mobile security and management opportunities for telcos and...

1

Mobile Security and Management – Opportunities for Telcos and Service Providers

Mike Gibson Protirus

ST B03 - Mobile Security and Management

Brice Renaud Orange Business Services

Lionel Gonzalez Symantec EMEA Solution architect

SYMANTEC VISION 2012

Mobile Operators are the primary choice for mobile security

ST B03 - Mobile Security and Management 2

SYMANTEC VISION 2012 4

1 2 3 4 5

• Huge

customer

base:

• Enterprises

• Consumers

• Data

Centers

• Infra-

structure

• Billing,

Customer

Care

• Networks

• Information

• Strong

SLAs

• Trust

• Logical

Roadmap

of Services

Why are Telcos in a superb position to offer Information Protection Services?

Fixed & Mobile

Service Platforms

IT Data Center


SYMANTEC VISION 2012 ST B03 - Mobile Security and Management

Devices Apps Data

Mastering Mobile Control Points

5

…without disrupting user experience

5


Secure App Store

MDM Policy

Mobile Mgmt

Enterprise Mobility and Services

App Security Policy & Comm.

App Mgmt & Security

Secure App Store w/Licensing

eDiscovery

Mobile Devices

Encryption

App Control

Device Security

.Cloud Services

Norton Zone

Service Platform

Norton OnLine Backup

BackUp Exec

Identity Solutions

(VIP)

Symantec Offerings for Mobile Protection and Revenue Generation

Reverse Proxy

Fed. Auth

O3 Infrastructure.

VIP (OTP)

DLP

Consumer and BYOD

Identity Safe

Norton Zone

Service Platform

Norton OnLine Backup

Norton One

Norton Utilities

Hot Spot Privacy

Norton Mobile Security

Device Security

App Insight

Norton Anti-Theft Mobile Security

Network: Next Gen Network Protection

Security Filter

Traffic Analysis

Data Retention

Usage Control

Notification Module

Malware Engine

Reporting Console Portal

Carrier Global Policies Subscriber Level Policies

Security Insight

New Services

Network Protection

Traffic Manager Optimization and Inspection

Private

Cloud

Hosted NGNP

Wi-Fi

Roaming

6 ST B03 - Mobile Security and Management


From MDM to MAM: Embracing BYOD



Symantec Enterprise Mobility Solutions


Company credentials extended to both public and private

cloud services

User & App Access Mgmt.

Corporate data separation and delivery of IT

services

App & Data Protection

Configuration, control and

management of mobile devices

Device Management

Mobile security threat detection and

removal

Threat Protection

8

Mobile Management Nukona App Center Managed PKI & O3 Mobile Security

- Standalone

- For Altiris ITMS

- For Microsoft SCCM


Enable • Activate enterprise access,

apps and data easily and automatically

Secure • Protect enterprise data and

infrastructure from attack and theft

Manage

• Control inventory and configuration with massive scalability

Symantec Mobile Management

9

Robust visibility & control for iOS, Android and Windows Phone



Company Controls Personal Device

Company Controls Relevant Apps & Data Only

Company Controls Standard Device

Company Owned But Unmanaged

BYOD Adoption Map


Company-owned Personally-owned

Man

age

d

Un

man

age

d

BYOD

12


BYOD

BYOD Adoption Map


Company-owned Personally-owned

Man

age

d

Un

man

age

d

Device. Apps. Data

Device. Apps. Data Device. Apps. Data

Device. Apps. Data

13


App deployment & provisioning

User authentication across apps

Copy & paste prevention

Per app file encryption

Remote data/app wipe

iOS & Android support

App Center’s Approach to Protecting Mobile Apps

Personal

VIP

FORD JPMC Kaiser

Enterprise Mobility Console

O3 Mobile

Symantec Apps

Internal Apps

App Store Apps

Secure App Center

Feature-set

App



Advancing Mobile Application Management

Comprehensive App Wrapping Tech

App Store

Repository for internal and external mobile applications

App Policy

Protect app against data loss through encryption, removal control and separation of corporate data

