SlideShare ist ein Scribd-Unternehmen logo

Mobile Security Strategy

Als PPTX, PDF herunterladen
Bjørn Sloth
Bjørn Sloth

The document discusses mobile app security and how to build trust between apps and users. It notes that thousands of apps are released daily and top apps need user trust. However, some apps request unnecessary permissions that could compromise user privacy or security. The document recommends following the OWASP Top 10 Mobile Risks guidelines to address common issues like insecure data storage, weak authentication, and unintended data leaks. Comprehensive mobile security requires strategies for governance, users/identity, applications, data, networks, and devices. Example use cases are also discussed.

Mobil
1 von 19
Mobile Security: App Security – Win or Lose Date… By Anders Flaglien Security Consultant
1000+ Apps are released on Google Play and Appstore every day! The most popular ones are downloaded 75 000 times a day. There are many success factors that must be met for your app to be successful and one of these are trust
At least when you process business confidential data… Trust is «everything» Copyright © 2015 Accenture All rights reserved. 3
Top 10 downloaded apps* with more than 100 million downloads all rely on users to trust them and the services they offer *in Google Play according to Wikipedia 26.10.2014
5 Would you give a random app a lot of permissions to control your device without your approval? These are the some of ONE apps 40+ permissions to do «whatever» • opprette kontoer og angi passord • endre lydinnstillingene • overstyre andre apper • ta bilder og videoer • ta opp lyd • endre eller slette innholdet i USB- lagringen • endre anropsloggen • ringe telefonnumre direkte • lese anropsloggen • lese tekstmeldinger (SMS eller MMS) • nøyaktig posisjon (GPS- og nettverksbasert) • gjøre endringer i kontaktene dine • lese kalenderoppføringer og konfidensiell informasjon • legge til eller endre kalenderoppføringer og sende e-post til gjester uten at eieren vet om det Copyright © 2015 Accenture All rights reserved.
What is Trust? 6Copyright © 2015 Accenture All rights reserved. …belief that someone or something is reliable, good, honest, effective, secure… How to achieve this?
Open Web Application Security Project (OWASP) OWASP Top 10 Mobile Risks help us to secure mobile applications for our clients, so can you! Copyright © 2015 Accenture All rights reserved. 7 M1: Weak Server Side Controls M2: Insecure Data Storage M3: Insufficient Transport Layer Protection M4: Unintended Data Leakage M5: Poor Authorization and Authentication M6: Broken Cryptography M9: Improper Session Handling M7: Client Side Injection M8: Security Decisions Via Untrusted Inputs M10: Lack of Binary Protections
OWASP Top 10 Mobile Risks Example 1: Broken Crypto Copyright © 2015 Accenture All rights reserved. 8 M1: Weak Server Side Controls M2: Insecure Data Storage M3: Insufficient Transport Layer Protection M4: Unintended Data Leakage M5: Poor Authorization and Authentication M6: Broken Cryptography M9: Improper Session Handling M7: Client Side Injection M8: Security Decisions Via Untrusted Inputs M10: Lack of Binary Protections
Of all apps out there, you should trust that bank applications are secure, right? 9
OWASP Top 10 Mobile Risks Example 3: Data leakage and lack of binary protection Copyright © 2015 Accenture All rights reserved. 10 M1: Weak Server Side Controls M2: Insecure Data Storage M3: Insufficient Transport Layer Protection M4: Unintended Data Leakage M5: Poor Authorization and Authentication M6: Broken Cryptography M9: Improper Session Handling M7: Client Side Injection M8: Security Decisions Via Untrusted Inputs M10: Lack of Binary Protections
What if I make a game, would I need to secure it? 11
OWASP Top 10 Mobile Risks Example 4: More than five risks in a combined scenario… Copyright © 2015 Accenture All rights reserved. 12 M1: Weak Server Side Controls M2: Insecure Data Storage M3: Insufficient Transport Layer Protection M4: Unintended Data Leakage M5: Poor Authorization and Authentication M6: Broken Cryptography M9: Improper Session Handling M7: Client Side Injection M8: Security Decisions Via Untrusted Inputs M10: Lack of Binary Protections
Scandinavian teenagers favorite picture-sharing app has a not that appealing feature… • The App’s goal is to meet users need to communicate instant photos and videos without the fear that a post or picture will be held against them in the future
The examples show that we might have to reconsider our trust to some top 10 apps… …So how can we learn from others mistakes and build trust? 14Copyright © 2015 Accenture All rights reserved.
