Mobile Security Workshop in Japan ITPro Expo Tokyo November 2013. Japan enterprise moblity trends, usages, BYOD adoption vs Corporate only, Auditing, Penetration Testing. Announcement au the mSeclabs launch.
Sécurité mobile.
REDA ZITOUNI CTO and VP Chief Security
Mobiquant Japan ITpro Expo Tokyo/ Mobile and IOT Security Conference - REDA ZITOUNI CTO and VP Chief Security
1. Japan Mobile Security:
The 4 Biggest Challenges
Facing CIOs/CSOs in 2013-2014
www.mobiquant.com
Booth A15 –HALL 11
@MOBIQUANT
2. Mobile Usage Evolution 2008-2013
Mobile Threats Trends in 2013
iOS vs Android Platforms Analysis
MDM vs MSM (Mobile Security Management))
B2B mobility at risk
Future of Mobile Security
MOBIQUANT UNIQUE APPROACH
HOW WE CAN HELP YOUR ORGANIZATION
3. JAPAN MOBILE SECURITY LANDSCAPE 2013
Mobile Security Costs UK SMEs Over 66 Billion Yens
4 Datacenters of data lost every year
230 00 days men needed to recover services
5. Mobile Usages Evolution 2008-2013(2)
•
•
2008
2011
Users : Consumerization of mobility rears its head in the enterprise
ITs: centrally managed and secured
6. Mobile Usages Evolution 2008-2013(2)
1.
2.
Top priority: Manage the lost or stolen data risk
Priority needs:
1.
Rationalize mobile devices management
2.
Optimize productivity
3.
Simplify administration
4.
Facilitate updates
5.
Control by defining security policies
6.
Standardize the infra mobile management with the rest of the IS
Source : Mobiquant Labs 2013 (400 CISOs in Europe and USA)
7. Mobile Threats Trends in 2013(1)
B2C: Mobile Typical Criminality: [$]
Worms, Mobile Ransomwares (blocking), SPAM, Malwares
B2B: Mobile in IE global war:
[Data]
Botnets, Spybots, backdoors, pervasive + sophisticated malwares
Governmental, Military, Defense :
[Data or Influence]
Suspicions about government-sponsored attacks will grow. Using
zero-day vulnerabilities and sophistical malware, some of these
attacks may be considered APT (advanced persistent threats)
13. iOS vs Android Platforms Analysis (4)
• In 2011 alone, Google removed more than 100
malicious apps
• Google discovered 50 applications infected by a
single piece of malware (Droid Dream : personal
data)
• Google hasn’t always acted in a timely manner :
– +260,000 times before Google removed it from the
app market.
So creating a mobile security policy that requires end
users to protect personal mobile devices within the
enterprise is key to keeping your organization's data
safe.
13
14. iOS vs Android Platforms Analysis (5)
Key Drivers for mobile attacks:
Browser (jailbreak iOS v1..)
Applications (xStores) : No real control PlayStore VS Appstore
Stacks/Software weaknesses: Few on IOS vs Many on Android
14
15. MDM vs MSM (Mobile Security Management))
- B2B mobility at risk
•
MDM (mobile device mangement) is about Asset Management
– Basic security features (wipe, password)
– Fake implementations (ex : PKI, SCEP only)
•
MSM (mobile Security Management) is about Security
Management(ISO27001/05, PCSSI, Sox, Bale2…)
– Mobile : VPN, PKI, Encryption, Policies, Apps and web services
security (signing house, monitoring,..)
2013 trends: Many CISOs required by management to take over
back to Mobility Management/Strategy as security not covered
15
16. Future of Mobile Security
Internet objects, Data leakage, Mass-Malwares
More mobility in many usage (Internet Objects):
Exposing data at risk and easing more profitable mass attacks for
hackers
LTE and LTE+ bringing permanent and high bandwith connectivity
(easing blackhat), UMA (Mesh Networks )
Massive standards adoption boosting highly critical (and
benefitial) services : NFC, Mobile Payments, m-Wallets,…
SECURITY TO DO LIST
Need for a real strategy including the Security Experts
Continuous Auditing of the policies enforcements
Devices, Tools, Solutions must be security proven
16
Follow us @ISACANews #APCACS
18. Appliance and Virtual
Range
Patented technology evolving
Major account range / Governments
Appliance MNX 500
Appliance MNX 1000
Appliance MNX 3000
Appliance MNX 5000
SMB Range
Appliance Nano : 1 - 300
Appliance Jumbo: 300 - 1000
18
19. Mobile NX : Multi OS Solution
Multi Platform
Agent NX
Mobile securing
Rugged Terminals
Windows Mobile6
Android
Psion Teklogix
Motorola Symbol
Intermec
07/02/2014
Universal collaborative
customer
Netbooks
Windows7
Apple
iPad
Androïd
Galaxy Tab
20. Technology and
Innovation Awards
June 2008
National Innovation Award French
Ministry Of Research and Innovation
October2008
Innovation AWARD of the European IT and Security
Congress ( 1400 CISOs and CIOs)
Décember 2009
Frost&Sullivan experts AWARD
Best Entreprise Mobile Technology
January 2010
Redherring Global TOP100 Award
April 2010
Redherring Europe TOP100 Award
20