Mobile Security - Words like Bring Your Own Device, and Federation sounds familiar?
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Mobile Security - Words like Bring Your Own Device, and Federation sounds familiar?

on

  • 876 views

w/ Pat Wardrop, Lead architect from IBM Security access management development

w/ Pat Wardrop, Lead architect from IBM Security access management development

Statistics

Views

Total Views
876
Views on SlideShare
866
Embed Views
10

Actions

Likes
0
Downloads
33
Comments
0

2 Embeds 10

http://www-05.ibm.com 9
http://w3.nordic.ibm.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Mobile Security - Words like Bring Your Own Device, and Federation sounds familiar? Presentation Transcript

  • 1. © 2013 IBM CorporationMobile SecurityIdentity & Access Maturity Model &Real World Deployments and ArchitecturePatrick R Wardrop28 May 2013Copenhagen, Denmark
  • 2. 1Topics IBM’s perspective Identity & Access Mobile Security Maturity Model Real World Use cases Demo & Architecture Walk through
  • 3. 2Enterprises face mobile security challengesEnabling secure transactions to enterpriseapplications and dataDeveloping secure applications and ensuringassuranceDesigning and instituting an adaptive securitypostureAdapting to BYOD and the consumerization of IT
  • 4. 3©2013 IBM CorporationIBM MobileFirst IBM CONFIDENTIALManaging and securing the mobile device, enterprise, and apps5Personal vs. corporatedata.Document sync.Secure access.Easy authentication.Mobile-enabled IT &productivity apps.No device control.Malware.Secure transactions.Threat protection.Network monitoring.Rapid applicationdelivery, APIs.Security & monitoring.Device Enterprise AppsMobile BYOD(B2E)MobileTransactions(B2C)Mobile adoption patterns point to focus areas around managing risk -across device, network and applications
  • 5. 4Ensuring Secure Transactions span an integrated approach acrossDevice, Enterprise and Applications Safe usage of smartphones and tablets in the enterprise Secure transactions enabling customer confidence Visibility and security of enterprise mobile platformIBM Mobile Security &Management StrategyManage DeviceRegister; Set appropriatesecurity policies; compliance;wipe; lockPersona SeparationData separation; data leakagepreventionData Mgmt/ProtectionEncryption; content (i.e.documents) management &protection; data syncSecure AccessProperly identify mobile users &devices; allow or deny accessConnectivity,Security IntelligenceSecurity Intelligence, UsageIdentify & stop mobile threatsLogging events, anomaliesThreat Protectioncontent/info; network;transactionsApp Assurancescanning, analysis certification,Identify application vulnerabilitiesApp ManagementApp performance management.Monitoring. App store, versioning,Update appsApp Securityapi, sdk, application level controlsAt the Device For the Mobile AppInternetOver the Network &Enterprise
  • 6. 5Current IBM capabilities - Securing the Mobile Enterprise
  • 7. 6Mobile security intelligence provides deeper insights around security andrisk posture of an enterprise, in the context of mobile.Mobile Security Intelligence Intelligence around malware andadvanced threats in mobileenabled enterprise User identity and device identitycorrelation, leading to behavioranalysis Geo-fencing, anomaly detectionbased on device, user, location,and application characteristicsMobile SecurityIntelligence
  • 8. 7Topics IBM’s perspective Identity & Access Mobile Security Maturity Model Real World Use cases Demo & Architecture Walk through
  • 9. 8Mobile Security: Identity & Access Maturity ModelOptimized Access Monitoring & ReportingContent Filtering/Server-Side DLPAccess governance / certification to mobile applicationsIntegration with SaaS and BaaSContext / risk-based accessAdvanced authentication (Bio-metrics, behavior, analytics,..)Proficient Application access managementDevice registration, authentication and revocation (i.e OAuth)Strong authentication (OTP, Device, .. )Application VPNApplication threat protection (WAF)Connecting client’s reputationBasic Browser based Federated Single Sign-OnServer side Single Sign-OnServer-side application protection (Authentication, Authorizationand Audit, Session Mgmt.)
  • 10. 9Topics IBM’s perspective Identity & Access Mobile Security Maturity Model Real World Use case Architecture Walk through & Demo
  • 11. 10Business challenge:• Automobile customers requiresecure, personalized accessto vehicle informationservices on their mobiledevices• Customers require access toradio, internet and socialnetwork services from theirtelematics systems insidecarsSolution:• Security Access Manageralong with DataPower• Authentication andAuthorization to back-endservices• Secure integration andfederated single sign-on withthird party service providersFIMDataPowerAuthorizationRequestToken RequestAccess TokenAccess TokenGrantedCloud ServicesData Center 2Data Center 1ISAM Proxy(WebSEAL)Value• Fast time to value and quick integration with partner services• Secure mobile accessAn Automobile company secures its cloud services access withIBM Security Access Manager & Websphere Datapower
  • 12. 11Topics IBM’s perspective Identity & Access Mobile Security Maturity Model Real World Use case Architecture Walk through & Demo
  • 13. 12Example ArchitectureIBM Security Access ManagerWeb Gateway ApplianceDMZIBM SecurityFederated IdentityManagerApplication
  • 14. 13Example ArchitectureIBM Security Access ManagerWeb Gateway ApplianceDMZReverse ProxyWAF(PAM)OAuth RBAXIBM SecurityFederated IdentityManagerOTP RBA OAuthApplication
  • 15. 14Example ArchitectureIBM Security Access ManagerWeb Gateway ApplianceIBM SecurityFederated IdentityManagerReverse ProxyOAuth RBAValue:• Identity aware mobile applications• Non-intrusive user experience with reduced risk• Using adaptive (risk-based access) security• Strong authentication only when it’s necessary byusing context-based access• Reduce unnecessary barriers• Revocable application instancesOTP RBA OAuthXApplicationDMZWAF(PAM)
  • 16. 15Identity-aware Mobile Application Demo:OAuth device registration, identity-aware application, context-awareaccess & application instance revocationScenario 1:Oauth device registration and identity-aware application launchScenario 2:Risk-based access decision that is transaction value aware with strongauthenticationScenario 3:Mobile application instance revocation
  • 17. 16Identity-aware Mobile Application Demo:OAuth device registration, identity-aware application, context-awareaccess & application instance revocation
  • 18. 17IBM Security Access ManagerWeb Gateway ApplianceIBM SecurityFederated IdentityManagerReverse ProxyOAuth RBAOTP RBA OAuthIBM Worklight ServerDMZWAF(PAM)Mobile AppWL RuntimeIdentity-aware Mobile Application Demo Architecture
  • 19. 18THANK YOU!!!