SlideShare a Scribd company logo

Securing Mobile - A Business Centric Approach

Download as PPTX, PDF
Salahuddin Khawaja
Salahuddin Khawaja

Securing Mobile - A Business Centric Approach For a higher quality version, visit: http://decklaration.com/verizon Presentation given by Omar Khawaja (of Verizion) at Verizon the 2013 ​Mobile World Congress in Barcelona.

1 of 38
Securing Mobile: A Business-Centric Approach Omar Khawaja February 2013
Information Revolution Starts 1970 Main frame (Green Terminals) @smallersecurity
Personal Computing 1970 1980 Thick Client & Mobile Revolution Starts @smallersecurity
Advent of the Web 1970 1980 1990 Web based computing and Mobile truly goes mobile @smallersecurity
Mobile Matures 1970 1980 1990 2000 Web and Mobile mature @smallersecurity
Mobile Revolution 1970 1980 1990 2000 2010 Information Revolution becomes the Mobile Revolution @smallersecurity
Global Mobile Traffic @smallersecurity
Mobile is no longer optional @smallersecurity
Btw, is securing various platform really that different? @smallersecurity
Difference? 1970 1980 1990 2000 2010 Have a closer look: its really not that different. @smallersecurity
Personalization High-IQ Networks of Service Enterprise Consumerization Top Business Clouds of IT Technology Big Data M2M2P Trends Video Compliance Social Enterprise Energy Efficiency @smallersecurity
What’s the common theme across top technology trends? @smallersecurity
Personalization of High-IQ Networks Service Enterprise Clouds Consumerization of IT Big Data M2M2P Video Compliance Social Enterprise Energy Efficiency DATA @smallersecurity
Mobility and Cloud fuel each of these trends. @smallersecurity
Security is about Risk ‘Risk’ Assets Vulnerabilities Threats @smallersecurity
How do we secure mobile today? @smallersecurity
Programs and Technologies @smallersecurity 16
Programs and Technologies Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical & Environment Security Info Systems Acquisition, Dev, & Communication & Ops Mgmt Access Control Maintenance Info Security Incident Business Continuity Compliance Management Management @smallersecurity 17
Programs and Technologies App Security Anti-X Configuration Management DLP Encryption IAM, NAC Patching Policy Management Threat Management VPN Vulnerability Management … @smallersecurity 18
Multiple Approaches @smallersecurity 19
Multiple Approaches Really? Worst Case Single Organization Organization Organization Organization Organization Organization Risk Security Risk Security Risk Security Risk Security Risk Security Risk Security of Info of Info of Info of Info of Info of Info Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Human Physical & Human Physical & Human Physical & Human Physical & Human Physical & Human Physical & Asset Asset Asset Asset Asset Asset Resources Environment Resources Environment Resources Environment Resources Environment Resources Environment Resources Environment Management Management Management Management Management Management Management Security Management Security Management Security Management Security Management Security Management Security Info Systems Info Systems Info Systems Info Systems Info Systems Info Systems Comms & Access Comms & Access Comms & Access Comms & Access Comms & Access Comms & Access Acquisition, Acquisition, Acquisition, Acquisition, Acquisition, Acquisition, Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Info Security Business Info Security Business Info Security Business Info Security Business Info Security Business Info Security Business Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Management Management Management Management Management Management Management Management Management Management Management Management App Config App Config App Config App Config Anti-X Anti-X Anti-X Anti-X Security Mgmt Security Mgmt Security Mgmt Security Mgmt DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC Policy Threat Policy Threat Policy Threat Policy Threat Patching Patching Patching Patching Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Vuln. Vuln. Vuln. Vuln. VPN … VPN … VPN … VPN … Mgmt Mgmt Mgmt Mgmt Security Programs Risk Assessment Asset Management Comms & Ops Mgmt Info Security Incident Management Security Policy Human Resources Management Access Control Business Continuity Management Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance Risk Assessment Asset Management Comms & Ops Mgmt Info Security Incident Management Security Policy Human Resources Management Access Control Business Continuity Management Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance App Config App Config App Config App Config Anti-X Anti-X Anti-X Anti-X Security Mgmt Security Mgmt Security Mgmt Security Mgmt DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC Policy Threat Policy Threat Policy Threat Policy Threat Patching Patching Patching Patching Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Vuln. Vuln. Vuln. Vuln. VPN … VPN … VPN … VPN … Mgmt Mgmt Mgmt Mgmt Multiple Nirvana Good Single Multiple Security Technology Sets @smallersecurity
Here’s an approach… @smallersecurity
Inventory (must) Classify (must) Data-Centric Destroy* (ideal) Approach (Follow the data) Protect Monitor @smallersecurity
Data-Centric Security Model Data-centric security is business-centric security @smallersecurity
Data-Centric Security Model To protect the data, protect what’s around it too @smallersecurity
Data-Centric Security Model GRC and Intelligence define security program @smallersecurity
Data-Centric Security Model Start with assets, end with the controls @smallersecurity
How do we execute? @smallersecurity
Categorize Data Inventory Data Destroy Data Data-Centric Inventory Users Security: Define Business Processes Mobile Environment Definition A Recipe Entitlement Definition Implement Control Requirements Monitor Control Effectiveness @smallersecurity
What about Apps? @smallersecurity
What about Apps? Apps have overtaken Can’t impede app browsing proliferation, but 30 billion app downloads how do you know from Apple's App Store which to trust? @smallersecurity
What about the Network? (It’s not just for transport) @smallersecurity
Key security imperatives: 1) Data Governance 2) Application Governance @smallersecurity
Simplify security Network can program help Apps matter Follow the data Doing things right & Doing the right things Business Context @smallersecurity
Question and Answers @smallersecurity
T h a n k Yo u o m a r.kha wa j a@ ve r i z o nb usi ne ss.co m @smallersecurity
PROPRIETAR Y STATEMENT This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. © 2011 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners. @smallersecurity
Developed and Designed by Salahuddin Khawaja salahk@gmail.com More at Decklaration.com ABOUT THE AUTHOR Salah has 14 years of experience, primarily in the Financial Services Industry. Before joining JP Morgan he spent 11 years at Deloitte & Touche helping Fortune 500 clients with various types of Strategic Initiatives. He is currently is based in Hong Kong with responsibility for delivering the next generation platform for Securities Processing. Areas of Expertise: Strategy Development, Business Transformation, System Integration, Program & Project Management, Mobile Strategy, Data Analytics, Executive Presentations Sample Clients: Bank of America, Citi , MasterCard 37

