SlideShare a Scribd company logo

CIS14: Providing Security and Identity for a Mobile-First World

CloudIDSummit
CloudIDSummit

Vijay Pawar, MobileIron, Inc. Ways to secure data in motion, protect data at rest, and provide authentication and single sign-on for mobile application sessions in a secure manner.

Technology
1 of 50
Download to read offline
Security & Identity for a Mobile-First World Vijay Pawar
2 MobileIron Confidential Traditional Desktop Login with Enterprise Identity (AuthN) Browser or Native Apps Access & SSO Applications based on Identity(AuthZ) Pre-registered using IAM
3 MobileIron Confidential Authentication to Applications: Desktop Password Tokens Biometrics Smartcards Certificates
4 MobileIron Confidential Authentication: Traditional Desktops Password Tokens Biometrics Smartcards CertificatesSECURITY USABILITY + DEPLOYMENT
5 MobileIron Confidential Mobile Login with pin (AuthN) Native App Access Applications from Enterprise App Store based on Identity(AuthZ) Pre-registered using EMM Applications based on Identity(AuthZ) Browser Access & SSO
6 MobileIron Confidential Authentication to Applications: Mobile Leverage Same Factors Password Tokens Biometrics Smartcards Certificates
7 MobileIron Confidential Auth Factors Passwords •  Bad UX: Typing long passwords, fat-fingering Biometrics •  Good UX (Fingerprint, facial (early stage), voice) Tokens •  Bad UX: Carry along or on same device (reduces security) SmartCards •  Bad UX: Adding additional hardware
8 MobileIron Confidential EMM Certificate Support Ease in Certificate Delivery High Security (MITM-proof) Multiple Usage (VPN, Wi-Fi, Apps, Browser) Good UX
9 MobileIron Confidential Authentication: Mobile Devices Password Tokens Biometrics Smartcards CertificatesSECURITY USABILITY + DEPLOYMENT Tokens Biometrics Certificates Smartcards Password
10 MobileIron Confidential Identity Verified Authorized to Access App
11 MobileIron Confidential Authorization to Applications: Desktop Access •  Based on AD Group •  Context •  Network •  Time In App Access •  Typically handled inside App
12 MobileIron Confidential Authorization Technology: Desktop SaaS •  Standards (Federation) •  Proprietary (WAM) •  Password Mgr •  E-SSO Native •  E-SSO
13 MobileIron Confidential Authorization: Traditional Desktops Password Mgr WAM FederationSECURITY USABILITY + DEPLOYMENT E-SSO
14 MobileIron Confidential Authorization to Applications: Mobile Access •  Based on AD Group •  Context •  Network •  Time •  Device Posture •  Location •  App Inventory In App Access •  Typically handled inside App
15 MobileIron Confidential Authorization Technology: Mobile SaaS •  Standards (Federation) •  Proprietary (WAM) •  Password Mgr Native •  E-SSO •  Wrap/SDK
16 MobileIron Confidential Authorization: Mobile Apps Password Mgr WAM FederationSECURITY USABILITY + DEPLOYMENT Wrap/SDK
17 MobileIron Confidential Recommendations: Cloud Apps Authorization Support Federation Standards If Username/Password Access • Restrict by IP address for All Applications (ex. email & content) IDP or SaaS providers to use Device Context
18 MobileIron Confidential Future: Authorization: Mobile Apps Password Mgr WAM FederationSECURITY USABILITY + DEPLOYMENT Wrap/SDK
19 MobileIron Confidential Identity Verified Multiple Applications Need Single Sign-On
20 MobileIron Confidential SSO to Applications: Desktop SaaS •  Standards (Federation) •  Proprietary (WAM) •  Kerberos •  Certificates •  Password Mgr •  E-SSO Native •  Kerberos •  Certificates •  Password Mgr •  E-SSO
21 MobileIron Confidential Single Sign-On: Traditional Desktops Password Mgr WAM Kerberos Federation Certificates Apps/OS supported USABILITY E-SSO
22 MobileIron Confidential SSO to Applications: Mobile SaaS •  Standards (Federation) •  Proprietary (WAM) •  Kerberos* •  Certificates* •  Password Mgr* Native •  Kerberos* •  Certificates* •  E-SSO •  Wrap/SDK* * Mileage varies
23 MobileIron Confidential Challenges: Native App SSO Apps Containerized. No Sharing Some OS Vendors Support Shared Token (iOS 7 kerberos) Password Managers do NOT Support Native (iOS) •  Also, security bypass
24 MobileIron Confidential Single Sign-On: Mobile Native Password Mgr WAM Kerberos Federation Certificates Native Apps/ OS supported USABILITY E-SSO Certificates WAMKerberos
25 MobileIron Confidential Approaches: Single Sign-On Need Shared Token support by Mobile OS vendors •  Today: iOS 7 kerberos token •  Future: Oauth token? Federation with Certificate Auth •  Native Apps using Certificates •  IDP supporting Certificate Auth EMM Vendors using Shared Token in Wrapper/ SDK
26 MobileIron Confidential Future: Single Sign-On: Mobile Native Federation Native Apps/ OS supported USABILITY Certificates WAMKerberos
27 MobileIron Confidential Mobile Identity Takeaways Authentication SSOAuthorization • Good UX Key • Certificates and Biometrics Viable Options • Federation Standards Prevent Bypass • Username/PW Apps to Provide IP Restrictions • IDP to Use Device Context • Mobile Vendors Enabling Shared Token Support • Certificates • IDP Support for Certificate Auth
The technical realities…
