SlideShare a Scribd company logo
IBM Innovate 2012
Mobile Application Security Foundation &
Directions

Raj Balasubramanian                        Dirk Nicol
Product Architect, IBM Mobile Foundation   Product Manager, IBM Mobile Foundation
raj_balasubramanian@us.ibm.com             nicold@us.ibm.com
IPI2478
The Premier Event for Software and Systems Innovation



    Please note

    IBM’s statements regarding its plans, directions, and intent are subject to change or
    withdrawal without notice at IBM’s sole discretion.
    Information regarding potential future products is intended to outline our general product
    direction and it should not be relied on in making a purchasing decision.
    The information mentioned regarding potential future products is not a commitment, promise,
    or legal obligation to deliver any material, code or functionality. Information about potential
    future products may not be incorporated into any contract. The development, release, and
    timing of any future features or functionality described for our products remains at our sole
    discretion.

    Performance is based on measurements and projections using standard IBM benchmarks
    in a controlled environment. The actual throughput or performance that any user will
    experience will vary depending upon many factors, including considerations such as the
    amount of multiprogramming in the user’s job stream, the I/O configuration, the storage
    configuration, and the workload processed. Therefore, no assurance can be given that an
    individual user will achieve results similar to those stated here.




2
                                                                                             © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation




    Mobile is transformational

        10 Billion                                            devices
                                                              by 2020



        61%                   of CIOs put
                            mobile as priority



        45%                    increased productivity
                                  with mobile apps




3
                                                                        © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



    IBM strategy addresses client mobile initiatives


      Extend & Transform                                                    Build & Connect
      Extend existing business                                               Build mobile applications
    capabilities to mobile devices                                             Connect to, and run
     Transform the business by                                              backend systems in support
     creating new opportunities                                                     of mobile




                Manage & Secure
                 Manage mobile devices, services
                       and applications
                   Secure my mobile business


4
                                                                                                © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



    A deeper look at Manage & Secure capabilities


     Extend & Transform                                                              Build & Connect




            Manage & Secure
            Manage mobile devices, services                                        Key Capabilities
                  and applications                                             • Mobile lifecycle management
              Secure my mobile business                                         • Device analytics and control
                                                                      • Secure network communications & management

5
                                                                                                           © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



         Mobile Devices: Unique Management & Security Challenges


          Mobile                Mobile devices                          Mobile                 Mobile                 Mobile
        devices are             have multiple                         devices are           devices are               devices
        shared more               personas                              diverse            used in more            prioritize the
                                                                               .
           often                                                                             locations                 user

     Personal phones        Work tool                           OS immaturity for    A single location      Conflicts with user
      and tablets            Entertainment
                                                                   enterprise mgmt       could offer public,     experience not
      shared with family      device                              BYOD dictates
                                                                                         private, and cell       tolerated
     Enterprise tablet                                            multiple OSs          connections            OS architecture
                             Personal

      shared with co-         organization                        Vendor / carrier
                                                                                        Anywhere,               puts the user in
      workers                                                      control dictates      anytime                 control
                             Security profile

     Social norms of                                              multiple OS          Increasing             Difficult to enforce
                              per persona?
      mobile apps vs.                                              versions              reliance on             policy, app lists
      file systems                                                                       enterprise WiFi




6
                                                                                                                            © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



    Mobile Risks
                                                      Top 10 Mobile Risks
                                    1. Insecure Data Storage

                                    2. Weak Server Side Controls

                                    3. Insufficient Transport Layer Protection

                                    4. Client Side Injection

                                    5. Poor Authorization and Authentication

                                    6. Improper Session Handling

                                    7. Security Decisions Via Untrusted Inputs

                                    8. Side Channel Data Leakage

                                    9. Broken Cryptography

                                    10. Sensitive Information Disclosure


7                                                       Source: OWASP Mobile Security Project
                                                                                                © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



    Challenges of Enterprise Mobility
                                                                                      Data separation: personal vs corporate
                Achieving Data Separation &                                         Data leakage into and out of the enterprise
                                                                              Partial wipe vs. device wipe vs legally defensible wipe
                 Providing Data Protection                                                         Data policies



                                                                                      Multiple device platforms and variants
                                                                                                Multiple providers
                  Adapting to the BYOD/                                                      Managed devices (B2E)
                                                                                      Unmanaged devices (B2B,B2E, B2C)
                Consumerization of IT Trend                                                     Endpoint policies
                                                                                                Threat protection



                                                                                            Identity of user and devices
                  Providing secure access to                                        Authentication, Authorization and Federation
                                                                                                    User policies
                  enterprise applications &                                                     Secure Connectivity
                             data

                                                                                               Application life-cycle
                        Developing Secure                                                Vulnerability & Penetration testing
                                                                                             Application Management
                          Applications                                                          Application policies




                  Designing & Instituting an                             Policy Management: Location, Geo, Roles, Response, Time policies
                                                                                              Security Intelligence
                  Adaptive Security Posture                                                         Reporting

8
                                                                                                                                            © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



    So How do I Protect My Mobile Initiatives?

    Begin by taking a holistic view of Mobile Security


                                  WiFi                                               Mobile
                                                                                      apps
                                                                                                 Develop, test and
                                                                                                   deliver safe
                                                                                                   applications
                                                                                      Web
                                                                                      sites
                                                            Internet


                                Telecom
                                Provider


      Secure
                                                                          Security            Corporate
     endpoint                                                             Gateway             Intranet &
    device and                                                                                 Systems
       data                      Achieve Visibility and Enable
                                  Adaptive Security Posture
                                                                            Secure access to enterprise
                                                                              applications and data
9
                                                                                                           © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     Spectrum of Mobile Security Requirements
       Mobile devices are not only computing platforms but also communication devices, hence
            mobile security is multi-faceted, driven by customers’ operational priorities
                                                      Mobile Security Intelligence

        Mobile Device                               Data, Network & Access Security                                                 App/Test
        Management                                                                                                                 Development
Mobile Device      Mobile Device           Mobile Threat              Mobile               Mobile Network      Mobile Identity&    Secure Mobile
Management         Security                Management                 Information          Protection          Access Management   Application
                   Management                                         Protection                                                   Development
 Acquire/Deploy                                                                                                Identity
  Register         Device wipe &            Anti-malware            Data encryption     Secure              Management
                     lockdown                                                                                   Authorize &        Vulnerability
  Activation                                 Anti-spyware             (device,file &       Communications
                    Password                 Anti-spam                app)                 (VPN)               Authenticate        testing
  Content Mgmt
                     Management               Firewall/IPS            Mobile data loss    Edge Protection    Certificate        Mobile app
 Manage/Monitor
                    Configuration            Web filtering            prevention                               Management          testing
  Self Service
                     Policy                   Web Reputation                                                   Multi-factor       Enforced by tools
  Reporting        Compliance                                                                                                     Enterprise
 Retire
                                                                                                                                     policies
  De-provision

                                                            Mobile Applications
                                                            i.e. Native, Hybrid, Web Application


                                               Mobile Application Platforms & Containers

                                                                     Device Platforms
                                                    30 device Manufacturers, 10 operating platforms
                                                       i.e. iOS, Android, Windows Mobile, Symbian, etc


10
                                                                                                                                         © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     Mobile App Security: Defending the Software


