BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective Kit Colbert CTO, End-User Computing 2014 VMware Inc. All rights reserved.
VMware: Addressing the Market From Data Center to Device Desktop Laptop Tablet Phone End-User Computing Machine Desktop Mobile Content Workspace Services Software-Defined Data Center Center Management & Automation Compute Storage Networking Virtualized Infrastructure Hybrid Cloud Computing 2
What Do They Want? End-User Goal: Flexibility of devices, ability to switch between devices seamlessly without compromise. IT Admin Goal: Simplified and unified management across all devices 3
CITY HOSPITAL
5
6
7
8
9
10
CITY HOSPITAL CITY HOSPITAL UNIVERSITY HOSPITAL
CITY HOSPITAL UNIVERSITY HOSPITAL
13
14
CITY HOSPITAL UNIVERSITY HOSPITAL 3D medical imaging on any device All my apps in one place Patient data on the go HIPAA compliant content collaboration
Mobile Cloud Architecture Define Centrally, Implement Locally 16
Where We are Headed The Virtual Workspace Access Client & Launcher App Store App Catalog Management Application Management Content Management Device Management Common Services Identity, Authentication, Single Sign-on Access Point Social 17
Unsolved Problems with Mobility Security Context Internet of Things
A Picture of Diminishing Returns The Only Thing Outpacing Security Spend Is Security Losses IT Spend Security Spend Security Breaches 19
Access Gateway Many Aspects of Enterprise Mobility Security Unapproved Apps, Access Access OS Versions, Jailbroken Device Personal App Data Leakage, Malware, Virus Corporate App OS Malware, Phishing, MITM App-level VPN Traffic MITM, Poor / No Encryption MITM Internet Sites Malware, Intrusion, DDoS & other vulnerabilities Intrusion Access to all / parts of app Management Server Device Hardware Device VPN Traffic Enterprise Apps & Data Repositories Storage Card USB Backups, Poor / No Encryption Storage SaaS Apps Access to all / parts of app, Data Leakage 20
Access Gateway Security Outside the Firewall Unapproved Apps, Access MAM Access OS Versions, Jailbroken Device Personal App Data Leakage, Malware, Virus Corporate App OS MCM Malware, Phishing, MITM App-level VPN Traffic MITM, Poor / No Encryption MITM Internet Sites Malware, Intrusion, DDoS & other vulnerabilities Intrusion Access to all / parts of app Management Server MDM Device Hardware Storage Card USB Device VPN Traffic Gateway Enterprise Apps & Data Repositories Backups, Poor / No Encryption Storage SaaS Apps Access to all / parts of app, Data Leakage 21
Open Problems with Security Outside the Firewall Are there other layers for enforcing app and data security? How can IT balance security with ease of use? Can we take risk-based approaches? 22
Access Gateway Security of the App: App Scanning/Behavior Analysis Unapproved Apps, Access Access OS Versions, Jailbroken Device Personal App Data Leakage, Malware, Virus Corporate App OS Malware, Phishing, MITM App-level VPN Traffic MITM, Poor / No Encryption MITM Internet Sites Malware, Intrusion, DDoS & other vulnerabilities Intrusion Access to all / parts of app Management Server Device Hardware Device VPN Traffic Enterprise Apps & Data Repositories Storage Card USB Backups, Poor / No Encryption Storage SaaS Apps Access to all / parts of app, Data Leakage 23
Open Problems with App Scanning What is the right way to characterize app behavior? How generic can these behavioral algorithms be? Is app scanning even the right approach? 24
Access Gateway Security Inside the Firewall Unapproved Apps, Access Access OS Versions, Jailbroken Device Personal App Data Leakage, Malware, Virus Corporate App OS Malware, Phishing, MITM App-level VPN Traffic MITM, Poor / No Encryption MITM Internet Sites Malware, Intrusion, DDoS & other vulnerabilities Intrusion Access to all / parts of app Management Server Device Hardware Storage End-user USB Card Context! Device VPN Traffic VPN Enterprise Apps & Data Repositories Network Virtualization Backups, Poor / No Encryption Storage SaaS Apps Access to all / parts of app, Data Leakage 25
Open Problems with Security Inside the Firewall How we can automate the creation of micro-tunnels to segment traffic? Can we detect suspicious activity based on behavior analysis? Can we transparently modify app behavior based on risk/threat? 26
Access Gateway Securing the Data Itself Unapproved Apps, Access Access OS Versions, Jailbroken Device Personal App Data Leakage, Malware, Virus Corporate App OS Malware, Phishing, MITM App-level VPN Traffic MITM, Poor / No Encryption MITM Internet Sites Malware, Intrusion, DDoS & other vulnerabilities Intrusion Access to all / parts of app Management Server Device Hardware Device VPN Traffic Enterprise Apps & Data Repositories Storage Card USB Backups, Poor / No Encryption Storage SaaS Apps Access to all / parts of app, Data Leakage 27
Open Problems with Securing the Data Itself How do we automatically identify important content that shouldn t be leaking? Is the container or encryption route the better choice? Is there a 3 rd option? Can we enable any app to open or edit an encrypted document? 28
Unsolved Problems with Mobility Security Context Internet of Things
IoT Growth Connected Things Exceeds, and Growing Much Faster Than, Number of People 2000 2010 2020 6.1 Billion people 6.8 Billion people 7.6 Billion people 200 Million connected devices 0.03 devices per person 12.5 Billion connected devices 1.8 devices per person 50 Billion connected devices 6.6 devices per person Source: Cisco IBSC 2011 30
IoT Bettering Lives Connect Apply Measure Transmit Receive GLUCOSE 63 SEND 63 Blood Glocose is NORMAL Remote Acquisition
IoT Use Cases Healthcare Patients with non-life-threatening conditions can be monitored remotely/from home by medical staff Smart Asset ID & Tracking used across drug supply chain to prevent drug counterfeiting Industrial & Manufacturing Intelligent commercial aircrafts accurately predict which parts need replacement and when, and optimize inventories & maintenance schedules across entire fleet Smart manufacturing process respond quicker to changing customer demand, with self-organized logistics automatically optimizing production rates and inventories Electricity Smart power generation & transmission grid analysis status updates and performance data for preemptive actions, reducing number and duration of outages Smart buildings and homes analyze real time arrival and usage data to turn on/off electric devices, reducing waste and impact of energy vampires Urban Infrastructure Smart traffic management uses city-wide visibility, smart signals, and traffic flow adjustments to help alleviate congestion and rapidly respond to incidents Smart grid aggregates data from metering devices CONFIDENTIAL 32
Biggest Challenge for IoT Lack of Standards Today Tomorrow
End-to-End Integration: Eliminate Silos End Points Gateway/Transmission Data Store Data Analytics Data Analytics Private Public Big Data GATEWAY 34
Open Problems with End-to-End Integration How can we achieve common standards, APIs, and definitions for each area? Is there a general approach, or does it need to be more specific, e.g. by industry vertical? How can we handle the privacy implications of this always-on big data collection and analysis? 35
M2M Integration: Connecting End Points Locally On a factory floor On a highway In a hospital 36
Open Problems with Local M2M Integration How can we achieve common standards, APIs, and definitions for these interactions? How do we establish trust between local devices? How do we ensure the protection of data as it moves between devices? 37
Shifting Landscape Mobile/cloud architecture driving new and compelling architecture Mobile Cloud Architecture Changing industries, and industries adapting rapidly Many unsolved challenges around security, context, and Internet of Things 38
How You Can Help Security innovation from many different angles Mobile Cloud Architecture New insights by analyzing all the data at our fingertips Driving IoT standards at all levels 39
Thank you!