Fundamentals of Secure Collaboration in the Mobile Workforce

Sinisha Patkovic

1

DISCUSSION

2

• Hyper connected “X-Times” future and blurring of lines

between personal, social cloud, & enterprise.

• CIO Challenge: lost balance between productivity, user

satisfaction, and risk management.

• Governance & Decision Making: Boards don’t speak Cyber.

• Bias: do you know we are wired to value gain over risk?

• Who is liable for corporate privacy and security?

• Collaborating in the Cloud – who is liable for data breach?

The world is moving to a ‘X-Times’ future 10+ times the connected devices (all end points) 100+ times the apps – BYOX & Corporate deployed 1,000+ times the amount of data 10,000+ times the collaboration opportunities

WHAT IS THE FUTURE OF MOBILITY?

3

4

Users

Applications

Takes the world by storm. • Now we have to embrace it…

=  More devices

What did MDM get us? (Email)• Enterprise apps ‐ challenging to build and deploy

=    More apps

Tons of desktop applications!• These apps run your business• They need to go mobile• New technologies

=      More integrations

Future Proof • Data is behind the firewall• VPNs not designed for mobile• What about UX?• How do you manage all the 

apps • How develop these apps?

THE CHALLENGES

BYOD

5

SECURITY MATTERS

In 2013, the average cost per data breach fin the U.K. was £2.16 million—or £41 per record.

By 2016, there will be 752M business use smartphones worldwide. Only 273M will be under MDM management.

By 2017, half of employers will require employees to supply their own device for work purposes.

Employee-owned devices will be compromised by malware at more than double the rate of corporate-owned devices.

In 2016, 83.9M corporate liable devices will be shipped, up from 61.4M in 2013.

$5.4M

752M

50%

2X

83.9M

2014 Cost of Data Breach Study, Ponemon Institute and IBM

6

UNDERSTAND THESECURITY THREATCyber Defense & Mobile MalwareNeed for automated scanning of applications before they ever reach the device. Also application activity (on device/network) monitoring is necessary.

Someone is ALWAYS ListeningThe assumption must always be that every data route is insecure. We must built our data channels accordingly.

Consumer Applications in the EnterpriseNeed to separate corporate information from consumer apps. Personal apps only have access to personal information.

The Insider ThreatBeing able to limit access to data on mobile devices is equally important as it is on laptops and desktops.

7

Security as a foundation of product development.

• Product Layers that benefit from security

• Secure Hardware

• Secure OS

• Secure EMM

• Secure Cloud Infrastructure

• Secure Value Added Services

• Secure IoT Microkernel

• Innovative security: better usability, better accuracy, user centric, context aware.

SECURITY LAYERS

8

Risk Management

User Experience

\\

UNDERSTANDING ENTERPRISE FORCES

Business Enablement

• Mobile Productivity, App Strategy• Secure Voice• Collaboration• Cost of Ownership

• Intellectual Property• Sensitive Data (need for DRM)• Regulatory Compliance• Privacy

• Usability• Design / Style• Personal Preference• Consumer Applications

Business Enablement

Risk Management

User Experience

9

Mobile Device

• Social networking

• Personal email / webmail

• IM, SMS, P2P• USB / microSD• Others

User Activity• File attachment• Cut & Paste• USB / microSD

Malware• Data‐at‐rest• Direct access• Other

Data Loss

Data LossERP, CRM, MIS, FISContent & Asset mgmt.,etc.

WorkUse

PersonalUse

Hacker Command & 

Control

PrivateEnterpriseResources

Public Networks

DATA LEAK RISKS WITH WORK & PERSONAL USE COMMINGLING

Sensitive & Regulated Data

10

THREAT ATTACK VECTORS• Eavesdropping and interception:

• Insecure external email, SMS, P2P chat, and other consumer communications• Voice: over-the-air and carrier infrastructure• Insecure file sharing

• Malware:• App store malware• Device rooting / Operating System compromises

• Cyber attack with physical possession of device:• Device rooting / Operating System compromises• Weak or no data-at-rest encryption, weak or no authentication

• Data loss due to personal use• Forwarding work data and files with personal use (webmail, cloud file sharing,

SMS/P2P etc.)• Insecure file offloading and sharing (cloud file sharing, USB/SD card storage)

12

TRENDSTHREATS FOLLOW ASSETS

DEVICE MANAGEMENT MODELS

COPECorporate Owned Personal Enabled

BYODBring Your Own Device

CYODChoose Your Own Device

COBOCorporate Owned

Business Only

Organizations continue to invest in Corporate liable devices - COPE demand continues to grow.

83.9MCorporate liable devices

worldwide to be shipped in

2016Growing from 61.4M

in 2013IDC - Worldwide Business Use Smartphone

2013–2017 Forecast Update

13

CONTAINER SPECTRUM

“Best Practices In Mobile Device Management” Phil Redman, July 26, 201214

ECONOMY DATA LEAK PREVENTION

Security – Data Leak Prevention For Dual Use 

DesktopVirtualization

VDI/HDV$$/$$$

Application Neutral

Containers (pseudo-

native SDK)$Application

SpecificContainers

(bolt-on SDK)$$$

IntegratedContainers

(Native SDK)

$

Mobile OSVirtualization

(Mobile Hypervisor)

$$$

Total Cost of Ownership(including app development)

$ least expensive$$$$$ most expensive

15

EMM CORE COMPETENCIES

• Core: MDM, VPN, Container, App Management, is commoditized.

• Need for Consumer-level User Experience in Container

• App Baseline Security, License Management, App Analytics, Single Sign On

• Reputation Services: real time risk engine for compliance and risk related to OS, apps, privacy.

• Expanded Analytics to manage scale• Intelligence Aggregation, Policy Automation

16

EMM COMPETENCIES

• Unified end-point management• Desktop, laptop, tablet, smartphone, IoT nodes

• Mobile Identity and Access• User/Person driven, contextualized.

• File Level protection – DRM• Operation-level security across file life-cycle.

• Collaboration• Video conferencing, screen sharing.

• Back-end integration both on premise and cloud.

17

FUTURE OPPORTUNITIES

• Confidence based security: wider context for authenticating user – sensors, content, biometrics…

• Right-time Experiences: dynamic content based on multi-source context. Needs breaking of data/service silos.

• Indoor Location Services.• Geo-fencing: automated policy enforcement.

18

DISCUSSION

19

• Hyper connected “X-Times” future and blurring of

lines between personal, social cloud, & enterprise.

• Governance: Boards don’t speak Cyber

• Collaborating in the Cloud – who owns the risk?

• Bias: wired to value gain over risk

• New threat vectors