Copyright © Tier-3 Pty Ltd, 2012. All rights reserved.
A world of information
Security and privacy implications
of mobilit...
Introduc)ons	
  
2	
  01/05/2013	
  
Piers	
  Wilson	
  
Head	
  of	
  Product	
  Management	
  
Director	
  of	
  IISP	
 ...
Agenda	
  and	
  scope	
  
•  What	
  this	
  talk	
  is	
  about…	
  
–  Iden?fying	
  the	
  informa?on	
  on	
  users/
...
Background	
  
•  App	
  “ecosystems”,	
  consumerisa?on	
  and	
  
"bring	
  your	
  own	
  device"	
  are	
  here	
  
• ...
However…	
  
Two	
  big	
  ques)ons	
  
1.  Can	
  organisa?ons	
  iden?fy,	
  collect	
  
and	
  effec?vely	
  analyse	
  ...
Business	
  intelligence	
  origins	
  
•  Most	
  businesses	
  are	
  comfortable	
  with:	
  
–  Collec?ng	
  security	...
What	
  does	
  mobility	
  mean	
  
for	
  security	
  and	
  fraud?	
  
Richer	
  Data	
  
	
  
•  Loca?on	
  and	
  ac?...
What	
  else	
  does	
  mobility	
  mean	
  
for	
  security	
  and	
  fraud?	
  
New	
  Applica)ons	
  
	
  
•  Sector-­‐...
Don’t	
  collect	
  more	
  than	
  you	
  need	
  and	
  
then	
  struggle	
  to	
  protect	
  it	
  
•  Increasing	
  co...
Deciding	
  what	
  informa)on	
  to	
  collect	
  
and	
  why…	
  
Security	
  teams	
  are	
  used	
  to	
  drawing	
  a...
…	
  and	
  then	
  making	
  sure	
  we	
  can	
  
protect	
  it	
  
Growth	
  of	
  security/customer/fraud/business	
  ...
So	
  what?	
  
•  The	
  value	
  of	
  (all)	
  data	
  is	
  increasing,	
  partly	
  driven	
  by	
  a	
  more	
  
mob...
Copyright © Tier-3 Pty Ltd, 2012. All rights reserved.
Finally…
Time for questions
Or:
Find me at Tier-3’s stand K31
piers...
Upcoming SlideShare
Loading in...5
×

Hidden security and privacy consequences around mobility (Infosec 2013)

245

Published on

An overview of the security and privacy implications and risks resulting from the wider adoption of mobile devices, apps, cloud and the resultant changes to customer interaction and business processes

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
245
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Hidden security and privacy consequences around mobility (Infosec 2013)