Recommended

[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...TEO LT, AB
 
E commerce economic essay assignment - www.topgradepapers.com
E commerce economic essay assignment - www.topgradepapers.comE commerce economic essay assignment - www.topgradepapers.com
E commerce economic essay assignment - www.topgradepapers.comTop Grade Papers
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnualfinance40
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 
Reducing IT Costs and Improving Security with Purpose Built Network Appliances
Reducing IT Costs and Improving Security with Purpose Built Network AppliancesReducing IT Costs and Improving Security with Purpose Built Network Appliances
Reducing IT Costs and Improving Security with Purpose Built Network AppliancesIBMGovernmentCA
 
SOC/NOC Convergence by Spire Research
SOC/NOC Convergence by Spire ResearchSOC/NOC Convergence by Spire Research
SOC/NOC Convergence by Spire ResearchAccelOps
 

Recommended

[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...TEO LT, AB
 
E commerce economic essay assignment - www.topgradepapers.com
E commerce economic essay assignment - www.topgradepapers.comE commerce economic essay assignment - www.topgradepapers.com
E commerce economic essay assignment - www.topgradepapers.comTop Grade Papers
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnualfinance40
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 
Reducing IT Costs and Improving Security with Purpose Built Network Appliances
Reducing IT Costs and Improving Security with Purpose Built Network AppliancesReducing IT Costs and Improving Security with Purpose Built Network Appliances
Reducing IT Costs and Improving Security with Purpose Built Network AppliancesIBMGovernmentCA
 