Executive Summary: Mobile Security Copyright © 2015 Accenture All rights reserved. 15 Mobile Security Strategy and Capabilities Business Challenges Drivers Solution Benefits Organizational Challenges • No organizational structure or buy-in from business units across the organization • Lack of training, communication, and awareness Process Challenges • Lack of or poorly defined mobile security strategy • Security policies driven by consumerization without consideration to security strategies makes BYOD more of a risk to the enterprise Technology Challenges • Difficulty protecting sensitive data on mobile devices • Growing Wi-Fi population and inappropriate controls within the infrastructure • Unknown vulnerabilities within mobile application exploits, backend infrastructure, unauthorized access Governance • Define processes, policies and support • Identify preferred suppliers • Mobilize your workforce to work from anywhere and increase productivity • Enable Bring Your Own Device (BYOD) to increase self service, improve satisfaction, and reduce the Total Cost of Ownership (TCO) • Reduction of threats and vulnerabilities • Proper administration, controls, and technology to protect critical systems and data Business Values Technical Benefits Users/Identity • Define role access, authorization, and authentication • Understand usage and prepare users Applications • Securely develop, test and distribute apps • Manage usage and connectivity to backend systems Data • Secure data (enterprise/personal) communication and protection • Classification and functionality Network • Architecture to support new interactions (wireless, remote) • Provide secure enterprise connectivity and monitoring Device • Define appropriate management program and supported platforms • Secure the device while providing choice and flexibility to end users Mobile Security Overview
Several components need to be addressed to provide comprehensive mobile security Copyright © 2013 Accenture All rights reserved. 16 Reference: • Information Security Forum • National Institute of Standards and Technology Governance Data ApplicationNetwork Users & Identity Device Mobile Security Mobile Security Strategy A comprehensive program and strategy to embed security throughout the enterprise’s mobile lifecycle Users & Identity • Roles and authorization levels and authentication • Evaluation / monitoring of usage patterns • Program awareness and education Applications • SDLC development • Testing • Distribution / provisioning • Access Control • Secure connection to backend systems and data (Ex: Cloud) • Monitoring / Management Data • Classification • Authentication • Secure connection • Strong Encryption • Data loss prevention • Secure storage • Audit and forensics Network • Voice • Secure remote connectivity • Monitoring and Testing • Wireless networking • Use of untrusted and/or public networks Device • Security functionality • Control connectivity • Secure remote connections • Disposal and wipe • Synchronization / Backup • Ability to update • Physical Access • Tracking/Management Governance • Define processes and policies (ownership, connectivity, applications, privacy, audit / wipe) • Support / Training • Identify preferred suppliers / service level for business
Accenture contributed our view to the OWASP Top 10 Mobile Risks and developed a solution framework to address them: 1. Insecure or unnecessary data storage and transmission 2. Applications with higher privileges than required and/or authorized 3. Use of (or failure to disable) insecure mobile device platform features in application 4. Allowing access to resources without strong authentication 5. Malicious/Counterfeit third- party code 6. Insecure or unnecessary interaction between applications and OS components 7. Server accepting unvalidated or unauthenticated input from mobile devices 8. Personal or corporate data leakage 9. Client-side injection and overflows 10. Client-side DoS The OWASP top 10 Mobile Security Risks empowered by the Solution Landscape Copyright © 2013 Accenture All rights reserved. 17 Map Risk to the Mobile Environment Mobile Apps Mobile Platform/ Device Mobile Network Enterprise Network/ Enclave Back End Services/ Cloud 3 4 5 7 1 2 6 8 9 10 Solutions Landscape Mobile Apps Mobile Platform/ Device Mobile Network Enterprise Network/ Enclave Back End Services/ Cloud MobileAppSecurityCodeReview MobileApp/PlatformSecurityReview MobileDevice ThreatAnalysis PrivateMobileAppStores MobileDeviceHost-BasedSecurity SecureMobileVoiceasaService MobileAppPKE
Example use cases (Not Comprehensive) Mobile Security – Example Use Cases Copyright © 2013 Accenture All rights reserved. 18 Use Case Key Considerations Consumer Applications • Protection of customer data • Secure communication with service provider • Maintaining trust and enhancing user experience Enterprise Mobile Application • Protection of enterprise data • Distribution and management • Enhanced productivity Enterprise BYOD (User Owned) • Limited controls on a privately owned device • Balance between corporate and private data • Governance of policies and procedures to control functionality (Example: wiping the device, use of native controls) • Asset management, authorization and authentication Enterprise Provisioned Devices (Corporate Owned) • Fully specified security configurations • Balance between corporate and private data • Governance of policies and procedures to control functionality (Example: wiping the device, use of native controls) • Asset management, authorization and authentication Email Security • Securing enterprise data and confidential information • Maintaining user experience Desktop Virtualization • Leverage existing hardware investments or personally owned devices • Protection of enterprise systems and data Point of Sale/Connected Devices • Device hardening • Network hardening • Protection of end user and enterprise systems and data (cross-industry)
Questions? 19Copyright © 2015 Accenture All rights reserved.