30 MobileIron Confidential There is no “one answer” to mobile SSO •  Generally “I want SSO” means “I want transparent authentication”. •  Shared tokens, while useful, don’t work extremely well for mobile today •  Goals should be to make authentication & authorization easy while reducing UX complexity But there are lots of implementation options
31 MobileIron Confidential The rough architecture of EMM systems •  A client: –  Serves to enroll users in the EMM policy server. –  Can serve as a central mechanism for driving policies & configs for apps (MAM or app wrapping) •  A server: –  A central system where administrators define policies and configurations for devices, apps and data. Often houses App Storefront functions. –  Often ties to LDAP to direct policies against user or group objects –  Can tie to external systems for access control & identity including certificate authorities, NAC, etc.
32 MobileIron Confidential The rough architecture of EMM systems •  A Gateway: –  Allows for transport of traffic to on-premise resources. Can be VPN or purpose built –  Should tie to concepts around device and network trust – Ensure that device is managed, that sessions aren’t hijacked, etc.
33 MobileIron Confidential •  Mobile Device Management •  Mobile Application Management •  Identity And Certs •  User Self-Service •  Rules & Reporting MobileIron Client Enforces Configuration and Security policies on the device, apps and content at rest and in real time Sentry (Gateway) Provides Access Control by Enforcing Security Policies on Apps and Content in-flight The MobileIron Platform Core (VSP) & Cloud: Mobile Policy Configuration Engine
MobileIron Confidential EMM vendors build SSO …because a lot of customers said “We want to use our Windows architecture.” Result: Kerberos Constrained Delegation and Mobile
35 MobileIron Confidential Kerberos Email Apps Content Active Directory Certs Kerberos App SSO using Kerberos: PC era
36 MobileIron Confidential Email Apps Content Active Directory Certs Native Kerberos ? App SSO : PC era
37 MobileIron Confidential Kerberos Constrained Delegation (KCD) App single sign on (SSO) using KCD Email Apps Content Active Directory Certs Kerberos
38 MobileIron Confidential Requires app developer engagement (SDK / wrapper) Requires trust relationship between gateway and AD infrastructure No client certificate to app server auth supported Constraints with KCD Requires complex setup Native app support (Safari, Chrome) and commercial app support may be limited KCD
MobileIron Confidential Apple takes on SSO iOS 7 introduces support for Kerberos
40 MobileIron Confidential iOS 7: Native OS Kerberos SSO Native iOS. Supports direct Kerberos requests from OS and native apps Device access to Key Distribution Center (KDC) Use device VPN Expose KDC in DMZ or SSO
41 MobileIron Confidential Email Apps Content Active Directory Certs Native Kerberos! ? iOS 7 SSO Challenge
42 MobileIron Confidential Sharepoint, OWA, Other Kerberos- enabled apps Kerberos Domain Controller (KDC) Kerberos First sign on: Kerberos Proxy Subsequent access: Per app VPN SSO iOS 7 SSO with Kerberos Proxy
43 MobileIron Confidential Certificates weren’t supported until iOS 8 (watch this space) Only supported on Apple devices Constraints with Apple SSO Native apps are supported including Safari Token reuse is supported across applications
MobileIron Confidential Standards begin to develop Introduction of AZA, now NAPPS
45 MobileIron Confidential OAUTH enabled app Identity Provider (IDP) AZA / NAPPS approachRequest token Token Exchange Deliver Token Auth with token Auth with token
46 MobileIron Confidential Without OS integration, it remains a MAM-only driven model Today requires app wrapping or SDK Constraints with AZA / NAPPS Standards work is still nascent
MobileIron Confidential Another alternative… Use of certificates for “transparent authentication”
48 MobileIron Confidential OAUTH enabled app Identity Provider (IDP) Certificate auth to SSO IDP Auth with token Receiveuseror machinecertificate Receive user or machine certificate Present certificate to IDP, receive token Store cert in app keychain
49 MobileIron Confidential Constraints with cert-based auth to IDP Provides transparent authentication, but not “SSO”. Apps end up with new tokens if IDP does not know to reissue previous token from previous cert auth Works with iOS native apps, however requires developer work to negotiate cert auth & token request. Android requires app wrapping or SDK to receive certificate material and transport IDP request behind firewall Windows supports cert provisioning and app-access to cert store but transport to IDP needs development IDP must support OAUTH or SAML requests with certificates as the user identity
50 MobileIron Confidential The takeaway •  It is possible to meet end-user and IT needs for authentication today •  IT should be aware of OS capabilities when planning both app and auth design •  Certificates provide the easiest, most transparent method available. •  NAPPS represents a strong development but needs more maturity and OS buy-in