      Consistently apply and
       enforce best practices
        during Development                                                    Provide or employ a
                                                                                secure channel for
       Perform vulnerability                                                    delivering apps
           analysis during
              Testing




                                                                                Employ a secure runtime
                                                                                 environment to safeguard
                                                                                        app data
         As threats evolve recognize
        required updates and establish a                                        Perform checks to validate
        process for pushing them to users                                           the integrity of apps




11
                                                                                                     © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     Mobile Security Enabled with IBM Solutions
                                                                                                   IBM QRadar
                            Achieve Visibility & Enable                                  System-wide Mobile Security Awareness
                            Adaptive Security Posture                                             • Risk Assessment
                                                                                                  • Threat Detection


                                                                                                               Build & Run Safe Mobile Apps
Secure Data & the Device                                    Protect Access to Enterprise
                                                                                                                       IBM WorkLight
                                                                    Apps & Data                                       Develop safe mobile apps
        IBM WorkLight                                                                                                   •   Direct Updates
     Runtime for safe mobile apps                                 IBM Security Access
      •    Encrypted data cache                                   Manager for Mobile                             IBM AppScan for Mobile
         •    App validation                                  Authenticate & Authorize users and                       Vulnerability testing
                                                                            devices                             • Dynamic & Static analysis of Hybrid
      IBM Endpoint                                             •   Standards Support: OAuth,                           and Mobile web apps
                                                                         SAML, OpenID
     Manager for Mobile                                         •   Single Sign-On & Identity
     Configure, Provision, Monitor
                                                                             Mediation
                                                                                                                       IBM DataPower
      • Set appropriate security                                                                                     Protect enterprise applications
                 policies                                                                                            •    XML security & message
      • Enable endpoint access                                   IBM Mobile Connect                                              protection
        • Ensure compliance                                             Secure Connectivity                        •    Protocol Transformation &
                                                                         • App level VPN                                         Mediation




                                     Internet
12
                                                                                                                                            © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation


       The Difference Between Secure Apps and Device Management


                       Mobile Device                                                Application-Level
                       Management                                                       Security


           Device-level control:                                          App takes care of itself:

            • Password protection                                               • Authentication
           • File-system encryption                                             • File encryption
              • Managed apps                                                • Remote administration
            • Jailbreak detection                                           • Adaptive functionality


     Requires consent of user to have                                    Applicable in all scenarios,
     enterprise manage entire device                                   including BYOD and consumer-
                                                                               facing contexts

13
                                                                                                        © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation


                             Worklight Runtime Architecture




                        Worklight Server                                  Device Runtime




                                                                                                   Application Code
       Server-side
                                                       Client-side
     Application Code
                                                     App Resources
                                 Stats Aggregation




                                                                     Cross Platform Technology
     JSON Translation                                Direct Update

                                                       Mobile
      Authentication                                  Web Apps       Security and Authentication
                                                                     Back-end Data Integration
                                                                      Post-deployment control
                                                     Unified Push
      Adapter Library                                                        Diagnostics
                                                     Notifications




14
                                                                                                                      © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     Mobile Application Security Objectives


                            Protect data on                                Enforce security
                            the device                                     updates
                            •   Malware, Jailbreaking                      • Be proactive: can’t rely
                            •   Offline access                               on users getting the
                            •   Device theft                                 latest software update
                                                                             on their own
                            •   Phishing, repackaging




          Streamline                                      Provide robust                        Protect from the
          Corporate                                       authentication                        “classic” threats
          security approval                               and authorization                     to the application
          processes                                       • Existing authentication             security
          • Complex                                         infrastructure                      • Hacking
          • Time-consuming                                • Passwords are more                  • Eavesdropping
                                                            vulnerable                          • Man-in-the-middle




15
                                                                                                                      © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     IBM WorkLight: Security By Design

                                         Protecting data on the                                                Enforcing security
                                          device and in transit                                                    updates




                                                                                    App        Jailbreak and
         Encrypted           Offline                   Secure                                                   Remote
                                                                                authenticity     malware                      Direct update
        offline cache     authentication             connectivity                                               disable
                                                                                  testing        detection


                                                                                                                SSL with
           Mobile         Authentication              Coupling                     Data            Proven
                                                                                                                  server         Code
        platform as a      integration              device id with              protection        platform
                                                                                                                 identity     obfuscation
         trust factor      framework                   user id                    realms          security
                                                                                                               verification




            Streamlining                                     Providing robust
                                                                                                                     Application
          Corporate security                                authentication and
                                                                                                                      Security
              processes                                       authorization




16
                                                                                                                                 © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     IBM WorkLight: Security By Design

                                          Protecting data on the                                                    Enforcing security
                                           device and in transit                                                        updates




                                                                                     App        Jailbreak and
          Encrypted           Offline                   Secure                                                        Remote
                                                                                 authenticity     malware                             Direct update
         offline cache     authentication             connectivity                                                    disable
                                                                                   testing        detection


                                                                                                                     SSL with
            Mobile         Authentication              Coupling                     Data            Proven
                                                                                                                       server             Code
         platform as a      integration              device id with              protection        platform
                                                                                                                      identity         obfuscation
          trust factor      framework                   user id                    realms          security
                                                                                                                    verification




             Streamlining                                     Providing robust
                                                                                                                          Application
           Corporate security                                authentication and
                                                                                                                           Security
               processes                                       authorization

      Integration point with VPN solutions (i.e. IBM Mobile Connect)                                  Integration point with User Security solutions
                                                                                                          (i.e. IBM Security Access Manager for
      Integration point with MDM solutions (i.e. IBM Endpoint Manager for Mobile)                                         Mobile)


17
                                                                                                                                         © 2012 IBM Corporation
Protecting data on the device
                    The Premier Event for Software and Systems Innovation




                                                                                           Malware, Jailbreaking
                      Protecting data                                                           Device theft
                       on the device                                                           Offline access
                                                                                           Phishing, repackaging


                                                        Secure
        Encrypted                                                               App         Compatibility
                              Offline                 challenge-
         offline                                                            authenticity    with jailbreak
                          authentication             response on
          cache                                                               testing       detection libs
                                                        startup


                               Encrypted offline cache
                       Offline authentication using password
      Extended authentication with server using secure challenge response
      App authenticity testing: server-side verification mechanism to mitigate
              risk of Phishing through repackaging or app forgery
       Compatibility with various jailbreak and malware detection libraries



18
                                                                                                                   © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     Enforcing security updates

       Can’t rely on users                              Remote Disable: shut down
        getting the latest
       software update on                                  specific versions of a
            their own                                   downloadable app, providing
                                                          users with link to update

            Enforcing
             security
             updates
                                                         Direct Update: automatically
                                                          send new versions of the
          Remote         Direct                            locally-cached HTML/JS
          disable        update
                                                         resources to installed apps



19
                                                                                        © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



                                        Authentication and Authorization

      Authentication        Data
                                                 Device
       integration
       framework
                         protection
                           realms
                                              Provisioning                      Very flexible framework for simplifying
                                                                                   integration of apps with existing
                                                                                     authentication infrastructure
                   Providing robust
                  authentication and                                            Manages authenticated sessions with
                    authorization
                                                                                        configurable expiration
                                                                                      Open: e.g., custom OTP as
                                                                                      anti-keylogger mechanism
     Need to integrate with existing                                              Server-side services grouped into
      authentication infrastructure                                            separate protection realms for different
                                                                                         authentication levels
     Authenticate users when offline                                            Secure device ID generated as part of
                                                                                   extensible provisioning process
      Mobile passwords are more
      vulnerable (keyboard more
      difficult to use, typed text is
                   visible)
20
                                                                                                                  © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation

     Session Authentication Management
     Step 1 – Unauthenticated Session



               1. Call protected Procedure
                                                               Worklight Server
                                                             Access denied because
                                                           session is unauthenticated or
                                                                      expired
               2. Request Authentication




                                                                     Session:

                                        • Created on first access from client
                                          • Identified using session cookie
                                      • Associated data is stored on the server




21
                                                                                           © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation

     Session Authentication Management
     Step 2 – Authentication



               1. Obtain credentials from
                     user and device
                                                               Worklight Server

                 2. Forward credentials                     Process authentication data




                                                                                     3. If necessary:
                                                                           • Consult with authentication servers
                                                                              • Perform device provisioning
                                                                             • Receive authentication token
                                                                             • Associate token with session

22
                                                                                                                   © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation

     Session Authentication Management
     Step 3 – Authenticated Session



                 1. Procedure call on                           Worklight Server
                 authenticated session
                                                               Authenticated token
                                                             associated with session
                 3. Procedure result

                                                           Session ID         Auth
                                                                           Tokens/State

                                                       2bd4296a3f29      Realm 1:
                                                                         25487
                                                                         Realm 2: ------   2. Access back-end service
                                                                         --
                                                                                                using authentication
                                                       25617ff82a90      Realm 1: ------
                                                                         ---
                                                                                                       token
                                                                         Realm 2:
                                                                         a6c9a
                                                       89a77921b02       Realm 1:
                                                                         7b8df
                                                                         Realm 2:
                                                                         6a8a0



23
                                                                                                               © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



      Worklight Studio simplifies the reuse of custom
            containers across the organization




        One team creates a custom
     container (“Shell Component”) for
       extensive security certification


           Other teams create
        HTML-only “inner apps”
        wrapped in that container

24
                                                                         © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     Mobile Security Enabled with IBM Solutions
IBM brings together a broad portfolio of technologies and services to meet the
        mobile security needs of customers across multiple industries


                                                                 •Application security
                                                                       •Worklight
                                                                       •IBM Rational AppScan

                                                                 •Mobile device management
                                                                       •IBM Endpoint Manager for Mobile devices
                                                                       •IBM Hosted Mobile Device Security
                                                                       Management

                                                                 •Secure enterprise access
                                                                       •IBM Security Access Manager

                                                                 •Security Intelligence
                                                                     •IBM QRadar




25
                                                                                                            © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     Deployment for SSO and Security Intelligence


                                                                                        Security Intelligence Platform

      Hybrid Mobile Apps                                                                                                          IBM Endpoint
      Based on WorkLight                                                                                                            Manager
                                                       Risk Based Access

            Hybrid App.               SSL                                         SSO    WorkLight Server                   Enterprise
           Hybrid App.                                Mobile Security
                                                                                                                           Applications,
                                                        Gateway                           (WAS w/ security)
      Worklight Runtime                                                                                                  Connectivity & Data

        Mobile Device




                             Security intelligence with mobile context
        Intelligence around malware and advanced threats in mobile enabled enterprise
            User identity and device identity correlation, leading to behavior analysis
        Geo-fencing, anomaly detection based on device, user, location, and application
                                            characteristics

26
                                                                                                                                      © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     IBM AppScan: Bringing Vulnerability Scanning to Mobile




         Detection of Vulnerabilities before Apps are Delivered and Deployed
              Known vulnerabilities can be addressed in software development and testing
                 Code vulnerable to known threat models can be identified in testing
                                 Security designed in vs. bolted on
             Leverage AppScan for vulnerability testing of mobile web apps and web elements (JavaScript,
                                            HTML5) of hybrid mobile apps
27
                                                                                                     © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     IBM Security Access Manager: Authentication & Authorization of Mobile
     Users and their Devices


                                                                                    Authorization          Access Manager
                                                                                                            Servers (e.g.,
                                                                       IBM Access                              Policy)
                                                                         Manager
                                                                                                                                  User registries
                                                                                                                                   (i.e. LDAP)

                                                                                                                                      Federated
                                                                                                      External                         Identity
                                                                                                    Authentication                    Manager
                                                                           Authentication             Provider
                             VPN or                                   (i.e. userid/password,
                             HTTPS                                           Basic Auth,
                                                                            Certificate or
                                                                              Custom)

                         IBM Security Access Manager for Mobile can be                                    Application Servers
                             used to satisfy complex authentication                                 (i.e. WebSphere, WorkLight)
                           requirements. A feature called the External
                          Authentication Interface (EAI) is designed to
                              provide flexibility in authentication.
      Mobile Browser                                                                                                                   Enterprise
                                                                                                                         Web
        or Native                                                                                   Web Services      Applications
       Applications
                        Federated Identity Manager can be incorporated into
                       the solution to provide federated identity management
28
                                                                                                                                         © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     IBM Endpoint Manager for Mobile: Extending Management Reach to Mobile
     Devices


                                   Common                                               Advanced management for iOS,
                               management agent                                         Android, Symbian, and Windows
                                 and console                                                        Phone
         Systems                                                Security
        management                                             management              Unified management automatically
                                    Near-instant
                                                                                         enables VPN access based on
                                   deployment of
                                                                                               security compliance
                                    new features
                                                                                         Integration with back-end IT
                                                                                        management systems such as
                                                                                        service desk, CMDB, and SIEM
                       IBM Endpoint Manager
                                                                                         Security threat detection and
                                                                                            automated remediation

                                                                                        Extends IBM’s existing 500,000
                                                                                             endpoint deployment




       Desktop / laptop /                 Mobile                    Purpose-specific
        server endpoint                  endpoint                      endpoint

29
                                                                                                                     © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     IBM Qradar: Delivering Mobile Security Intelligence
      Delivers Mobile Security Intelligence by monitoring data collected from other mobile
                  security solutions – visibility, reporting and threat detection

      Unified collection, aggregation and analysis                            Ingest log data and events from:
                     architecture for:                                             Endpoint Manager for Mobile Devices
                        o Application logs                                            Access Manager for Mobile
                         o Security events                                                Mobile Connect
                       o Vulnerability data                                                  WorkLight
            o    Identity and Access Management data
                       o Configuration files
                    o Network flow telemetry
                  A common platform for
                             o Searching
                             o Filtering
                            o Rule writing
                      o     Reporting functions
                 A single user interface for
                        oLog management
                       o Risk modeling
                   o Vulnerability prioritization
                      o Incident detection
                     o Impact analysis tasks


30
                                                                                                                  © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     Copyright and Trademarks

         © IBM Corporation 2012. All Rights Reserved.

         IBM, the IBM logo, ibm.com are trademarks or registered trademarks of
         International Business Machines Corp., registered in many jurisdictions
       worldwide. Other product and service names might be trademarks of IBM or
       other companies. A current list of IBM trademarks is available on the Web at
                        “Copyright and trademark information” at
                           www.ibm.com/legal/copytrade.shtml.