Empfohlen

Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identity Defined Security Alliance
 
Session 4 Enterprise Mobile Security
Session 4 Enterprise Mobile SecuritySession 4 Enterprise Mobile Security
Session 4 Enterprise Mobile SecuritySantosh Satam
 
Pulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativePulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativeChris Pepin
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application SecuritySecureAuth
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Chris Pepin
 

Empfohlen

Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identity Defined Security Alliance
 
Session 4 Enterprise Mobile Security
Session 4 Enterprise Mobile SecuritySession 4 Enterprise Mobile Security
Session 4 Enterprise Mobile SecuritySantosh Satam
 
Pulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativePulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativeChris Pepin
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application SecuritySecureAuth
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Chris Pepin
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation SlidesIvanti
 
Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Symantec
 
Ivanti remote worker ds
Ivanti remote worker dsIvanti remote worker ds
Ivanti remote worker dsIvanti
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
 
A Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioA Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioIvanti
 
Building secure mobile apps
Building secure mobile appsBuilding secure mobile apps
Building secure mobile appsMartin Vigo
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti
 
Protect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksProtect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksIvanti
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
Securing Office 365
Securing Office 365Securing Office 365
Securing Office 365Symantec
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologyDavid J Rosenthal
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
IBM MaaS360 with Watson
IBM MaaS360 with WatsonIBM MaaS360 with Watson
IBM MaaS360 with WatsonKillian Delaney
 
Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeIBM Security
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingIvanti
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyOracleIDM
 
Web hackingtools 2015
Web hackingtools 2015Web hackingtools 2015
Web hackingtools 2015ColdFusionConference
 
OWASP AppSec USA 2015, San Francisco
OWASP AppSec USA 2015, San FranciscoOWASP AppSec USA 2015, San Francisco
OWASP AppSec USA 2015, San FranciscoClare Nelson, CISSP, CIPP-E
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation SlidesIvanti
 
Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Symantec
 
Ivanti remote worker ds
Ivanti remote worker dsIvanti remote worker ds
Ivanti remote worker dsIvanti
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
 
A Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioA Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioIvanti
 
Building secure mobile apps
Building secure mobile appsBuilding secure mobile apps
Building secure mobile appsMartin Vigo
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti
 
Protect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksProtect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksIvanti
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
Securing Office 365
Securing Office 365Securing Office 365
Securing Office 365Symantec
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologyDavid J Rosenthal
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeIBM Security
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingIvanti
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyOracleIDM
 

Was ist angesagt? (20)

The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides
 
Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?
 
Ivanti remote worker ds
Ivanti remote worker dsIvanti remote worker ds
Ivanti remote worker ds
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
 
A Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioA Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti Porfolio
 
Building secure mobile apps
Building secure mobile appsBuilding secure mobile apps
Building secure mobile apps
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learn
 
Protect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksProtect Against 85% of Cyberattacks
Protect Against 85% of Cyberattacks
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
 
Securing Office 365
Securing Office 365Securing Office 365
Securing Office 365
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor Technology
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the Mouse
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
 
IBM MaaS360 with Watson
IBM MaaS360 with WatsonIBM MaaS360 with Watson
IBM MaaS360 with Watson
 
Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't See
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
 

Andere mochten auch

Owasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwcOwasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwcKaty Anton
 
State of OWASP 2015
State of OWASP 2015State of OWASP 2015
State of OWASP 2015tmd800
 
OWASP 2015 AppSec EU ZAP 2.4.0 and beyond..
OWASP 2015 AppSec EU ZAP 2.4.0 and beyond..OWASP 2015 AppSec EU ZAP 2.4.0 and beyond..
OWASP 2015 AppSec EU ZAP 2.4.0 and beyond..Simon Bennetts
 
The Hidden XSS - Attacking the Desktop & Mobile Platforms
The Hidden XSS - Attacking the Desktop & Mobile PlatformsThe Hidden XSS - Attacking the Desktop & Mobile Platforms
The Hidden XSS - Attacking the Desktop & Mobile Platformskosborn
 

Andere mochten auch (6)

Web hackingtools 2015
Web hackingtools 2015Web hackingtools 2015
Web hackingtools 2015
 
OWASP AppSec USA 2015, San Francisco
OWASP AppSec USA 2015, San FranciscoOWASP AppSec USA 2015, San Francisco
OWASP AppSec USA 2015, San Francisco
 
Owasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwcOwasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwc
 
State of OWASP 2015
State of OWASP 2015State of OWASP 2015
State of OWASP 2015
 
OWASP 2015 AppSec EU ZAP 2.4.0 and beyond..
OWASP 2015 AppSec EU ZAP 2.4.0 and beyond..OWASP 2015 AppSec EU ZAP 2.4.0 and beyond..
OWASP 2015 AppSec EU ZAP 2.4.0 and beyond..
 
