Securing Mobile - A Business Centric Approach
Download as PPTX, PDF2 likes458 views
The document discusses securing mobile technology with a focus on a data-centric approach to security amidst the evolution of mobile and web computing. It outlines various security programs and technologies, emphasizing risk assessment, asset management, and the importance of data governance and application governance. The author advocates a proactive strategy in mobile security that involves inventorying, classifying, and protecting data while monitoring control effectiveness.
Securing Mobile - A Business Centric Approach
- 1. Securing Mobile: A Business-Centric Approach Omar Khawaja February 2013
- 2. Information Revolution Starts 1970 Main frame (Green Terminals) @smallersecurity
- 3. Personal Computing 1970 1980 Thick Client & Mobile Revolution Starts @smallersecurity
- 4. Advent of the Web 1970 1980 1990 Web based computing and Mobile truly goes mobile @smallersecurity
- 5. Mobile Matures 1970 1980 1990 2000 Web and Mobile mature @smallersecurity
- 6. Mobile Revolution 1970 1980 1990 2000 2010 Information Revolution becomes the Mobile Revolution @smallersecurity
- 8. Mobile is no longer optional @smallersecurity
- 9. Btw, is securing various platform really that different? @smallersecurity
- 10. Difference? 1970 1980 1990 2000 2010 Have a closer look: its really not that different. @smallersecurity
- 11. Personalization High-IQ Networks of Service Enterprise Consumerization Top Business Clouds of IT Technology Big Data M2M2P Trends Video Compliance Social Enterprise Energy Efficiency @smallersecurity
- 12. What’s the common theme across top technology trends? @smallersecurity
- 13. Personalization of High-IQ Networks Service Enterprise Clouds Consumerization of IT Big Data M2M2P Video Compliance Social Enterprise Energy Efficiency DATA @smallersecurity
- 14. Mobility and Cloud fuel each of these trends. @smallersecurity
- 15. Security is about Risk ‘Risk’ Assets Vulnerabilities Threats @smallersecurity
- 16. How do we secure mobile today? @smallersecurity
- 18. Programs and Technologies Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical & Environment Security Info Systems Acquisition, Dev, & Communication & Ops Mgmt Access Control Maintenance Info Security Incident Business Continuity Compliance Management Management @smallersecurity 17
- 19. Programs and Technologies App Security Anti-X Configuration Management DLP Encryption IAM, NAC Patching Policy Management Threat Management VPN Vulnerability Management … @smallersecurity 18
- 21. Multiple Approaches Really? Worst Case Single Organization Organization Organization Organization Organization Organization Risk Security Risk Security Risk Security Risk Security Risk Security Risk Security of Info of Info of Info of Info of Info of Info Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Human Physical & Human Physical & Human Physical & Human Physical & Human Physical & Human Physical & Asset Asset Asset Asset Asset Asset Resources Environment Resources Environment Resources Environment Resources Environment Resources Environment Resources Environment Management Management Management Management Management Management Management Security Management Security Management Security Management Security Management Security Management Security Info Systems Info Systems Info Systems Info Systems Info Systems Info Systems Comms & Access Comms & Access Comms & Access Comms & Access Comms & Access Comms & Access Acquisition, Acquisition, Acquisition, Acquisition, Acquisition, Acquisition, Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Info Security Business Info Security Business Info Security Business Info Security Business Info Security Business Info Security Business Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Management Management Management Management Management Management Management Management Management Management Management Management App Config App Config App Config App Config Anti-X Anti-X Anti-X Anti-X Security Mgmt Security Mgmt Security Mgmt Security Mgmt DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC Policy Threat Policy Threat Policy Threat Policy Threat Patching Patching Patching Patching Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Vuln. Vuln. Vuln. Vuln. VPN … VPN … VPN … VPN … Mgmt Mgmt Mgmt Mgmt Security Programs Risk Assessment Asset Management Comms & Ops Mgmt Info Security Incident Management Security Policy Human Resources Management Access Control Business Continuity Management Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance Risk Assessment Asset Management Comms & Ops Mgmt Info Security Incident Management Security Policy Human Resources Management Access Control Business Continuity Management Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance App Config App Config App Config App Config Anti-X Anti-X Anti-X Anti-X Security Mgmt Security Mgmt Security Mgmt Security Mgmt DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC Policy Threat Policy Threat Policy Threat Policy Threat Patching Patching Patching Patching Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Vuln. Vuln. Vuln. Vuln. VPN … VPN … VPN … VPN … Mgmt Mgmt Mgmt Mgmt Multiple Nirvana Good Single Multiple Security Technology Sets @smallersecurity
- 23. Inventory (must) Classify (must) Data-Centric Destroy* (ideal) Approach (Follow the data) Protect Monitor @smallersecurity
- 24. Data-Centric Security Model Data-centric security is business-centric security @smallersecurity
- 25. Data-Centric Security Model To protect the data, protect what’s around it too @smallersecurity
- 26. Data-Centric Security Model GRC and Intelligence define security program @smallersecurity
- 27. Data-Centric Security Model Start with assets, end with the controls @smallersecurity
- 28. How do we execute? @smallersecurity
- 29. Categorize Data Inventory Data Destroy Data Data-Centric Inventory Users Security: Define Business Processes Mobile Environment Definition A Recipe Entitlement Definition Implement Control Requirements Monitor Control Effectiveness @smallersecurity
- 31. What about Apps? Apps have overtaken Can’t impede app browsing proliferation, but 30 billion app downloads how do you know from Apple's App Store which to trust? @smallersecurity
- 32. What about the Network? (It’s not just for transport) @smallersecurity
- 33. Key security imperatives: 1) Data Governance 2) Application Governance @smallersecurity
- 34. Simplify security Network can program help Apps matter Follow the data Doing things right & Doing the right things Business Context @smallersecurity
- 35. Question and Answers @smallersecurity
- 36. T h a n k Yo u o m a r.kha wa j a@ ve r i z o nb usi ne ss.co m @smallersecurity
- 37. PROPRIETAR Y STATEMENT This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. © 2011 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners. @smallersecurity
- 38. Developed and Designed by Salahuddin Khawaja salahk@gmail.com More at Decklaration.com ABOUT THE AUTHOR Salah has 14 years of experience, primarily in the Financial Services Industry. Before joining JP Morgan he spent 11 years at Deloitte & Touche helping Fortune 500 clients with various types of Strategic Initiatives. He is currently is based in Hong Kong with responsibility for delivering the next generation platform for Securities Processing. Areas of Expertise: Strategy Development, Business Transformation, System Integration, Program & Project Management, Mobile Strategy, Data Analytics, Executive Presentations Sample Clients: Bank of America, Citi , MasterCard 37