31
                                                                                      © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     IBM Global Technology Services offers a broad set of complementary mobile
     capabilities

          Client Initiatives
                      Build mobile                                             Manage mobile                    Extend existing
                      applications                                              devices and                   business capabilities
                   Connect to, and run                                          applications                   to mobile devices
                   backend systems in                                         Secure my mobile                  Transform the
                    support of mobile                                             business                    business by creating
                                                                                                               new opportunities


              Services
      • Mobile application development                         • Telecom Expense                    • Unified Communications
        • Mobile Application Platform                               Management                                Services
                 Management                                      • Mobile Security                • Mobile Application Platform
          • Network (e.g. wi-fi, VPN)                    • Mobile Device Management                         Management
                                                         • End-user and administration             • Strategy & Transformation
                                                                      support                          • Mobile Application
                                                           • Procurement, staging and                       Management
                                                                       kitting                   • Messaging, collaboration and
                                                                                                               social



32
                                                                                                                         © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation




                        www.ibm.com/software/rational




33
                                                             © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     Daily iPod Touch giveaway

      Complete your session surveys online each day at a conference kiosk or on your
       Innovate 2012 Portal!


      Each day that you complete all of that day’s session surveys, your name will be entered
       to win the daily IPOD touch!


      On Wednesday be sure to complete your full conference evaluation to receive your
       free conference t-shirt!




34
                                                                                            © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation



     Acknowledgements and disclaimers

     Availability: References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries
     in which IBM operates.


     The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for
     informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant.
     While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without
     warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this
     presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or
     representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of
     IBM software.


     All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have
     achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to,
     nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.


     © Copyright IBM Corporation 2012. All rights reserved.
       – U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

     IBM, the IBM logo, ibm.com, Rational, the Rational logo, Telelogic, the Telelogic logo, Green Hat, the Green Hat logo, and other IBM products and
     services are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these
     and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate
     U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or
     common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at
     www.ibm.com/legal/copytrade.shtml
     If you have mentioned trademarks that are not from IBM, please update and add the following lines:
     [Insert any special third-party trademark names/attributions here]
     Other company, product, or service names may be trademarks or service marks of others.




35
                                                                                                                                                         © 2012 IBM Corporation
The Premier Event for Software and Systems Innovation




                                                          www.ibm.com/software/rational

© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind,
express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have
the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM
software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities
referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature
availability in any way. IBM, the IBM logo, Rational, the Rational logo, Telelogic, the Telelogic logo, and other IBM products and services are trademarks of the International Business Machines
Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.


 36
                                                                                                                                                                                     © 2012 IBM Corporation

More Related Content

What's hot

Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
Nemwos
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
Yogesh Ojha
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
NowSecure
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
Quick Heal Technologies Ltd.
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Android ppt
Android ppt Android ppt
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
Marakana Inc.
 
Pwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakPwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreak
Abraham Aranguren
 
Network security
Network securityNetwork security
Network security
Gichelle Amon
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
Pragati Rai
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
WhatsApp security
WhatsApp securityWhatsApp security
WhatsApp security
Javi Hurtado
 
Introduction to Android ppt
Introduction to Android pptIntroduction to Android ppt
Introduction to Android ppt
Taha Malampatti
 
Mobile security
Mobile securityMobile security
Mobile security
Mphasis
 
Mobile security
Mobile securityMobile security
Mobile security
CyberoamAcademy
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
Prakashchand Suthar
 
Mobile security
Mobile security Mobile security
Mobile security
Himmatsingh Rajpurohit
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
cclark_isec
 
Mobile device security
Mobile device securityMobile device security
Mobile device security
Lisa Herrera
 

What's hot (20)

Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
Android ppt
Android ppt Android ppt
Android ppt
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
 
Pwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakPwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreak
 
Network security
Network securityNetwork security
Network security
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
WhatsApp security
WhatsApp securityWhatsApp security
WhatsApp security
 
Introduction to Android ppt
Introduction to Android pptIntroduction to Android ppt
Introduction to Android ppt
 
Mobile security
Mobile securityMobile security
Mobile security
 
Mobile security
Mobile securityMobile security
Mobile security
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
 
Mobile security
Mobile security Mobile security
Mobile security
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Mobile device security
Mobile device securityMobile device security
Mobile device security
 

Viewers also liked

Security and Mobile Application Management with Worklight
Security and Mobile Application Management with WorklightSecurity and Mobile Application Management with Worklight
Security and Mobile Application Management with Worklight
IBM WebSphereIndia
 
14 Steps to Event Connect
14 Steps to Event Connect14 Steps to Event Connect
14 Steps to Event Connect
IBM Social Business
 
Event Management Software | Mobile Apps for Events | Conference Manage Softwa...
Event Management Software | Mobile Apps for Events | Conference Manage Softwa...Event Management Software | Mobile Apps for Events | Conference Manage Softwa...
Event Management Software | Mobile Apps for Events | Conference Manage Softwa...
EventRoller
 
Tips for a successful aplication to the H2020-programme
Tips for a successful aplication to the H2020-programmeTips for a successful aplication to the H2020-programme
Tips for a successful aplication to the H2020-programme
Screenbrusselscluster
 
Driving Innovation for Application Management with WSO2 App Factory
Driving Innovation for Application Management with WSO2 App Factory Driving Innovation for Application Management with WSO2 App Factory
Driving Innovation for Application Management with WSO2 App Factory
WSO2
 
Build your own aplication
Build your own aplicationBuild your own aplication
Build your own aplication
deddyrusika
 
Telkom 2
Telkom 2Telkom 2
Telkom 2
Sylvi Ellyusman
 
15215180 pss7-ans
15215180 pss7-ans15215180 pss7-ans
15215180 pss7-ans
ellaahui
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
Prateek Jain
 
Surveillance Camera
Surveillance CameraSurveillance Camera
Surveillance Camera
Ariful Tanveer
 
Video Surveillance
Video SurveillanceVideo Surveillance
Video Surveillance
Mihika Shah
 
Manfaat dan pengaruh gadget
Manfaat dan pengaruh gadgetManfaat dan pengaruh gadget
Manfaat dan pengaruh gadget
sanrumi221098
 
GI Net 13 - Journey of Telkom CorpU | Telkom Indonesia
GI Net 13 - Journey of Telkom CorpU | Telkom IndonesiaGI Net 13 - Journey of Telkom CorpU | Telkom Indonesia
GI Net 13 - Journey of Telkom CorpU | Telkom Indonesia
Hora Tjitra
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Idexcel Technologies
 
Presentasi telkom way LEADERSHIP ARCHITECTURE AND CORPORATE CULTURE TELKOM GROUP
Presentasi telkom way LEADERSHIP ARCHITECTURE AND CORPORATE CULTURE TELKOM GROUPPresentasi telkom way LEADERSHIP ARCHITECTURE AND CORPORATE CULTURE TELKOM GROUP
Presentasi telkom way LEADERSHIP ARCHITECTURE AND CORPORATE CULTURE TELKOM GROUP
aliyudhi_h
 
Telkomsel presentation marketing insight
Telkomsel presentation marketing insightTelkomsel presentation marketing insight
Telkomsel presentation marketing insight
Arif Ghozali
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
Ishan Girdhar
 
Ip camera security system presentation
Ip camera security system presentationIp camera security system presentation
Ip camera security system presentation
ezlink5
 
Gsm based home security system
Gsm based home security systemGsm based home security system
Gsm based home security system
Narayan Gour
 

Viewers also liked (19)

Security and Mobile Application Management with Worklight
Security and Mobile Application Management with WorklightSecurity and Mobile Application Management with Worklight
Security and Mobile Application Management with Worklight
 
14 Steps to Event Connect
14 Steps to Event Connect14 Steps to Event Connect
14 Steps to Event Connect
 
Event Management Software | Mobile Apps for Events | Conference Manage Softwa...
Event Management Software | Mobile Apps for Events | Conference Manage Softwa...Event Management Software | Mobile Apps for Events | Conference Manage Softwa...
Event Management Software | Mobile Apps for Events | Conference Manage Softwa...
 