Recommended

DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)Andris Soroka
 
MobileIron Presentation
MobileIron PresentationMobileIron Presentation
MobileIron PresentationWing Venture Capital
 
WSO2 Enterprise Mobility Manager - 2.0
WSO2 Enterprise Mobility Manager - 2.0WSO2 Enterprise Mobility Manager - 2.0
WSO2 Enterprise Mobility Manager - 2.0Dilshan Edirisuriya
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
CIS14: Mobilize Your Workforce with Secure Identity Services
CIS14: Mobilize Your Workforce with Secure Identity ServicesCIS14: Mobilize Your Workforce with Secure Identity Services
CIS14: Mobilize Your Workforce with Secure Identity ServicesCloudIDSummit
 
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.Sierraware
 
Mobile Security for Banking and Finance
Mobile Security for Banking and FinanceMobile Security for Banking and Finance
Mobile Security for Banking and FinanceSierraware
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 

Recommended

DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (MobileIron)Andris Soroka
 
MobileIron Presentation
MobileIron PresentationMobileIron Presentation
MobileIron PresentationWing Venture Capital
 
WSO2 Enterprise Mobility Manager - 2.0
WSO2 Enterprise Mobility Manager - 2.0WSO2 Enterprise Mobility Manager - 2.0
WSO2 Enterprise Mobility Manager - 2.0Dilshan Edirisuriya
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
CIS14: Mobilize Your Workforce with Secure Identity Services
CIS14: Mobilize Your Workforce with Secure Identity ServicesCIS14: Mobilize Your Workforce with Secure Identity Services
CIS14: Mobilize Your Workforce with Secure Identity ServicesCloudIDSummit
 
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.Sierraware
 
Mobile Security for Banking and Finance
Mobile Security for Banking and FinanceMobile Security for Banking and Finance
Mobile Security for Banking and FinanceSierraware
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013Petr Dvorak
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCloudIDSummit
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 
Samsung SDS IAM & EMM
Samsung SDS IAM & EMMSamsung SDS IAM & EMM
Samsung SDS IAM & EMMSamsung SDS America
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USUdløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USIBM Danmark
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic KeyIBM Security
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...IBM Security
 
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityWEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityMobileIron
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMISierraware
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the CrimeIBM Security
 
MaaS360 with Watson
MaaS360 with WatsonMaaS360 with Watson
MaaS360 with WatsonSylvia Low
 
How to successfully implement a secure mobile strategy
How to successfully implement a secure mobile strategyHow to successfully implement a secure mobile strategy
How to successfully implement a secure mobile strategyVASCO Data Security
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
Styr mobile enheder med Mobile Device Management, Martin Vittrup, IBM
Styr mobile enheder med Mobile Device Management, Martin Vittrup, IBMStyr mobile enheder med Mobile Device Management, Martin Vittrup, IBM
Styr mobile enheder med Mobile Device Management, Martin Vittrup, IBMIBM Danmark
 
raonsecure_en_min
raonsecure_en_minraonsecure_en_min
raonsecure_en_minMatthew Shin
 
