Securing Mobile:A Business-CentricApproachOmar KhawajaFebruary 2013
Mobility this week…@smallersecurityBorderless networksRCS, JoynSIP, IPMDMMonetizationMeans vs. End
Mobileis no longeroptional@smallersecurity
1980 19901970 20102000Difference?Have a closer look:its really not thatdifferent.@smallersecurity
Top BusinessTechnologyTrends VideoSocial EnterpriseBig DataEnterpriseCloudsHigh-IQ NetworksM2M2PComplianceEnergy Efficienc...
What’sthe commontheme across toptechnology trends?@smallersecurity
VideoBig DataEnterprise CloudsHigh-IQ NetworksM2M2PComplianceSocial Enterprise Energy EfficiencyConsumerization of ITPerso...
Mobilityand Cloudfuel eachof these trends.@smallersecurity
Security is about RiskThreatsVulnerabilitiesAssets‘Risk’@smallersecurity
How do wesecuremobiletoday?@smallersecurity
10Programs and Technologies@smallersecurity
11Programs and TechnologiesRisk Assessment Security Policy Organization of Info SecurityAsset Management Human Resources M...
12Programs and TechnologiesApp Security Anti-X Configuration ManagementDLP Encryption IAM, NACPatching Policy Management T...
13Multiple Approaches@smallersecurity
MultipleSingleSecurity Technology SetsSingleMultipleSecurityProgramsAppSecurityAnti-XConfigMgmtDLP Encryption IAM, NACPatc...
Here’s an approach…@smallersecurity
Data-CentricApproach(Follow the data)Inventory (must)Classify (must)Destroy* (ideal)ProtectMonitor@smallersecurity
Data-Centric Security ModelData-centricsecurity isbusiness-centricsecurity@smallersecurity
To protect thedata, protectwhat’s around ittooData-Centric Security Model@smallersecurity
GRC andIntelligencedefine securityprogramData-Centric Security Model@smallersecurity
Start withassets,end with thecontrolsData-Centric Security Model@smallersecurity
How do we execute?@smallersecurity
Data-CentricSecurity:A RecipeImplement Control RequirementsMonitor Control EffectivenessEntitlement DefinitionMobile Envir...
What about Apps?@smallersecurity
What about Apps?Can’t impede appproliferation, buthow do you knowwhich to trust?30 billion app downloadsfrom Apples App St...
What about the Network?(It’s not just for transport)@smallersecurity
Key security imperatives:1) Data Governance2) Application Governance@smallersecurity
Doing things right↓Doing the right thingsBusinessContextFollow the dataNetwork canhelpSimplify securityprogramApps matter@...
QuestionandAnswers@smallersecurity
Thank Youomar.khawaja@verizon.com
This document and any attached materials are the soleproperty of Verizon and are not to be used by you other thanto evalua...
Security LeadershipWhy Verizon?Industry Recognition Largest & highly rated MSSP (Frost & Sullivan, Gartner, Forrester) F...
Upcoming SlideShare
Loading in...5
×

Mobility Security - A Business-Centric Approach

169

Published on

This is a deck I presented at the RSA Conference in San Francisco in 2013.

The content is based on discussions with hundreds of enterprises, security experts, operations teams, vendors and regulators on 5 continents.

Presentation Credit: Salahuddin Khawaja

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
169
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • http://gsourceg.com/images/products/product-010.jpg
  • Transcript of "Mobility Security - A Business-Centric Approach"