  1. 1. Copyright © Tier-3 Pty Ltd, 2012. All rights reserved. A world of information Security and privacy implications of mobility Piers Wilson Tier-3 Huntsman® - Head of Product Management
  2. 2. Introduc)ons   2  01/05/2013   Piers  Wilson   Head  of  Product  Management   Director  of  IISP   Previously  senior  manager  in  Cyber   Security  prac?ce  at   PricewaterhouseCoopers     Tier-­‐3  Huntsman®  at  Infosec     •  SIEM  /  Event  correla?on  /  “Big  data”  analy?cs   •  Behaviour  Anomaly  Detec?on  (BAD  2.0)   •  Governance,  Risk,  Compliance   •  Cloud/mul?-­‐tenancy  support   Stand  K31  
  3. 3. Agenda  and  scope   •  What  this  talk  is  about…   –  Iden?fying  the  informa?on  on  users/ ac?vity  that  has  relevance  for  security  and   an?-­‐fraud  purposes   –  Security  and  fraud  consequences  of  the   wider  business  adop?on  of  mobile   applica?ons   –  Privacy  and  security  versus  business   interest  and  usefulness   •  What  this  talk  is  not  about…   –  Mobile  device  management   –  Mobile  applica?on  security   01/05/2013   3   79%  of  the  UK  popula?on  use  the  internet   anywhere,  on  any  device   Ofcom,  2012     11%  of  businesses  report  all  marke?ng  ac?vi?es   are  truly  integrated  across  online  and  offline   channels   Affilinet,  2011     Four  out  of  five  US  smartphone  owners,  use  the   phone  to  help  with  shopping   Google/Ipsos,  2011     Demand  for  security  informa?on  and  event   management  tools  will  grow  to  more  than  $1   billion  worldwide  by  2015   Frost  &  Sullivan  2011     "There  is  no  subs?tute  for  knowledge.”   W.  Edwards  Deming     “Before  undertaking  monitoring,  iden?fy  clearly   the  purpose(s)  behind  the  monitoring  and  the   specific  benefits  it  is  likely  to  bring”     ICO  BYOD  Guidance,  2013  
  4. 4. Background   •  App  “ecosystems”,  consumerisa?on  and   "bring  your  own  device"  are  here   •  Users  /  Customers  increasingly  expect  to   access  systems  via  apps  /  personal   devices   •  Imminent  explosion  in  mobile  payments   •  Opportunity  to  collect,  process  and   understand  considerably  more  data   –  Internal  logs,  external  sources,  user   transac?ons,  staff  movements,  habits,   loca?ons,  ac?vi?es,  wider  contexts,  proximity   01/05/2013   4  
  5. 5. However…   Two  big  ques)ons   1.  Can  organisa?ons  iden?fy,  collect   and  effec?vely  analyse  the  data   available  to  them   2.  What  are  the  privacy  and  security   implica?ons  of  collec?ng  data  and   using  it  in  this  way   01/05/2013   5  
  6. 6. Business  intelligence  origins   •  Most  businesses  are  comfortable  with:   –  Collec?ng  security  log  and  event  informa?on  from   systems  (tradi?onal  SIEM  technologies)   –  Monitoring  staff  use,  system  ac?vity  and  network  traffic   for  threat  iden?fica?on   –  Gathering  payment  and  transac?on  informa?on  for  fraud   detec?on  and  risk  management  (FMS)   –  Profiling  customer  ac?vity  through  on-­‐line  accounts  and   loyalty  schemes   –  Credit  checking  and  the  concept  of  risk  scoring   01/05/2013   6  
  7. 7. What  does  mobility  mean   for  security  and  fraud?   Richer  Data     •  Loca?on  and  ac?vity  informa?on  for   employees/contractors/customers  becomes   more  available  and  more  useful   •  Monitoring  of  browsing  and  buying  habits   can  be  device  and  loca?on  aware   –  Richer  than  just  web-­‐site  analy?cs  for  tracking   customers   –  Loca?on,  proximity  to  outlets  and  real-­‐world   marke?ng  and  loca?ons  of  neighbours/ compe?tor   •  Loyalty  systems  expand  beyond  what  I  buy   (or  what  I  might  like)  or  where  I  shop   (special  offers)  to  being  more  focussed   •  We’ll  see  interest  in  greater  security  and   fraud  insights;  coupled  with  customer   profiling  and  new  flavours  of  data   –  “big  data”   Financial  Drivers     •  Interfaces  between  systems  to  detect   security  incidents,  events  and  fraud  will   become  more  prevalent  in  the  mobile  space   •  Some  intelligence  will  move  from  the  back-­‐ end  to  nearer  the  client  end   –  What  you  can’t  do  in  a  web  page  you  may  be   able  to  do  within  an  app   •  Mobile  payments  will  mean  real  money   flowing  between  real  devices  and/or   terminals   •  Real  world  financial  ac?vity,  coupled  with   on-­‐line  logging  and  monitoring  and  the   ability  to  track  loca?on  becomes  real  ?me   –  Who  gets  the  mobile  payment?   –  Where  are  the  logs?  
