Mobile Security: The good, the bad, the way forward Get the most out of HP s Mobility Protection Services Jan De Clercq, Felix Martin, HP TC, December, 2013
Today s Presenter Name Jan De Clercq Title & organization Chief Technical Architect, IT Assurance Services, Global TSC Portfolio IT industry experience Military prior to HP Years in HP 15 years Security, Identity and Access Management, Microsoft Security, Microsoft infrastructure, Messaging Professional information Masters IT, Masters Criminology HP TCP Master CISSP, CCSK, Microsoft Certified Architect, Microsoft and Cisco certifications Author of Microsoft security books and articles, contributor to Cloud Computing Protected: Security Assessment Handbook Current responsibilities Cloud Protection, Big Data Protection, Mobility Protection ITA Service Portfolio Sales & Pursuit Assistance ITA Consultant Training & Mentoring ITA Service Portfolio Design & Delivery Readiness Jan's Blogs Jan.DeClercq@HP.com +32 498946043 3
Today s Presenter Name Félix Martín Title & organization EMEA Pursuit Lead IT Infrastructure and Cloud Assurance IT industry experience Years in HP 14 years Security Operations, Security Governance, Cloud Security Professional information MBA CISSP, Certified Information System Security Professional CCSK, Certified of Cloud Security Knowledge PMP, Project Management Professional ITIL expert in IT Service Management Current responsibilities ITA Business development for Iberia ITA Business development for EMEA felix.martin-rodriguez@hp.com +34 609112075 4
Agenda 1. Definition of Terms 2. Scope of Mobile Device Computing 3. The Security Problems with Mobile Devices 4. Mobile Device Security Strategies 5. Putting it all Together 6. Mobility Protection Reference Architecture 7. Conclusion 5
Definition of Terms
Definitions BYOA Bring Your Own Acronym 1.Consumerization Technology that starts from the consumer market and spreads to the business and government sectors 2.MDM Mobile Device Management Controls on mobile devices to protect devices and corporation assets 3.MAM Mobile Application Management Controls targeted at mobile applications, irrespective of the device they run on 4.NAC Network Access Control Controls at the network level to meet security policy 5.BYOD Bring Your Own Device Any device, any time, from anywhere Mobile Device Management Company Liable Network Access Control Mobile Application Management Employee Liable 7
Scope of Mobile Device Computing
Mobile Device Proliferation Apple IOS Closed platform, strong customer loyalty, most apps ipod Touch, iphone, ipad Google Android Open platform, lower price point, 2 nd most apps Too many devices to list Phones & Tablets Microsoft Open APIs, strong tie to desktop, coming on strong Phones, Tablets, Tablet PCs 10
Evolution of Mobility PIM Web Browsing Music Consumer Apps Business Apps Games Today s Usage Today s Devices New Devices New Usage Types Laptop, Desktops Smartphones Tablets Printers Tomorrow Point of Sale Proximity payment embedded systems Convergence Automobiles & Smartphones Hotels & Cars Smart Grid Devices & Smartphones Home Automation and Security Payment Systems & Smartphones Enterprise Integrated collaboration Enterprise Perimeter redefined 11
The Security Problems with Mobile Devices
Key problems for IT Security Threat Landscape Data Threats Sensitive Data Leakage Device Lost or Employee Leaves Network Threats Usage of Many Secure and Unsecure Networks Lack of Mobile Network Visibility Corporate Network Vulnerability to Mobile Threats App Threats Insecure Access to Corporate Apps Lack of Reliability Device Overload Ever-Changing Types, OSs and Security Features User Threats Acting in Non- Compliant / Wrongful Ways 14
Mobility Security Strategies
Shifting Landscape will impact Management Making long term choices is hard as technology is moving so fast B2C B2E B2B BYOD MDM MAM NAC 18
Evolving MDM taxonomy Basic Device Enrollment / Cross- Platform support App Management & Control Documents and Information Management Mobile Application Management Core MDM Functions Hardware Inventory / Asset Mgt / Provisioning Mobile Device Management Network and Security Intelligence / MSM Wifi / VPN / WWAN / Roaming Control Mobile Transport Security, QoS Mobile Security 20
