Power to the People?Rik Ferguson• Director Security Research & Communications

Consumerisation of IT

• Popular new consumer technology spreads into business organizations

• IT and consumer electronics converge as the same devices are used for work and play

• Power shifts from corporate IT and enterprise vendors (IBM, HP) to end users and innovative consumer vendors (Apple, Google)

“Consumerisation will be the most significant trend affecting IT during the next 10 years”

Gartner

…Not just mobile devicesSocial Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Email Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Email

Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Email Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-

4

The IT View: Current Pain Points

iPad

5

What’s Really Happening• The current pain points are simply the leading edge of a bigger wave.

• Tactical solutions will always remain reactive and be susceptible to disruption by the next wave.

iPadiPhone

Windows phone

The also-rans

The winners (for now)

Consumer is King

Some recent iOS Vulnerabilities

• CVE-2011-3246 – Malicious URLs disclose sensitive information

• CVE–2011-3439 – Malicious font leads to arbitrary code execution

• CVE-2011-3442 – Ability to bypass code-signing checks

• CVE-2011-3255 – Apple ID & password could be intercepted by installed apps

Some recent Android Vulnerabilities

• CVE-2011-3874 – Buffer Overflow allows code execution

• CVE-2011-1823 – Local code execution and root privileges (Gingerbreak)

• CVE-2011-1149 – Bypass sandbox and escalate privileges (KillingInTheNameOf)

• A multitude of Adobe Flash vulnerabilities

Classification 04/08/2023

11

MOBILE MALWAREYes… It’s real.

But Google told me you are all Charlatans!

Mobile Malware - Android is where the action is

Malicious Marketplace• March 2011 - 58 malicious apps (approx

250,000 victims)

• May 2011 - 24 malicious apps (up to 120,000 victims)

• December 2011 - 27 malicious apps (approx 14,000 victims).

• February 2012 – 37 “Fan Apps” stealing handset information and aggressive advertising

It’s not only the vulnerabilities

And here’s how it works…

Consumerisation is Driving a Shift

17

• The advent of consumerisation in the last few years is causing organizations to rethink the value of consumer-grade tools and services.

Consumerization

IT is Losing Control

IT is Losing Control

This shift of control away from corporate IT has three main results

Loss of visibility and control as these “BYOD”

devices and modes of communicating proliferate

in business IT environments

1

“De-standardization” increases the cost and difficulty of managing and delivering data to

an increasingly heterogeneous endpoint

landscape

2

Unpredictability of where data will be consumed by

end-users increases challenge of data protection

3

Tactical solutions will not address this fundamental change

Unlock Opportunity

• Business agility

• Virtual work style

• Move at the customer speed

• Increase end-user productivity

• Attract and retain talent

“Embrace” Is the Optimal Approach

1 2 3

Strategy: Create a plan

Say Yes… but not to everything for

everyone

Deploy an enterprise-grade

infrastructure

Key Features for Mobile Security• Reduce costs, improve business agility, empower employees.

• Regain visibility and control, share and protect data in a heterogeneous environment

• “Embrace consumerization, unlock opportunity!”

Regain visibility & control

Deploy with confidence

Measure effectiveness

…whatever the device, wherever the user

EnrollmentManagementProvisioning

Tracking

Policy EnforcementAnti malwareEncryption

Remote Lock/Wipe

MonitorReportReact

Integrate

Thank Yourik_ferguson@trendmicro.com