Tips for a successful aplication to the H2020-programme
Tips for a successful aplication to the H2020-programmeTips for a successful aplication to the H2020-programme
Tips for a successful aplication to the H2020-programme
 
Driving Innovation for Application Management with WSO2 App Factory
Driving Innovation for Application Management with WSO2 App Factory Driving Innovation for Application Management with WSO2 App Factory
Driving Innovation for Application Management with WSO2 App Factory
 
Build your own aplication
Build your own aplicationBuild your own aplication
Build your own aplication
 
Telkom 2
Telkom 2Telkom 2
Telkom 2
 
15215180 pss7-ans
15215180 pss7-ans15215180 pss7-ans
15215180 pss7-ans
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
 
Surveillance Camera
Surveillance CameraSurveillance Camera
Surveillance Camera
 
Video Surveillance
Video SurveillanceVideo Surveillance
Video Surveillance
 
Manfaat dan pengaruh gadget
Manfaat dan pengaruh gadgetManfaat dan pengaruh gadget
Manfaat dan pengaruh gadget
 
GI Net 13 - Journey of Telkom CorpU | Telkom Indonesia
GI Net 13 - Journey of Telkom CorpU | Telkom IndonesiaGI Net 13 - Journey of Telkom CorpU | Telkom Indonesia
GI Net 13 - Journey of Telkom CorpU | Telkom Indonesia
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Presentasi telkom way LEADERSHIP ARCHITECTURE AND CORPORATE CULTURE TELKOM GROUP
Presentasi telkom way LEADERSHIP ARCHITECTURE AND CORPORATE CULTURE TELKOM GROUPPresentasi telkom way LEADERSHIP ARCHITECTURE AND CORPORATE CULTURE TELKOM GROUP
Presentasi telkom way LEADERSHIP ARCHITECTURE AND CORPORATE CULTURE TELKOM GROUP
 
Telkomsel presentation marketing insight
Telkomsel presentation marketing insightTelkomsel presentation marketing insight
Telkomsel presentation marketing insight
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Ip camera security system presentation
Ip camera security system presentationIp camera security system presentation
Ip camera security system presentation
 
Gsm based home security system
Gsm based home security systemGsm based home security system
Gsm based home security system
 

Similar to Mobile Application Security

Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USUdløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
IBM Danmark
 
Pulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentationPulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentation
Leigh Williamson
 
IBM Software Day 2013. A mobile strategy is essential
IBM Software Day 2013. A mobile strategy is essentialIBM Software Day 2013. A mobile strategy is essential
IBM Software Day 2013. A mobile strategy is essential
IBM (Middle East and Africa)
 
Engaging Mobile Apps with IBM® Social Business Solutions and IBM Worklight
Engaging Mobile Apps with IBM® Social Business Solutions and IBM WorklightEngaging Mobile Apps with IBM® Social Business Solutions and IBM Worklight
Engaging Mobile Apps with IBM® Social Business Solutions and IBM Worklight
Dirk Nicol
 
Build and Connect Enterprise Mobile Applications from developerWorks Live!
Build and Connect Enterprise Mobile Applications from developerWorks Live! Build and Connect Enterprise Mobile Applications from developerWorks Live!
Build and Connect Enterprise Mobile Applications from developerWorks Live!
Leigh Williamson
 
IBM Presentation for Mobile Developer Summit India
IBM Presentation for Mobile Developer Summit IndiaIBM Presentation for Mobile Developer Summit India
IBM Presentation for Mobile Developer Summit India
Leigh Williamson
 
UK Innovate 2012 mobile keynote
UK Innovate 2012 mobile keynoteUK Innovate 2012 mobile keynote
UK Innovate 2012 mobile keynote
Leigh Williamson
 
Five things we have learned about mobility from our clients -- IBM, Alistair ...
Five things we have learned about mobility from our clients -- IBM, Alistair ...Five things we have learned about mobility from our clients -- IBM, Alistair ...
Five things we have learned about mobility from our clients -- IBM, Alistair ...
Ed Brill
 
Jerry Romanek series mobile development 2012 year end review
Jerry Romanek series   mobile development 2012 year end reviewJerry Romanek series   mobile development 2012 year end review
Jerry Romanek series mobile development 2012 year end review
Leigh Williamson
 
Ibm mobile strategy may2012 mark.cesario v1.0
Ibm mobile strategy may2012 mark.cesario v1.0Ibm mobile strategy may2012 mark.cesario v1.0
Ibm mobile strategy may2012 mark.cesario v1.0
Mark Cesario
 
IBM Worklight-Overview
IBM Worklight-OverviewIBM Worklight-Overview
IBM Worklight-Overview
IBM WebSphereIndia
 
February 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile TestingFebruary 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
Leigh Williamson
 
Securing Salesforce Mobile SDK Apps with Good Dynamics
Securing Salesforce Mobile SDK Apps with Good DynamicsSecuring Salesforce Mobile SDK Apps with Good Dynamics
Securing Salesforce Mobile SDK Apps with Good Dynamics
Herve Danzelaud
 
Ibm solutions for the mobile enterprise
Ibm solutions for the mobile enterpriseIbm solutions for the mobile enterprise
Ibm solutions for the mobile enterprise
Chris Pepin
 
Becoming a mobile enterprise: step by step
Becoming a mobile enterprise: step by stepBecoming a mobile enterprise: step by step
Becoming a mobile enterprise: step by step
Chris Pepin
 
IBM mobile strategy at Innovate 2012
IBM  mobile strategy at Innovate 2012IBM  mobile strategy at Innovate 2012
IBM mobile strategy at Innovate 2012
Dirk Nicol
 
Collaborative lifecycle development for Mobile Software
Collaborative lifecycle development for Mobile SoftwareCollaborative lifecycle development for Mobile Software
Collaborative lifecycle development for Mobile Software
IBM Software India
 
Collaborative lifecycle development for Mobile Software
Collaborative lifecycle development for Mobile Software Collaborative lifecycle development for Mobile Software
Collaborative lifecycle development for Mobile Software
IBM WebSphereIndia
 
Securing Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldSecuring Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD World
Apperian
 
Worklight nitin nm
Worklight nitin nmWorklight nitin nm
Worklight nitin nm
Nitin Gaur
 

Similar to Mobile Application Security (20)

Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USUdløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
 
Pulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentationPulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentation
 
IBM Software Day 2013. A mobile strategy is essential
IBM Software Day 2013. A mobile strategy is essentialIBM Software Day 2013. A mobile strategy is essential
IBM Software Day 2013. A mobile strategy is essential
 
Engaging Mobile Apps with IBM® Social Business Solutions and IBM Worklight
Engaging Mobile Apps with IBM® Social Business Solutions and IBM WorklightEngaging Mobile Apps with IBM® Social Business Solutions and IBM Worklight
Engaging Mobile Apps with IBM® Social Business Solutions and IBM Worklight
 
Build and Connect Enterprise Mobile Applications from developerWorks Live!
Build and Connect Enterprise Mobile Applications from developerWorks Live! Build and Connect Enterprise Mobile Applications from developerWorks Live!
Build and Connect Enterprise Mobile Applications from developerWorks Live!
 
