Mobile Security and Management Opportunities for Telcos and Service Providers Lionel Gonzalez Symantec EMEA Solution architect Mike Gibson Protirus Brice Renaud Orange Business Services ST B03 - Mobile Security and Management 1
Mobile Operators are the primary choice for mobile security 2
3
Why are Telcos in a superb position to offer Information Protection Services? 1 2 3 4 5 Service Platforms Fixed & Mobile IT Data Center Huge customer base: Enterprises Consumers Data Centers Infrastructure Billing, Customer Care Networks Information Strong SLAs Trust Logical Roadmap of Services ST B03 - Mobile Security and Management SYMANTEC VISION 2012 4
Mastering Mobile Control Points Devices Apps Data without disrupting user experience ST B03 - Mobile Security and Management SYMANTEC VISION 2012 5
Symantec Offerings for Mobile Protection and Revenue Generation Mobile Devices Network: Next Gen Network Protection Security Insight Network Protection Subscriber Level Policies Carrier Global Policies New Services Enterprise Mobility and Services App Mgmt & Security App Security Policy & Comm. Secure App Store w/licensing Service Platform Norton Zone Norton OnLine Backup Consumer and BYOD Service Platform Norton Zone Norton OnLine Backup ediscovery BackUp Exec Norton One Wi-Fi Reporting Console Portal Security Filter Traffic Analysis Data Retention Usage Control Notification Module Malware Engine Traffic Manager Optimization and Inspection Roaming DLP Mobile Mgmt MDM Policy Secure App Store.Cloud Services Identity Solutions (VIP) Device Security App Control Encryption Mobile Security Identity Safe Norton Utilities Device Security Norton Mobile Security Hot Spot Privacy App Insight Norton Anti-Theft Reverse Proxy O3 Infrastructure. Fed. Auth VIP (OTP) Hosted NGNP Private Cloud ST B03 - Mobile Security and Management SYMANTEC VISION 2012 6
From MDM to MAM: Embracing BYOD 7
Symantec Enterprise Mobility Solutions Device Management App & Data Protection User & App Access Mgmt. Threat Protection Configuration, control and management of mobile devices Corporate data separation and delivery of IT services Company credentials extended to both public and private cloud services Mobile security threat detection and removal Mobile Management Nukona App Center Managed PKI & O3 Mobile Security - Standalone - For Altiris ITMS - For Microsoft SCCM 8
Symantec Mobile Management Robust visibility & control for ios, Android and Windows Phone Enable Activate enterprise access, apps and data easily and automatically Secure Protect enterprise data and infrastructure from attack and theft Manage Control inventory and configuration with massive scalability ST B03 - Mobile Security and Management SYMANTEC VISION 2012 9
Managed Unmanaged BYOD Adoption Map BYOD Company Owned But Unmanaged Company Controls Relevant Apps & Data Only Company Controls Standard Device Company Controls Personal Device Company-owned Personally-owned 12
Managed Unmanaged BYOD Adoption Map BYOD Device. Apps. Data Device. Apps. Data Device. Apps. Data Device. Apps. Data Company-owned Personally-owned 13
Personal App Center s Approach to Protecting Mobile Apps Symantec Apps Enterprise Mobility Console VIP O3 Mobile Internal Apps FORD Kaiser JPMC App Store Apps App Secure App Center Feature-set App deployment & provisioning User authentication across apps Copy & paste prevention Per app file encryption Remote data/app wipe ios & Android support 14
Advancing Mobile Application Management Comprehensive App Wrapping Tech App Store Repository for internal and external mobile applications ST B03 - Mobile Security and Management App Policy Protect app against data loss through encryption, removal control and separation of corporate data Deployed SaaS or On Prem SYMANTEC VISION 2012 Content Center Protect and deploy content across mobile devices 15
Introducing Protirus: MDM tailored for Service Providers 16
Protection from the Network 17
