What is the Right Security Solution for Mobile Computing? #RSAC



Similar documents
Implementation: Single European Market for eidentity

Mobile Device End-to-End- Encryption for Organizations. San Francisco, April 20th, 2015 GABA / TeleTrusT: Security Solutions Showcase

IT-Security. Perspective, History, Present and Future

The Public Key Muddle

Weak Spots in Enterprise Mobility Management Dennis Schröder

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

Enterprise Mobility Management for Financial Sector

10 Smart Ideas for. Keeping Data Safe. From Hackers

Security & privacy in the cloud; an easy road?

Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager

Exploring Converged Access of IT Security and Building Access Today, Tomorrow and the Future

Cyber Security. John Leek Chief Strategist

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

ADDING STRONGER AUTHENTICATION for VPN Access Control

ENTERPRISE MOBILITY STRATEGY. We work for you, not your technology vendors.

Enterprise effectiveness of digital certificates: Are they ready for prime-time?

ISEC7 Group Global Enterprise Mobility Provider

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG All rights reserved

Secure Mobile Solutions

Internet Governance and Cybersecurity Patrick Curry MACCSA

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Westcon Presentation on Security Innovation, Opportunity, and Compromise

Achim Klabunde, Head of Sector IT Policy, European Data Protection Supervisor, Belgium

EESTEL. Association of European Experts in E-Transactions Systems. Apple iphone 6, Apple Pay, What else? EESTEL White Paper.

Secure by design: taking a strategic approach to cybersecurity

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

How to Execute Your Next Generation of Mobile Initiatives. Ian Evans Vice President and Managing Director- EMEA, AirWatch by VMware

Building Robust Security Solutions Using Layering And Independence

A Systems Approach to Protecting the U.S. Air Traffic Control System Against Cyber-Terrorism

HP Atalla. Data-Centric Security & Encryption Solutions. Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015

Cisco BYOD Smart Solution: Take a Comprehensive Approach to Secure Mobility

Introduction to Cyber Security / Information Security

Longmai Mobile PKI Solution

Encrypted Communication Based on BlockChain and PKI Technology.

Jim Bray, Cyber Security Adviser InfoSight, Inc.

Android for Work powered by SOTI

Executive Summary P 1. ActivIdentity

Department of Veteran Affairs. Fred Catoe Office of Cyber and Information Security AAIP Project Manager March 2004

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools

MOBILE VOICE BIOMETRICS MEETING THE NEEDS FOR CONVENIENT USER AUTHENTICATION. A Goode Intelligence white paper sponsored by AGNITiO

Entrust IdentityGuard Comprehensive

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

Clodoaldo Barrera Chief Technical Strategist IBM System Storage. Making a successful transition to Software Defined Storage

Document ID. Cyber security for substation automation products and systems

How To Use Usher For Business

successstory Security for Diplomacy High Security for Embassy Networks

Personal Security Practices of the CAO

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Seminar: Security Metrics in Cloud Computing ( se)

The Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap

Factory-Installed, Standards-Based Hardware Security. Steven K. Sprague President & CEO, Wave Systems Corp.

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

Middleware- Driven Mobile Applications

STRONGER AUTHENTICATION for CA SiteMinder

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

Patch and Vulnerability Management Program

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Commercially Proven Trusted Computing Solutions RSA 2010

2015 Global Study on IT Security Spending & Investments

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

Mobile Device Security Is there an app for that?