IBM Presentation for Mobile Developer Summit India
IBM Presentation for Mobile Developer Summit IndiaIBM Presentation for Mobile Developer Summit India
IBM Presentation for Mobile Developer Summit India
 
UK Innovate 2012 mobile keynote
UK Innovate 2012 mobile keynoteUK Innovate 2012 mobile keynote
UK Innovate 2012 mobile keynote
 
Five things we have learned about mobility from our clients -- IBM, Alistair ...
Five things we have learned about mobility from our clients -- IBM, Alistair ...Five things we have learned about mobility from our clients -- IBM, Alistair ...
Five things we have learned about mobility from our clients -- IBM, Alistair ...
 
Jerry Romanek series mobile development 2012 year end review
Jerry Romanek series   mobile development 2012 year end reviewJerry Romanek series   mobile development 2012 year end review
Jerry Romanek series mobile development 2012 year end review
 
Ibm mobile strategy may2012 mark.cesario v1.0
Ibm mobile strategy may2012 mark.cesario v1.0Ibm mobile strategy may2012 mark.cesario v1.0
Ibm mobile strategy may2012 mark.cesario v1.0
 
IBM Worklight-Overview
IBM Worklight-OverviewIBM Worklight-Overview
IBM Worklight-Overview
 
February 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile TestingFebruary 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
 
Securing Salesforce Mobile SDK Apps with Good Dynamics
Securing Salesforce Mobile SDK Apps with Good DynamicsSecuring Salesforce Mobile SDK Apps with Good Dynamics
Securing Salesforce Mobile SDK Apps with Good Dynamics
 
Ibm solutions for the mobile enterprise
Ibm solutions for the mobile enterpriseIbm solutions for the mobile enterprise
Ibm solutions for the mobile enterprise
 
Becoming a mobile enterprise: step by step
Becoming a mobile enterprise: step by stepBecoming a mobile enterprise: step by step
Becoming a mobile enterprise: step by step
 
IBM mobile strategy at Innovate 2012
IBM  mobile strategy at Innovate 2012IBM  mobile strategy at Innovate 2012
IBM mobile strategy at Innovate 2012
 
Collaborative lifecycle development for Mobile Software
Collaborative lifecycle development for Mobile SoftwareCollaborative lifecycle development for Mobile Software
Collaborative lifecycle development for Mobile Software
 
Collaborative lifecycle development for Mobile Software
Collaborative lifecycle development for Mobile Software Collaborative lifecycle development for Mobile Software
Collaborative lifecycle development for Mobile Software
 
Securing Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldSecuring Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD World
 
Worklight nitin nm
Worklight nitin nmWorklight nitin nm
Worklight nitin nm
 

Recently uploaded

Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
flufftailshop
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Jeffrey Haguewood
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Pravash Chandra Das
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
GDSC PJATK
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 

Recently uploaded (20)

Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 

Mobile Application Security

  • 1. IBM Innovate 2012 Mobile Application Security Foundation & Directions Raj Balasubramanian Dirk Nicol Product Architect, IBM Mobile Foundation Product Manager, IBM Mobile Foundation raj_balasubramanian@us.ibm.com nicold@us.ibm.com IPI2478
  • 2. The Premier Event for Software and Systems Innovation Please note IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. 2 © 2012 IBM Corporation
  • 3. The Premier Event for Software and Systems Innovation Mobile is transformational 10 Billion devices by 2020 61% of CIOs put mobile as priority 45% increased productivity with mobile apps 3 © 2012 IBM Corporation
  • 4. The Premier Event for Software and Systems Innovation IBM strategy addresses client mobile initiatives Extend & Transform Build & Connect Extend existing business Build mobile applications capabilities to mobile devices Connect to, and run Transform the business by backend systems in support creating new opportunities of mobile Manage & Secure Manage mobile devices, services and applications Secure my mobile business 4 © 2012 IBM Corporation
  • 5. The Premier Event for Software and Systems Innovation A deeper look at Manage & Secure capabilities Extend & Transform Build & Connect Manage & Secure Manage mobile devices, services Key Capabilities and applications • Mobile lifecycle management Secure my mobile business • Device analytics and control • Secure network communications & management 5 © 2012 IBM Corporation
  • 6. The Premier Event for Software and Systems Innovation Mobile Devices: Unique Management & Security Challenges Mobile Mobile devices Mobile Mobile Mobile devices are have multiple devices are devices are devices shared more personas diverse used in more prioritize the . often locations user  Personal phones  Work tool  OS immaturity for  A single location  Conflicts with user and tablets  Entertainment enterprise mgmt could offer public, experience not shared with family device  BYOD dictates private, and cell tolerated  Enterprise tablet multiple OSs connections  OS architecture  Personal shared with co- organization  Vendor / carrier  Anywhere, puts the user in workers control dictates anytime control  Security profile  Social norms of multiple OS  Increasing  Difficult to enforce per persona? mobile apps vs. versions reliance on policy, app lists file systems enterprise WiFi 6 © 2012 IBM Corporation
  • 7. The Premier Event for Software and Systems Innovation Mobile Risks Top 10 Mobile Risks 1. Insecure Data Storage 2. Weak Server Side Controls 3. Insufficient Transport Layer Protection 4. Client Side Injection 5. Poor Authorization and Authentication 6. Improper Session Handling 7. Security Decisions Via Untrusted Inputs 8. Side Channel Data Leakage 9. Broken Cryptography 10. Sensitive Information Disclosure 7 Source: OWASP Mobile Security Project © 2012 IBM Corporation
  • 8. The Premier Event for Software and Systems Innovation Challenges of Enterprise Mobility Data separation: personal vs corporate Achieving Data Separation & Data leakage into and out of the enterprise Partial wipe vs. device wipe vs legally defensible wipe Providing Data Protection Data policies Multiple device platforms and variants Multiple providers Adapting to the BYOD/ Managed devices (B2E) Unmanaged devices (B2B,B2E, B2C) Consumerization of IT Trend Endpoint policies Threat protection Identity of user and devices Providing secure access to Authentication, Authorization and Federation User policies enterprise applications & Secure Connectivity data Application life-cycle Developing Secure Vulnerability & Penetration testing Application Management Applications Application policies Designing & Instituting an Policy Management: Location, Geo, Roles, Response, Time policies Security Intelligence Adaptive Security Posture Reporting 8 © 2012 IBM Corporation
  • 9. The Premier Event for Software and Systems Innovation So How do I Protect My Mobile Initiatives? Begin by taking a holistic view of Mobile Security WiFi Mobile apps Develop, test and deliver safe applications Web sites Internet Telecom Provider Secure Security Corporate endpoint Gateway Intranet & device and Systems data Achieve Visibility and Enable Adaptive Security Posture Secure access to enterprise applications and data 9 © 2012 IBM Corporation
  • 10. The Premier Event for Software and Systems Innovation Spectrum of Mobile Security Requirements Mobile devices are not only computing platforms but also communication devices, hence mobile security is multi-faceted, driven by customers’ operational priorities Mobile Security Intelligence Mobile Device Data, Network & Access Security App/Test Management Development Mobile Device Mobile Device Mobile Threat Mobile Mobile Network Mobile Identity& Secure Mobile Management Security Management Information Protection Access Management Application Management Protection Development  Acquire/Deploy  Identity  Register  Device wipe &  Anti-malware  Data encryption  Secure Management lockdown  Authorize &  Vulnerability  Activation  Anti-spyware (device,file & Communications  Password  Anti-spam app) (VPN) Authenticate testing  Content Mgmt Management  Firewall/IPS  Mobile data loss  Edge Protection  Certificate  Mobile app  Manage/Monitor  Configuration  Web filtering prevention Management testing  Self Service Policy  Web Reputation  Multi-factor  Enforced by tools  Reporting  Compliance  Enterprise  Retire policies  De-provision Mobile Applications i.e. Native, Hybrid, Web Application Mobile Application Platforms & Containers Device Platforms 30 device Manufacturers, 10 operating platforms i.e. iOS, Android, Windows Mobile, Symbian, etc 10 © 2012 IBM Corporation
  • 11. The Premier Event for Software and Systems Innovation Mobile App Security: Defending the Software  Consistently apply and enforce best practices during Development  Provide or employ a secure channel for  Perform vulnerability delivering apps analysis during Testing  Employ a secure runtime environment to safeguard app data  As threats evolve recognize required updates and establish a  Perform checks to validate process for pushing them to users the integrity of apps 11 © 2012 IBM Corporation
  • 12. The Premier Event for Software and Systems Innovation Mobile Security Enabled with IBM Solutions IBM QRadar Achieve Visibility & Enable System-wide Mobile Security Awareness Adaptive Security Posture • Risk Assessment • Threat Detection Build & Run Safe Mobile Apps Secure Data & the Device Protect Access to Enterprise IBM WorkLight Apps & Data Develop safe mobile apps IBM WorkLight • Direct Updates Runtime for safe mobile apps IBM Security Access • Encrypted data cache Manager for Mobile IBM AppScan for Mobile • App validation Authenticate & Authorize users and Vulnerability testing devices • Dynamic & Static analysis of Hybrid IBM Endpoint • Standards Support: OAuth, and Mobile web apps SAML, OpenID Manager for Mobile • Single Sign-On & Identity Configure, Provision, Monitor Mediation IBM DataPower • Set appropriate security Protect enterprise applications policies • XML security & message • Enable endpoint access IBM Mobile Connect protection • Ensure compliance Secure Connectivity • Protocol Transformation & • App level VPN Mediation Internet 12 © 2012 IBM Corporation
  • 13. The Premier Event for Software and Systems Innovation The Difference Between Secure Apps and Device Management Mobile Device Application-Level Management Security Device-level control: App takes care of itself: • Password protection • Authentication • File-system encryption • File encryption • Managed apps • Remote administration • Jailbreak detection • Adaptive functionality Requires consent of user to have Applicable in all scenarios, enterprise manage entire device including BYOD and consumer- facing contexts 13 © 2012 IBM Corporation
  • 14. The Premier Event for Software and Systems Innovation Worklight Runtime Architecture Worklight Server Device Runtime Application Code Server-side Client-side Application Code App Resources Stats Aggregation Cross Platform Technology JSON Translation Direct Update Mobile Authentication Web Apps Security and Authentication Back-end Data Integration Post-deployment control Unified Push Adapter Library Diagnostics Notifications 14 © 2012 IBM Corporation
  • 15. The Premier Event for Software and Systems Innovation Mobile Application Security Objectives Protect data on Enforce security the device updates • Malware, Jailbreaking • Be proactive: can’t rely • Offline access on users getting the • Device theft latest software update on their own • Phishing, repackaging Streamline Provide robust Protect from the Corporate authentication “classic” threats security approval and authorization to the application processes • Existing authentication security • Complex infrastructure • Hacking • Time-consuming • Passwords are more • Eavesdropping vulnerable • Man-in-the-middle 15 © 2012 IBM Corporation
  • 16. The Premier Event for Software and Systems Innovation IBM WorkLight: Security By Design Protecting data on the Enforcing security device and in transit updates App Jailbreak and Encrypted Offline Secure Remote authenticity malware Direct update offline cache authentication connectivity disable testing detection SSL with Mobile Authentication Coupling Data Proven server Code platform as a integration device id with protection platform identity obfuscation trust factor framework user id realms security verification Streamlining Providing robust Application Corporate security authentication and Security processes authorization 16 © 2012 IBM Corporation
  • 17. The Premier Event for Software and Systems Innovation IBM WorkLight: Security By Design Protecting data on the Enforcing security device and in transit updates App Jailbreak and Encrypted Offline Secure Remote authenticity malware Direct update offline cache authentication connectivity disable testing detection SSL with Mobile Authentication Coupling Data Proven server Code platform as a integration device id with protection platform identity obfuscation trust factor framework user id realms security verification Streamlining Providing robust Application Corporate security authentication and Security processes authorization Integration point with VPN solutions (i.e. IBM Mobile Connect) Integration point with User Security solutions (i.e. IBM Security Access Manager for Integration point with MDM solutions (i.e. IBM Endpoint Manager for Mobile) Mobile) 17 © 2012 IBM Corporation