NGNP Delivers Active Content Control Enhanced Control: Active Dynamic Analysis (in the Traffic path) Gives the ability to set rules & enforce these rules Inspect traffic & content to permit, deny or modify before it hits users On a Network wide, Enterprise or Personal level Set Rules For Individual Users Groups Network Regulatory Requirements Network Usage Analyze & Inspect Traffic + Content Network Monitoring Behavior Profiles Malware/Spam Content Categorization Enforce Policy Time of Day Rules Permitted Usage Preferences Security Permissions Regulations Subscriber Interaction Warnings / Notifications Remediation Policy Changes Reporting / Alerting Voice SMS Web P2P IM MMS Email 18
Self-Care Portal Reporting Admin Console Policy Controls Policy Management URL & Content Filter AntiMalware AntiSpam Notifications Malware Recovery Subscriber Policy Register Policy Rules Engine Traffic Analysis Usage Controls Security Filters Data Retention Data Loss Prevention Data Retention Storage Management Archiving Policy Adapters Global Intelligence SMS Circuit Switched Network MMS Mail www Voice IM Packet Switched / Internet NGNP Traffic Control Module ST B03 - Mobile Security and Management 19
Features: Comprehensive Web Filtering Allows the enterprise to: Flexible Configuration Manage safe browsing and safe search (URL whitelist, URL blacklist, time of day routing) Protect unwanted inbound/outbound contacts (who and when contact can be made) Ensures that selected contacts are always accessible Website Operator Controls Allows the Service Provider to provide: URL categorization lists and managed updates Category overrides, URL walled garden Dynamic rating Global illegal lists and defaults Alerting Adminstrator Choice on Safety Alerts: Configurable notification to adminstrator on blocked URL request SMS, Email notification channels PIN override to enable access, or continue block Reports on blocked web sites Block 0712xxxxx SMS ST B03 - Mobile Security and Management SYMANTEC VISION 2012 20
CORPORATE CONTROLS Corporate Controls = URL Filtering Web Content Categorisation Anti-Phishing Site Filtering Anti-Malware Site Filtering Anti-Virus Filtering Walled Garden Illegal Site Filter Dynamic Rating Safe Search Enforcement Personalised Redirects Personalised Controls Personal Black & White Lists Time of Day / Day of Week PIN Code Override Hierarchical Policies Browsing Activity Archival Carrier enterprise customers control employee web surfing behavior leveraging NGNP URL filtering capability Each enterprise customer may customize controls for their own enterprise Corporate devices only; corporate handsets with corporate usage Block 0712xxxxx Block 0712xxxxx 21 ST B03 - Mobile Security and Management SYMANTEC VISION 2012 21
Service Offerings to Enterprises Name Corporate Safety Basic Corporate Safety Premium Mobile Device Management Basic Mobile Device Management Premium Corporate Protection BYOD Features URL Filtering Group and individual category control Walled Garden Corporate Safety Basic, plus Malware Site Protection Time of Day Controls Safe Search Authentication Management Remote Access Security Compliance Mobile Device Management Premium, plus Content enablement Application distribution and access Corporate Safety Premium plus Mobile Device Management Premium plus Centralized Management ST B03 - Mobile Security and Management SYMANTEC VISION 2012 22
KEY FEATURES COVERAGE SELF-CARE Application of Parental Controls to Web Filtering Web Content Categorisation HTTP Web/SMS/IVR self care Anti-Phishing Site Filtering HTTPS Policy Templates Anti-Malware Site Filtering Anti-Virus Filtering Walled Garden Illegal Site Filter Mobile web Handset /Device independent Parental Notifications Personalised Policies PIN Codes Dynamic Rating Safe Search Enforcement Personalised Redirects Personalised Controls Personal Black & White Lists Time of Day / Day of Week PIN Code Override Hierarchical Policies Browsing Activity Archival 23 ST B03 - Mobile Security and Management SYMANTEC VISION 2012 23
NGNP Hosted NGNP Resides in operators network Hosted delivery model 24