End users MAM Architecture Connection devices Software layer Email Services Collaboration Hosted Data center Secure Application Publishing Virtual Desktops Business (SAP?) Virtual Storage Virtualized Client w/ Local Apps Specific Applications Federated Identity Security Services Virtualized Infrastructure 22
Putting it all Together
Mobility protection stack Security Policies Applications Protection Data Protection Devices Protection Infrastructure Protection Governance, Risks, Compliance BYOD Policies Access control Enterprise remote access Rogue applications Secure data at rest and in transit DLP Data Wipe Device identification Malware protection Perimeter and Network Protection Cloud Protection 32
Mobility protection requires a holistic protection approach: HP ISSM P5 Model P 5 : Proof P 1 : People P 5 Model P 2 : Policies & procedures P 4 : Products P 3 : Processes 33
Building security into mobility strategy, design and implementation Plan Build Strategy Roadmap Design Implement Mobility Protection Workshop Mobility Protection Roadmap Mobility Protection Design Mobility Protection Implementation Mobility Protection Reference Architecture Secure 34
HP Solution building block HP Connected Workplace Services Connected workplace -people-data Mobile connectivity services Mobile management services Mobile platforms Secure on-boarding, provisioning and monitoring with IMC User Access Manager Endpoint Admission Defense Wireless Services Manager User Behavior Analyzer HP FlexNetwork for unified wired and wireless access Network Traffic Analyzer 5400, 5500 EI/HI, 3800 MSM 460/466 AP Converged Infrastructure delivering VDI WLAN controllers 765zl, 720 37
Mobility Protection Reference Architecture
Functional view Partners - Suppliers Customers Employees 40 Data Protection Encrytion Data Loss Prevention Encrypted Data Silo Access Devices Secure Communication VPN Agent Per App-VPN PKI Client IDS/IPS Security Lockdown Secure Staging Browser security Mobile Policy Enforcement Patching Application Securiity Perimeter Security DDOS Protection VPN/SSL Gateways Public Cloud Resources Mobile Application Management Enterprise App Store Application / Apps Management Per App VPN management Mobile Device Management Mobile Device Policy Management Encryption Management ID / Authn / Access Control Management Application Security Management (impacting Mobile Devices) Patching Application Application Firewalls Malware Protection Management Patch Management Poliicy Config Firewalls / DLP Management SIEM / Auditing /Activity Monitoring Whitelisting Proxies Blacklisting Backup / DR Management Host IPS Mobile App DLP Gateways Sandboxing Secure Client Virtualization Access Control Network IPS Resource Security Management ID and Access Management Backup / DR ID / Access Control Management Strong Authn ID Management Malware Protection Management Local ID Access Management Malware Management Protection Patch Management ID Federation Organizational Resources App Policy Management Remote Wiping
Technical view Mobile Application Management XenMobile Enterprise (StoreFront + AppController) Access Gateway and (optional) Load Balancing (NetScaler) Mobile Device Management XenMobile Enterprise (XenMobile Device Manager) Mobile Content Management ShareFile (StorageZone Controller) 41
Technical view: Mapping Per App- VPN Access Management Enterprise App Store Secure Client Virtualization Encrypted Data Silo Mobile Policy Enforcement Browser security Application / Apps Management Per App VPN management App Policy Management ID / Authn / Access Control Management Application Poliicy Config Mobile App Sandboxing ID Management ID Federation Mobile Device Policy Management Remote Wiping Whitelisting Blacklisting Encryption Management Remote Wiping Encrypted Data Silo 42 VPN/SSL Gateways
Conclusion
For more information and next steps Join us in the Security & Risk Management Pavillion to meet experts and get more information. Schedule a meeting with experts in the HP Meeting Center Visit the Security Transformation Experience Workshop and schedule a session Get more information at www.hp.com/go/discover for this specific session Your feedback is important to us. Please take a few minutes to complete the session survey. 45
Learn more about this topic Use HP s Augmented Reality (AR) to access more content 1. Launch the HP AR app* 2. View this slide through the app 3. Unlock additional information! *Available on the App Store and Google Play 46
Thank you