The Hidden XSS - Attacking the Desktop & Mobile Platforms
The Hidden XSS - Attacking the Desktop & Mobile PlatformsThe Hidden XSS - Attacking the Desktop & Mobile Platforms
The Hidden XSS - Attacking the Desktop & Mobile Platforms
 

Ähnlich wie Mobile Security Strategy

Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the EnterpriseWill Adams
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Security
 
IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...
IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...
IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...AGILLY
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation Delivery Centric
 
The Mobile Aware CISO: Security as a Business Enabler
The Mobile Aware CISO: Security as a Business EnablerThe Mobile Aware CISO: Security as a Business Enabler
The Mobile Aware CISO: Security as a Business EnablerSamsung Business USA
 
Zabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíZabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíMarketingArrowECS_CZ
 
Oracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
Oracle OpenWorld 2015 | CON9456 Mobile Security in the CloudOracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
Oracle OpenWorld 2015 | CON9456 Mobile Security in the CloudIndus Khaitan
 
Information Risk and Protection
Information Risk and ProtectionInformation Risk and Protection
Information Risk and Protectionxband
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksSkycure
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
MTL Australia 2016 - The 3rd Wave of Security
MTL Australia 2016 - The 3rd Wave of Security MTL Australia 2016 - The 3rd Wave of Security
MTL Australia 2016 - The 3rd Wave of Security William John Todd
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challengexKinAnx
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesChris Pepin
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsDenim Group
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTechWell
 

Ähnlich wie Mobile Security Strategy (20)

Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
 
IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...
IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...
IBM MobileFirst Protect (MaaS360) : Rendre la Messagerie Mobile Gérable et Sé...
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation Securing the Extended Enterprise with Mobile Security - Customer Presentation
Securing the Extended Enterprise with Mobile Security - Customer Presentation
 
The Mobile Aware CISO: Security as a Business Enabler
The Mobile Aware CISO: Security as a Business EnablerThe Mobile Aware CISO: Security as a Business Enabler
The Mobile Aware CISO: Security as a Business Enabler
 
Mobile Security
Mobile Security Mobile Security
Mobile Security
 
Zabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíZabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředí
 
Oracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
Oracle OpenWorld 2015 | CON9456 Mobile Security in the CloudOracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
Oracle OpenWorld 2015 | CON9456 Mobile Security in the Cloud
 
Information Risk and Protection
Information Risk and ProtectionInformation Risk and Protection
Information Risk and Protection
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber Attacks
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
 
MTL Australia 2016 - The 3rd Wave of Security
MTL Australia 2016 - The 3rd Wave of Security MTL Australia 2016 - The 3rd Wave of Security
MTL Australia 2016 - The 3rd Wave of Security
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challenge
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile Apps
 

Mehr von Bjørn Sloth

140920 asko maritime utslippsfri transportkjede.sams
140920 asko maritime utslippsfri transportkjede.sams140920 asko maritime utslippsfri transportkjede.sams
140920 asko maritime utslippsfri transportkjede.samsBjørn Sloth
 
Jip taxi 18. sept 2019
Jip taxi 18. sept 2019Jip taxi 18. sept 2019
Jip taxi 18. sept 2019Bjørn Sloth
 
IT and eHealth strategy, mHealth, technology trends
IT and eHealth strategy, mHealth, technology trendsIT and eHealth strategy, mHealth, technology trends
IT and eHealth strategy, mHealth, technology trendsBjørn Sloth
 
Digital patologi – Lik, rask og riktig diagnostikk i alle landets patologiavd...
Digital patologi – Lik, rask og riktig diagnostikk i alle landets patologiavd...Digital patologi – Lik, rask og riktig diagnostikk i alle landets patologiavd...
Digital patologi – Lik, rask og riktig diagnostikk i alle landets patologiavd...Bjørn Sloth
 
Digitale helseløsninger for avstandsoppfølging, trygghet og mestring
Digitale helseløsninger for avstandsoppfølging, trygghet og mestringDigitale helseløsninger for avstandsoppfølging, trygghet og mestring
Digitale helseløsninger for avstandsoppfølging, trygghet og mestringBjørn Sloth
 
Blockchain kan gjøre mye. Kan det til og med redde liv?
Blockchain kan gjøre mye. Kan det til og med redde liv?Blockchain kan gjøre mye. Kan det til og med redde liv?
Blockchain kan gjøre mye. Kan det til og med redde liv?Bjørn Sloth
 
Bits psd2 presentation mobilepulse 30 aug 17
Bits psd2 presentation mobilepulse 30 aug 17Bits psd2 presentation mobilepulse 30 aug 17
Bits psd2 presentation mobilepulse 30 aug 17Bjørn Sloth
 
