Scale Your App Strategy for Success with IBM MaaS360

August 18, 2016

Frank GentileCloud Security Specialist, IBM MaaS360

Steve CrescimoneSales Leader - Mobile and Application Security, IBM MaaS360

2 IBM Security

Housekeeping items

Duration – 60 minutes

Submit your questions to all panelists in the Q&A box located on the right-hand side of your screen

Recording and slides will be emailed to you

3 IBM Security

Today’s agenda

• Market trends̶2 2016 Ponemon Institute Study Findings

• The makings of a successful app strategy

• Real customers, real data

• Best practices for scaling apps

Making App Security a Strategically Managed Discipline

INDEPENDENT PONEMON INSTITUTE STUDY

Poll #1 PlaceholderQUESTION: WHERE DO MOST SECURITY COMPROMISES MOST LIKELY OCCUR?

6 IBM Security

The Problem: Ponemon’s 2016 Application Security Risk Study

Where do most security compromises most likely occur?

Applications Network Human Intelligence

Data Physical

3225

1712

9

7 IBM Security

The Problem: Ponemon’s 2016 Application Security Risk Study

What are your organization’s top application security risk objectives?

69%

63%

62%

48%

23%

21%

11%

3%

Minimize Downtown

Minimize Business Disruption

Compliance / Regulation

Protect Intellectual Property

Prevent Attacks

Preserve Brand / Reputation

Secure critical Infrastructure

Other

Ease & Speed Matter

8 IBM Security

The Problem: Ponemon’s 2016 Application Security Risk Study

Perceptions about application developers and application security risk?

50%

Developers Lack Knowledge & Skill

Lack of resources allocated

Developers view security as a hindrance to releases

70%

73%

Intelligent Findings Analytics IFA can change these perceptions.

Improve your app security effectiveness

10 IBM Security

Identify and remediate high-priority vulnerabilities

IBM Application Security on Cloud

ComprehensiveBased on AppScan engines

SimpleAs easy a 1-2-3

FastFully Automated solution

SafeMeets IBM Security standards

11 IBM Security

Run all tests DAST

SAST

IAST

Analyze everythingWeb apps

Mobile apps

Desktop apps

Buy one subscription and get it all.

One tool, all scanning included

Comprehensive

12 IBM Security

SimpleDoes my application contain security vulnerabilities?

Enter URL / upload application

Scan the application

2

Reviewthe report

31

IBM Application Security on Cloud

13 IBM Security

Reduce false positives Minimize “unlikely attack

scenarios” Provide fix

recommendations that resolve multiple vulnerabilities

* Patents pending1Poneman Institute estimates the cost to fix a defect if found early in development at $80, while it costs around $960 to fix if found in QA

Early and repeatable vulnerability analysis drives cost reduction for fixes1

Machine learning with Intelligent Findings Analytics “IFA”*

Learned results

Intelligent Findings Analytics• Fully automated review of scan findings

• Trained by IBM Security Experts

AppScan results

Fast

Cognitive computing applied to security vulnerability analysis

14 IBM Security

• Meets or exceeds human experts

• Returns results in seconds, rather than hours or days

• 90-95% average reduction in false positives

• Integrates right back into the development workflow

• Fix an average 8-10 issues in a single place in the code

IFAExample Real World Applications

ScanFindings Vulnerabilities Fix Recommendations

Application 1 55,132 14,050 60

Application 2 12,480 1,057 35

Fast

Intelligent findings analytics results

15 IBM Security

Runs on IBM SoftLayer architecture Provides end-to-end encryption Meets strict IBM SaaS security

standards

Your source code never leaves your control / premises

Uploaded application artifacts are not stored or cached in the service

Robust protection for your sensitive application assets

Safe

01 02 03Manage it:Mobile Application Management

Secure it:Mobile Application Security

Enhance it:Gateway for Apps

Now what?FIRST WE DEVELOPED OUR APP, THEN WE SCANNED IT…

17 IBM Security

Mobile Application Management is fastest growing EMM segment

Averaging ~40% CAGR until 2020

Source: 451 Research, 2015

• Need to distribute and manage a growing number of apps driving MAM market growth

