SlideShare a Scribd company logo

Empowering Secure Mobility in Regulated Industries

Download as PPTX, PDF
Globo Plc
Globo Plc

Globo's recent FIPS 140-2 validation establishes it firmly in the vanguard of mobile solutions for healthcare, finance, government, and other sectors focused on security and compliance. This presentation discusses the critical significance of building mobile deployments on a single, comprehensive, vetted platform that meets these strict requirements.

1 of 33
Empowering Secure Mobility In Regulated Industries
globoplc.com Empowering Mobility In Regulated Industries © 2014 2 2 Background
globoplc.com About Globo GLOBO is an international leader and technology innovator delivering Enterprise Mobility Management and Mobile Application Development solutions and services. Founded in 1997 Listed on AIM LSE:GBO Empowering Mobility in Regulated Industries © 2014 3 Subsidiaries & offices: USA | UK | UAE | Singapore | Greece | Cyprus | Romania 3 REVENUE GROWTH 2013: $98.6m 2012: $80.3m 2011: $45.9m 2.9m active users of consumer services 340k enterprise users 13m+ device licenses for consumer apps Deployments in 50+ countries Latest acquisitions:
globoplc.com Globo Group Customers & Partners Customers Empowering Mobility in Regulated Industries © 2014 4 Partners
Globo Recognized by Leading Analysts Magic Quadrant for EMM 2014 globoplc.com Empowering Mobility in Regulated Industries © 2014 5 GLOBO: only new vendor “ Unique among its peers… GLOBO is a good fit for organizations looking for a single product that provides MADP and EMM.”
globoplc.com About SafeLogic Empowering Mobility in Regulated Industries © 2014 6 6 • Provider of FIPS 140-2 Encryption Technology • Securing mobile, server, appliance, wearable, IoT environments • Compliance Consulting • Founded 2012 and privately held • Headquartered in Palo Alto, CA
globoplc.com Empowering Mobility in Regulated Industries © 2014 7 MobTilhitey CChhaalllleennggees 7
globoplc.com Identity Theft Report 2014 Empowering Mobility in Regulated Industries © 2014 8 8 • 75+ million records have been compromised in approximately 568 breaches • A “record” includes Social Security Numbers, driver's license numbers, medical records, or payment card information • A 29.4 percent increase from 2013 with only 439 breaches reported • The breach count includes Home Depot’s incident, which affected at least 56 million records • Medical and healthcare organizations accounted for the majority of breaches, at 43.5 percent. • In 2013, businesses accounted for 84 percent of breaches. The dramatic switch in targets, or impacted industries, could be indicative of a lack of education or resources in the healthcare field. Source: Identity Theft Resource Center Oct 2014
Security Requirements Are Increasing globoplc.com Empowering Mobility in Regulated Industries © 2014 Security Government Healthcare Financial Utilities 9
globoplc.com Encryption is Now Mandated • Government – Federal Agencies and DOD • HealthCare  HIPAA - Health Insurance Portability and Accountability Act  HITECH - Health Information Technology for Economic and Clinical Health • Financial - SOX, GLB, FINRA, PCI DSS • Utilities - FERC, NERC Empowering Mobility in Regulated Industries © 2014 10
• FISMA - Federal Information Security Management Act defines a framework for managing information security that must be followed for all information systems used or operated by a U.S. federal government agency in the executive or legislative branches, or by a contractor or other organization on behalf of a federal agency in those branches. This framework is further defined by the standards and guidelines developed by NIST. • NIST – National Institute of Standards and Testing is a non-regulatory federal agency within the U.S. Department of Commerce. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing FISMA requirements and to protect their information and information systems. • FIPS – Federal Information Processing Standards are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. Federal Information Processing Standards Publications (FIPS PUBS) are issued by NIST after approval by the Secretary of Commerce pursuant to the Federal Information Security Management Act (FISMA) of 2002 globoplc.com Definitions Empowering Mobility in Regulated Industries © 2014 11
Cryptographic Modules, specifies the security requirements that are to be satisfied by the cryptographic module utilized within a security system protecting sensitive information within computer and telecommunications systems (including voice systems • FIPS 199, is a Federal Information Processing Standard for Security Categorization of Federal Information and Information Systems, approved by the Secretary of Commerce in February 2004, is the first of two mandatory security standards required by the FISMA legislation. FIPS 199 requires Federal agencies to assess their information systems in each of the categories of confidentiality, integrity and availability, rating each system as low, moderate or high impact in each category. The most severe rating from any category becomes the information system's overall security categorization. globoplc.com Definitions • FIPS 140-2, is a Federal Information Processing Standard for Security Requirements for Empowering Mobility in Regulated Industries © 2014 12
• FIPS 200 - Minimum Security Requirements for Federal Information and Information Systems the second of the mandatory security standards, specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements. • NIST SP 800-53 covers the steps in the Risk Management Framework that address security control selection for federal information systems in accordance with the security requirements in FIPS 200. This includes selecting an initial set of baseline security controls based on a FIPS 199 worst-case impact analysis, tailoring the baseline security controls, and supplementing the security controls based on an organizational assessment of risk. The security rules cover 17 areas including access control, incident response, business continuity, and disaster recoverability. globoplc.com Empowering Mobility in Regulated Industries © 2014 13 Definitions
• With the passage of the Federal Information Security Management Act of 2002, there is no longer a statutory provision to allow for agencies to waive mandatory Federal Information Processing Standards (FIPS). • FISMA mandates the categorization and security requirements of FIPS 199, globoplc.com FIPS 200 and NIST SP 800-53 for all federal information systems. Empowering Mobility in Regulated Industries © 2014 14 Changes in Federal Government