Your Shortcut to BYOD Success
Your Shortcut to BYOD SuccessYour Shortcut to BYOD Success
Your Shortcut to BYOD SuccessSierraware
 
Mobile App Virtualization 101
Mobile App Virtualization 101Mobile App Virtualization 101
Mobile App Virtualization 101Sierraware
 
Microsoft Enterprise Mobility Suite | Getting started....
Microsoft Enterprise Mobility Suite | Getting started....Microsoft Enterprise Mobility Suite | Getting started....
Microsoft Enterprise Mobility Suite | Getting started....Thomas Godsted Rysgaard
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
VMware Workspace One
VMware Workspace OneVMware Workspace One
VMware Workspace OneJürgen Ambrosi
 
CIS13: Deliver Secure Apps with Great Experiences
CIS13: Deliver Secure Apps with Great ExperiencesCIS13: Deliver Secure Apps with Great Experiences
CIS13: Deliver Secure Apps with Great ExperiencesCloudIDSummit
 

More Related Content

What's hot

SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013Petr Dvorak
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCloudIDSummit
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USUdløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USIBM Danmark
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic KeyIBM Security
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...IBM Security
 
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityWEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityMobileIron
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMISierraware
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the CrimeIBM Security
 
MaaS360 with Watson
MaaS360 with WatsonMaaS360 with Watson
MaaS360 with WatsonSylvia Low
 
How to successfully implement a secure mobile strategy
How to successfully implement a secure mobile strategyHow to successfully implement a secure mobile strategy
How to successfully implement a secure mobile strategyVASCO Data Security
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
Styr mobile enheder med Mobile Device Management, Martin Vittrup, IBM
Styr mobile enheder med Mobile Device Management, Martin Vittrup, IBMStyr mobile enheder med Mobile Device Management, Martin Vittrup, IBM
Styr mobile enheder med Mobile Device Management, Martin Vittrup, IBMIBM Danmark
 
Your Shortcut to BYOD Success
Your Shortcut to BYOD SuccessYour Shortcut to BYOD Success
Your Shortcut to BYOD SuccessSierraware
 
Mobile App Virtualization 101
Mobile App Virtualization 101Mobile App Virtualization 101
Mobile App Virtualization 101Sierraware
 
Microsoft Enterprise Mobility Suite | Getting started....
Microsoft Enterprise Mobility Suite | Getting started....Microsoft Enterprise Mobility Suite | Getting started....
Microsoft Enterprise Mobility Suite | Getting started....Thomas Godsted Rysgaard
 

What's hot (19)

SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watson
 
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
 
Samsung SDS IAM & EMM
Samsung SDS IAM & EMMSamsung SDS IAM & EMM
Samsung SDS IAM & EMM
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USUdløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic Key
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
 
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile SecurityWEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
WEBINAR - August 9, 2016: New Legal Requirements for Mobile Security
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the Crime
 
MaaS360 with Watson
MaaS360 with WatsonMaaS360 with Watson
MaaS360 with Watson
 
How to successfully implement a secure mobile strategy
How to successfully implement a secure mobile strategyHow to successfully implement a secure mobile strategy
How to successfully implement a secure mobile strategy
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
Styr mobile enheder med Mobile Device Management, Martin Vittrup, IBM
Styr mobile enheder med Mobile Device Management, Martin Vittrup, IBMStyr mobile enheder med Mobile Device Management, Martin Vittrup, IBM
Styr mobile enheder med Mobile Device Management, Martin Vittrup, IBM
 
raonsecure_en_min
raonsecure_en_minraonsecure_en_min
raonsecure_en_min
 
Your Shortcut to BYOD Success
Your Shortcut to BYOD SuccessYour Shortcut to BYOD Success
Your Shortcut to BYOD Success
 
Mobile App Virtualization 101
Mobile App Virtualization 101Mobile App Virtualization 101
Mobile App Virtualization 101
 
Microsoft Enterprise Mobility Suite | Getting started....
Microsoft Enterprise Mobility Suite | Getting started....Microsoft Enterprise Mobility Suite | Getting started....
Microsoft Enterprise Mobility Suite | Getting started....
 

