service2media: webinar security & management (17 march 2014) by derk tegeler

1

30 MINUTEN Welcome! How to build your Mobile App Competence Center? Webinar Series.. #3 Security & Management Derk Tegeler Director Security

Agenda

2

•  Trends

•  #3 Security & Management •  Introduction •  Policy and motivation •  Technical Coverage •  MDM/MAM – device and application management •  Monitoring and alarming

Trends

Advanced app solutions | 3

•  Information centric approach •  Identity fraud •  Lawful and unlawful interception

•  Where is your data? Is that allowed? •  Data confidentiality •  Data integrity •  PKI…

Trends: the evil 8

Advanced app solutions | 4

•  Data loss from lost, stolen or decommissioned devices •  Information-stealing mobile malware •  Data loss and data leakage through poorly written third-party

applications •  Vulnerabilities within devices, OS, design and third-party applications •  Unsecure Wi-Fi, network access and rogue access points •  Unsecure or rogue marketplaces •  Insufficient management tools, capabilities and access to APIs (includes

personas) •  NFC and proximity-based hacking

Source: Cloud Security Alliance Mobile Working Group

The Opportunistic Market in Transition

Experimentation is giving way to a more thoughtful approach to mobility. Organizations are taking astep back and rethinking how best to maximize the value of mobility. 3

1 "The early days of mobile adoption were characterized by experimentation and unfettered departmental demand for mobile apps. These apps, funded by the business, tend to be natively developed, and are built quickly and cheaply and often without coordination with the rest of the organization or a view to long-term sustainment and value maximization.

2 Such experimentation and piloting are necessary for organizations to test and learn about mobility, with the lessons learned that enterprise mobility can show significant business value, and that not embracing enterprise mobility will put the organization at a competitive disadvantage.

Source: Gartner, 2013

Mobile Maturity Model Explained

6

Disclaimer J

HOW TO GROW YOUR MOBILE MATURITY?

7

1. What is your Mobile Strategy Maturity goal? 2.  How are you performing currently? 3. What are the gaps? 4.  Define gaps that matter most 5.  Prioritize and close the gaps

8

Opportunistic Strategic Mobile-First

The majority of companies A small minority of companies Very few, if any, companies

A reactive IT department

Mobility Center of Excellence: C-level attention, self-empowered lines of business, a responsive IT department

Low

Organization-wide strategic focus

Medium High

Siloed employee classes, typically field and sales forces and applications addressing basic customer interactions

Limited extendibility of architecture

Addresses large subsets of both dedicatedly and occasional mobile workers and more sophisticated offerings to customers

Affects all mobile workers and internal activities and sophisticated customer engagement

Common architecture for mobility

Common architecture for mobility and integrated into most IT business processes

Siloed point solutions

Sophisticated administration and management tools; voice, data and integrated communications services

Integrated platform capabilities and ubiquitous connectivity

Few formal policies with decisions heavily user-influenced

Policy-driven approach for management, security and compliance

Policy-driven and 'factory' approach to mobile innovation, re-casting business workflows

Proportion of companies

Mobile strategy center of gravity

Level of business model innovation

Users

Architecture

Technologies

Policies

WHAT IS YOUR MOBILE MATURITY GOAL?

9

1.  Strategy and Organization 2.  Initiation and Design 3.  Security and Management 4.  Development and Maintenance 5.  Test and Distribution 6.  Backend and Integration

MOBILE MATURITY MODEL - ASSESMENT AXES

10

MOBILE MATURITY MODEL - LEVEL DETERMINATION

OPPORTUNISTIC

Developing

Aware

STRATEGIC

Optimising

Practicing

MOBILE FIRST

Leading

Opportunis.c Strategic Mobile First

Strategy & Organisa.on

Prac'ce observed 1 ✔ x Prac'ce observed 2 ✔ x Ini.a.on & Design

Prac'ce observed 1 ✔ x Prac'ce observed 2 ✔ Development & Maintenance

Prac'ce observed 1 x

11

MOBILE MATURITY MODEL - GAP IDENTIFICATION

Chapter three:

12

Security and Management


13

Policy and mo.va.on


Security measures are dictated by common sense and in-‐house experience

Law abiding, covering business risks Quan'fied risk coverage

Prac'ces Observed

1) Policies and processes 2) Risk analysis 3) Accountability


14

Technical Coverage


Customer is developing secure apps

Customer is addresssing specific mobile vulnerabili'es on a case per case basis

Customer is on par with current threat mi'ga'on

Prac'ces Observed

1) code quality 2) vulnerability coverage 3) data protec'on 4) app protec'on 5) key management


15

Mobile Device and/or Mobile Applica.on Management


None or only MicrosoK Exchange controls

MDM system in place Central policy based device and applica'on management

Prac'ces Observed

1. scenario coverage 2. company data on device 3. impact 4. authen'ca'on 5. device management 6. management console


16

NOC Integra.on (monitoring and alarming)


The mobile service is a stand alone isolated server, ill fiQed in the organisa'on

Embrionic dashboards reveal real'me status and performance

The service is fully integrated inthe normal service administra'on

Prac'ces Observed

1) KPI’s 2) Ticke'ng system 3) Knowledge base 4) IT process automa'on …

Are you interested in a Mobile Strategy Maturity Assessment?

[email protected]

17

Next Webinar April 17th

18

#4. Development and Maintenance by … myself

service2media: webinar security & management (17 march 2014) by derk tegeler

Technology