SOC/NOC Convergence by Spire Research
SOC/NOC Convergence by Spire ResearchSOC/NOC Convergence by Spire Research
SOC/NOC Convergence by Spire ResearchAccelOps
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
M2M for Security
M2M for SecurityM2M for Security
M2M for SecurityDale Butler
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security IntelligenceIBMGovernmentCA
 
Bridging the Marketing-Sales chasm
Bridging the Marketing-Sales chasmBridging the Marketing-Sales chasm
Bridging the Marketing-Sales chasmMarketing Network marcus evans
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012Agora Group
 
m2m for the Security Industry
m2m for the Security Industrym2m for the Security Industry
m2m for the Security IndustrySMiUtilities
 
DSS.LV - Digitālā Ēra 2016 - Andris Soroka - Cyber security strategy 2016
DSS.LV - Digitālā Ēra 2016 - Andris Soroka - Cyber security strategy 2016DSS.LV - Digitālā Ēra 2016 - Andris Soroka - Cyber security strategy 2016
DSS.LV - Digitālā Ēra 2016 - Andris Soroka - Cyber security strategy 2016Andris Soroka
 
Hawaii Pacific GIS Conference 2012: Disaster Management and Emergency Respons...
Hawaii Pacific GIS Conference 2012: Disaster Management and Emergency Respons...Hawaii Pacific GIS Conference 2012: Disaster Management and Emergency Respons...
Hawaii Pacific GIS Conference 2012: Disaster Management and Emergency Respons...Hawaii Geographic Information Coordinating Council
 
Information Governance
Information GovernanceInformation Governance
Information GovernanceVicky Makhija
 
Complete Security with Sophos and Softchoice
Complete Security with Sophos and SoftchoiceComplete Security with Sophos and Softchoice
Complete Security with Sophos and SoftchoiceSoftchoice Corporation
 
Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_finalChristopher Wang
 
Chapter1
Chapter1Chapter1
Chapter1tammy1124
 
Future Developments in Aged Care
Future Developments in Aged CareFuture Developments in Aged Care
Future Developments in Aged CareHealth Informatics New Zealand
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
 
Cyber security
Cyber securityCyber security
Cyber securityjvsihag
 
A model for reducing information security risks due to human error
A model for reducing information security risks due to human errorA model for reducing information security risks due to human error
A model for reducing information security risks due to human errorAnup Narayanan
 
Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalEdi Suryadi
 
McCord Security Plus Technology Solutions Capacity Statement 2010
McCord Security Plus Technology Solutions Capacity Statement 2010McCord Security Plus Technology Solutions Capacity Statement 2010
McCord Security Plus Technology Solutions Capacity Statement 2010emmettmccord
 
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...Anup Narayanan
 
SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212Haris Tahir
 
DFJ Esprit - why european vc evca study
DFJ Esprit - why european vc evca studyDFJ Esprit - why european vc evca study
DFJ Esprit - why european vc evca studyNic Brisbourne
 
A VC dialogue on Venture Capital, US Embassy Presentation Feb 2015
A VC dialogue on Venture Capital, US Embassy Presentation Feb 2015A VC dialogue on Venture Capital, US Embassy Presentation Feb 2015
A VC dialogue on Venture Capital, US Embassy Presentation Feb 2015Praveen Paranjothi
 

More Related Content

What's hot

CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
M2M for Security
M2M for SecurityM2M for Security
M2M for SecurityDale Butler
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012Agora Group
 
m2m for the Security Industry
m2m for the Security Industrym2m for the Security Industry
m2m for the Security IndustrySMiUtilities
 
DSS.LV - Digitālā Ēra 2016 - Andris Soroka - Cyber security strategy 2016
DSS.LV - Digitālā Ēra 2016 - Andris Soroka - Cyber security strategy 2016DSS.LV - Digitālā Ēra 2016 - Andris Soroka - Cyber security strategy 2016
DSS.LV - Digitālā Ēra 2016 - Andris Soroka - Cyber security strategy 2016Andris Soroka
 
Information Governance
Information GovernanceInformation Governance
Information GovernanceVicky Makhija
 