Content Center

Protect and deploy content across mobile devices


Deployed SaaS or On Prem

15


Introducing Protirus: MDM tailored for Service Providers



Protection from the Network



NGNP Delivers Active Content Control

• Enhanced Control: Active Dynamic Analysis (in the Traffic path)

• Gives the ability to set rules & enforce these rules

• Inspect traffic & content to permit, deny or modify before it hits users

• On a Network wide, Enterprise or Personal level

Set Rules For

• Individual Users

• Groups

• Network

• Regulatory Requirements

• Network Usage

Analyze & Inspect Traffic + Content

• Network Monitoring

• Behavior Profiles

• Malware/Spam

• Content Categorization

Enforce Policy

• Time of Day Rules

• Permitted Usage

• Preferences

• Security Permissions

• Regulations

Subscriber Interaction

• Warnings / Notifications

• Remediation

• Policy Changes

• Reporting / Alerting

Voice SMS Web P2P IM MMS Email

18 ST B03 - Mobile Security and Management 18

Self-Care Portal Reporting Admin Console Policy

Management

Policy Controls

Policy Adapters

Policy Rules Engine

Notifications

Malware Recovery

Subscriber Policy Register

Traffic Analysis

Usage Controls

Security Filters

Data Retention

• URL & Content Filter

• AntiMalware

• AntiSpam

• Data Loss Prevention

• Data Retention

• Storage Management

• Archiving

• Global Intelligence

SMS

MMS Mail www Voice

Circuit Switched Network

Packet Switched /

Internet

NGNP Traffic Control Module

IM



Alerting

Operator Controls

Flexible Configuration

Allows the enterprise to:

• Manage safe browsing and safe search (URL whitelist, URL blacklist, time of day routing)

• Protect unwanted inbound/outbound contacts (who and when contact can be made)

• Ensures that selected contacts are always accessible

Features: Comprehensive Web Filtering

Adminstrator Choice on Safety Alerts:

• Configurable notification to adminstrator on blocked URL request

• SMS, Email notification channels

• PIN override to enable access, or continue block

• Reports on blocked web sites

Allows the Service Provider to provide:

• URL categorization lists and managed updates

• Category overrides, URL walled garden

• Dynamic rating

• Global illegal lists and defaults

Block 0712xxxxx

Website

SMS

20 20



Corporate Controls = URL Filtering C

OR

PO

RA

TE C

ON

TRO

LS

Walled Garden

Illegal Site Filter

Dynamic Rating

PIN Code Override

Browsing Activity Archival

Personalised Redirects

Web Content Categorisation

Time of Day / Day of Week

Personal Black & White Lists

Anti-Virus Filtering

Safe Search Enforcement

Anti-Phishing Site Filtering

Anti-Malware Site Filtering

Personalised Controls

Hierarchical Policies

21

21

Block 0712xxxxx

• Carrier enterprise customers control employee web surfing behavior leveraging NGNP URL filtering capability

• Each enterprise customer may customize controls for their own enterprise

• Corporate devices only; corporate handsets with corporate usage

Block 0712xxxxx



Service Offerings to Enterprises

22

Name Features

Corporate Safety Basic URL Filtering Group and individual category control Walled Garden

Corporate Safety Premium Corporate Safety Basic, plus… Malware Site Protection Time of Day Controls Safe Search

Mobile Device Management Basic Authentication Management Remote Access Security Compliance

Mobile Device Management Premium

Mobile Device Management Premium, plus… Content enablement Application distribution and access

Corporate Protection BYOD Corporate Safety Premium plus Mobile Device Management Premium plus… Centralized Management



Application of Parental Controls to Web Filtering

CO

VER

AG

E

HTTPS

Mobile web

HTTP

Handset /Device independent

23

23 ST B03 - Mobile Security and Management S

ELF-

CA

RE

Web/SMS/IVR self care

Policy Templates

Parental Notifications

Personalised Policies

PIN Codes

KEY

FEA

TUR

ES

Walled Garden

Illegal Site Filter

Dynamic Rating

Web Content Categorisation

Anti-Virus Filtering

Safe Search Enforcement

Anti-Phishing Site Filtering

Anti-Malware Site Filtering

Browsing Activity Archival

Hierarchical Policies

PIN Code Override

Personalised Redirects

Time of Day / Day of Week

Personalised Controls

Personal Black & White Lists


NGNP Hosted NGNP


Resides in operators’ network Hosted delivery model


Carrier Mobile Networks

Hosted by Symantec

Symantec Traffic

Manager

Expandable

to any web

enabled device

Symantec Traffic

Manager

Symantec Traffic

Manager

Broadband Networks

Other Networks (WiFi, Roaming Mobile)

