Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Securing Mobile - A Business Centric Approach

436 views

Published on

Securing Mobile - A Business Centric Approach

For a higher quality version, visit: http://decklaration.com/verizon



Presentation given by Omar Khawaja (of Verizion) at Verizon the 2013 ​Mobile World Congress in Barcelona.

  • Be the first to comment

Securing Mobile - A Business Centric Approach

  1. 1. Securing Mobile:A Business-CentricApproachOmar KhawajaFebruary 2013
  2. 2. Information Revolution Starts 1970 Main frame (Green Terminals)@smallersecurity
  3. 3. Personal Computing 1970 1980 Thick Client & Mobile Revolution Starts@smallersecurity
  4. 4. Advent of the Web 1970 1980 1990 Web based computing and Mobile truly goes mobile@smallersecurity
  5. 5. Mobile Matures 1970 1980 1990 2000 Web and Mobile mature@smallersecurity
  6. 6. Mobile Revolution 1970 1980 1990 2000 2010 Information Revolution becomes the Mobile Revolution@smallersecurity
  7. 7. Global Mobile Traffic@smallersecurity
  8. 8. Mobile is no longer optional@smallersecurity
  9. 9. Btw, is securing various platform really that different?@smallersecurity
  10. 10. Difference? 1970 1980 1990 2000 2010 Have a closer look: its really not that different.@smallersecurity
  11. 11. Personalization High-IQ Networks of Service Enterprise ConsumerizationTop Business Clouds of IT Technology Big Data M2M2P Trends Video Compliance Social Enterprise Energy Efficiency@smallersecurity
  12. 12. What’s the common theme across top technology trends?@smallersecurity
  13. 13. Personalization of High-IQ Networks Service Enterprise Clouds Consumerization of IT Big Data M2M2P Video Compliance Social Enterprise Energy Efficiency DATA@smallersecurity
  14. 14. Mobility and Cloud fuel each of these trends.@smallersecurity
  15. 15. Security is about Risk ‘Risk’ Assets Vulnerabilities Threats@smallersecurity
  16. 16. How do we secure mobile today?@smallersecurity
  17. 17. Programs and Technologies@smallersecurity 16
  18. 18. Programs and Technologies Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical & Environment Security Info Systems Acquisition, Dev, & Communication & Ops Mgmt Access Control Maintenance Info Security Incident Business Continuity Compliance Management Management@smallersecurity 17
  19. 19. Programs and Technologies App Security Anti-X Configuration Management DLP Encryption IAM, NAC Patching Policy Management Threat Management VPN Vulnerability Management …@smallersecurity 18
  20. 20. Multiple Approaches@smallersecurity 19
  21. 21. Multiple Approaches Really? Worst Case Single Organization Organization Organization Organization Organization Organization Risk Security Risk Security Risk Security Risk Security Risk Security Risk Security of Info of Info of Info of Info of Info of Info Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Human Physical & Human Physical & Human Physical & Human Physical & Human Physical & Human Physical & Asset Asset Asset Asset Asset Asset Resources Environment Resources Environment Resources Environment Resources Environment Resources Environment Resources Environment Management Management Management Management Management Management Management Security Management Security Management Security Management Security Management Security Management Security Info Systems Info Systems Info Systems Info Systems Info Systems Info Systems Comms & Access Comms & Access Comms & Access Comms & Access Comms & Access Comms & Access Acquisition, Acquisition, Acquisition, Acquisition, Acquisition, Acquisition, Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Info Security Business Info Security Business Info Security Business Info Security Business Info Security Business Info Security Business Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Management Management Management Management Management Management Management Management Management Management Management Management App Config App Config App Config App Config Anti-X Anti-X Anti-X Anti-X Security Mgmt Security Mgmt Security Mgmt Security Mgmt DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC Policy Threat Policy Threat Policy Threat Policy Threat Patching Patching Patching Patching Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Vuln. Vuln. Vuln. Vuln. VPN … VPN … VPN … VPN … Mgmt Mgmt Mgmt Mgmt SecurityPrograms Risk Assessment Asset Management Comms & Ops Mgmt Info Security Incident Management Security Policy Human Resources Management Access Control Business Continuity Management Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance Risk Assessment Asset Management Comms & Ops Mgmt Info Security Incident Management Security Policy Human Resources Management Access Control Business Continuity Management Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance App Config App Config App Config App Config Anti-X Anti-X Anti-X Anti-X Security Mgmt Security Mgmt Security Mgmt Security Mgmt DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC Policy Threat Policy Threat Policy Threat Policy Threat Patching Patching Patching Patching Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Vuln. Vuln. Vuln. Vuln. VPN … VPN … VPN … VPN … Mgmt Mgmt Mgmt Mgmt Multiple Nirvana Good Single Multiple Security Technology Sets@smallersecurity
  22. 22. Here’s an approach…@smallersecurity
  23. 23. Inventory (must) Classify (must)Data-Centric Destroy* (ideal) Approach (Follow the data) Protect Monitor@smallersecurity
  24. 24. Data-Centric Security Model Data-centric security is business-centric security@smallersecurity
  25. 25. Data-Centric Security Model To protect the data, protect what’s around it too@smallersecurity
  26. 26. Data-Centric Security Model GRC and Intelligence define security program@smallersecurity
  27. 27. Data-Centric Security Model Start with assets, end with the controls@smallersecurity
  28. 28. How do we execute?@smallersecurity
  29. 29. Categorize Data Inventory Data Destroy DataData-Centric Inventory Users Security: Define Business Processes Mobile Environment Definition A Recipe Entitlement Definition Implement Control Requirements Monitor Control Effectiveness@smallersecurity
  30. 30. What about Apps?@smallersecurity
  31. 31. What about Apps? Apps have overtaken Can’t impede app browsing proliferation, but 30 billion app downloads how do you know from Apples App Store which to trust?@smallersecurity
  32. 32. What about the Network? (It’s not just for transport)@smallersecurity
  33. 33. Key security imperatives: 1) Data Governance 2) Application Governance@smallersecurity
  34. 34. Simplify security Network can program help Apps matter Follow the data Doing things right & Doing the right things Business Context@smallersecurity
  35. 35. Question and Answers@smallersecurity
  36. 36. T h a n k Yo u o m a r.kha wa j a@ ve r i z o nb usi ne ss.co m@smallersecurity
  37. 37. PROPRIETAR Y STATEMENT This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. © 2011 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.@smallersecurity
  38. 38. Developed and Designed bySalahuddin Khawajasalahk@gmail.com More at Decklaration.comABOUT THE AUTHORSalah has 14 years of experience, primarily in theFinancial Services Industry. Before joining JP Morgan hespent 11 years at Deloitte & Touche helping Fortune 500clients with various types of Strategic Initiatives.He is currently is based in Hong Kong with responsibilityfor delivering the next generation platform for SecuritiesProcessing.Areas of Expertise: Strategy Development, BusinessTransformation, System Integration, Program & ProjectManagement, Mobile Strategy, Data Analytics, ExecutivePresentationsSample Clients: Bank of America, Citi , MasterCard 37

×