Retail Payment Allan Ludvigsen
Retail Payment Allan LudvigsenRetail Payment Allan Ludvigsen
Retail Payment Allan LudvigsenBjørn Sloth
 
20170208 mesh bankene og psd2 - Sparebank1s presentasjon
20170208 mesh bankene og psd2 - Sparebank1s presentasjon20170208 mesh bankene og psd2 - Sparebank1s presentasjon
20170208 mesh bankene og psd2 - Sparebank1s presentasjonBjørn Sloth
 
Mobile pulse 8.feb 2017 google
Mobile pulse 8.feb 2017 googleMobile pulse 8.feb 2017 google
Mobile pulse 8.feb 2017 googleBjørn Sloth
 
160405 møller gruppen _mesh_smartcity.pptx
160405 møller gruppen _mesh_smartcity.pptx160405 møller gruppen _mesh_smartcity.pptx
160405 møller gruppen _mesh_smartcity.pptxBjørn Sloth
 
Smart kommune mobil puls - mesh 0504-2016 - final
Smart kommune mobil puls - mesh 0504-2016 - finalSmart kommune mobil puls - mesh 0504-2016 - final
Smart kommune mobil puls - mesh 0504-2016 - finalBjørn Sloth
 
Presentasjon 130116 dataforeningen søk
Presentasjon 130116 dataforeningen søkPresentasjon 130116 dataforeningen søk
Presentasjon 130116 dataforeningen søkBjørn Sloth
 
2016 01-13 - dnd - mobile puls - mhelse - helgetb
2016 01-13 - dnd - mobile puls - mhelse - helgetb2016 01-13 - dnd - mobile puls - mhelse - helgetb
2016 01-13 - dnd - mobile puls - mhelse - helgetbBjørn Sloth
 
Sparebank1 mobile pulse281015
Sparebank1 mobile pulse281015Sparebank1 mobile pulse281015
Sparebank1 mobile pulse281015Bjørn Sloth
 
Skandia mobile pulse 28 okt 2016
Skandia mobile pulse 28 okt 2016Skandia mobile pulse 28 okt 2016
Skandia mobile pulse 28 okt 2016Bjørn Sloth
 
Sparebanken vest mobile pulse 28 okt 2016
Sparebanken vest mobile pulse 28 okt 2016Sparebanken vest mobile pulse 28 okt 2016
Sparebanken vest mobile pulse 28 okt 2016Bjørn Sloth
 
Personvern for apputviklere
Personvern for apputviklerePersonvern for apputviklere
Personvern for apputviklereBjørn Sloth
 
SoBazaar - Your daily fasion fix
SoBazaar - Your daily fasion fixSoBazaar - Your daily fasion fix
SoBazaar - Your daily fasion fixBjørn Sloth
 
Mobile pulse sept 2014
Mobile pulse sept 2014Mobile pulse sept 2014
Mobile pulse sept 2014Bjørn Sloth
 

Mehr von Bjørn Sloth (20)

140920 asko maritime utslippsfri transportkjede.sams
140920 asko maritime utslippsfri transportkjede.sams140920 asko maritime utslippsfri transportkjede.sams
140920 asko maritime utslippsfri transportkjede.sams
 
Jip taxi 18. sept 2019
Jip taxi 18. sept 2019Jip taxi 18. sept 2019
Jip taxi 18. sept 2019
 
IT and eHealth strategy, mHealth, technology trends
IT and eHealth strategy, mHealth, technology trendsIT and eHealth strategy, mHealth, technology trends
IT and eHealth strategy, mHealth, technology trends
 
Digital patologi – Lik, rask og riktig diagnostikk i alle landets patologiavd...
Digital patologi – Lik, rask og riktig diagnostikk i alle landets patologiavd...Digital patologi – Lik, rask og riktig diagnostikk i alle landets patologiavd...
Digital patologi – Lik, rask og riktig diagnostikk i alle landets patologiavd...
 
Digitale helseløsninger for avstandsoppfølging, trygghet og mestring
Digitale helseløsninger for avstandsoppfølging, trygghet og mestringDigitale helseløsninger for avstandsoppfølging, trygghet og mestring
Digitale helseløsninger for avstandsoppfølging, trygghet og mestring
 
Blockchain kan gjøre mye. Kan det til og med redde liv?
Blockchain kan gjøre mye. Kan det til og med redde liv?Blockchain kan gjøre mye. Kan det til og med redde liv?
Blockchain kan gjøre mye. Kan det til og med redde liv?
 
