mobile security and management opportunities for telcos and...
TRANSCRIPT
1
Mobile Security and Management – Opportunities for Telcos and Service Providers
Mike Gibson Protirus
ST B03 - Mobile Security and Management
Brice Renaud Orange Business Services
Lionel Gonzalez Symantec EMEA Solution architect
SYMANTEC VISION 2012
Mobile Operators are the primary choice for mobile security
ST B03 - Mobile Security and Management 2
SYMANTEC VISION 2012
ST B03 - Mobile Security and Management 3
SYMANTEC VISION 2012 4
1 2 3 4 5
• Huge
customer
base:
• Enterprises
• Consumers
• Data
Centers
• Infra-
structure
• Billing,
Customer
Care
• Networks
• Information
• Strong
SLAs
• Trust
• Logical
Roadmap
of Services
Why are Telcos in a superb position to offer Information Protection Services?
Fixed & Mobile
Service Platforms
IT Data Center
ST B03 - Mobile Security and Management
SYMANTEC VISION 2012 ST B03 - Mobile Security and Management
Devices Apps Data
Mastering Mobile Control Points
5
…without disrupting user experience
5
SYMANTEC VISION 2012
Secure App Store
MDM Policy
Mobile Mgmt
Enterprise Mobility and Services
App Security Policy & Comm.
App Mgmt & Security
Secure App Store w/Licensing
eDiscovery
Mobile Devices
Encryption
App Control
Device Security
.Cloud Services
Norton Zone
Service Platform
Norton OnLine Backup
BackUp Exec
Identity Solutions
(VIP)
Symantec Offerings for Mobile Protection and Revenue Generation
Reverse Proxy
Fed. Auth
O3 Infrastructure.
VIP (OTP)
DLP
Consumer and BYOD
Identity Safe
Norton Zone
Service Platform
Norton OnLine Backup
Norton One
Norton Utilities
Hot Spot Privacy
Norton Mobile Security
Device Security
App Insight
Norton Anti-Theft Mobile Security
Network: Next Gen Network Protection
Security Filter
Traffic Analysis
Data Retention
Usage Control
Notification Module
Malware Engine
Reporting Console Portal
Carrier Global Policies Subscriber Level Policies
Security Insight
New Services
Network Protection
Traffic Manager Optimization and Inspection
Private
Cloud
Hosted NGNP
Wi-Fi
Roaming
6 ST B03 - Mobile Security and Management
SYMANTEC VISION 2012
From MDM to MAM: Embracing BYOD
ST B03 - Mobile Security and Management 7
SYMANTEC VISION 2012
Symantec Enterprise Mobility Solutions
ST B03 - Mobile Security and Management 8
Company credentials extended to both public and private
cloud services
User & App Access Mgmt.
Corporate data separation and delivery of IT
services
App & Data Protection
Configuration, control and
management of mobile devices
Device Management
Mobile security threat detection and
removal
Threat Protection
8
Mobile Management Nukona App Center Managed PKI & O3 Mobile Security
- Standalone
- For Altiris ITMS
- For Microsoft SCCM
SYMANTEC VISION 2012
Enable • Activate enterprise access,
apps and data easily and automatically
Secure • Protect enterprise data and
infrastructure from attack and theft
Manage
• Control inventory and configuration with massive scalability
Symantec Mobile Management
9
Robust visibility & control for iOS, Android and Windows Phone
ST B03 - Mobile Security and Management
SYMANTEC VISION 2012
Company Controls Personal Device
Company Controls Relevant Apps & Data Only
Company Controls Standard Device
Company Owned But Unmanaged
BYOD Adoption Map
ST B03 - Mobile Security and Management 12
Company-owned Personally-owned
Man
age
d
Un
man
age
d
BYOD
12
SYMANTEC VISION 2012
BYOD
BYOD Adoption Map
ST B03 - Mobile Security and Management 13
Company-owned Personally-owned
Man
age
d
Un
man
age
d
Device. Apps. Data
Device. Apps. Data Device. Apps. Data
Device. Apps. Data
13
SYMANTEC VISION 2012
App deployment & provisioning
User authentication across apps
Copy & paste prevention
Per app file encryption
Remote data/app wipe
iOS & Android support
App Center’s Approach to Protecting Mobile Apps
Personal
VIP
FORD JPMC Kaiser
Enterprise Mobility Console
O3 Mobile
Symantec Apps
Internal Apps
App Store Apps
Secure App Center
Feature-set
App
ST B03 - Mobile Security and Management 14
SYMANTEC VISION 2012
Advancing Mobile Application Management
Comprehensive App Wrapping Tech
App Store
Repository for internal and external mobile applications
App Policy
Protect app against data loss through encryption, removal control and separation of corporate data
Content Center
Protect and deploy content across mobile devices
ST B03 - Mobile Security and Management
Deployed SaaS or On Prem
15
SYMANTEC VISION 2012
Introducing Protirus: MDM tailored for Service Providers
ST B03 - Mobile Security and Management 16
SYMANTEC VISION 2012
Protection from the Network