Symantec Traffic Manager Requires no new network elements in operator s network Symantec Traffic Manager Carrier Mobile Networks Symantec Traffic Manager Hosted by Symantec Expandable to any web enabled device Symantec Traffic Manager Other Networks (WiFi, Roaming Mobile) Broadband Networks Symantec Traffic Manager In Network Threat protection Policy enforced Encryption Compression ST B03 - Mobile Security and Management SYMANTEC VISION 2012 25
Integrated Handset Controls Managing the Policies Applying the Policies Your Network Web Portal or Parent and Cooperate Protection+ Phone App Parental Feedback Hosted Platform Other Networks Covers all services, covers all networks ST B03 - Mobile Security and Management SYMANTEC VISION 2012 26
Content Controls Handset Application Symantec Secure Login Family or Cooperate Members Range of Controls 27
Extending Security Perimeter to the Cloud 28
Mobility, Cloud and I.T. Mega- Pains Mobile Must support to enhance employees productivity Private Cloud Frustration Cloud I do not have the means to control security, risk, and compliance across all of these new I.T. platforms Must embrace to drive business agility and lower costs 29
The security problem Logs Controls, Audits and Compliance? Smith 1 Smith 2 Data Leakage? Identity control Cloud N Can control Identity? Can you do Security Information Management? Security Control Information Protection Compliance Automation Events Compliance Joe Users CISO CISO Perimeter Locked to On Premise IT 30
A New Security Layer Above the Cloud Access Control Information Protection O Cloud Visibility 3 Control Security Compliance Private Cloud To embrace the cloud with confidence 31
Cloud Services you can develop Added Value Services powered by Symantec O3 Cloud Strategy and Advisory Best of breed Cloud services to match customer needs Extend Corporate IT to the Cloud Help migrating legacy to Cloud Managed Security and Compliance Security Audits (Access & Applications) Data Collection and Readiness Assessment Compliance Support Governance for the Cloud Information Confidentiality Data Protection Information Life Cycle Identity and Access Control Federation between Corporate and Cloud ID Strong Authentication and Identity Protection Authorize who (identity) and what (device) based on context Compliance across all clouds Audit all Cloud Services from one place Security Management for internal IT and Cloud Controls and evidence from Cloud services Enforce Cloud Security policy Data Loss Prevention Automatic actions: notification or encryption Archiving and ediscovery 32
Secure Mobile Access & Information Protection Secure sandbox with built-in SSL VPN and silent strong auth Identity & device based resource access policy) 1-Click access to INTERNAL and external web apps All sandbox traffic proxied through O3 security gateway for access and information protection to both internal & external web apps ST B03 - Mobile Security and Management SYMANTEC VISION 2012 34
Cloud Aggregation with Symantec O3 Joe Logs Universal Collector for CCS Identity, SSO and Federation are Controled CISO Perimeter extended to the Cloud Cloud is not toxic anymore but a business opportunity Controls and Compliance Joe Events Normalised Joe Users Cloud Broker Services Data Loss Protection CISO Identity control Security Control Information Protection O3 Intelligence Center Compliance Automation CISO Sets Policies Cloud Archiving/eDiscovery Cloud N H1 2013 H1 2013 H2 2013 35
Application Store for Cloud and Mobile 36
Federated App Store Use Cases Traditional + Cloud + Mobile AppStore Software Delivery Use Cases App Sources Traditional or Streamed Software Delivery Traditional Software Federated App Store Software Catalog A of all deliverable apps Software Library containing specific app versions Self Service Portal SaaS Vendor App Stores Apple AppStore Symantec O3 Single Sign On Identity and Access Control Cloud and Mobile Security Policy Cloud and mobile applications Access and Security controls User Android Ecosystem Windows App Store Symantec Insight Symantec App Center Enterprise App Stores Enterprise App Store Mobile applications Security Policy Mobile App Store Delivery 37