Securing Mobile - A Business Centric Approach

351 views
308 views

Published on

Securing Mobile - A Business Centric Approach

For a higher quality version, visit: http://decklaration.com/verizon



Presentation given by Omar Khawaja (of Verizion) at Verizon the 2013 ​Mobile World Congress in Barcelona.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
351
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
16
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • http://www.kpcb.com/insights/2012-internet-trends-update
  • http://gsourceg.com/images/products/product-010.jpg
  • Securing Mobile - A Business Centric Approach

    1. 1. Securing Mobile:A Business-CentricApproachOmar KhawajaFebruary 2013
    2. 2. Information Revolution Starts 1970 Main frame (Green Terminals)@smallersecurity
    3. 3. Personal Computing 1970 1980 Thick Client & Mobile Revolution Starts@smallersecurity
    4. 4. Advent of the Web 1970 1980 1990 Web based computing and Mobile truly goes mobile@smallersecurity
    5. 5. Mobile Matures 1970 1980 1990 2000 Web and Mobile mature@smallersecurity
    6. 6. Mobile Revolution 1970 1980 1990 2000 2010 Information Revolution becomes the Mobile Revolution@smallersecurity
    7. 7. Global Mobile Traffic@smallersecurity
    8. 8. Mobile is no longer optional@smallersecurity
    9. 9. Btw, is securing various platform really that different?@smallersecurity
    10. 10. Difference? 1970 1980 1990 2000 2010 Have a closer look: its really not that different.@smallersecurity
    11. 11. Personalization High-IQ Networks of Service Enterprise ConsumerizationTop Business Clouds of IT Technology Big Data M2M2P Trends Video Compliance Social Enterprise Energy Efficiency@smallersecurity
    12. 12. What’s the common theme across top technology trends?@smallersecurity
    13. 13. Personalization of High-IQ Networks Service Enterprise Clouds Consumerization of IT Big Data M2M2P Video Compliance Social Enterprise Energy Efficiency DATA@smallersecurity
    14. 14. Mobility and Cloud fuel each of these trends.@smallersecurity
    15. 15. Security is about Risk ‘Risk’ Assets Vulnerabilities Threats@smallersecurity
    16. 16. How do we secure mobile today?@smallersecurity
    17. 17. Programs and Technologies@smallersecurity 16
    18. 18. Programs and Technologies Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical & Environment Security Info Systems Acquisition, Dev, & Communication & Ops Mgmt Access Control Maintenance Info Security Incident Business Continuity Compliance Management Management@smallersecurity 17
    19. 19. Programs and Technologies App Security Anti-X Configuration Management DLP Encryption IAM, NAC Patching Policy Management Threat Management VPN Vulnerability Management …@smallersecurity 18
    20. 20. Multiple Approaches@smallersecurity 19
    21. 21. Multiple Approaches Really? Worst Case Single Organization Organization Organization Organization Organization Organization Risk Security Risk Security Risk Security Risk Security Risk Security Risk Security of Info of Info of Info of Info of Info of Info Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Human Physical & Human Physical & Human Physical & Human Physical & Human Physical & Human Physical & Asset Asset Asset Asset Asset Asset Resources Environment Resources Environment Resources Environment Resources Environment Resources Environment Resources Environment Management Management Management Management Management Management Management Security Management Security Management Security Management Security Management Security Management Security Info Systems Info Systems Info Systems Info Systems Info Systems Info Systems Comms & Access Comms & Access Comms & Access Comms & Access Comms & Access Comms & Access Acquisition, Acquisition, Acquisition, Acquisition, Acquisition, Acquisition, Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Info Security Business Info Security Business Info Security Business Info Security Business Info Security Business Info Security Business Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Management Management Management Management Management Management Management Management Management Management Management Management App Config App Config App Config App Config Anti-X Anti-X Anti-X Anti-X Security Mgmt Security Mgmt Security Mgmt Security Mgmt DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC Policy Threat Policy Threat Policy Threat Policy Threat Patching Patching Patching Patching Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Vuln. Vuln. Vuln. Vuln. VPN … VPN … VPN … VPN … Mgmt Mgmt Mgmt Mgmt SecurityPrograms Risk Assessment Asset Management Comms & Ops Mgmt Info Security Incident Management Security Policy Human Resources Management Access Control Business Continuity Management Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance Risk Assessment Asset Management Comms & Ops Mgmt Info Security Incident Management Security Policy Human Resources Management Access Control Business Continuity Management Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance App Config App Config App Config App Config Anti-X Anti-X Anti-X Anti-X Security Mgmt Security Mgmt Security Mgmt Security Mgmt DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC Policy Threat Policy Threat Policy Threat Policy Threat Patching Patching Patching Patching Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Vuln. Vuln. Vuln. Vuln. VPN … VPN … VPN … VPN … Mgmt Mgmt Mgmt Mgmt Multiple Nirvana Good Single Multiple Security Technology Sets@smallersecurity
    22. 22. Here’s an approach…@smallersecurity
    23. 23. Inventory (must) Classify (must)Data-Centric Destroy* (ideal) Approach (Follow the data) Protect Monitor@smallersecurity
    24. 24. Data-Centric Security Model Data-centric security is business-centric security@smallersecurity
    25. 25. Data-Centric Security Model To protect the data, protect what’s around it too@smallersecurity
    26. 26. Data-Centric Security Model GRC and Intelligence define security program@smallersecurity
    27. 27. Data-Centric Security Model Start with assets, end with the controls@smallersecurity
    28. 28. How do we execute?@smallersecurity
    29. 29. Categorize Data Inventory Data Destroy DataData-Centric Inventory Users Security: Define Business Processes Mobile Environment Definition A Recipe Entitlement Definition Implement Control Requirements Monitor Control Effectiveness@smallersecurity
    30. 30. What about Apps?@smallersecurity
    31. 31. What about Apps? Apps have overtaken Can’t impede app browsing proliferation, but 30 billion app downloads how do you know from Apples App Store which to trust?@smallersecurity
    32. 32. What about the Network? (It’s not just for transport)@smallersecurity
    33. 33. Key security imperatives: 1) Data Governance 2) Application Governance@smallersecurity
    34. 34. Simplify security Network can program help Apps matter Follow the data Doing things right & Doing the right things Business Context@smallersecurity
    35. 35. Question and Answers@smallersecurity
    36. 36. T h a n k Yo u o m a r.kha wa j a@ ve r i z o nb usi ne ss.co m@smallersecurity
    37. 37. PROPRIETAR Y STATEMENT This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. © 2011 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.@smallersecurity
    38. 38. Developed and Designed bySalahuddin Khawajasalahk@gmail.com More at Decklaration.comABOUT THE AUTHORSalah has 14 years of experience, primarily in theFinancial Services Industry. Before joining JP Morgan hespent 11 years at Deloitte & Touche helping Fortune 500clients with various types of Strategic Initiatives.He is currently is based in Hong Kong with responsibilityfor delivering the next generation platform for SecuritiesProcessing.Areas of Expertise: Strategy Development, BusinessTransformation, System Integration, Program & ProjectManagement, Mobile Strategy, Data Analytics, ExecutivePresentationsSample Clients: Bank of America, Citi , MasterCard 37

    ×