Similar to CIS14: Providing Security and Identity for a Mobile-First World

Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
CIS13: Deliver Secure Apps with Great Experiences
CIS13: Deliver Secure Apps with Great ExperiencesCIS13: Deliver Secure Apps with Great Experiences
CIS13: Deliver Secure Apps with Great ExperiencesCloudIDSummit
 
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays
 
Mobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesMobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesSumana Mehta
 
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...Llunitebe2018 ten practical tips to secure your corporate data with microsoft...
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...Kenny Buntinx
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the EnterpriseWill Adams
 
Gartner Catalyst: How to succeed with your IT Mobile Strategy
Gartner Catalyst: How to succeed with your IT Mobile StrategyGartner Catalyst: How to succeed with your IT Mobile Strategy
Gartner Catalyst: How to succeed with your IT Mobile StrategyLou Sacco
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application PlatformNugroho Gito
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftHendrix Bodden
 
Security and Mobile Application Management with Worklight
Security and Mobile Application Management with WorklightSecurity and Mobile Application Management with Worklight
Security and Mobile Application Management with WorklightIBM WebSphereIndia
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsMaxim Salnikov
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Smart OpenID & Mobile Network Security
Smart OpenID & Mobile Network SecuritySmart OpenID & Mobile Network Security
Smart OpenID & Mobile Network SecurityAndreas Leicher
 
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...IBM Danmark
 

Similar to CIS14: Providing Security and Identity for a Mobile-First World (20)

Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
VMware Workspace One
VMware Workspace OneVMware Workspace One
VMware Workspace One
 
CIS13: Deliver Secure Apps with Great Experiences
CIS13: Deliver Secure Apps with Great ExperiencesCIS13: Deliver Secure Apps with Great Experiences
CIS13: Deliver Secure Apps with Great Experiences
 
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
 
Single Sign-On for Mobile
Single Sign-On for MobileSingle Sign-On for Mobile
Single Sign-On for Mobile
 
Mobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesMobilize your workforce with secure identity services
Mobilize your workforce with secure identity services
 
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...Llunitebe2018 ten practical tips to secure your corporate data with microsoft...
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...
 
Usher overview.2014.02 hi
Usher overview.2014.02 hiUsher overview.2014.02 hi
Usher overview.2014.02 hi
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
 
Gartner Catalyst: How to succeed with your IT Mobile Strategy
Gartner Catalyst: How to succeed with your IT Mobile StrategyGartner Catalyst: How to succeed with your IT Mobile Strategy
Gartner Catalyst: How to succeed with your IT Mobile Strategy
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application Platform
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoft
 
Security and Mobile Application Management with Worklight
Security and Mobile Application Management with WorklightSecurity and Mobile Application Management with Worklight
Security and Mobile Application Management with Worklight
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
Smart OpenID & Mobile Network Security
Smart OpenID & Mobile Network SecuritySmart OpenID & Mobile Network Security
Smart OpenID & Mobile Network Security
 
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
 

More from CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

More from CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Recently uploaded