ST B03 - Mobile Security and Management 17
SYMANTEC VISION 2012
NGNP Delivers Active Content Control
• Enhanced Control: Active Dynamic Analysis (in the Traffic path)
• Gives the ability to set rules & enforce these rules
• Inspect traffic & content to permit, deny or modify before it hits users
• On a Network wide, Enterprise or Personal level
Set Rules For
• Individual Users
• Groups
• Network
• Regulatory Requirements
• Network Usage
Analyze & Inspect Traffic + Content
• Network Monitoring
• Behavior Profiles
• Malware/Spam
• Content Categorization
Enforce Policy
• Time of Day Rules
• Permitted Usage
• Preferences
• Security Permissions
• Regulations
Subscriber Interaction
• Warnings / Notifications
• Remediation
• Policy Changes
• Reporting / Alerting
Voice SMS Web P2P IM MMS Email
18 ST B03 - Mobile Security and Management 18
Self-Care Portal Reporting Admin Console Policy
Management
Policy Controls
Policy Adapters
Policy Rules Engine
Notifications
Malware Recovery
Subscriber Policy Register
Traffic Analysis
Usage Controls
Security Filters
Data Retention
• URL & Content Filter
• AntiMalware
• AntiSpam
• Data Loss Prevention
• Data Retention
• Storage Management
• Archiving
• Global Intelligence
SMS
MMS Mail www Voice
Circuit Switched Network
Packet Switched /
Internet
NGNP Traffic Control Module
IM
19 ST B03 - Mobile Security and Management
SYMANTEC VISION 2012
Alerting
Operator Controls
Flexible Configuration
Allows the enterprise to:
• Manage safe browsing and safe search (URL whitelist, URL blacklist, time of day routing)
• Protect unwanted inbound/outbound contacts (who and when contact can be made)
• Ensures that selected contacts are always accessible
Features: Comprehensive Web Filtering
Adminstrator Choice on Safety Alerts:
• Configurable notification to adminstrator on blocked URL request
• SMS, Email notification channels
• PIN override to enable access, or continue block
• Reports on blocked web sites
Allows the Service Provider to provide:
• URL categorization lists and managed updates
• Category overrides, URL walled garden
• Dynamic rating
• Global illegal lists and defaults
Block 0712xxxxx
Website
SMS
20 20
ST B03 - Mobile Security and Management
SYMANTEC VISION 2012
Corporate Controls = URL Filtering C
OR
PO
RA
TE C
ON
TRO
LS
Walled Garden
Illegal Site Filter
Dynamic Rating
PIN Code Override
Browsing Activity Archival
Personalised Redirects
Web Content Categorisation
Time of Day / Day of Week
Personal Black & White Lists
Anti-Virus Filtering
Safe Search Enforcement
Anti-Phishing Site Filtering
Anti-Malware Site Filtering
Personalised Controls
Hierarchical Policies
21
21
Block 0712xxxxx
• Carrier enterprise customers control employee web surfing behavior leveraging NGNP URL filtering capability
• Each enterprise customer may customize controls for their own enterprise
• Corporate devices only; corporate handsets with corporate usage
Block 0712xxxxx
ST B03 - Mobile Security and Management
SYMANTEC VISION 2012
Service Offerings to Enterprises
22
Name Features
Corporate Safety Basic URL Filtering Group and individual category control Walled Garden
Corporate Safety Premium Corporate Safety Basic, plus… Malware Site Protection Time of Day Controls Safe Search
Mobile Device Management Basic Authentication Management Remote Access Security Compliance
Mobile Device Management Premium
Mobile Device Management Premium, plus… Content enablement Application distribution and access
Corporate Protection BYOD Corporate Safety Premium plus Mobile Device Management Premium plus… Centralized Management
ST B03 - Mobile Security and Management
SYMANTEC VISION 2012
Application of Parental Controls to Web Filtering
CO
VER
AG
E
HTTPS
Mobile web
HTTP
Handset /Device independent
23
23 ST B03 - Mobile Security and Management S
ELF-
CA
RE
Web/SMS/IVR self care
Policy Templates
Parental Notifications
Personalised Policies
PIN Codes
KEY
FEA
TUR
ES
Walled Garden
Illegal Site Filter
Dynamic Rating
Web Content Categorisation
Anti-Virus Filtering
Safe Search Enforcement
Anti-Phishing Site Filtering
Anti-Malware Site Filtering
Browsing Activity Archival
Hierarchical Policies
PIN Code Override
Personalised Redirects
Time of Day / Day of Week
Personalised Controls
Personal Black & White Lists
SYMANTEC VISION 2012
NGNP Hosted NGNP
ST B03 - Mobile Security and Management 24
Resides in operators’ network Hosted delivery model
SYMANTEC VISION 2012
Carrier Mobile Networks
Hosted by Symantec
Symantec Traffic
Manager
Expandable
to any web
enabled device
Symantec Traffic
Manager
Symantec Traffic
Manager
Broadband Networks