Frost & Sullivan. Publisher Sample

Securing Office 365 with MobileIron

BM482E Introduction to Computer Security

Guideline on Safe BYOD Management

Smart Givaudan. From BYOD experience to new mobile opportunities

Cyber Security Education: My Personal Thoughts. Bharat Doshi

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Transcription:

SESSION ID: SPO1-T09 Trust in Mobile Enterprise Have We Lost the Game? MODERATOR: Prof. Dr. Norbert Pohlmann Professor Computer Science Department for Information Security, Director of the Institute for Internet Security if(is) at the Westphalian University of Applied Sciences Gelsenkirchen, Germany and Chairman of the board of the IT Security Association TeleTrusT PANELISTS: Ammar Alkassar CEO of Sirrix AG security technologies, one of Germany's leading security suppliers Dr. Kim Nguyen Chief Scientist Security, Bundesdruckerei GmbH and Managing director, D-Trust GmbH Dr. Hans-Christoph Quelle Managing Director of Secusmart GmbH, a BlackBerry company

What is the Right Security Solution for Mobile Computing? 2

Classification in Protection Classes Class 0 Threat: privacy of personal data, Cybercrime Consumer Expected costs: adds 5% to personal IT costs products and vendors: achieve market trust Class 1 Companies, authorities Threat: Cybercrime (higher degree of risk), compliance, legal privacy protection Expected costs: adds 10% to IT products and vendors: certified for effectiveness Class 2 Threat: Cybercrime, targeted a acks on corporate values, corporate espionage Breach of security leads only to individual damage Companies, authorities, infrastructure Expected costs: adds 20% to IT products and vendors: certified by internationally approved bodies Class 3 Threat: Economic espionage (intelligence services) and cyber attacks, cyberwar (sabotage) Breach of security leads to collective damage Companies, authorities, infrastructure Expected costs: adds 50% to IT products and vendors: certified by nationally approved bodies Class 4 National Security, Protection requirements: according to classification regimes Classified (beyond Restricted) Expected costs: adds 400% to IT products and vendors: approved and certified by national authorities 3 Share (# of devices out of all) 100% 70% 27% 3% + cost of infrastructure 0,01% Core Classes for Enterprises Appropriate Mechanisms MDM, VPN, Secure Messaging, Voice and Cloud, Container solution + Secure Operating System, Mutli factor authentication, Approved PKI, End2End Encrypted Voice, Messaging and Cloud, E Mail encryption + Hardware based 2 factor authentication (Smartcard, Token)

Authentication and Identification Worlds Identification PKI based signing/ Encryption Governmental eid Solutions with officially verified ID Post issuance of PKI cert Authentication Authentification using FIDO Proprietary authentication systems e.g. usernames/passwords, AppleID, token... 4

Which Security Level can the IT Security App achieve? 5

Why are Containers not Sufficient for Enterprise Level Protection? Container App App App App App App App App OS Middleware Kernel Smartphone Hardware Hardened Compreh. OS Middleware Labeling Security Kernel Smartphone Hardware 6

ONE TOKEN FIDO enabled PKI enabled TWO WORLDS 7

Which Security Level can a full IT Security Smartphone achieve? 8

Why Mobile Enterprise Security needs Enterprise-Wide Information Flow Control? 9

Usability: Building an Eco System INTERNET SERVICES COMPONENT & DEVICE VENDORS 10 SOFTWARE & STACKS

11

Lessons learned today? Classification in Protection Classes eases the selection of appropriate security solutions for the Mobile Enterprise Within the same organization, domains and devices of different Protection Classes can co-exist. Consumer-level devices can be enhanced by intelligent integration of smart components for use in the Mobile Enterprise Germany deployed public eco-systems provide a good set of bestpractice examples 12

Trust in Mobile Enterprise have we lost the Game? We still have an opportunity to win! 13

Visit the German Pavilion at North Exhibit Hall, Booth 4020 The Partners of the German Pavilion: 14

Apply Slide CISO (Chief Information Security Officer) Immediate: classification of applications and determine the rules for devices and infrastructure, identification of gaps and risks. Medium Term: optimization of the security architecture Administrator Immediate: analysis of the state; classification requirements selection of security functions like authentication, identification (2-factor method), virtualization, trusted certificates,... Medium Term: adaptation of processes, use of tool's for the control of security requirements in the field. User in the field Immediate: recognizing the need for security-related applications and following appropriate rules. Medium Term: acceptance of restrictions on the freedom of choice of mobile devices Control of security processes for critical applications. 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information