  8. 8. What  else  does  mobility  mean   for  security  and  fraud?   New  Applica)ons     •  Sector-­‐specific  applica?ons  with  the  ability   to  gather  and  analyse  logs  and  data  sets   which  “mean  something”   –  Searching  for  meaning  in  security  log  data   –  Some  uses  will  have  business/customer  benefits   –  Could  become  intrusive   •  If  we  create  data  with  more  value  the   business  cri?cality  and  the  impact  of  loss/ them/exposure  will  also  increase   –  Driving  security  requirements   •  Some  obvious  examples:   –  Motor  insurance  applica?ons  to  derive  risk   informa?on  or  to  make  post-­‐claim  decisions  –  to   log  accidents  and/or  track  movement/speed/ loca?on/risk  factors  prior  to  crash  or  robbery   –  Applica?ons  that  turn  on  the  hea?ng  when  you   are  close  to  home   Personal  /  Lifestyle     •  Personal  and  social  aspects  of  mobility,   security  and  data  analysis   •  In  many  cases  there  is  (or  will  be)  a  social   and  a  business  interpreta?on  of  the   gathered  data   •  Whose  data  is  this?   –  Work/life  balance  (hours  at  office)   –  Health  (exercise/food  consump?on)   –  Social  interac?ons  (associa?ons/photos/”near   me”)   –  Security  systems  based  on  proximity  between   users/devices/controls   –  Emergency  situa?ons/unrest  and  loca?on/ exposure   01/05/2013   8  
  9. 9. Don’t  collect  more  than  you  need  and   then  struggle  to  protect  it   •  Increasing  contextual  data  being  available  to  apps  installed   locally  or  to  back-­‐end  systems   •  Collec?on  and  analysis  may  be  overt  or   could  become  part  of  the  rou?ne  handling   of  ac?vity  and  transac?ons   –  Hence  less  visible   –  What  is  a  security  log  and  what  is  a  customer  ac)vity  log?   •  The  collec?on  and  use  “purposes”  could  get  blurred  …  with   implica?ons  for  privacy  and  security   –  Data  collected  for  fraud  purposes  could  become  useful  for  customer   profiling  and  marke?ng   –  If  you  know  “where  I  am”,  you  also  know  “where  I  am  not”  (at  home,  at   work,  at  the  gym);  and  maybe  “who  I’m  with”  or  “what  I’m  doing”   01/05/2013   9  
  10. 10. Deciding  what  informa)on  to  collect   and  why…   Security  teams  are  used  to  drawing  a  balance   between  benefit  and  risk   •  what  data  we  collect  and  its  value     Industry  (more  widely)  is  star?ng  to  invest  in,  and   discover,  the  value  of  data  analy?cs     In  security  the  wider  benefits  of  “big  data”   involves  different  parameters  …  more  data  means:   •  Improved  fraud  detec?on  capability   •  Beqer  customer  profiling   •  More  context   •  Richer  user  experience   AND   •  Greater  visibility  around  security  threats,  risks,   aqacks     01/05/2013   10   Smarter  data   analy?cs   More useful data sources More uses / Bigger audience
  11. 11. …  and  then  making  sure  we  can   protect  it   Growth  of  security/customer/fraud/business  data  from  the  emerging  mobile   compu?ng  environment  can:   •  Challenge  privacy  obliga?ons   •  Exceed  expecta?ons  from  users/regulators   •  Give  security  teams  another  (and  higher  impact)  data  set  to  protect   Organisa)ons  need  to  evolve  their  security  stance  -­‐  even  simple  “big  data”   examples  could  raise  the  risk  levels  much  higher     Need  considera?on  of:   •  Balancing  security,  fraud,  privacy  and  func?onality  within  the  mobile  apps/facili?es   used  by  customers  and  staff   •  Protect  data  that  we  collect  –  where  privacy  implica?ons  (to  customers)  or  raw  value   (to  us)  is  heightened   Organisa)ons  must  ensure  they  have  the  right  tools  and  approaches  to  gain  the   maximum  value  from  the  security,  fraud,  ac)vity,  loca)on  data     01/05/2013   11  
  12. 12. So  what?   •  The  value  of  (all)  data  is  increasing,  partly  driven  by  a  more   mobile  and  app-­‐oriented  environment   …  security  logs,  behaviour  anomaly  detec?on,  cyber  threat  detec?on   …  businesses  increasingly  using  data  to  drive  efficiencies  and  customer   in?macy  through  mobile  channels   •  We  have  to  acknowledge  these  trends  and  ensure  that  we   adequately  protect  business  informa?on  where  the  privacy  risk,   exposure  and  value  becomes  more  cri?cal   •  Clever  security  technologies  can  really  help,  especially  where   past  controls  become  less  applicable  or  effec?ve  in  a  more   interconnected  space   01/05/2013   12  
  13. 13. Copyright © Tier-3 Pty Ltd, 2012. All rights reserved. Finally… Time for questions Or: Find me at Tier-3’s stand K31 piers.wilson@tier-3.com +44 (0) 7800 508517 @only1weasel www.tier-3.com @tier3huntsman
  1. Gostou de algum slide específico?

    Recortar slides é uma maneira fácil de colecionar informações para acessar mais tarde.

×