Other Networks (WiFi, Roaming Mobile)
Threat protection
Policy enforced
Encryption
Compression
In Network
Symantec Traffic
Manager
25 ST B03 - Mobile Security and Management
Symantec Traffic Manager • Requires no new network elements in operator’s network
SYMANTEC VISION 2012
Web Portal or Parent
and Cooperate
Protection+ Phone
App
Managing the Policies Applying the Policies
Parental
Feedback
Covers all services,
covers all networks
Your Network
Hosted Platform Other
Networks
Integrated Handset Controls
26 ST B03 - Mobile Security and Management
SYMANTEC VISION 2012
Content Controls Handset Application
ST B03 - Mobile Security and Management 27
Secure Login Family or Cooperate Members Range of Controls
Symantec
SYMANTEC VISION 2012
Extending Security Perimeter to the Cloud
ST B03 - Mobile Security and Management 28
SYMANTEC VISION 2012
Mobility, Cloud and I.T. Mega- Pains
ST B03 - Mobile Security and Management 29
Must support to enhance employees productivity
I do not have the means to control security, risk, and compliance across all of these new I.T. platforms
Must embrace to drive business agility and lower costs
Frustration
Mobile
Cloud
Private
Cloud
SYMANTEC VISION 2012
The security problem
ST B03 - Mobile Security and Management 30
Cloud N
Joe Users
CISO
30
Can control Identity?
Smith 1
Identity control
Can you do Security Information Management?
Logs
Events
Security Control
Data Leakage?
Information Protection
Controls, Audits and Compliance?
Compliance
Compliance Automation
CISO Perimeter Locked to ‘On Premise’ IT
Smith 2
SYMANTEC VISION 2012
A New Security Layer Above the Cloud
ST B03 - Mobile Security and Management 31
Access Control Information Protection
Cloud Visibility Control Security Compliance O3
To embrace the cloud with confidence
Private Cloud
SYMANTEC VISION 2012
Cloud Services you can develop
Cloud Strategy and Advisory
• Best of breed Cloud services to match customer needs
• Extend Corporate IT to the Cloud
• Help migrating legacy to Cloud
Identity and Access Control
• Federation between Corporate and Cloud ID
• Strong Authentication and Identity Protection
• Authorize who (identity) and what (device) based on context
ST B03 - Mobile Security and Management 32
Added Value Services …powered by Symantec O3
Governance for the Cloud
• Information Confidentiality
• Data Protection
• Information Life Cycle
Enforce Cloud Security policy
• Data Loss Prevention
• Automatic actions: notification or encryption
• Archiving and eDiscovery
Managed Security and Compliance
• Security Audits (Access & Applications)
• Data Collection and Readiness Assessment
• Compliance Support
Compliance across all clouds
• Audit all Cloud Services from one place
• Security Management for internal IT and Cloud
• Controls and evidence from Cloud services
SYMANTEC VISION 2012
Secure Mobile Access & Information Protection
1-Click access to INTERNAL and external web apps
Secure sandbox with built-in SSL VPN and silent strong auth
Identity & device based resource access policy)
All sandbox traffic proxied through O3 security gateway for access and information protection to both internal & external web apps
34 ST B03 - Mobile Security and Management
SYMANTEC VISION 2012
Cloud Aggregation with Symantec O3
ST B03 - Mobile Security and Management 35
CISO Sets Policies
Joe
Joe
Identity, SSO and Federation are Controled
Logs
Events Normalised
Data Loss Protection Controls and
Compliance
Universal Collector for CCS
H1 2013
H1 2013
CISO Perimeter extended to the Cloud
Cloud is not toxic anymore but a business opportunity Joe
Users CISO
Identity control
Security Control
Information Protection
Compliance Automation
Cloud Broker Services
O3 Intelligence Center
Cloud N
H2 2013 Cloud Archiving/eDiscovery
SYMANTEC VISION 2012
Application Store for Cloud and Mobile
ST B03 - Mobile Security and Management 36
SYMANTEC VISION 2012
Traditional or Streamed Software Delivery
Mobile App Store Delivery
App Sources
Symantec App Center
Federated App Store Use Cases Traditional + Cloud + Mobile AppStore Software Delivery Use Cases
ST B03 - Mobile Security and Management 37
User
A
Federated App Store
Software Catalog of all deliverable apps
Software Library containing specific app versions
Self Service Portal
SaaS
Symantec
Insight
Traditional Software
Vendor App Stores
Windows App Store
Android Ecosystem
Apple AppStore
Symantec O3
Single Sign On
Identity and Access Control
Cloud and Mobile Security Policy
Enterprise App Stores
Enterprise App Store
Cloud and mobile applications
Access and Security controls
Mobile applications
Security Policy