  • 18. Protecting data on the device The Premier Event for Software and Systems Innovation Malware, Jailbreaking Protecting data Device theft on the device Offline access Phishing, repackaging Secure Encrypted App Compatibility Offline challenge- offline authenticity with jailbreak authentication response on cache testing detection libs startup Encrypted offline cache Offline authentication using password Extended authentication with server using secure challenge response App authenticity testing: server-side verification mechanism to mitigate risk of Phishing through repackaging or app forgery Compatibility with various jailbreak and malware detection libraries 18 © 2012 IBM Corporation
  • 19. The Premier Event for Software and Systems Innovation Enforcing security updates Can’t rely on users Remote Disable: shut down getting the latest software update on specific versions of a their own downloadable app, providing users with link to update Enforcing security updates Direct Update: automatically send new versions of the Remote Direct locally-cached HTML/JS disable update resources to installed apps 19 © 2012 IBM Corporation
  • 20. The Premier Event for Software and Systems Innovation Authentication and Authorization Authentication Data Device integration framework protection realms Provisioning Very flexible framework for simplifying integration of apps with existing authentication infrastructure Providing robust authentication and Manages authenticated sessions with authorization configurable expiration Open: e.g., custom OTP as anti-keylogger mechanism Need to integrate with existing Server-side services grouped into authentication infrastructure separate protection realms for different authentication levels Authenticate users when offline Secure device ID generated as part of extensible provisioning process Mobile passwords are more vulnerable (keyboard more difficult to use, typed text is visible) 20 © 2012 IBM Corporation
  • 21. The Premier Event for Software and Systems Innovation Session Authentication Management Step 1 – Unauthenticated Session 1. Call protected Procedure Worklight Server Access denied because session is unauthenticated or expired 2. Request Authentication Session: • Created on first access from client • Identified using session cookie • Associated data is stored on the server 21 © 2012 IBM Corporation
  • 22. The Premier Event for Software and Systems Innovation Session Authentication Management Step 2 – Authentication 1. Obtain credentials from user and device Worklight Server 2. Forward credentials Process authentication data 3. If necessary: • Consult with authentication servers • Perform device provisioning • Receive authentication token • Associate token with session 22 © 2012 IBM Corporation
  • 23. The Premier Event for Software and Systems Innovation Session Authentication Management Step 3 – Authenticated Session 1. Procedure call on Worklight Server authenticated session Authenticated token associated with session 3. Procedure result Session ID Auth Tokens/State 2bd4296a3f29 Realm 1: 25487 Realm 2: ------ 2. Access back-end service -- using authentication 25617ff82a90 Realm 1: ------ --- token Realm 2: a6c9a 89a77921b02 Realm 1: 7b8df Realm 2: 6a8a0 23 © 2012 IBM Corporation
  • 24. The Premier Event for Software and Systems Innovation Worklight Studio simplifies the reuse of custom containers across the organization One team creates a custom container (“Shell Component”) for extensive security certification Other teams create HTML-only “inner apps” wrapped in that container 24 © 2012 IBM Corporation
  • 25. The Premier Event for Software and Systems Innovation Mobile Security Enabled with IBM Solutions IBM brings together a broad portfolio of technologies and services to meet the mobile security needs of customers across multiple industries •Application security •Worklight •IBM Rational AppScan •Mobile device management •IBM Endpoint Manager for Mobile devices •IBM Hosted Mobile Device Security Management •Secure enterprise access •IBM Security Access Manager •Security Intelligence •IBM QRadar 25 © 2012 IBM Corporation
  • 26. The Premier Event for Software and Systems Innovation Deployment for SSO and Security Intelligence Security Intelligence Platform Hybrid Mobile Apps IBM Endpoint Based on WorkLight Manager Risk Based Access Hybrid App. SSL SSO WorkLight Server Enterprise Hybrid App. Mobile Security Applications, Gateway (WAS w/ security) Worklight Runtime Connectivity & Data Mobile Device  Security intelligence with mobile context  Intelligence around malware and advanced threats in mobile enabled enterprise  User identity and device identity correlation, leading to behavior analysis  Geo-fencing, anomaly detection based on device, user, location, and application characteristics 26 © 2012 IBM Corporation
  • 27. The Premier Event for Software and Systems Innovation IBM AppScan: Bringing Vulnerability Scanning to Mobile Detection of Vulnerabilities before Apps are Delivered and Deployed  Known vulnerabilities can be addressed in software development and testing  Code vulnerable to known threat models can be identified in testing  Security designed in vs. bolted on Leverage AppScan for vulnerability testing of mobile web apps and web elements (JavaScript, HTML5) of hybrid mobile apps 27 © 2012 IBM Corporation
  • 28. The Premier Event for Software and Systems Innovation IBM Security Access Manager: Authentication & Authorization of Mobile Users and their Devices Authorization Access Manager Servers (e.g., IBM Access Policy) Manager User registries (i.e. LDAP) Federated External Identity Authentication Manager Authentication Provider VPN or (i.e. userid/password, HTTPS Basic Auth, Certificate or Custom) IBM Security Access Manager for Mobile can be Application Servers used to satisfy complex authentication (i.e. WebSphere, WorkLight) requirements. A feature called the External Authentication Interface (EAI) is designed to provide flexibility in authentication. Mobile Browser Enterprise Web or Native Web Services Applications Applications Federated Identity Manager can be incorporated into the solution to provide federated identity management 28 © 2012 IBM Corporation
  • 29. The Premier Event for Software and Systems Innovation IBM Endpoint Manager for Mobile: Extending Management Reach to Mobile Devices Common Advanced management for iOS, management agent Android, Symbian, and Windows and console Phone Systems Security management management Unified management automatically Near-instant enables VPN access based on deployment of security compliance new features Integration with back-end IT management systems such as service desk, CMDB, and SIEM IBM Endpoint Manager Security threat detection and automated remediation Extends IBM’s existing 500,000 endpoint deployment Desktop / laptop / Mobile Purpose-specific server endpoint endpoint endpoint 29 © 2012 IBM Corporation
  • 30. The Premier Event for Software and Systems Innovation IBM Qradar: Delivering Mobile Security Intelligence Delivers Mobile Security Intelligence by monitoring data collected from other mobile security solutions – visibility, reporting and threat detection  Unified collection, aggregation and analysis  Ingest log data and events from: architecture for:  Endpoint Manager for Mobile Devices o Application logs  Access Manager for Mobile o Security events  Mobile Connect o Vulnerability data  WorkLight o Identity and Access Management data o Configuration files o Network flow telemetry  A common platform for o Searching o Filtering o Rule writing o Reporting functions  A single user interface for oLog management o Risk modeling o Vulnerability prioritization o Incident detection o Impact analysis tasks 30 © 2012 IBM Corporation
  • 31. The Premier Event for Software and Systems Innovation Copyright and Trademarks © IBM Corporation 2012. All Rights Reserved. IBM, the IBM logo, ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml. 31 © 2012 IBM Corporation
  • 32. The Premier Event for Software and Systems Innovation IBM Global Technology Services offers a broad set of complementary mobile capabilities Client Initiatives Build mobile Manage mobile Extend existing applications devices and business capabilities Connect to, and run applications to mobile devices backend systems in Secure my mobile Transform the support of mobile business business by creating new opportunities Services • Mobile application development • Telecom Expense • Unified Communications • Mobile Application Platform Management Services Management • Mobile Security • Mobile Application Platform • Network (e.g. wi-fi, VPN) • Mobile Device Management Management • End-user and administration • Strategy & Transformation support • Mobile Application • Procurement, staging and Management kitting • Messaging, collaboration and social 32 © 2012 IBM Corporation
  • 33. The Premier Event for Software and Systems Innovation www.ibm.com/software/rational 33 © 2012 IBM Corporation
  • 34. The Premier Event for Software and Systems Innovation Daily iPod Touch giveaway  Complete your session surveys online each day at a conference kiosk or on your Innovate 2012 Portal!  Each day that you complete all of that day’s session surveys, your name will be entered to win the daily IPOD touch!  On Wednesday be sure to complete your full conference evaluation to receive your free conference t-shirt! 34 © 2012 IBM Corporation
  • 35. The Premier Event for Software and Systems Innovation Acknowledgements and disclaimers Availability: References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. © Copyright IBM Corporation 2012. All rights reserved. – U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM, the IBM logo, ibm.com, Rational, the Rational logo, Telelogic, the Telelogic logo, Green Hat, the Green Hat logo, and other IBM products and services are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml If you have mentioned trademarks that are not from IBM, please update and add the following lines: [Insert any special third-party trademark names/attributions here] Other company, product, or service names may be trademarks or service marks of others. 35 © 2012 IBM Corporation
  • 36. The Premier Event for Software and Systems Innovation www.ibm.com/software/rational © Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, Rational, the Rational logo, Telelogic, the Telelogic logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. 36 © 2012 IBM Corporation