• FIPS 140-2 precludes the use of unvalidated cryptography for the cryptographic information or data - in effect the data would be considered unprotected plaintext. • If the agency specifies that the information or data be cryptographically protected, then FIPS 140-2 is applicable. In essence, if cryptography is required, then it must be validated. globoplc.com protection of sensitive or valuable data within Federal systems. • Unvalidated cryptography is viewed by NIST as providing no protection to the Empowering Mobility in Regulated Industries © 2014 15 Unvalidated Cryptographic Modules
• The U.S. Department of the Health and Human Services (HHS) issued guidance wherein "unsecure protected health information (PHI)" is essentially any PHI that is not encrypted or destroyed. • The introduction of HITECH's breach notification initiative, which requires HIPAA - covered entities to send notification letters if there is a breach of unsecured PHI. globoplc.com Empowering Mobility in Regulated Industries © 2014 16 Department of Health and Human Services
• HIPAA-covered entities can expect safe harbor if, and only if, they adhere to • The fact that a company's data is encrypted is meaningless without taking into • Organizations that properly adhere to HIPAA standards understand the impact • By proactively leveraging the proper encryption technologies, companies of all sizes can avoid these breach notifications while ensuring the security of their sensitive data. globoplc.com specified strict standards and guidelines. account the NIST requirements. of breach notifications. Empowering Mobility in Regulated Industries © 2014 17 HIPAA Safe Harbor
globoplc.com Data Loss Prevention Empowering Mobility in Regulated Industries © 2014 18 • Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside of the corporate network.  Data in-use  Data in-motion  Data at-rest • Sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry
globoplc.com Optional Encryption Empowering Mobility in Regulated Industries © 2014 Basic Encryption Strong Encryption 19 Compliance Demands More Data Protection
Information Processing Standards (FIPS) 140–2. While there are many technical requirements involved, only a few vendors offer products that are FIPS 140-2 validated. • Organizations must look for a solution that is FIPS140-2 validated, not FIPS140-2 compliant. The former means that NIST evaluated, and validated, the encryption. globoplc.com • Valid encryption processes must comply with the requirements of Federal Empowering Mobility in Regulated Industries © 2014 20 Encryption of Data in Motion
Devices "Federal agencies must use FIPS-approved algorithms contained in validated cryptographic modules. Whenever possible, AES (Advanced Encryption Standard) should be used for the encryption algorithm because of its strength and speed.“ • NIST SP 800-57, "Recommendation for Key Management," and notes that it "provides detailed information on key management planning, algorithm selection and appropriate key sizes, cryptographic policy and cryptographic module selection." globoplc.com • NIST SP 800–111, Guide to Storage Encryption Technologies for End User Empowering Mobility in Regulated Industries © 2014 21 Encryption of Data at Rest
globoplc.com Empowering Mobility in Regulated Industries © 2014 22 FIPS 140-2 Confusion o We are FIPS certified o We are FIPS compliant o We are FIPS Conforming o We are FIPS validated
• FIPS Compliant = using FIPS validated modules within the product which itself has not been validated therefore the overall product is not FIPS validated. • FIPS Compliant = FIPS Enabled = FIPS Conforming = NOT an actual globoplc.com • FIPS Validated = FIPS Certified • FIPS Validated = Four Step Process VALIDATED product Empowering Mobility in Regulated Industries © 2014 23 Sorting Out the Confusion
globoplc.com Description of FIPS 140-2 Levels Empowering Mobility in Regulated Industries © 2014 24 FIPS 140-2 Level 1 The lowest level, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent FIPS 140-2 Level 3 Adds requirements for physical tamper-resistance and identity-based authentication, and for a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces FIPS 140-2 Level 2 Adds requirements for physical tamper-evidence and role-based authentication. FIPS 140-2 Level 4 Makes the physical security requirements more stringent, and requires robustness against environmental attacks. Level 4 is currently not being utilized in the market
CMVP - the National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standards (FIPS) 140-2 Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. The CMVP is a joint effort between NIST and the Communications Security Establishment Canada (CSEC). globoplc.com Empowering Mobility in Regulated Industries © 2014 25 Who Validates FIPS 140-2?
globoplc.com Empowering Mobility in Regulated Industries © 2014 26 The FIPS 140-2 Validation Process
globoplc.com Guidelines for Using FIPS 140-2 Logo Empowering Mobility in Regulated Industries © 2014 27 The phrase FIPS 140-2 Validated and the FIPS 140-2 Logo are ONLY intended for use in association with cryptographic modules validated by the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) as complying with FIPS 140-2, Security Requirements for Cryptographic Modules.
globoplc.com Empowering Mobility in Regulated Industries © 2014 28 FIPS 140-2 Validation Certificate
• Organizations are advised to refer to the FIPS 140-1 and FIPS 140-2 validation list. • A product or implementation does not meet the FIPS 140-2 applicability requirements by simply implementing an approved security function and acquiring algorithm validation certificates. globoplc.com http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm Empowering Mobility in Regulated Industries © 2014 29 How to Verify a FIPS 140-2 Validated Vendor
globoplc.com A Secure Workspace Should Include Empowering Mobility in Regulated Industries © 2014 30 • Data At Rest Encryption • Data in Motion Encryption • Mobile Content Management • Enterprise Instant Messaging • Secure Browser • Secure Camera • Secure Applications
End to End FIPS 140-2 Validation Encryption AES 256 bits globoplc.com AES 256 bits Empowering Mobility in Regulated Industries © 2014 31 SSL AES 256 bits + Internet AES 256 bits AES 256 bits Email ERP CRM Database
• Many organizations are requiring vendors to prove they are meeting management solution that provides validated FIPS 140-2 encryption providing end to end security globoplc.com • Data Loss Protection is a real issue and data breaches continue to escalate. their compliance requirements. • Understand the difference between validated and all other terms describing a vendors support of FIPS 140-2 certification. • Consider a secure mobile workspace for your enterprise mobile Empowering Mobility in Regulated Industries © 2014 32 Takeaways
globoplc.com Empowering Mobility In Regulated Industries © 2014 33 Paul DePond VP of Business Development & Analyst Relations – Globo pdepond@globoplc.com Ray Potter CEO – SafeLogic ray@safelogic.com Thank You

