2014 - dss - mobile devices & security overview

Innovations in data security

Mobile Security Basics

Andris Soroka

09.04.2014

The Saga Begins – Scared vs. Informed

Some words about history…

PHONE Elisha Gray & Alexander Granham Bell

2013Xperia Z UltraSONY

What this is not about (left side)...

What this is about..

What is all about

“2014.gadā vidēji katram izglītotam darbiniekam būs vidēji 3.3 mobīlās ierīces, salīdzinot ar vidējo statistiku ar 2.8 mobīlajām ierīcēm 2013.gadā.” 1

“Data Security Solutions” business card

Specialization – IT Security

IT Security services (consulting, audit, pen-testing, market analysis, system testing and integration, training and technical support)

Solutions and experience portfolio with more than 20 different technologies – cyber-security global market leaders from more than 10 countries

Trusted services provider for banks, insurance companies, government and private companies (critical infrastructure etc.)

Role of DSS in Cyber-security Development in Baltics

Cyber-Security Awareness Raising

Technology and knowledge transfer

Most Innovative Portfolio

Trusted Advisor to its Customers

Cybersecurity Awareness Raising

Own organized conference “DSS ITSEC”5th annual event this yearMore than 400 visitors + more than 250 online live streaming watchers from LV, EE, LT4 parallel sessions with more than 40 international speakers, including Microsoft, Oracle, Symantec, IBM, Samsung and many more – everything free of charge

Participation in other events & sponsorshipCERT & ISACA conferences & eventsRIGA COMM, HeadLight, IBM Pulse Las vegasRoadshows and events in Latvia / Lithuania / Estonia (f.i. Vilnius Innovation Forum, Devcon, ITSEC HeadLight, SFK, business associations)

Participation in cyber security discussions, strategy preparations, seminaries, publications etc.

Innovations – technology & knowledge transfer

Innovative Technology Transfer Number of unique projects done with different technology global leadership vendorsKnowledge transfer (own employees, customers – both from private & public, other IT companies in LV, EE, LT) Specialization areas include:

Endpoint SecurityNetwork SecuritySecurity ManagementApplication SecurityMobile SecurityData SecurityCyber-securitySecurity Intelligence

Some just basic ideas

Agenda

Prologue

Digital world 2014

Threats & Security

Recommendations

Exit scene

Prologue: The Digital World 2014 & future

Fastest technology development in time..

Prologue: Some new technologies

3D PrintersGoogle Glasses (“glassh**es)Cloud ComputingBig Data & SupercomputersMobile Payment & Virtual MoneyRobotics and Intraday DeliveriesInternet of thingsAugmented RealityExtreme development of ApsDigital prototypingGadgets (devices) & MobilityTechnology replaced jobs (automation)

Geo-location powerBiometricsHealth bands and mHealthElectronic carsAvegant Glymph and much, much more

Prologue: Mobility & Gadgets

21st Century – Mobility century

PC era Mobile era

Prologue: Mobility & Gadgets

Multi-OS

Tablets now and future of tablets

Mobility future forecast

1 Cisco IBSG Horizons Study of 600 U.S. IT and business leaders

“Globally in 2013 an average economically active person owns 2.8 mobile devices. In 2014 it is forecasted that such person will own 3.3 devices. Forecast is giving taking in mind also that population increases.” 1

Millions of mobile applications

Mobility & Security


Digital Agenda for European Union

Mobility & Security


http://www.youtube.com/watch?v=jTaLpb96ims

Privacy is gone?

What exactly phone can collect...

- Emails & other data- Location- Social Media data- Personal information- Degrees of contact- Web-based data

Mobility & Security...

Mobility & Security


Governments as malware writers


Mobility & Security


Mobility & Security – Use cases

We give mobile devices to children or any other friendly souls (multiuser factor)

We install as many differerent applications as possible - games, social media etc. (apps vulnerability factor)

We experience lost or stolen devices & mostly those won’t be returned

We don’t care about securty basics (updates, security programms, encryption, passwords etc.)

We connect to anything that is FREE

We open EVRYTHING

We give 3rd party apps any possible rights

We don’t make «seasonal» clearings of our devices

Mobile device as entry point

Mobility for enterprise

M - the need for mobility O - the need to improve operations B - the need to break business barriers I - the need to improve information quality L - the need to decrease transaction lag E - the need to improve efficiency

Mobility and enterprises (cont.)

ITMobile

2-3x as many employees using mobile

Devices not Windows-based

>50% owned by employees

>50 apps per device

Most mobile apps built outside IT

Constant OS migration

Mobility & Security


Mobility & Security


4 Roll out at scale

Group-basedUser self-service

Multi-tier management

EmailAD/LDAP

CertificatesBES

2 Integrate tightly

Email and appsPolicy and identity

Connectivity (Wi-Fi, VPN)By group, individual, or ownership

1 Configure securely

3 Protect privacy

BYOD programsRegional regulations

Across OSFor apps and devices

For BYOD and corporate programs

5 Manage inventory

Wipe corporate data15 Limit roaming costs14

Deliver apps at scale

Protect app container12

11

Tunnel app data13Apps

6 Monitor risk

8 Enforce identity

9 Automate workflow

7 Control access

Security

Access and protect docs10Docs

Korporatīvā vide

Drošu pašu veidoto mobīlo aplikāciju izveide

Pilnvērtīgi ieviest un izmantoto korporatīvajā vidē tā saucamo «Nāc ar savu ierīci» («BYOD») tendenci

Mobīlo ierīču pārvaldība un drošībaMobīlo aplikāciju pārvaldības politika

Datu nošķirtības sasniegšanaPrivātie datiKorporatīvie dati

Nodrošināt drošu piekļuvi pie korporatīvajiem datiem un darba aplikācijām

Drošs savienojums (šifrēts)Identitātes kontrole, autentifikācija un autorizācija, arī auditsDroša pašmāju aplikāciju izstrāde un testēšana

Think security first

[email protected]

+371 29162784

http://www.dss.lv/

mailto:[email protected]