Bits psd2 presentation mobilepulse 30 aug 17
Bits psd2 presentation mobilepulse 30 aug 17Bits psd2 presentation mobilepulse 30 aug 17
Bits psd2 presentation mobilepulse 30 aug 17
 
Retail Payment Allan Ludvigsen
Retail Payment Allan LudvigsenRetail Payment Allan Ludvigsen
Retail Payment Allan Ludvigsen
 
20170208 mesh bankene og psd2 - Sparebank1s presentasjon
20170208 mesh bankene og psd2 - Sparebank1s presentasjon20170208 mesh bankene og psd2 - Sparebank1s presentasjon
20170208 mesh bankene og psd2 - Sparebank1s presentasjon
 
Mobile pulse 8.feb 2017 google
Mobile pulse 8.feb 2017 googleMobile pulse 8.feb 2017 google
Mobile pulse 8.feb 2017 google
 
160405 møller gruppen _mesh_smartcity.pptx
160405 møller gruppen _mesh_smartcity.pptx160405 møller gruppen _mesh_smartcity.pptx
160405 møller gruppen _mesh_smartcity.pptx
 
Smart kommune mobil puls - mesh 0504-2016 - final
Smart kommune mobil puls - mesh 0504-2016 - finalSmart kommune mobil puls - mesh 0504-2016 - final
Smart kommune mobil puls - mesh 0504-2016 - final
 
Presentasjon 130116 dataforeningen søk
Presentasjon 130116 dataforeningen søkPresentasjon 130116 dataforeningen søk
Presentasjon 130116 dataforeningen søk
 
2016 01-13 - dnd - mobile puls - mhelse - helgetb
2016 01-13 - dnd - mobile puls - mhelse - helgetb2016 01-13 - dnd - mobile puls - mhelse - helgetb
2016 01-13 - dnd - mobile puls - mhelse - helgetb
 
Sparebank1 mobile pulse281015
Sparebank1 mobile pulse281015Sparebank1 mobile pulse281015
Sparebank1 mobile pulse281015
 
Skandia mobile pulse 28 okt 2016
Skandia mobile pulse 28 okt 2016Skandia mobile pulse 28 okt 2016
Skandia mobile pulse 28 okt 2016
 
Sparebanken vest mobile pulse 28 okt 2016
Sparebanken vest mobile pulse 28 okt 2016Sparebanken vest mobile pulse 28 okt 2016
Sparebanken vest mobile pulse 28 okt 2016
 
Personvern for apputviklere
Personvern for apputviklerePersonvern for apputviklere
Personvern for apputviklere
 
SoBazaar - Your daily fasion fix
SoBazaar - Your daily fasion fixSoBazaar - Your daily fasion fix
SoBazaar - Your daily fasion fix
 
Mobile pulse sept 2014
Mobile pulse sept 2014Mobile pulse sept 2014
Mobile pulse sept 2014
 

Kürzlich hochgeladen

FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRnishacall1
 
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...wyqazy
 
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...Niamh verma
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7Pooja Nehwal
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPsychicRuben LoveSpells
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceanilsa9823
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Pooja Nehwal
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceanilsa9823
 

Kürzlich hochgeladen (9)

FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
 
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
 
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
 

Mobile Security Strategy

  • 1. Mobile Security: App Security – Win or Lose Date… By Anders Flaglien Security Consultant
  • 2. 1000+ Apps are released on Google Play and Appstore every day! The most popular ones are downloaded 75 000 times a day. There are many success factors that must be met for your app to be successful and one of these are trust
  • 3. At least when you process business confidential data… Trust is «everything» Copyright © 2015 Accenture All rights reserved. 3
  • 4. Top 10 downloaded apps* with more than 100 million downloads all rely on users to trust them and the services they offer *in Google Play according to Wikipedia 26.10.2014
  • 5. 5 Would you give a random app a lot of permissions to control your device without your approval? These are the some of ONE apps 40+ permissions to do «whatever» • opprette kontoer og angi passord • endre lydinnstillingene • overstyre andre apper • ta bilder og videoer • ta opp lyd • endre eller slette innholdet i USB- lagringen • endre anropsloggen • ringe telefonnumre direkte • lese anropsloggen • lese tekstmeldinger (SMS eller MMS) • nøyaktig posisjon (GPS- og nettverksbasert) • gjøre endringer i kontaktene dine • lese kalenderoppføringer og konfidensiell informasjon • legge til eller endre kalenderoppføringer og sende e-post til gjester uten at eieren vet om det Copyright © 2015 Accenture All rights reserved.
  • 6. What is Trust? 6Copyright © 2015 Accenture All rights reserved. …belief that someone or something is reliable, good, honest, effective, secure… How to achieve this?
  • 7. Open Web Application Security Project (OWASP) OWASP Top 10 Mobile Risks help us to secure mobile applications for our clients, so can you! Copyright © 2015 Accenture All rights reserved. 7 M1: Weak Server Side Controls M2: Insecure Data Storage M3: Insufficient Transport Layer Protection M4: Unintended Data Leakage M5: Poor Authorization and Authentication M6: Broken Cryptography M9: Improper Session Handling M7: Client Side Injection M8: Security Decisions Via Untrusted Inputs M10: Lack of Binary Protections
  • 8. OWASP Top 10 Mobile Risks Example 1: Broken Crypto Copyright © 2015 Accenture All rights reserved. 8 M1: Weak Server Side Controls M2: Insecure Data Storage M3: Insufficient Transport Layer Protection M4: Unintended Data Leakage M5: Poor Authorization and Authentication M6: Broken Cryptography M9: Improper Session Handling M7: Client Side Injection M8: Security Decisions Via Untrusted Inputs M10: Lack of Binary Protections
  • 9. Of all apps out there, you should trust that bank applications are secure, right? 9
  • 10. OWASP Top 10 Mobile Risks Example 3: Data leakage and lack of binary protection Copyright © 2015 Accenture All rights reserved. 10 M1: Weak Server Side Controls M2: Insecure Data Storage M3: Insufficient Transport Layer Protection M4: Unintended Data Leakage M5: Poor Authorization and Authentication M6: Broken Cryptography M9: Improper Session Handling M7: Client Side Injection M8: Security Decisions Via Untrusted Inputs M10: Lack of Binary Protections
  • 11. What if I make a game, would I need to secure it? 11
  • 12. OWASP Top 10 Mobile Risks Example 4: More than five risks in a combined scenario… Copyright © 2015 Accenture All rights reserved. 12 M1: Weak Server Side Controls M2: Insecure Data Storage M3: Insufficient Transport Layer Protection M4: Unintended Data Leakage M5: Poor Authorization and Authentication M6: Broken Cryptography M9: Improper Session Handling M7: Client Side Injection M8: Security Decisions Via Untrusted Inputs M10: Lack of Binary Protections
  • 13. Scandinavian teenagers favorite picture-sharing app has a not that appealing feature… • The App’s goal is to meet users need to communicate instant photos and videos without the fear that a post or picture will be held against them in the future
  • 14. The examples show that we might have to reconsider our trust to some top 10 apps… …So how can we learn from others mistakes and build trust? 14Copyright © 2015 Accenture All rights reserved.
  • 15. Executive Summary: Mobile Security Copyright © 2015 Accenture All rights reserved. 15 Mobile Security Strategy and Capabilities Business Challenges Drivers Solution Benefits Organizational Challenges • No organizational structure or buy-in from business units across the organization • Lack of training, communication, and awareness Process Challenges • Lack of or poorly defined mobile security strategy • Security policies driven by consumerization without consideration to security strategies makes BYOD more of a risk to the enterprise Technology Challenges • Difficulty protecting sensitive data on mobile devices • Growing Wi-Fi population and inappropriate controls within the infrastructure • Unknown vulnerabilities within mobile application exploits, backend infrastructure, unauthorized access Governance • Define processes, policies and support • Identify preferred suppliers • Mobilize your workforce to work from anywhere and increase productivity • Enable Bring Your Own Device (BYOD) to increase self service, improve satisfaction, and reduce the Total Cost of Ownership (TCO) • Reduction of threats and vulnerabilities • Proper administration, controls, and technology to protect critical systems and data Business Values Technical Benefits Users/Identity • Define role access, authorization, and authentication • Understand usage and prepare users Applications • Securely develop, test and distribute apps • Manage usage and connectivity to backend systems Data • Secure data (enterprise/personal) communication and protection • Classification and functionality Network • Architecture to support new interactions (wireless, remote) • Provide secure enterprise connectivity and monitoring Device • Define appropriate management program and supported platforms • Secure the device while providing choice and flexibility to end users Mobile Security Overview
  • 16. Several components need to be addressed to provide comprehensive mobile security Copyright © 2013 Accenture All rights reserved. 16 Reference: • Information Security Forum • National Institute of Standards and Technology Governance Data ApplicationNetwork Users & Identity Device Mobile Security Mobile Security Strategy A comprehensive program and strategy to embed security throughout the enterprise’s mobile lifecycle Users & Identity • Roles and authorization levels and authentication • Evaluation / monitoring of usage patterns • Program awareness and education Applications • SDLC development • Testing • Distribution / provisioning • Access Control • Secure connection to backend systems and data (Ex: Cloud) • Monitoring / Management Data • Classification • Authentication • Secure connection • Strong Encryption • Data loss prevention • Secure storage • Audit and forensics Network • Voice • Secure remote connectivity • Monitoring and Testing • Wireless networking • Use of untrusted and/or public networks Device • Security functionality • Control connectivity • Secure remote connections • Disposal and wipe • Synchronization / Backup • Ability to update • Physical Access • Tracking/Management Governance • Define processes and policies (ownership, connectivity, applications, privacy, audit / wipe) • Support / Training • Identify preferred suppliers / service level for business
  • 17. Accenture contributed our view to the OWASP Top 10 Mobile Risks and developed a solution framework to address them: 1. Insecure or unnecessary data storage and transmission 2. Applications with higher privileges than required and/or authorized 3. Use of (or failure to disable) insecure mobile device platform features in application 4. Allowing access to resources without strong authentication 5. Malicious/Counterfeit third- party code 6. Insecure or unnecessary interaction between applications and OS components 7. Server accepting unvalidated or unauthenticated input from mobile devices 8. Personal or corporate data leakage 9. Client-side injection and overflows 10. Client-side DoS The OWASP top 10 Mobile Security Risks empowered by the Solution Landscape Copyright © 2013 Accenture All rights reserved. 17 Map Risk to the Mobile Environment Mobile Apps Mobile Platform/ Device Mobile Network Enterprise Network/ Enclave Back End Services/ Cloud 3 4 5 7 1 2 6 8 9 10 Solutions Landscape Mobile Apps Mobile Platform/ Device Mobile Network Enterprise Network/ Enclave Back End Services/ Cloud MobileAppSecurityCodeReview MobileApp/PlatformSecurityReview MobileDevice ThreatAnalysis PrivateMobileAppStores MobileDeviceHost-BasedSecurity SecureMobileVoiceasaService MobileAppPKE
  • 18. Example use cases (Not Comprehensive) Mobile Security – Example Use Cases Copyright © 2013 Accenture All rights reserved. 18 Use Case Key Considerations Consumer Applications • Protection of customer data • Secure communication with service provider • Maintaining trust and enhancing user experience Enterprise Mobile Application • Protection of enterprise data • Distribution and management • Enhanced productivity Enterprise BYOD (User Owned) • Limited controls on a privately owned device • Balance between corporate and private data • Governance of policies and procedures to control functionality (Example: wiping the device, use of native controls) • Asset management, authorization and authentication Enterprise Provisioned Devices (Corporate Owned) • Fully specified security configurations • Balance between corporate and private data • Governance of policies and procedures to control functionality (Example: wiping the device, use of native controls) • Asset management, authorization and authentication Email Security • Securing enterprise data and confidential information • Maintaining user experience Desktop Virtualization • Leverage existing hardware investments or personally owned devices • Protection of enterprise systems and data Point of Sale/Connected Devices • Device hardening • Network hardening • Protection of end user and enterprise systems and data (cross-industry)
  • 19. Questions? 19Copyright © 2015 Accenture All rights reserved.