    1. 1. Securing Mobile:A Business-CentricApproachOmar KhawajaFebruary 2013
    2. 2. Mobility this week…@smallersecurityBorderless networksRCS, JoynSIP, IPMDMMonetizationMeans vs. End
    3. 3. Mobileis no longeroptional@smallersecurity
    4. 4. 1980 19901970 20102000Difference?Have a closer look:its really not thatdifferent.@smallersecurity
    5. 5. Top BusinessTechnologyTrends VideoSocial EnterpriseBig DataEnterpriseCloudsHigh-IQ NetworksM2M2PComplianceEnergy EfficiencyConsumerizationof ITPersonalizationof Service@smallersecurity
    6. 6. What’sthe commontheme across toptechnology trends?@smallersecurity
    7. 7. VideoBig DataEnterprise CloudsHigh-IQ NetworksM2M2PComplianceSocial Enterprise Energy EfficiencyConsumerization of ITPersonalization ofServiceDATA@smallersecurity
    8. 8. Mobilityand Cloudfuel eachof these trends.@smallersecurity
    9. 9. Security is about RiskThreatsVulnerabilitiesAssets‘Risk’@smallersecurity
    10. 10. How do wesecuremobiletoday?@smallersecurity
    11. 11. 10Programs and Technologies@smallersecurity
    12. 12. 11Programs and TechnologiesRisk Assessment Security Policy Organization of Info SecurityAsset Management Human Resources Management Physical & Environment SecurityCommunication & Ops Mgmt Access ControlInfo Systems Acquisition, Dev, &MaintenanceInfo Security IncidentManagementBusiness ContinuityManagementCompliance@smallersecurity
    13. 13. 12Programs and TechnologiesApp Security Anti-X Configuration ManagementDLP Encryption IAM, NACPatching Policy Management Threat ManagementVPN Vulnerability Management …@smallersecurity
    14. 14. 13Multiple Approaches@smallersecurity
    15. 15. MultipleSingleSecurity Technology SetsSingleMultipleSecurityProgramsAppSecurityAnti-XConfigMgmtDLP Encryption IAM, NACPatchingPolicyMgmtThreatMgmtVPNVuln.Mgmt…AppSecurityAnti-XConfigMgmtDLP Encryption IAM, NACPatchingPolicyMgmtThreatMgmtVPNVuln.Mgmt…AppSecurityAnti-XConfigMgmtDLP Encryption IAM, NACPatchingPolicyMgmtThreatMgmtVPNVuln.Mgmt…RiskAssessmentSecurityPolicyOrganizationof InfoSecurityAssetManagementHumanResourcesManagementPhysical&EnvironmentSecurityComms&OpsMgmtAccessControlInfo SystemsAcquisition,Dev, & Maint.Info SecurityIncidentManagementBusinessContinuityManagementComplianceRiskAssessmentSecurityPolicyOrganizationof InfoSecurityAssetManagementHumanResourcesManagementPhysical&EnvironmentSecurityComms&OpsMgmtAccessControlInfo SystemsAcquisition,Dev, & Maint.Info SecurityIncidentManagementBusinessContinuityManagementComplianceRiskAssessmentSecurityPolicyOrganizationof InfoSecurityAssetManagementHumanResourcesManagementPhysical&EnvironmentSecurityComms&OpsMgmtAccessControlInfo SystemsAcquisition,Dev, & Maint.Info SecurityIncidentManagementBusinessContinuityManagementComplianceAppSecurityAnti-XConfigMgmtDLP Encryption IAM, NACPatchingPolicyMgmtThreatMgmtVPNVuln.Mgmt…RiskAssessmentSecurityPolicyOrganizationof InfoSecurityAssetManagementHumanResourcesManagementPhysical&EnvironmentSecurityComms&OpsMgmtAccessControlInfo SystemsAcquisition,Dev, & Maint.Info SecurityIncidentManagementBusinessContinuityManagementComplianceRiskAssessmentSecurityPolicyOrganizationof InfoSecurityAssetManagementHumanResourcesManagementPhysical&EnvironmentSecurityComms&OpsMgmtAccessControlInfo SystemsAcquisition,Dev, & Maint.Info SecurityIncidentManagementBusinessContinuityManagementComplianceRiskAssessmentSecurityPolicyOrganizationof InfoSecurityAssetManagementHumanResourcesManagementPhysical&EnvironmentSecurityComms&OpsMgmtAccessControlInfo SystemsAcquisition,Dev, & Maint.Info SecurityIncidentManagementBusinessContinuityManagementComplianceAppSecurityAnti-XConfigMgmtDLP Encryption IAM, NACPatchingPolicyMgmtThreatMgmtVPNVuln.Mgmt…RiskAssessmentSecurityPolicyOrganizationof InfoSecurityAssetManagementHumanResourcesManagementPhysical&EnvironmentSecurityComms&OpsMgmtAccessControlInfo SystemsAcquisition,Dev, & Maint.Info SecurityIncidentManagementBusinessContinuityManagementComplianceAppSecurityAnti-XConfigMgmtDLP Encryption IAM, NACPatchingPolicyMgmtThreatMgmtVPNVuln.Mgmt…AppSecurityAnti-XConfigMgmtDLP Encryption IAM, NACPatchingPolicyMgmtThreatMgmtVPNVuln.Mgmt…AppSecurityAnti-XConfigMgmtDLP Encryption IAM, NACPatchingPolicyMgmtThreatMgmtVPNVuln.Mgmt…RiskAssessmentSecurityPolicyOrganizationof InfoSecurityAssetManagementHumanResourcesManagementPhysical&EnvironmentSecurityComms&OpsMgmtAccessControlInfo SystemsAcquisition,Dev, & Maint.Info SecurityIncidentManagementBusinessContinuityManagementComplianceMultiple ApproachesWorst CaseNirvana GoodReally?@smallersecurity