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 

CIS14: Providing Security and Identity for a Mobile-First World

  • 1. Security & Identity for a Mobile-First World Vijay Pawar
  • 2. 2 MobileIron Confidential Traditional Desktop Login with Enterprise Identity (AuthN) Browser or Native Apps Access & SSO Applications based on Identity(AuthZ) Pre-registered using IAM
  • 3. 3 MobileIron Confidential Authentication to Applications: Desktop Password Tokens Biometrics Smartcards Certificates
  • 4. 4 MobileIron Confidential Authentication: Traditional Desktops Password Tokens Biometrics Smartcards CertificatesSECURITY USABILITY + DEPLOYMENT
  • 5. 5 MobileIron Confidential Mobile Login with pin (AuthN) Native App Access Applications from Enterprise App Store based on Identity(AuthZ) Pre-registered using EMM Applications based on Identity(AuthZ) Browser Access & SSO
  • 6. 6 MobileIron Confidential Authentication to Applications: Mobile Leverage Same Factors Password Tokens Biometrics Smartcards Certificates
  • 7. 7 MobileIron Confidential Auth Factors Passwords •  Bad UX: Typing long passwords, fat-fingering Biometrics •  Good UX (Fingerprint, facial (early stage), voice) Tokens •  Bad UX: Carry along or on same device (reduces security) SmartCards •  Bad UX: Adding additional hardware
  • 8. 8 MobileIron Confidential EMM Certificate Support Ease in Certificate Delivery High Security (MITM-proof) Multiple Usage (VPN, Wi-Fi, Apps, Browser) Good UX
  • 9. 9 MobileIron Confidential Authentication: Mobile Devices Password Tokens Biometrics Smartcards CertificatesSECURITY USABILITY + DEPLOYMENT Tokens Biometrics Certificates Smartcards Password
  • 10. 10 MobileIron Confidential Identity Verified Authorized to Access App
  • 11. 11 MobileIron Confidential Authorization to Applications: Desktop Access •  Based on AD Group •  Context •  Network •  Time In App Access •  Typically handled inside App
  • 12. 12 MobileIron Confidential Authorization Technology: Desktop SaaS •  Standards (Federation) •  Proprietary (WAM) •  Password Mgr •  E-SSO Native •  E-SSO
  • 13. 13 MobileIron Confidential Authorization: Traditional Desktops Password Mgr WAM FederationSECURITY USABILITY + DEPLOYMENT E-SSO
  • 14. 14 MobileIron Confidential Authorization to Applications: Mobile Access •  Based on AD Group •  Context •  Network •  Time •  Device Posture •  Location •  App Inventory In App Access •  Typically handled inside App
  • 15. 15 MobileIron Confidential Authorization Technology: Mobile SaaS •  Standards (Federation) •  Proprietary (WAM) •  Password Mgr Native •  E-SSO •  Wrap/SDK
  • 16. 16 MobileIron Confidential Authorization: Mobile Apps Password Mgr WAM FederationSECURITY USABILITY + DEPLOYMENT Wrap/SDK
  • 17. 17 MobileIron Confidential Recommendations: Cloud Apps Authorization Support Federation Standards If Username/Password Access • Restrict by IP address for All Applications (ex. email & content) IDP or SaaS providers to use Device Context
  • 18. 18 MobileIron Confidential Future: Authorization: Mobile Apps Password Mgr WAM FederationSECURITY USABILITY + DEPLOYMENT Wrap/SDK
  • 19. 19 MobileIron Confidential Identity Verified Multiple Applications Need Single Sign-On
  • 20. 20 MobileIron Confidential SSO to Applications: Desktop SaaS •  Standards (Federation) •  Proprietary (WAM) •  Kerberos •  Certificates •  Password Mgr •  E-SSO Native •  Kerberos •  Certificates •  Password Mgr •  E-SSO
  • 21. 21 MobileIron Confidential Single Sign-On: Traditional Desktops Password Mgr WAM Kerberos Federation Certificates Apps/OS supported USABILITY E-SSO
  • 22. 22 MobileIron Confidential SSO to Applications: Mobile SaaS •  Standards (Federation) •  Proprietary (WAM) •  Kerberos* •  Certificates* •  Password Mgr* Native •  Kerberos* •  Certificates* •  E-SSO •  Wrap/SDK* * Mileage varies
  • 23. 23 MobileIron Confidential Challenges: Native App SSO Apps Containerized. No Sharing Some OS Vendors Support Shared Token (iOS 7 kerberos) Password Managers do NOT Support Native (iOS) •  Also, security bypass
  • 24. 24 MobileIron Confidential Single Sign-On: Mobile Native Password Mgr WAM Kerberos Federation Certificates Native Apps/ OS supported USABILITY E-SSO Certificates WAMKerberos
  • 25. 25 MobileIron Confidential Approaches: Single Sign-On Need Shared Token support by Mobile OS vendors •  Today: iOS 7 kerberos token •  Future: Oauth token? Federation with Certificate Auth •  Native Apps using Certificates •  IDP supporting Certificate Auth EMM Vendors using Shared Token in Wrapper/ SDK
  • 26. 26 MobileIron Confidential Future: Single Sign-On: Mobile Native Federation Native Apps/ OS supported USABILITY Certificates WAMKerberos
  • 27. 27 MobileIron Confidential Mobile Identity Takeaways Authentication SSOAuthorization • Good UX Key • Certificates and Biometrics Viable Options • Federation Standards Prevent Bypass • Username/PW Apps to Provide IP Restrictions • IDP to Use Device Context • Mobile Vendors Enabling Shared Token Support • Certificates • IDP Support for Certificate Auth