Complete Security with Sophos and Softchoice
Complete Security with Sophos and SoftchoiceComplete Security with Sophos and Softchoice
Complete Security with Sophos and SoftchoiceSoftchoice Corporation
 
Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_finalChristopher Wang
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
 
Cyber security
Cyber securityCyber security
Cyber securityjvsihag
 
A model for reducing information security risks due to human error
A model for reducing information security risks due to human errorA model for reducing information security risks due to human error
A model for reducing information security risks due to human errorAnup Narayanan
 
Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalEdi Suryadi
 
McCord Security Plus Technology Solutions Capacity Statement 2010
McCord Security Plus Technology Solutions Capacity Statement 2010McCord Security Plus Technology Solutions Capacity Statement 2010
McCord Security Plus Technology Solutions Capacity Statement 2010emmettmccord
 
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...Anup Narayanan
 
SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212Haris Tahir
 

What's hot (20)

CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff Crume
 
M2M for Security
M2M for SecurityM2M for Security
M2M for Security
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Bridging the Marketing-Sales chasm
Bridging the Marketing-Sales chasmBridging the Marketing-Sales chasm
Bridging the Marketing-Sales chasm
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012
 
m2m for the Security Industry
m2m for the Security Industrym2m for the Security Industry
m2m for the Security Industry
 
DSS.LV - Digitālā Ēra 2016 - Andris Soroka - Cyber security strategy 2016
DSS.LV - Digitālā Ēra 2016 - Andris Soroka - Cyber security strategy 2016DSS.LV - Digitālā Ēra 2016 - Andris Soroka - Cyber security strategy 2016
DSS.LV - Digitālā Ēra 2016 - Andris Soroka - Cyber security strategy 2016
 
Hawaii Pacific GIS Conference 2012: Disaster Management and Emergency Respons...
Hawaii Pacific GIS Conference 2012: Disaster Management and Emergency Respons...Hawaii Pacific GIS Conference 2012: Disaster Management and Emergency Respons...
Hawaii Pacific GIS Conference 2012: Disaster Management and Emergency Respons...
 
Information Governance
Information GovernanceInformation Governance
Information Governance
 
Complete Security with Sophos and Softchoice
Complete Security with Sophos and SoftchoiceComplete Security with Sophos and Softchoice
Complete Security with Sophos and Softchoice
 
Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_final
 
Chapter1
Chapter1Chapter1
Chapter1
 
Future Developments in Aged Care
Future Developments in Aged CareFuture Developments in Aged Care
Future Developments in Aged Care
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technology
 
Cyber security
Cyber securityCyber security
Cyber security
 
A model for reducing information security risks due to human error
A model for reducing information security risks due to human errorA model for reducing information security risks due to human error
A model for reducing information security risks due to human error
 
Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasional
 
McCord Security Plus Technology Solutions Capacity Statement 2010
McCord Security Plus Technology Solutions Capacity Statement 2010McCord Security Plus Technology Solutions Capacity Statement 2010
McCord Security Plus Technology Solutions Capacity Statement 2010
 
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
 
SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212
 

Viewers also liked

DFJ Esprit - why european vc evca study
DFJ Esprit - why european vc evca studyDFJ Esprit - why european vc evca study
DFJ Esprit - why european vc evca studyNic Brisbourne
 
A VC dialogue on Venture Capital, US Embassy Presentation Feb 2015
A VC dialogue on Venture Capital, US Embassy Presentation Feb 2015A VC dialogue on Venture Capital, US Embassy Presentation Feb 2015
A VC dialogue on Venture Capital, US Embassy Presentation Feb 2015Praveen Paranjothi
 
Future of Venture Capital 2016 - PwC Presentation
Future of Venture Capital 2016 - PwC PresentationFuture of Venture Capital 2016 - PwC Presentation
Future of Venture Capital 2016 - PwC PresentationSteven Maarbani
 
Open Innovation & Corporate Venturing - Corporate meet Startups as a source o...
Open Innovation & Corporate Venturing - Corporate meet Startups as a source o...Open Innovation & Corporate Venturing - Corporate meet Startups as a source o...
Open Innovation & Corporate Venturing - Corporate meet Startups as a source o...André Delafontaine
 