• In 2015, Gartner client inquiries for MAM tools doubled

• 29% of organizations have a mobile app store today, and 30% more plan one in future

• Average B2E enterprise app store has 26 mobile apps, over 60% are public apps

18 IBM Security

Enterprise App Catalog

App security & compliance

management

Distribute & update apps

Selectively remove managed

apps

Volume Purchase Program

management

App Cloud for hosting &

distribution

IBM MaaS360 Mobile Application Management

19 IBM Security

New look and feel for iPhones, iPads and Android devices– Similar to native App Store user experience– In collaboration with Apple & Google designers– Keeps app info up-to-date with public app store

Simplify discovery of relevant apps– Intuitive search, sort, filter, multiple tabs– Highlights recently added and most popular apps– Rate and review apps to give feedback

Promote key apps for users– App Bundles to logically group apps– Featured, New, and App Bundles draw users’ attention– Display similar apps to help users find the right one

Manage at scale– Quickly create and distribute app bundles for one touch installation

Unmatched App UX in EMM industry

Android and iOS app catalogs—a reimagined experience

20 IBM Security

Enable user authentication Stop access from compromised devices Restrict cut/copy/paste Enforce file protection Limit data backup to iTunes Alert administrators of violations Take automated actions MaaS360 Market for best-in-class apps

from developers leveraging SDK

A mobile application container with full operational & security management to protect against data leaks for iOS & Android

Simple App Wrapper when deploying enterprise apps with MAM

orRobust Software Development Kit (SDK) to

integrate right in app code

IBM MaaS360 Mobile Application Security

21 IBM Security

Secure per app VPN tunnel to internal data resources to enhance enterprise apps on a mobile device Enable & distribute private apps with enterprise data, secured using IBM MaaS360 Mobile

Application Management & IBM MaaS360 Mobile Application Security No need for user to initiate a device-level VPN connection No changes to your network or firewall security settings

Files

Content

Data

Gateway

IBM MaaS360 Gateway for Apps

Real customers, real dataIBM MAAS360 APPS

23 IBM Security

MaaS360 app distribution

80% Public 20% Private

24 IBM Security

Where apps are being put to work

• Education – K-12

• Pharmaceutical

• Service companies – internet, TV and telecommunications

24

25 IBM Security

6000+ Companies60K+ Apps

10M+ Distributions

26 IBM Security

How customers compare

26

Manage 9 AppsApprox. 1500 Distributions Manage 472 Apps

Approx. 430,000 Distributions

Average Customers Top 10 Customers

27 IBM Security

How customers are scaling

27

1 to 10 apps

• Few tools necessary• Mostly public apps

• Random distribution• No end-user training

100 or more apps

• EMM and MAM is a must• AD/Group based distributions• Install/Update with one touch• Discovery of relevant apps

• App promotion, intuitive search, sort, filter• Native Experience

• Public and Private Apps• App Configuration

• DLP Controls

Average Top 10

28 IBM Security

Securing apps and scaling your app strategy for success

Your checklist:

Scan Application Security on Cloud

Manage Mobile Application Management

Secure Mobile Application Security

Enhance Gateway for Apps

SCALE! EMM, MAM, and App Security

Poll #2 PlaceholderWOULD YOU LIKE MORE INFO ON ASOC?

Questions?SUBMIT VIA ON24 Q&A BOX

AppendixAPP SECURITY ON CLOUD – SAMPLE REPORTS

32 IBM Security

Security Report – Payment Card Industry Data Security Standard (PCI)

Version 3.1

33 IBM Security

Web Application Report

demo.testfire.net

34 IBM Security

Mobile Application Report

Altoro for iOS v1.0

ibm.com/security

securityintelligence.com

xforce.ibmcloud.com

@ibmsecurity

youtube/user/ibmsecuritysolutions

© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.

FOLLOW US ON:

THANK YOU