Recommended

Mobile First? Security First? It's a Tie and Here's Why!
Mobile First? Security First? It's a Tie and Here's Why!Mobile First? Security First? It's a Tie and Here's Why!
Mobile First? Security First? It's a Tie and Here's Why!
Globo Plc
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
Ulf Mattsson
 
eGRC for Information Export Control
eGRC for Information Export ControleGRC for Information Export Control
eGRC for Information Export Control
NextLabs, Inc.
 
Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Infosec Law (Feb 2006)
Infosec Law (Feb 2006)
Lance Michalson
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
IT Governance Ltd
 
US Electronic Security Market Outlook 2020
US Electronic Security Market Outlook 2020US Electronic Security Market Outlook 2020
US Electronic Security Market Outlook 2020
Neil Dave
 
India, Thermal Imaging Systems Opportunities
India, Thermal Imaging Systems OpportunitiesIndia, Thermal Imaging Systems Opportunities
India, Thermal Imaging Systems Opportunities
Neil Dave
 
NIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsNIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government Contractors
Unanet
 

Recommended

Mobile First? Security First? It's a Tie and Here's Why!
Mobile First? Security First? It's a Tie and Here's Why!Mobile First? Security First? It's a Tie and Here's Why!
Mobile First? Security First? It's a Tie and Here's Why!
Globo Plc
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
Ulf Mattsson
 
eGRC for Information Export Control
eGRC for Information Export ControleGRC for Information Export Control
eGRC for Information Export Control
NextLabs, Inc.
 
Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Infosec Law (Feb 2006)
Infosec Law (Feb 2006)
Lance Michalson
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
IT Governance Ltd
 
US Electronic Security Market Outlook 2020
US Electronic Security Market Outlook 2020US Electronic Security Market Outlook 2020
US Electronic Security Market Outlook 2020
Neil Dave
 
India, Thermal Imaging Systems Opportunities
India, Thermal Imaging Systems OpportunitiesIndia, Thermal Imaging Systems Opportunities
India, Thermal Imaging Systems Opportunities
Neil Dave
 
NIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsNIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government Contractors
Unanet
 
Smart grid
Smart gridSmart grid
Smart grid
Aparna “Ash” Himmatramka
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance Requirements
DoubleHorn
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
Peter Goldbrunner
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQL
Rajni Baliyan
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...
IT Governance Ltd
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
lgcdcpas
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Steve Hood
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)
Lance Michalson
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
lgcdcpas
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
TrustArc
 
Sms compliance white paper for mobile communications
Sms compliance white paper for mobile communicationsSms compliance white paper for mobile communications
Sms compliance white paper for mobile communications
TextGuard
 
Cyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarlandCyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarland
Highervista
 
Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016
Mohan C. de SILVA
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity Regulations
Jon Bosco
 
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
VMware Tanzu
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
Precisely
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
PECB
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
USA Information Security Compliance Market Overview
USA Information Security Compliance Market OverviewUSA Information Security Compliance Market Overview
USA Information Security Compliance Market Overview
Niraj Singhvi
 

More Related Content

What's hot

Smart grid
Smart gridSmart grid
Smart grid
Aparna “Ash” Himmatramka
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance Requirements
DoubleHorn
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
Peter Goldbrunner
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQL
Rajni Baliyan
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...
IT Governance Ltd
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
lgcdcpas
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Steve Hood
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)
Lance Michalson
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
lgcdcpas
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
TrustArc
 
Sms compliance white paper for mobile communications
Sms compliance white paper for mobile communicationsSms compliance white paper for mobile communications
Sms compliance white paper for mobile communications
TextGuard
 
Cyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarlandCyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarland
Highervista
 
Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016
Mohan C. de SILVA
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity Regulations
Jon Bosco
 
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
VMware Tanzu
 

What's hot (18)

Smart grid
Smart gridSmart grid
Smart grid
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance Requirements
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQL
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
 
Sms compliance white paper for mobile communications
Sms compliance white paper for mobile communicationsSms compliance white paper for mobile communications
Sms compliance white paper for mobile communications
 
Cyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarlandCyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarland
 
Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity Regulations
 
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
 

Similar to Empowering Secure Mobility in Regulated Industries

Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
Precisely
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
PECB
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
USA Information Security Compliance Market Overview
USA Information Security Compliance Market OverviewUSA Information Security Compliance Market Overview
USA Information Security Compliance Market Overview
Niraj Singhvi
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
Government Technology and Services Coalition
 
Is it time for an IT Assessment?
Is it time for an IT Assessment?Is it time for an IT Assessment?
Is it time for an IT Assessment?
Raffa Learning Community
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
Cyril Soeri
 
Compliance policies and procedures followed in data centers
Compliance policies and procedures followed in data centersCompliance policies and procedures followed in data centers
Compliance policies and procedures followed in data centers
Livin Jose
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
padler01
 
Global Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong AuthenticationGlobal Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong Authentication
FIDO Alliance
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
MuhammadArif823
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
Precisely
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
Financial Poise
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Raleigh ISSA
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO Alliance
 
2018-11-15 IT Assessment
2018-11-15 IT Assessment2018-11-15 IT Assessment
2018-11-15 IT Assessment
Raffa Learning Community
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
AdilsonSuende
 
Preparing for GDPR Compliance...
Preparing for GDPR Compliance...Preparing for GDPR Compliance...
Preparing for GDPR Compliance...
James Ward
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-security
skumartarget
 

