Mobile Security - Words like Bring Your Own Device, and Federation sounds familiar?
•
0 likes•1,402 views
This document summarizes IBM's perspective on mobile security challenges facing enterprises and provides an overview of IBM's mobile security solutions. It introduces IBM's Identity & Access Mobile Security Maturity Model and provides examples of real-world mobile security implementations. The document demonstrates an example mobile security architecture and demo of an identity-aware mobile application that incorporates device registration, context-aware access controls, and application revocation capabilities provided by IBM Security Access Manager.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Mobile Security - Words like Bring Your Own Device, and Federation sounds familiar?
Similar to Mobile Security - Words like Bring Your Own Device, and Federation sounds familiar? (20)
More from IBM Danmark
More from IBM Danmark (20)
Recently uploaded
Recently uploaded (20)
Mobile Security - Words like Bring Your Own Device, and Federation sounds familiar?
- 1. © 2013 IBM Corporation Mobile Security Identity & Access Maturity Model & Real World Deployments and Architecture Patrick R Wardrop 28 May 2013 Copenhagen, Denmark
- 2. 1 Topics IBM’s perspective Identity & Access Mobile Security Maturity Model Real World Use cases Demo & Architecture Walk through
- 3. 2 Enterprises face mobile security challenges Enabling secure transactions to enterprise applications and data Developing secure applications and ensuring assurance Designing and instituting an adaptive security posture Adapting to BYOD and the consumerization of IT
- 4. 3 ©2013 IBM CorporationIBM MobileFirst IBM CONFIDENTIAL Managing and securing the mobile device, enterprise, and apps 5 Personal vs. corporate data. Document sync. Secure access. Easy authentication. Mobile-enabled IT & productivity apps. No device control. Malware. Secure transactions. Threat protection. Network monitoring. Rapid application delivery, APIs. Security & monitoring. Device Enterprise Apps Mobile BYOD (B2E) Mobile Transactions (B2C) Mobile adoption patterns point to focus areas around managing risk - across device, network and applications
- 5. 4 Ensuring Secure Transactions span an integrated approach across Device, Enterprise and Applications Safe usage of smartphones and tablets in the enterprise Secure transactions enabling customer confidence Visibility and security of enterprise mobile platform IBM Mobile Security & Management Strategy Manage Device Register; Set appropriate security policies; compliance; wipe; lock Persona Separation Data separation; data leakage prevention Data Mgmt/Protection Encryption; content (i.e. documents) management & protection; data sync Secure Access Properly identify mobile users & devices; allow or deny access Connectivity, Security Intelligence Security Intelligence, Usage Identify & stop mobile threats Logging events, anomalies Threat Protection content/info; network; transactions App Assurance scanning, analysis certification, Identify application vulnerabilities App Management App performance management. Monitoring. App store, versioning, Update apps App Security api, sdk, application level controls At the Device For the Mobile App Internet Over the Network & Enterprise
- 6. 5 Current IBM capabilities - Securing the Mobile Enterprise
- 7. 6 Mobile security intelligence provides deeper insights around security and risk posture of an enterprise, in the context of mobile. Mobile Security Intelligence Intelligence around malware and advanced threats in mobile enabled enterprise User identity and device identity correlation, leading to behavior analysis Geo-fencing, anomaly detection based on device, user, location, and application characteristics Mobile Security Intelligence
- 8. 7 Topics IBM’s perspective Identity & Access Mobile Security Maturity Model Real World Use cases Demo & Architecture Walk through
- 9. 8 Mobile Security: Identity & Access Maturity Model Optimized Access Monitoring & Reporting Content Filtering/Server-Side DLP Access governance / certification to mobile applications Integration with SaaS and BaaS Context / risk-based access Advanced authentication (Bio-metrics, behavior, analytics,..) Proficient Application access management Device registration, authentication and revocation (i.e OAuth) Strong authentication (OTP, Device, .. ) Application VPN Application threat protection (WAF) Connecting client’s reputation Basic Browser based Federated Single Sign-On Server side Single Sign-On Server-side application protection (Authentication, Authorization and Audit, Session Mgmt.)
- 10. 9 Topics IBM’s perspective Identity & Access Mobile Security Maturity Model Real World Use case Architecture Walk through & Demo
- 11. 10 Business challenge: • Automobile customers require secure, personalized access to vehicle information services on their mobile devices • Customers require access to radio, internet and social network services from their telematics systems inside cars Solution: • Security Access Manager along with DataPower • Authentication and Authorization to back-end services • Secure integration and federated single sign-on with third party service providers FIM DataPower Authorization Request Token Request Access Token Access Token Granted Cloud Services Data Center 2 Data Center 1 ISAM Proxy (WebSEAL) Value • Fast time to value and quick integration with partner services • Secure mobile access An Automobile company secures its cloud services access with IBM Security Access Manager & Websphere Datapower
- 12. 11 Topics IBM’s perspective Identity & Access Mobile Security Maturity Model Real World Use case Architecture Walk through & Demo
- 13. 12 Example Architecture IBM Security Access Manager Web Gateway Appliance DMZ IBM Security Federated Identity Manager Application
- 14. 13 Example Architecture IBM Security Access Manager Web Gateway Appliance DMZ Reverse Proxy WAF (PAM) OAuth RBA X IBM Security Federated Identity Manager OTP RBA OAuth Application
- 15. 14 Example Architecture IBM Security Access Manager Web Gateway Appliance IBM Security Federated Identity Manager Reverse Proxy OAuth RBA Value: • Identity aware mobile applications • Non-intrusive user experience with reduced risk • Using adaptive (risk-based access) security • Strong authentication only when it’s necessary by using context-based access • Reduce unnecessary barriers • Revocable application instances OTP RBA OAuth X Application DMZ WAF (PAM)
- 16. 15 Identity-aware Mobile Application Demo: OAuth device registration, identity-aware application, context-aware access & application instance revocation Scenario 1: Oauth device registration and identity-aware application launch Scenario 2: Risk-based access decision that is transaction value aware with strong authentication Scenario 3: Mobile application instance revocation
- 17. 16 Identity-aware Mobile Application Demo: OAuth device registration, identity-aware application, context-aware access & application instance revocation
- 18. 17 IBM Security Access Manager Web Gateway Appliance IBM Security Federated Identity Manager Reverse Proxy OAuth RBA OTP RBA OAuth IBM Worklight Server DMZ WAF (PAM) Mobile App WL Runtime Identity-aware Mobile Application Demo Architecture
- 19. 18 THANK YOU!!!