European Digital Forum and the Startup Manifesto
European Digital Forum and the Startup ManifestoEuropean Digital Forum and the Startup Manifesto
European Digital Forum and the Startup ManifestoStartup Europe
 
Dealroom 2016 Venture Capital Report
Dealroom 2016 Venture Capital ReportDealroom 2016 Venture Capital Report
Dealroom 2016 Venture Capital ReportStartup Europe
 
Upfront vc analysis 2016
Upfront vc analysis 2016Upfront vc analysis 2016
Upfront vc analysis 2016Mark Suster
 

Viewers also liked (8)

DFJ Esprit - why european vc evca study
DFJ Esprit - why european vc evca studyDFJ Esprit - why european vc evca study
DFJ Esprit - why european vc evca study
 
A VC dialogue on Venture Capital, US Embassy Presentation Feb 2015
A VC dialogue on Venture Capital, US Embassy Presentation Feb 2015A VC dialogue on Venture Capital, US Embassy Presentation Feb 2015
A VC dialogue on Venture Capital, US Embassy Presentation Feb 2015
 
Future of Venture Capital 2016 - PwC Presentation
Future of Venture Capital 2016 - PwC PresentationFuture of Venture Capital 2016 - PwC Presentation
Future of Venture Capital 2016 - PwC Presentation
 
Open Innovation & Corporate Venturing - Corporate meet Startups as a source o...
Open Innovation & Corporate Venturing - Corporate meet Startups as a source o...Open Innovation & Corporate Venturing - Corporate meet Startups as a source o...
Open Innovation & Corporate Venturing - Corporate meet Startups as a source o...
 
European Digital Forum and the Startup Manifesto
European Digital Forum and the Startup ManifestoEuropean Digital Forum and the Startup Manifesto
European Digital Forum and the Startup Manifesto
 
FACE entrepreneurship
FACE entrepreneurshipFACE entrepreneurship
FACE entrepreneurship
 
Dealroom 2016 Venture Capital Report
Dealroom 2016 Venture Capital ReportDealroom 2016 Venture Capital Report
Dealroom 2016 Venture Capital Report
 
Upfront vc analysis 2016
Upfront vc analysis 2016Upfront vc analysis 2016
Upfront vc analysis 2016
 

Similar to Securing Mobile - A Business Centric Approach

DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceAndris Soroka
 
Information opportunities in social, mobile, and cloud technologies
Information opportunities in social, mobile, and cloud technologiesInformation opportunities in social, mobile, and cloud technologies
Information opportunities in social, mobile, and cloud technologiesJohn Mancini
 
How can social technologies be used to drive processes and innovation?
How can social technologies be used to drive processes and innovation?How can social technologies be used to drive processes and innovation?
How can social technologies be used to drive processes and innovation?John Mancini
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraTrend Micro (EMEA) Limited
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...John Mancini
 
Extreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to KnowExtreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to KnowJohn Mancini
 
Information Management on Mobile Steroids
Information Management on Mobile SteroidsInformation Management on Mobile Steroids
Information Management on Mobile SteroidsJohn Mancini
 
Udi and juniper networks BYOD
Udi and juniper networks BYODUdi and juniper networks BYOD
Udi and juniper networks BYODstefriche0199
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 
Big data and big content
Big data and big contentBig data and big content
Big data and big contentJohn Mancini
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Creus Moreira Carlos
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachOmar Khawaja
 
MICROSTRATEGY - Sessione introduttiva sulla piattaforma di Business Intelligence
MICROSTRATEGY - Sessione introduttiva sulla piattaforma di Business IntelligenceMICROSTRATEGY - Sessione introduttiva sulla piattaforma di Business Intelligence
MICROSTRATEGY - Sessione introduttiva sulla piattaforma di Business IntelligenceTwinergy
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
The 10 Most Influential Women In Cyber Security,2023.pdf
The 10 Most Influential Women In Cyber Security,2023.pdfThe 10 Most Influential Women In Cyber Security,2023.pdf
The 10 Most Influential Women In Cyber Security,2023.pdfCIO Look Magazine
 
DSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_AprilDSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_AprilAndris Soroka
 

Similar to Securing Mobile - A Business Centric Approach (20)

DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
 
Information opportunities in social, mobile, and cloud technologies
Information opportunities in social, mobile, and cloud technologiesInformation opportunities in social, mobile, and cloud technologies
Information opportunities in social, mobile, and cloud technologies
 
How can social technologies be used to drive processes and innovation?
How can social technologies be used to drive processes and innovation?How can social technologies be used to drive processes and innovation?
How can social technologies be used to drive processes and innovation?
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC Era
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...
 
Extreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to KnowExtreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to Know
 
Information Management on Mobile Steroids
Information Management on Mobile SteroidsInformation Management on Mobile Steroids
Information Management on Mobile Steroids
 
Udi and juniper networks BYOD
Udi and juniper networks BYODUdi and juniper networks BYOD
Udi and juniper networks BYOD
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
 
Big data and big content
Big data and big contentBig data and big content
Big data and big content
 
Maximizing Security Training ROI
Maximizing Security Training ROIMaximizing Security Training ROI
Maximizing Security Training ROI
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
 
MICROSTRATEGY - Sessione introduttiva sulla piattaforma di Business Intelligence
MICROSTRATEGY - Sessione introduttiva sulla piattaforma di Business IntelligenceMICROSTRATEGY - Sessione introduttiva sulla piattaforma di Business Intelligence
MICROSTRATEGY - Sessione introduttiva sulla piattaforma di Business Intelligence
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 
The 10 Most Influential Women In Cyber Security,2023.pdf
The 10 Most Influential Women In Cyber Security,2023.pdfThe 10 Most Influential Women In Cyber Security,2023.pdf
The 10 Most Influential Women In Cyber Security,2023.pdf
 
DSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_AprilDSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_April
 

More from Salahuddin Khawaja

The Digital School - After School and Summer Program | Lahore
The Digital School - After School and Summer Program | Lahore The Digital School - After School and Summer Program | Lahore
The Digital School - After School and Summer Program | Lahore Salahuddin Khawaja
 
Khud EdTech Initiative - Pakistan
Khud EdTech Initiative - PakistanKhud EdTech Initiative - Pakistan
Khud EdTech Initiative - PakistanSalahuddin Khawaja
 
Khud EdTech Platform - Lahore, Pakistan
Khud EdTech Platform - Lahore, PakistanKhud EdTech Platform - Lahore, Pakistan
Khud EdTech Platform - Lahore, PakistanSalahuddin Khawaja
 
Small coffins are the heaviest to carry
Small coffins are the heaviest to carrySmall coffins are the heaviest to carry
Small coffins are the heaviest to carrySalahuddin Khawaja
 
Age of Sustainable Development
Age of Sustainable Development Age of Sustainable Development
Age of Sustainable Development Salahuddin Khawaja
 
Khosla Investing in the Future
Khosla Investing in the FutureKhosla Investing in the Future
Khosla Investing in the FutureSalahuddin Khawaja
 
Decklaration - 7 Deck Rules - Overview (Rules to build great presentations)
Decklaration - 7 Deck Rules - Overview (Rules to build great presentations)Decklaration - 7 Deck Rules - Overview (Rules to build great presentations)
Decklaration - 7 Deck Rules - Overview (Rules to build great presentations)Salahuddin Khawaja
 
Decklaration - Death by Bullets - Infographic
Decklaration - Death by Bullets - InfographicDecklaration - Death by Bullets - Infographic
Decklaration - Death by Bullets - InfographicSalahuddin Khawaja
 

More from Salahuddin Khawaja (12)

The Digital School - After School and Summer Program | Lahore
The Digital School - After School and Summer Program | Lahore The Digital School - After School and Summer Program | Lahore
The Digital School - After School and Summer Program | Lahore
 
Khud + Acumen
Khud + AcumenKhud + Acumen
Khud + Acumen
 
Khud EdTech Initiative - Pakistan
Khud EdTech Initiative - PakistanKhud EdTech Initiative - Pakistan
Khud EdTech Initiative - Pakistan
 
