Verizon Mobile Security

8/13/2019 Verizon Mobile Security

1/38

Securing Mobile:

A Business-Centric

Approach

Omar KhawajaFebruary 2013


2/38

1970

Information Revolution Starts

Main frame (Green

Terminals)

@smallersecurity
http://www.iconattitude.com/icons/open_icon_library/devices/png/256/computer-mainframe.png


3/38

Personal Computing

19801970

Thick Client

& Mobile Revolution Starts

@smallersecurity
http://www.old-computers.com/museum/photos/Apple_MacPortable_System_s1.jpghttp://www.iconattitude.com/icons/open_icon_library/devices/png/256/computer-mainframe.png


4/38

1980 19901970

Web based computing

and Mobile truly goes mobile

Advent of the Web

@smallersecurity
http://www.futuretimeline.net/subject/images/computer-storage-timeline.jpghttp://img.dooyoo.co.uk/GB_EN/175/computers/laptops/ibm_thinkpad_r50_1829.jpghttp://www.old-computers.com/museum/photos/Apple_MacPortable_System_s1.jpghttp://www.iconattitude.com/icons/open_icon_library/devices/png/256/computer-mainframe.png


5/38

1980 19901970 2000

Web and Mobile mature

Mobile Matures

@smallersecurity
http://2.bp.blogspot.com/-Hdd_QcOdwec/Tw8BkbGuG6I/AAAAAAAAASA/GrpuiILfDNs/s1600/desktop-pc.jpghttp://www.futuretimeline.net/subject/images/computer-storage-timeline.jpghttp://img.dooyoo.co.uk/GB_EN/175/computers/laptops/ibm_thinkpad_r50_1829.jpghttp://www.old-computers.com/museum/photos/Apple_MacPortable_System_s1.jpghttp://www.iconattitude.com/icons/open_icon_library/devices/png/256/computer-mainframe.png


6/38

1980 19901970 20102000

Mobile Revolution

Information Revolution becomes the Mobile

Revolution

@smallersecurity
http://gadgetsin.com/uploads/2011/07/macbook_air_2011_with_thunderbolt_and_backlit_keyboard_1.jpghttp://2.bp.blogspot.com/-Hdd_QcOdwec/Tw8BkbGuG6I/AAAAAAAAASA/GrpuiILfDNs/s1600/desktop-pc.jpghttp://www.futuretimeline.net/subject/images/computer-storage-timeline.jpghttp://img.dooyoo.co.uk/GB_EN/175/computers/laptops/ibm_thinkpad_r50_1829.jpghttp://www.old-computers.com/museum/photos/Apple_MacPortable_System_s1.jpghttp://www.iconattitude.com/icons/open_icon_library/devices/png/256/computer-mainframe.png


7/38

Global Mobile Traffic

@smallersecurity
http://www.kpcb.com/insights/2012-internet-trends-updatehttp://www.kpcb.com/insights/2012-internet-trends-update


8/38


9/38

Btw, is

securing

various platformreally that different?

@smallersecurity


10/38

1980 19901970 20102000

Difference?

Have a closer look:

its really not that different.

@smallersecurity
http://gadgetsin.com/uploads/2011/07/macbook_air_2011_with_thunderbolt_and_backlit_keyboard_1.jpghttp://2.bp.blogspot.com/-Hdd_QcOdwec/Tw8BkbGuG6I/AAAAAAAAASA/GrpuiILfDNs/s1600/desktop-pc.jpghttp://www.futuretimeline.net/subject/images/computer-storage-timeline.jpghttp://img.dooyoo.co.uk/GB_EN/175/computers/laptops/ibm_thinkpad_r50_1829.jpghttp://www.old-computers.com/museum/photos/Apple_MacPortable_System_s1.jpghttp://www.iconattitude.com/icons/open_icon_library/devices/png/256/computer-mainframe.png


11/38

Top Business

Technology

Trends Video

Social Enterprise

Big Data

Enterprise

Clouds

High-IQ Networks

M2M2P

Compliance

Energy Efficiency

Consumerization

of IT

Personalization

of Service

@smallersecurity


12/38

Whats

the common

theme across top

technology trends?

@smallersecurity


13/38

Video

Big Data

Enterprise Clouds

High-IQ Networks

M2M2P

Compliance

Social Enterprise Energy Efficiency

Consumerization of IT

Personalization of

Service

DATA

@smallersecurity


14/38


15/38

Security is about Risk

ThreatsVulnerabilitiesAssetsRisk

@smallersecurity
http://www.hotforsecurity.com/blog/biometrics-to-become-standard-feature-on-smart-mobile-devices-2926.html


16/38

How do we

securemobile

today?