Threat protection

Policy enforced

Encryption

Compression

In Network

Symantec Traffic

Manager


Symantec Traffic Manager • Requires no new network elements in operator’s network


Web Portal or Parent

and Cooperate

Protection+ Phone

App

Managing the Policies Applying the Policies

Parental

Feedback

Covers all services,

covers all networks

Your Network

Hosted Platform Other

Networks

Integrated Handset Controls



Content Controls Handset Application


Secure Login Family or Cooperate Members Range of Controls

Symantec


Extending Security Perimeter to the Cloud



Mobility, Cloud and I.T. Mega- Pains


Must support to enhance employees productivity

I do not have the means to control security, risk, and compliance across all of these new I.T. platforms

Must embrace to drive business agility and lower costs

Frustration

Mobile

Cloud

Private

Cloud


The security problem


Cloud N

Joe Users

CISO

30

Can control Identity?

Smith 1

Identity control

Can you do Security Information Management?

Logs

Events

Security Control

Data Leakage?

Information Protection

Controls, Audits and Compliance?

Compliance

Compliance Automation

CISO Perimeter Locked to ‘On Premise’ IT

Smith 2


A New Security Layer Above the Cloud


Access Control Information Protection

Cloud Visibility Control Security Compliance O3

To embrace the cloud with confidence

Private Cloud


Cloud Services you can develop

Cloud Strategy and Advisory

• Best of breed Cloud services to match customer needs

• Extend Corporate IT to the Cloud

• Help migrating legacy to Cloud

Identity and Access Control

• Federation between Corporate and Cloud ID

• Strong Authentication and Identity Protection

• Authorize who (identity) and what (device) based on context


Added Value Services …powered by Symantec O3

Governance for the Cloud

• Information Confidentiality

• Data Protection

• Information Life Cycle

Enforce Cloud Security policy

• Data Loss Prevention

• Automatic actions: notification or encryption

• Archiving and eDiscovery

Managed Security and Compliance

• Security Audits (Access & Applications)

• Data Collection and Readiness Assessment

• Compliance Support

Compliance across all clouds

• Audit all Cloud Services from one place

• Security Management for internal IT and Cloud

• Controls and evidence from Cloud services


Secure Mobile Access & Information Protection

1-Click access to INTERNAL and external web apps

Secure sandbox with built-in SSL VPN and silent strong auth

Identity & device based resource access policy)

All sandbox traffic proxied through O3 security gateway for access and information protection to both internal & external web apps



Cloud Aggregation with Symantec O3


CISO Sets Policies

Joe

Joe

Identity, SSO and Federation are Controled

Logs

Events Normalised

Data Loss Protection Controls and

Compliance

Universal Collector for CCS

H1 2013

H1 2013

CISO Perimeter extended to the Cloud

Cloud is not toxic anymore but a business opportunity Joe

Users CISO

Identity control

Security Control

Information Protection

Compliance Automation

Cloud Broker Services

O3 Intelligence Center

Cloud N

H2 2013 Cloud Archiving/eDiscovery


Application Store for Cloud and Mobile



Traditional or Streamed Software Delivery

Mobile App Store Delivery

App Sources

Symantec App Center

Federated App Store Use Cases Traditional + Cloud + Mobile AppStore Software Delivery Use Cases


User

A

Federated App Store

Software Catalog of all deliverable apps

Software Library containing specific app versions

Self Service Portal

SaaS

Symantec

Insight

Traditional Software

Vendor App Stores

Windows App Store

Android Ecosystem

Apple AppStore

Symantec O3

Single Sign On

Identity and Access Control

Cloud and Mobile Security Policy

Enterprise App Stores

Enterprise App Store

Cloud and mobile applications

Access and Security controls

Mobile applications

Security Policy

mobile security and management opportunities for telcos and...

Documents