2. 1
Topics
IBM’s perspective
Identity & Access Mobile Security Maturity Model
Real World Use cases
Demo & Architecture Walk through
3. 2
Enterprises face mobile security challenges
Enabling secure transactions to enterprise
applications and data
Developing secure applications and ensuring
assurance
Designing and instituting an adaptive security
posture
Adapting to BYOD and the consumerization of IT
5. 4
Ensuring Secure Transactions span an integrated approach across
Device, Enterprise and Applications
Safe usage of smartphones and tablets in the enterprise
Secure transactions enabling customer confidence
Visibility and security of enterprise mobile platform
IBM Mobile Security &
Management Strategy
Manage Device
Register; Set appropriate
security policies; compliance;
wipe; lock
Persona Separation
Data separation; data leakage
prevention
Data Mgmt/Protection
Encryption; content (i.e.
documents) management &
protection; data sync
Secure Access
Properly identify mobile users &
devices; allow or deny access
Connectivity,
Security Intelligence
Security Intelligence, Usage
Identify & stop mobile threats
Logging events, anomalies
Threat Protection
content/info; network;
transactions
App Assurance
scanning, analysis certification,
Identify application vulnerabilities
App Management
App performance management.
Monitoring. App store, versioning,
Update apps
App Security
api, sdk, application level controls
At the Device For the Mobile App
Internet
Over the Network &
Enterprise
7. 6
Mobile security intelligence provides deeper insights around security and
risk posture of an enterprise, in the context of mobile.
Mobile Security Intelligence
Intelligence around malware and
advanced threats in mobile
enabled enterprise
User identity and device identity
correlation, leading to behavior
analysis
Geo-fencing, anomaly detection
based on device, user, location,
and application characteristics
Mobile Security
Intelligence
8. 7
Topics
IBM’s perspective
Identity & Access Mobile Security Maturity Model
Real World Use cases
Demo & Architecture Walk through
9. 8
Mobile Security: Identity & Access Maturity Model
Optimized Access Monitoring & Reporting
Content Filtering/Server-Side DLP
Access governance / certification to mobile applications
Integration with SaaS and BaaS
Context / risk-based access
Advanced authentication (Bio-metrics, behavior, analytics,..)
Proficient Application access management
Device registration, authentication and revocation (i.e OAuth)
Strong authentication (OTP, Device, .. )
Application VPN
Application threat protection (WAF)
Connecting client’s reputation
Basic Browser based Federated Single Sign-On
Server side Single Sign-On
Server-side application protection (Authentication, Authorization
and Audit, Session Mgmt.)
10. 9
Topics
IBM’s perspective
Identity & Access Mobile Security Maturity Model
Real World Use case
Architecture Walk through & Demo
11. 10
Business challenge:
• Automobile customers require
secure, personalized access
to vehicle information
services on their mobile
devices
• Customers require access to
radio, internet and social
network services from their
telematics systems inside
cars
Solution:
• Security Access Manager
along with DataPower
• Authentication and
Authorization to back-end
services
• Secure integration and
federated single sign-on with
third party service providers
FIM
DataPower
Authorization
Request
Token Request
Access Token
Access Token
Granted
Cloud Services
Data Center 2
Data Center 1
ISAM Proxy
(WebSEAL)
Value
• Fast time to value and quick integration with partner services
• Secure mobile access
An Automobile company secures its cloud services access with
IBM Security Access Manager & Websphere Datapower
12. 11
Topics
IBM’s perspective
Identity & Access Mobile Security Maturity Model
Real World Use case
Architecture Walk through & Demo