  • 28.
  • 30. 30 MobileIron Confidential There is no “one answer” to mobile SSO •  Generally “I want SSO” means “I want transparent authentication”. •  Shared tokens, while useful, don’t work extremely well for mobile today •  Goals should be to make authentication & authorization easy while reducing UX complexity But there are lots of implementation options
  • 31. 31 MobileIron Confidential The rough architecture of EMM systems •  A client: –  Serves to enroll users in the EMM policy server. –  Can serve as a central mechanism for driving policies & configs for apps (MAM or app wrapping) •  A server: –  A central system where administrators define policies and configurations for devices, apps and data. Often houses App Storefront functions. –  Often ties to LDAP to direct policies against user or group objects –  Can tie to external systems for access control & identity including certificate authorities, NAC, etc.
  • 32. 32 MobileIron Confidential The rough architecture of EMM systems •  A Gateway: –  Allows for transport of traffic to on-premise resources. Can be VPN or purpose built –  Should tie to concepts around device and network trust – Ensure that device is managed, that sessions aren’t hijacked, etc.
  • 33. 33 MobileIron Confidential •  Mobile Device Management •  Mobile Application Management •  Identity And Certs •  User Self-Service •  Rules & Reporting MobileIron Client Enforces Configuration and Security policies on the device, apps and content at rest and in real time Sentry (Gateway) Provides Access Control by Enforcing Security Policies on Apps and Content in-flight The MobileIron Platform Core (VSP) & Cloud: Mobile Policy Configuration Engine
  • 34. MobileIron Confidential EMM vendors build SSO …because a lot of customers said “We want to use our Windows architecture.” Result: Kerberos Constrained Delegation and Mobile
  • 35. 35 MobileIron Confidential Kerberos Email Apps Content Active Directory Certs Kerberos App SSO using Kerberos: PC era
  • 37. 37 MobileIron Confidential Kerberos Constrained Delegation (KCD) App single sign on (SSO) using KCD Email Apps Content Active Directory Certs Kerberos
  • 38. 38 MobileIron Confidential Requires app developer engagement (SDK / wrapper) Requires trust relationship between gateway and AD infrastructure No client certificate to app server auth supported Constraints with KCD Requires complex setup Native app support (Safari, Chrome) and commercial app support may be limited KCD
  • 39. MobileIron Confidential Apple takes on SSO iOS 7 introduces support for Kerberos
  • 40. 40 MobileIron Confidential iOS 7: Native OS Kerberos SSO Native iOS. Supports direct Kerberos requests from OS and native apps Device access to Key Distribution Center (KDC) Use device VPN Expose KDC in DMZ or SSO
  • 42. 42 MobileIron Confidential Sharepoint, OWA, Other Kerberos- enabled apps Kerberos Domain Controller (KDC) Kerberos First sign on: Kerberos Proxy Subsequent access: Per app VPN SSO iOS 7 SSO with Kerberos Proxy
  • 43. 43 MobileIron Confidential Certificates weren’t supported until iOS 8 (watch this space) Only supported on Apple devices Constraints with Apple SSO Native apps are supported including Safari Token reuse is supported across applications
  • 44. MobileIron Confidential Standards begin to develop Introduction of AZA, now NAPPS
  • 45. 45 MobileIron Confidential OAUTH enabled app Identity Provider (IDP) AZA / NAPPS approachRequest token Token Exchange Deliver Token Auth with token Auth with token
  • 46. 46 MobileIron Confidential Without OS integration, it remains a MAM-only driven model Today requires app wrapping or SDK Constraints with AZA / NAPPS Standards work is still nascent
  • 47. MobileIron Confidential Another alternative… Use of certificates for “transparent authentication”
  • 48. 48 MobileIron Confidential OAUTH enabled app Identity Provider (IDP) Certificate auth to SSO IDP Auth with token Receiveuseror machinecertificate Receive user or machine certificate Present certificate to IDP, receive token Store cert in app keychain
  • 49. 49 MobileIron Confidential Constraints with cert-based auth to IDP Provides transparent authentication, but not “SSO”. Apps end up with new tokens if IDP does not know to reissue previous token from previous cert auth Works with iOS native apps, however requires developer work to negotiate cert auth & token request. Android requires app wrapping or SDK to receive certificate material and transport IDP request behind firewall Windows supports cert provisioning and app-access to cert store but transport to IDP needs development IDP must support OAUTH or SAML requests with certificates as the user identity
  • 50. 50 MobileIron Confidential The takeaway •  It is possible to meet end-user and IT needs for authentication today •  IT should be aware of OS capabilities when planning both app and auth design •  Certificates provide the easiest, most transparent method available. •  NAPPS represents a strong development but needs more maturity and OS buy-in