    16. 16. Here’s an approach…@smallersecurity
    17. 17. Data-CentricApproach(Follow the data)Inventory (must)Classify (must)Destroy* (ideal)ProtectMonitor@smallersecurity
    18. 18. Data-Centric Security ModelData-centricsecurity isbusiness-centricsecurity@smallersecurity
    19. 19. To protect thedata, protectwhat’s around ittooData-Centric Security Model@smallersecurity
    20. 20. GRC andIntelligencedefine securityprogramData-Centric Security Model@smallersecurity
    21. 21. Start withassets,end with thecontrolsData-Centric Security Model@smallersecurity
    22. 22. How do we execute?@smallersecurity
    23. 23. Data-CentricSecurity:A RecipeImplement Control RequirementsMonitor Control EffectivenessEntitlement DefinitionMobile Environment DefinitionInventory UsersDefine Business ProcessesDestroy DataInventory DataCategorize Data@smallersecurity
    24. 24. What about Apps?@smallersecurity
    25. 25. What about Apps?Can’t impede appproliferation, buthow do you knowwhich to trust?30 billion app downloadsfrom Apples App StoreApps have overtakenbrowsing@smallersecurity
    26. 26. What about the Network?(It’s not just for transport)@smallersecurity
    27. 27. Key security imperatives:1) Data Governance2) Application Governance@smallersecurity
    28. 28. Doing things right↓Doing the right thingsBusinessContextFollow the dataNetwork canhelpSimplify securityprogramApps matter@smallersecurity
    29. 29. QuestionandAnswers@smallersecurity
    30. 30. Thank Youomar.khawaja@verizon.com
    31. 31. This document and any attached materials are the soleproperty of Verizon and are not to be used by you other thanto evaluate Verizon’s service.This document and any attached materials are not to bedisseminated, distributed, or otherwise conveyed throughoutyour organization to employees without a need for thisinformation or to any third parties without the express writtenpermission of Verizon.© 2011 Verizon. All Rights Reserved. The Verizon andVerizon Business names and logos and all other names,logos,and slogans identifying Verizon’s products and services aretrademarks and service marks or registered trademarks andservice marks of Verizon Trademark Services LLC or itsaffiliates in the United States and/or other countries. Allother trademarks and service marks are the property of theirrespective owners.PROPRIETARYSTATEMENT@smallersecurity
    32. 32. Security LeadershipWhy Verizon?Industry Recognition Largest & highly rated MSSP (Frost & Sullivan, Gartner, Forrester) Founding and Executive Member of Open Identity Exchange Security Consulting practice recognized as a Strong Performer (Forrester) ICSA Labs is the industry standard for certifying security products (started in 1991)Credentials More PCI auditors (140+ QSAs) than any other firm in the world HITRUST Qualified CSF Assessor Actively participate in 30+ standards / certification bodies, professionalorganizations and vertical specific consortia Personnel hold 40+ unique industry, technology and vendor certificationsGlobal Reach 550+ dedicated security consultants in 28 countries speak 28 languages Investigated breaches in 36 countries in 2011 7 SOCs on 4 continents manage security devices in 45+ countries Serve 77% of Forbes Global 2000Experience Verizon’s SMP is the oldest security certification program in the industry Analyzed 2000+ breaches involving 1+ Billion records Manage identities in 50+ countries and for 25+ national governments Delivered 2000+ security consulting engagements in 2011ISO 9001ISO 17025

    ×