Similar to Empowering Secure Mobility in Regulated Industries (20)

Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
USA Information Security Compliance Market Overview
USA Information Security Compliance Market OverviewUSA Information Security Compliance Market Overview
USA Information Security Compliance Market Overview
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
 
Is it time for an IT Assessment?
Is it time for an IT Assessment?Is it time for an IT Assessment?
Is it time for an IT Assessment?
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
 
Compliance policies and procedures followed in data centers
Compliance policies and procedures followed in data centersCompliance policies and procedures followed in data centers
Compliance policies and procedures followed in data centers
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
 
Global Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong AuthenticationGlobal Regulatory Landscape for Strong Authentication
Global Regulatory Landscape for Strong Authentication
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
 
2018-11-15 IT Assessment
2018-11-15 IT Assessment2018-11-15 IT Assessment
2018-11-15 IT Assessment
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Preparing for GDPR Compliance...
Preparing for GDPR Compliance...Preparing for GDPR Compliance...
Preparing for GDPR Compliance...
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-security
 

Recently uploaded

Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
Claudio Di Ciccio
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 

Recently uploaded (20)

Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 

Empowering Secure Mobility in Regulated Industries

  • 1. Empowering Secure Mobility In Regulated Industries
  • 2. globoplc.com Empowering Mobility In Regulated Industries © 2014 2 2 Background
  • 3. globoplc.com About Globo GLOBO is an international leader and technology innovator delivering Enterprise Mobility Management and Mobile Application Development solutions and services. Founded in 1997 Listed on AIM LSE:GBO Empowering Mobility in Regulated Industries © 2014 3 Subsidiaries & offices: USA | UK | UAE | Singapore | Greece | Cyprus | Romania 3 REVENUE GROWTH 2013: $98.6m 2012: $80.3m 2011: $45.9m 2.9m active users of consumer services 340k enterprise users 13m+ device licenses for consumer apps Deployments in 50+ countries Latest acquisitions:
  • 4. globoplc.com Globo Group Customers & Partners Customers Empowering Mobility in Regulated Industries © 2014 4 Partners
  • 5. Globo Recognized by Leading Analysts Magic Quadrant for EMM 2014 globoplc.com Empowering Mobility in Regulated Industries © 2014 5 GLOBO: only new vendor “ Unique among its peers… GLOBO is a good fit for organizations looking for a single product that provides MADP and EMM.”
  • 6. globoplc.com About SafeLogic Empowering Mobility in Regulated Industries © 2014 6 6 • Provider of FIPS 140-2 Encryption Technology • Securing mobile, server, appliance, wearable, IoT environments • Compliance Consulting • Founded 2012 and privately held • Headquartered in Palo Alto, CA
  • 7. globoplc.com Empowering Mobility in Regulated Industries © 2014 7 MobTilhitey CChhaalllleennggees 7
  • 8. globoplc.com Identity Theft Report 2014 Empowering Mobility in Regulated Industries © 2014 8 8 • 75+ million records have been compromised in approximately 568 breaches • A “record” includes Social Security Numbers, driver's license numbers, medical records, or payment card information • A 29.4 percent increase from 2013 with only 439 breaches reported • The breach count includes Home Depot’s incident, which affected at least 56 million records • Medical and healthcare organizations accounted for the majority of breaches, at 43.5 percent. • In 2013, businesses accounted for 84 percent of breaches. The dramatic switch in targets, or impacted industries, could be indicative of a lack of education or resources in the healthcare field. Source: Identity Theft Resource Center Oct 2014
  • 9. Security Requirements Are Increasing globoplc.com Empowering Mobility in Regulated Industries © 2014 Security Government Healthcare Financial Utilities 9
  • 10. globoplc.com Encryption is Now Mandated • Government – Federal Agencies and DOD • HealthCare  HIPAA - Health Insurance Portability and Accountability Act  HITECH - Health Information Technology for Economic and Clinical Health • Financial - SOX, GLB, FINRA, PCI DSS • Utilities - FERC, NERC Empowering Mobility in Regulated Industries © 2014 10
