2015 Mobile Security Trends: Are You Ready?

© 2015 IBM Corporation
IBM Security
0 IBM Security Systems© 2015 IBM Corporation
2015 Mobile Security Trends:
Are You Ready?
Jason Hardy
Market Segment Manager, Mobile Security
IBM Security Systems
David Lingenfelter
Information Security Officer, MaaS360 by Fiberlink
IBM Security

IBM Security
1 IBM Security Systems
Agenda
 What’s Happening in Mobile
 Introduce the IBM Mobile Security Framework
 Trends from “The State of Mobile Security Maturity”
 Tackling Mobile Security with a Layered Defense
1

IBM Security
“Enterprise mobility will continue to
be one of the hottest topics
in IT, and high on the list of
priorities for all CIOs.”
“IT organizations will dedicate at
least 25% of their software
budget to mobile application
development, deployment,
and management by 2017.”
Enterprise Mobility is HOT Mobile Security is a CHALLENGE

IBM Security
3
Mobile Enterprise: A 2015 HorizonWatching Trend Report
“Mobile reached a tipping point in 2014 as it solidified its position as one of the most
disruptive technologies for businesses in decades. Not since the advent of the Internet has
a technology forced businesses to rethink completely how they win, serve, and retain
customers. The new competitive battleground is the mobile moment.” Forrester
“Enterprise mobility will continue to be one of
the hottest topics in IT, and high on the list of
priorities for all CIOs” Ovum
Interest in Mobile continues to grow as business professionals are
increasingly using their mobile device over traditional laptops
GSMA
“Mobility spending plans are trending up, with
73% of companies planning to increase mobility
spending over the next 12 months, 25%
planning to spend at the same rate, and only
2% planning to spend less.” Current Analysis
“Gartner studies show that mobile devices are
increasingly becoming the first go-to device for
communications and content consumption
used by most people on the planet who can
afford such devices” Gartner

IBM Security
Mobile Security Threats Are Exploding
Mobile malware is
growing; malicious
code is infecting
more than
11.6 million
mobile devices at
any given time3
Mobile devices
and the apps we
rely on are under
attack
90% of the top
mobile apps have
been hacked4
“With the growing penetration of
mobile devices in the enterprise,
security testing and protection of
mobile applications and data
become mandatory ` Gartner
“Enterprise mobility … new systems of
engagement. These new systems
help firms empower their customers,
partners, and employees with
context-aware apps and smart
products.” Forrester

IBM Security
Are Mobile Enterprise Apps Secure?

IBM Security
MobileFirst
Protect (MaaS360)
AppScan, Arxan, Trusteer M;
bile SDK
Security Access Manager
for Mobile, Trusteer Pinpoint
Extend Security Intelligence
Enterprise Applications
and Cloud Services
Identity, Fraud,
and Data Protection
Protect Content & Data
Safeguard Applications
Manage Access & Fraud
Secure the Device
DATA
Personal and
Consumer
Enterprise
IBM Mobile Security Framework
QRadar Security Intelligence Platform
AirWatch, MobileIron, Good,
Citrix, Microsoft, Mocana
HP Fortify, Veracode, Proguard CA, Oracle, RSA
Secure the Device Protect Content & Data Safeguard Applications Manage Access & Fraud
Provision, manage and
secure Corporate and
BYOD devices
Segregate enterprise
and personal data;
ensure shared content
is protected
Develop secure,
vulnerability free,
hardened and risk
aware applications
Secure access and
transactions for
customers, partners
and employees
Security Intelligence
A unified architecture for integrating mobile security information & event management (SIEM), log
management, anomaly detection, and configuration & vulnerability management

IBM Security
The Roadmap to Effective Mobile Security
The State of Mobile Security Maturity
Findings from the ISMG Survey Sponsored by IBM
Link to report

IBM Security
Tackling Mobile Security with a
Layered Defense
David Lingenfelter
@Simply_Security

IBM Security
Layered Defense

IBM Security
Change is inevitable

IBM Security
Mobile technologies are more empowering
of employed adults use at
least one personally-owned
mobile device for business
Mobile workers will use at
least one business-focused
app this year
yearly increase in revenue from
people using mobile devices to
purchase items.

IBM Security
But security threats are even greater
Threats on your
employees
Threats on your
customers
of financial apps on
Android have been
hacked
of Top 100 Android
apps have been
hacked
annual cost
of crime

IBM Security
Relentless Use
of Multiple Methods
Operational
Sophistication
Near Daily Leaks
of Sensitive Data
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014
IBM X-Force declared
Year of the
Security Breach
40% increase
in reported data
breaches and incidents
500,000,000+ records
were leaked, while the future
shows no sign of change
2011 2012 2013
Note: Size of circle estimates relative impact of incident in terms of cost to
business.
We are in an era of continuous breaches.
SQL
injection
Spear
phishing
DDoS Third-party
software
Physical
access
Malware XSS Watering
hole
Undisclosed
Attack types

IBM Security
IT’s Role and Focus has Changed
Many different
use cases within a
single company
Corporate Owned
BYOD
Shared Devices
Cart Devices
Kiosk Devices
Data Leakage
Apps
Blacklisting
URL filtering
SharePoint/EFSS
Intranet Access

IBM Security
Mobility Is Strategic
Enterprise Mobility Management
has become a Foundation in
every Mobile Strategy

IBM Security
IBM MobileFirst Protect Layered Approach
Secure
the Device
Secure
the Content
Secure
the App
Secure
the Network
Separating Corporate and Personal Lives

IBM Security
Secure the Device
Dynamic security and
compliance features
continuously monitor devices
and take action.

IBM Security
Secure the Container: Mail & Content
An office productivity app with email, calendar, contacts, & content

IBM Security
Secure the App
Enhancing private and public app
security through (SDK or wrapping)
code libraries and policies

IBM Security
Secure the Network
A fully-functional web browser
to enable secure access to
corporate intranet sites and
enforce compliance of policies

IBM Security
IBM MobileFirst Protect Delivers an Integrated Approach
One Platform for All Your Mobile Assets
Secure Content
Collaboration
Secure
Mobile
Containers
Comprehensive
Mobile Management
Seamless
Enterprise
Access

IBM Security
Embrace The New Normal
Mobile is becoming THE IT platform
Go beyond enabling these new devices
– Mobile utilization of corporate network/resources
– Separation of corporate & personal apps/data
– App management & security (and app dev assist)
– Identity, context and more sophisticated policy

IBM Security
Wrap-up
 Unlocking productivity with Apps and Content
 Capabilities exists today to Enable
 Take a Layered approach for Security
You can do it now,
 Empower Users
 Build Trust
 Do it with IBM Mobile First protect
David Lingenfelter
@simply_security

IBM Security
www.ibm.com/security
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response
to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated
or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure
and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to
be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,
products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

2015 Mobile Security Trends: Are You Ready?

More Related Content

What's hot

Similar to 2015 Mobile Security Trends: Are You Ready?

More from IBM Security

Recently uploaded

2015 Mobile Security Trends: Are You Ready?