@smallersecurity
http://www.hotforsecurity.com/blog/biometrics-to-become-standard-feature-on-smart-mobile-devices-2926.html


17/38

16

Programs and Technologies

@smallersecurity


18/38

17


Risk Assessment Security Policy Organization of Info Security

Asset Management Human Resources Management Physical & Environment Security

Communication & Ops Mgmt Access Control Info Systems Acquisition, Dev, &Maintenance

Info Security IncidentManagement

Business ContinuityManagement

Compliance

@smallersecurity


19/38

18


App Security Anti-X Configuration Management

DLP Encryption IAM, NAC

Patching Policy Management Threat Management

VPN Vulnerability Management

@smallersecurity


20/38

19

Multiple Approaches

@smallersecurity
http://gsourceg.com/images/products/product-010.jpghttp://gsourceg.com/images/products/product-010.jpghttp://gsourceg.com/images/products/product-010.jpghttp://gsourceg.com/images/products/product-010.jpg


21/38
http://500px.com/photo/13193703


22/38

Heres an approach

@smallersecurity
http://500px.com/photo/13193703http://500px.com/photo/13193703http://500px.com/photo/13193703http://500px.com/photo/13193703


23/38

Data-Centric

Approach

(Follow the data)

Inventory (must)

Classify (must)

Destroy* (ideal)

Protect

Monitor

@smallersecurity


24/38

Data-Centric Security Model

Data-centricsecurity is

business-centric

security

@smallersecurity


25/38

To protect thedata, protect

whats around it

too


@smallersecurity


26/38

GRC andIntelligence

define security

program


@smallersecurity


27/38

Start with

assets,

end with the

controls


@smallersecurity


28/38

How do we execute?

@smallersecurity


29/38

Data-Centric

Security:

A Recipe

Implement Control Requirements

Monitor Control Effectiveness

Entitlement Definition

Mobile Environment Definition

Inventory Users

Define Business Processes

Destroy Data

Inventory Data

Categorize Data

@smallersecurity


30/38

What about Apps?

@smallersecurity


31/38

What about Apps?

Cant impede appproliferation, but

how do you know

which to trust?30 billion app downloadsfrom Apple's App Store

Apps have overtaken

browsing

@smallersecurity
http://www.allthingschristmas.com/pics/fibre_Optic1.jpg


32/38

What about the Network?(It s not just for transport)

@smallersecurity
http://www.allthingschristmas.com/pics/fibre_Optic1.jpghttp://www.allthingschristmas.com/pics/fibre_Optic1.jpghttp://www.allthingschristmas.com/pics/fibre_Optic1.jpghttp://www.allthingschristmas.com/pics/fibre_Optic1.jpghttp://www.allthingschristmas.com/pics/fibre_Optic1.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpg


33/38

Key security imperatives:

1)Data Governance

2)Application Governance

@smallersecurity
http://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpghttp://1.bp.blogspot.com/_itU75p-fRe4/S_Fxg82CsYI/AAAAAAAAAYU/TFxHvMHW27E/s1600/davids+rubiks+cube2.jpg


34/38

Doing things right

&

Doing the right thingsBusiness

Context

Follow the data

Network can

help

Simplify security

program

Apps matter

@smallersecurity


35/38

Question

and

Answers

@smallersecurity


36/38


37/38

This document and any attached materials are the sole

property of Verizon and are not to be used by you other than

to evaluate Verizons service.

This document and any attached materials are not to be

disseminated, distributed, or otherwise conveyed throughout

your organization to employees without a need for this

information or to any third parties without the express written

permission of Verizon.

2011 Verizon. All Rights Reserved. The Verizon and

Verizon Business names and logos and all other names,

logos,

and slogans identifying Verizons products and services are

trademarks and service marks or registered trademarks and

service marks of Verizon Trademark Services LLC or its

affiliates in the United States and/or other countries. All

other trademarks and service marks are the property of their

respective owners.

PROPRIETAR

YSTATEMENT

@smallersecurity


38/38

Salahuddin Khawaja

Developed and Designed by

[email protected]

More at Decklaration.com

ABOUT THE AUTHOR

Salah has 14 years of experience, primarily in the

Financial Services Industry. Before joining JP Morgan he

spent 11 years at Deloitte & Touche helping Fortune 500

clients with various types of Strategic Initiatives.

He is currently is based in Hong Kong with responsibility

for delivering the next generation platform for Securities

Processing.

Areas of Expertise: Strategy Development, Business

Transformation, System Integration, Program & Project

Management, Mobile Strategy, Data Analytics, Executive

Presentations

Sample Clients:Bank of America, Citi , MasterCard

Documents

Verizon Mobile Security