  • 11. • FISMA - Federal Information Security Management Act defines a framework for managing information security that must be followed for all information systems used or operated by a U.S. federal government agency in the executive or legislative branches, or by a contractor or other organization on behalf of a federal agency in those branches. This framework is further defined by the standards and guidelines developed by NIST. • NIST – National Institute of Standards and Testing is a non-regulatory federal agency within the U.S. Department of Commerce. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing FISMA requirements and to protect their information and information systems. • FIPS – Federal Information Processing Standards are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. Federal Information Processing Standards Publications (FIPS PUBS) are issued by NIST after approval by the Secretary of Commerce pursuant to the Federal Information Security Management Act (FISMA) of 2002 globoplc.com Definitions Empowering Mobility in Regulated Industries © 2014 11
  • 12. Cryptographic Modules, specifies the security requirements that are to be satisfied by the cryptographic module utilized within a security system protecting sensitive information within computer and telecommunications systems (including voice systems • FIPS 199, is a Federal Information Processing Standard for Security Categorization of Federal Information and Information Systems, approved by the Secretary of Commerce in February 2004, is the first of two mandatory security standards required by the FISMA legislation. FIPS 199 requires Federal agencies to assess their information systems in each of the categories of confidentiality, integrity and availability, rating each system as low, moderate or high impact in each category. The most severe rating from any category becomes the information system's overall security categorization. globoplc.com Definitions • FIPS 140-2, is a Federal Information Processing Standard for Security Requirements for Empowering Mobility in Regulated Industries © 2014 12
  • 13. • FIPS 200 - Minimum Security Requirements for Federal Information and Information Systems the second of the mandatory security standards, specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements. • NIST SP 800-53 covers the steps in the Risk Management Framework that address security control selection for federal information systems in accordance with the security requirements in FIPS 200. This includes selecting an initial set of baseline security controls based on a FIPS 199 worst-case impact analysis, tailoring the baseline security controls, and supplementing the security controls based on an organizational assessment of risk. The security rules cover 17 areas including access control, incident response, business continuity, and disaster recoverability. globoplc.com Empowering Mobility in Regulated Industries © 2014 13 Definitions
  • 14. • With the passage of the Federal Information Security Management Act of 2002, there is no longer a statutory provision to allow for agencies to waive mandatory Federal Information Processing Standards (FIPS). • FISMA mandates the categorization and security requirements of FIPS 199, globoplc.com FIPS 200 and NIST SP 800-53 for all federal information systems. Empowering Mobility in Regulated Industries © 2014 14 Changes in Federal Government
  • 15. • FIPS 140-2 precludes the use of unvalidated cryptography for the cryptographic information or data - in effect the data would be considered unprotected plaintext. • If the agency specifies that the information or data be cryptographically protected, then FIPS 140-2 is applicable. In essence, if cryptography is required, then it must be validated. globoplc.com protection of sensitive or valuable data within Federal systems. • Unvalidated cryptography is viewed by NIST as providing no protection to the Empowering Mobility in Regulated Industries © 2014 15 Unvalidated Cryptographic Modules
  • 16. • The U.S. Department of the Health and Human Services (HHS) issued guidance wherein "unsecure protected health information (PHI)" is essentially any PHI that is not encrypted or destroyed. • The introduction of HITECH's breach notification initiative, which requires HIPAA - covered entities to send notification letters if there is a breach of unsecured PHI. globoplc.com Empowering Mobility in Regulated Industries © 2014 16 Department of Health and Human Services
  • 17. • HIPAA-covered entities can expect safe harbor if, and only if, they adhere to • The fact that a company's data is encrypted is meaningless without taking into • Organizations that properly adhere to HIPAA standards understand the impact • By proactively leveraging the proper encryption technologies, companies of all sizes can avoid these breach notifications while ensuring the security of their sensitive data. globoplc.com specified strict standards and guidelines. account the NIST requirements. of breach notifications. Empowering Mobility in Regulated Industries © 2014 17 HIPAA Safe Harbor
  • 18. globoplc.com Data Loss Prevention Empowering Mobility in Regulated Industries © 2014 18 • Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside of the corporate network.  Data in-use  Data in-motion  Data at-rest • Sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry
  • 19. globoplc.com Optional Encryption Empowering Mobility in Regulated Industries © 2014 Basic Encryption Strong Encryption 19 Compliance Demands More Data Protection