Hinweis der Redaktion

  1. There are many success factors that must be met, and one important factor is trust. Your app users must trust that your app delivers what is sais and that it keeps them in control of their data What are the main security risks that you should be aware of, and how can these be reduces?
  2. Felles for alle topp kategorier og apper med suksess i markedet er at de ivaretar tillit. F.eks. Hvem ville snakket med venner over Skype, WhatsApp eller Facebook messenger dersom alle andre kunne hørt det? Hva hvis epostene I gmail-appen din kunne leses av alle, eller hva hvis angry birds kunne sende sms-bank meldinger på dine vegne?
  3. Example – Burpsuit fange pakker
  4. Extract .apk, analyze and remake
  5. AuthN and AuthZ Binary protection Weak server side Crypto Insecure storage
  6. Mobile security has more or less the same aspects as traditional IT security. With that being said, a lot of decisions need to be made. The enterprise needs to define the level of services being provided, how to support the end user, and how to manage risk. All considerations point to having a mobile security strategy in place – even if it is a complete ban! Though this is an extreme case, a strategy that accounts for supporting the business securely is CRITICAL for success. As we start to think about a mobile security strategy, there are 6 main categories to consider across Governance, Users & Identity, Applications, Data, Network, and Devices.: Governance: What are the policies that will drive the usage of mobile technologies? What services do you want/not want to provide? How will you monitor usage and to what level? Which devices/technologies will you allow/not allow? Training programs and communication Users & Identity: What users/groups will have access to what? How will you get the right people the appropriate content to do their tasks? Applications: Applications can be looked at in a few ways: Development: In-house enterprise applications or for commercial consumption will require a full set of secure SDLC services (development, source code review, vulnerability scanning, etc.) Deployment: An enterprise wants to control the deployment of applications through their own application store Data: Introducing mobile technologies opens up additional concerns. For example: Does this change my data classifications? How can I ensure secure communications to this data? Personal devices introduce personal data to the environment. How will I protect it? Will functionality of devices have to be limited? Cloud apps, Dropbox? Network: Network is a critical component and the introduction of mobile devices adds additional components that may not have been planned for in the initial design of the infrastructure. Can my network handle the load? How will I support remote access securely? How will I monitor the environment, traffic/usage patterns, forensics? Devices: Managed or unmanaged? What platforms and devices are supported? How should these devices be hardened/secured (Antivirus, etc.)? How will I handle a lost or stolen device to ensure security?