.
He is currently is based in Hong Kong with responsibility
for delivering the next generation platform for Securities
Processing.
Areas of Expertise: Strategy Development, Business
Transformation, System Integration, Program & Project
Management, Mobile Strategy, Data Analytics, Executive
Presentations
Sample Clients:Bank of America, Citi , MasterCard