Khud EdTech Platform - Lahore, Pakistan
Khud EdTech Platform - Lahore, PakistanKhud EdTech Platform - Lahore, Pakistan
Khud EdTech Platform - Lahore, Pakistan
 
Tell a Story
Tell a StoryTell a Story
Tell a Story
 
Small coffins are the heaviest to carry
Small coffins are the heaviest to carrySmall coffins are the heaviest to carry
Small coffins are the heaviest to carry
 
Peak Google
Peak GooglePeak Google
Peak Google
 
Age of Sustainable Development
Age of Sustainable Development Age of Sustainable Development
Age of Sustainable Development
 
Top Stories 2013 Environment
Top Stories 2013 EnvironmentTop Stories 2013 Environment
Top Stories 2013 Environment
 
Khosla Investing in the Future
Khosla Investing in the FutureKhosla Investing in the Future
Khosla Investing in the Future
 
Decklaration - 7 Deck Rules - Overview (Rules to build great presentations)
Decklaration - 7 Deck Rules - Overview (Rules to build great presentations)Decklaration - 7 Deck Rules - Overview (Rules to build great presentations)
Decklaration - 7 Deck Rules - Overview (Rules to build great presentations)
 
Decklaration - Death by Bullets - Infographic
Decklaration - Death by Bullets - InfographicDecklaration - Death by Bullets - Infographic
Decklaration - Death by Bullets - Infographic
 