  • 20. Information Processing Standards (FIPS) 140–2. While there are many technical requirements involved, only a few vendors offer products that are FIPS 140-2 validated. • Organizations must look for a solution that is FIPS140-2 validated, not FIPS140-2 compliant. The former means that NIST evaluated, and validated, the encryption. globoplc.com • Valid encryption processes must comply with the requirements of Federal Empowering Mobility in Regulated Industries © 2014 20 Encryption of Data in Motion
  • 21. Devices "Federal agencies must use FIPS-approved algorithms contained in validated cryptographic modules. Whenever possible, AES (Advanced Encryption Standard) should be used for the encryption algorithm because of its strength and speed.“ • NIST SP 800-57, "Recommendation for Key Management," and notes that it "provides detailed information on key management planning, algorithm selection and appropriate key sizes, cryptographic policy and cryptographic module selection." globoplc.com • NIST SP 800–111, Guide to Storage Encryption Technologies for End User Empowering Mobility in Regulated Industries © 2014 21 Encryption of Data at Rest
  • 22. globoplc.com Empowering Mobility in Regulated Industries © 2014 22 FIPS 140-2 Confusion o We are FIPS certified o We are FIPS compliant o We are FIPS Conforming o We are FIPS validated
  • 23. • FIPS Compliant = using FIPS validated modules within the product which itself has not been validated therefore the overall product is not FIPS validated. • FIPS Compliant = FIPS Enabled = FIPS Conforming = NOT an actual globoplc.com • FIPS Validated = FIPS Certified • FIPS Validated = Four Step Process VALIDATED product Empowering Mobility in Regulated Industries © 2014 23 Sorting Out the Confusion
  • 24. globoplc.com Description of FIPS 140-2 Levels Empowering Mobility in Regulated Industries © 2014 24 FIPS 140-2 Level 1 The lowest level, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent FIPS 140-2 Level 3 Adds requirements for physical tamper-resistance and identity-based authentication, and for a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces FIPS 140-2 Level 2 Adds requirements for physical tamper-evidence and role-based authentication. FIPS 140-2 Level 4 Makes the physical security requirements more stringent, and requires robustness against environmental attacks. Level 4 is currently not being utilized in the market
  • 25. CMVP - the National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standards (FIPS) 140-2 Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. The CMVP is a joint effort between NIST and the Communications Security Establishment Canada (CSEC). globoplc.com Empowering Mobility in Regulated Industries © 2014 25 Who Validates FIPS 140-2?
  • 26. globoplc.com Empowering Mobility in Regulated Industries © 2014 26 The FIPS 140-2 Validation Process
  • 27. globoplc.com Guidelines for Using FIPS 140-2 Logo Empowering Mobility in Regulated Industries © 2014 27 The phrase FIPS 140-2 Validated and the FIPS 140-2 Logo are ONLY intended for use in association with cryptographic modules validated by the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) as complying with FIPS 140-2, Security Requirements for Cryptographic Modules.
  • 28. globoplc.com Empowering Mobility in Regulated Industries © 2014 28 FIPS 140-2 Validation Certificate
  • 29. • Organizations are advised to refer to the FIPS 140-1 and FIPS 140-2 validation list. • A product or implementation does not meet the FIPS 140-2 applicability requirements by simply implementing an approved security function and acquiring algorithm validation certificates. globoplc.com http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm Empowering Mobility in Regulated Industries © 2014 29 How to Verify a FIPS 140-2 Validated Vendor
  • 30. globoplc.com A Secure Workspace Should Include Empowering Mobility in Regulated Industries © 2014 30 • Data At Rest Encryption • Data in Motion Encryption • Mobile Content Management • Enterprise Instant Messaging • Secure Browser • Secure Camera • Secure Applications
  • 31. End to End FIPS 140-2 Validation Encryption AES 256 bits globoplc.com AES 256 bits Empowering Mobility in Regulated Industries © 2014 31 SSL AES 256 bits + Internet AES 256 bits AES 256 bits Email ERP CRM Database
  • 32. • Many organizations are requiring vendors to prove they are meeting management solution that provides validated FIPS 140-2 encryption providing end to end security globoplc.com • Data Loss Protection is a real issue and data breaches continue to escalate. their compliance requirements. • Understand the difference between validated and all other terms describing a vendors support of FIPS 140-2 certification. • Consider a secure mobile workspace for your enterprise mobile Empowering Mobility in Regulated Industries © 2014 32 Takeaways
  • 33. globoplc.com Empowering Mobility In Regulated Industries © 2014 33 Paul DePond VP of Business Development & Analyst Relations – Globo pdepond@globoplc.com Ray Potter CEO – SafeLogic ray@safelogic.com Thank You