Securing Mobile - A Business Centric Approach

  • 2. Information Revolution Starts 1970 Main frame (Green Terminals) @smallersecurity
  • 3. Personal Computing 1970 1980 Thick Client & Mobile Revolution Starts @smallersecurity
  • 4. Advent of the Web 1970 1980 1990 Web based computing and Mobile truly goes mobile @smallersecurity
  • 5. Mobile Matures 1970 1980 1990 2000 Web and Mobile mature @smallersecurity
  • 6. Mobile Revolution 1970 1980 1990 2000 2010 Information Revolution becomes the Mobile Revolution @smallersecurity
  • 8. Mobile is no longer optional @smallersecurity
  • 9. Btw, is securing various platform really that different? @smallersecurity
  • 10. Difference? 1970 1980 1990 2000 2010 Have a closer look: its really not that different. @smallersecurity
  • 11. Personalization High-IQ Networks of Service Enterprise Consumerization Top Business Clouds of IT Technology Big Data M2M2P Trends Video Compliance Social Enterprise Energy Efficiency @smallersecurity
  • 12. What’s the common theme across top technology trends? @smallersecurity
  • 13. Personalization of High-IQ Networks Service Enterprise Clouds Consumerization of IT Big Data M2M2P Video Compliance Social Enterprise Energy Efficiency DATA @smallersecurity
  • 14. Mobility and Cloud fuel each of these trends. @smallersecurity
  • 15. Security is about Risk ‘Risk’ Assets Vulnerabilities Threats @smallersecurity
  • 16. How do we secure mobile today? @smallersecurity
  • 18. Programs and Technologies Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical & Environment Security Info Systems Acquisition, Dev, & Communication & Ops Mgmt Access Control Maintenance Info Security Incident Business Continuity Compliance Management Management @smallersecurity 17
  • 19. Programs and Technologies App Security Anti-X Configuration Management DLP Encryption IAM, NAC Patching Policy Management Threat Management VPN Vulnerability Management … @smallersecurity 18
  • 21. Multiple Approaches Really? Worst Case Single Organization Organization Organization Organization Organization Organization Risk Security Risk Security Risk Security Risk Security Risk Security Risk Security of Info of Info of Info of Info of Info of Info Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Assessment Policy Security Human Physical & Human Physical & Human Physical & Human Physical & Human Physical & Human Physical & Asset Asset Asset Asset Asset Asset Resources Environment Resources Environment Resources Environment Resources Environment Resources Environment Resources Environment Management Management Management Management Management Management Management Security Management Security Management Security Management Security Management Security Management Security Info Systems Info Systems Info Systems Info Systems Info Systems Info Systems Comms & Access Comms & Access Comms & Access Comms & Access Comms & Access Comms & Access Acquisition, Acquisition, Acquisition, Acquisition, Acquisition, Acquisition, Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Ops Mgmt Control Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Dev, & Maint. Info Security Business Info Security Business Info Security Business Info Security Business Info Security Business Info Security Business Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Incident Continuity Compliance Management Management Management Management Management Management Management Management Management Management Management Management App Config App Config App Config App Config Anti-X Anti-X Anti-X Anti-X Security Mgmt Security Mgmt Security Mgmt Security Mgmt DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC Policy Threat Policy Threat Policy Threat Policy Threat Patching Patching Patching Patching Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Vuln. Vuln. Vuln. Vuln. VPN … VPN … VPN … VPN … Mgmt Mgmt Mgmt Mgmt Security Programs Risk Assessment Asset Management Comms & Ops Mgmt Info Security Incident Management Security Policy Human Resources Management Access Control Business Continuity Management Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance Risk Assessment Asset Management Comms & Ops Mgmt Info Security Incident Management Security Policy Human Resources Management Access Control Business Continuity Management Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance App Config App Config App Config App Config Anti-X Anti-X Anti-X Anti-X Security Mgmt Security Mgmt Security Mgmt Security Mgmt DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC DLP Encryption IAM, NAC Policy Threat Policy Threat Policy Threat Policy Threat Patching Patching Patching Patching Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Mgmt Vuln. Vuln. Vuln. Vuln. VPN … VPN … VPN … VPN … Mgmt Mgmt Mgmt Mgmt Multiple Nirvana Good Single Multiple Security Technology Sets @smallersecurity
  • 23. Inventory (must) Classify (must) Data-Centric Destroy* (ideal) Approach (Follow the data) Protect Monitor @smallersecurity
  • 24. Data-Centric Security Model Data-centric security is business-centric security @smallersecurity
  • 25. Data-Centric Security Model To protect the data, protect what’s around it too @smallersecurity
  • 26. Data-Centric Security Model GRC and Intelligence define security program @smallersecurity
  • 27. Data-Centric Security Model Start with assets, end with the controls @smallersecurity
  • 28. How do we execute? @smallersecurity
  • 29. Categorize Data Inventory Data Destroy Data Data-Centric Inventory Users Security: Define Business Processes Mobile Environment Definition A Recipe Entitlement Definition Implement Control Requirements Monitor Control Effectiveness @smallersecurity
  • 31. What about Apps? Apps have overtaken Can’t impede app browsing proliferation, but 30 billion app downloads how do you know from Apple's App Store which to trust? @smallersecurity
  • 32. What about the Network? (It’s not just for transport) @smallersecurity
  • 33. Key security imperatives: 1) Data Governance 2) Application Governance @smallersecurity
  • 34. Simplify security Network can program help Apps matter Follow the data Doing things right & Doing the right things Business Context @smallersecurity
  • 35. Question and Answers @smallersecurity
  • 36. T h a n k Yo u o m a r.kha wa j a@ ve r i z o nb usi ne ss.co m @smallersecurity
  • 37. PROPRIETAR Y STATEMENT This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. © 2011 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners. @smallersecurity
  • 38. Developed and Designed by Salahuddin Khawaja salahk@gmail.com More at Decklaration.com ABOUT THE AUTHOR Salah has 14 years of experience, primarily in the Financial Services Industry. Before joining JP Morgan he spent 11 years at Deloitte & Touche helping Fortune 500 clients with various types of Strategic Initiatives. He is currently is based in Hong Kong with responsibility for delivering the next generation platform for Securities Processing. Areas of Expertise: Strategy Development, Business Transformation, System Integration, Program & Project Management, Mobile Strategy, Data Analytics, Executive Presentations Sample Clients: Bank of America, Citi , MasterCard 37

Editor's Notes

  1. http://www.kpcb.com/insights/2012-internet-trends-update
  2. http://gsourceg.com/images/products/product-010.jpg