Mobile Device Management

Transcription

1 Mobile Device Management David Roundtree, CISSP Identity & Security Public Sector State & Local Date: April 23,

2 This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. 2

3 Agenda Today s Security Challenges 2012 Data Breaches Enterprise Mobility Challenges Mobile Identity Management Mobile Identity Standards 3

4 STEP BY STEP APPROACH 4 SECURITY INSIDE OUT DEFENSE IN DEPTH

5 Citizen Services Online Healthcare Business Transformation Cloud Services Social Integration Student Services Remote Mobile Workforce Most Significant in 5

6 800k Health&Finance records STOLEN California Dept of Child Support Services Sensitive DB 1.7GB Leaked US Bureau of Justice Statistics 3.8M Bank Account #s leaked State of South Carolina 6

7 Attacks cost $$$$ in State Government (2012) State of South Carolina Dept. of Revenue > Approximately 3.8 million Social Security numbers, 387,000 credit and debit card numbers and 657,000 business tax filings were exposed in a recent cyber-attack at the SC Department of Revenue. From 7

8 STATE OF UTAH : DATA BREACH UTAH CTO TAKES THE FALL. RESIGNATION SOUGHT BY GOV. HERBERT AFTER BREACH EXPOSES DATA ON 280,000 MEDICAID RECIPIENTS!!!! Some analysts have held up the breach as a classic example of the dangers weak or default passwords controlling access to critical systems and applications pose to enterprises. The state has said it will offer free credit monitoring and identity theft insurance coverage of up to $1 million for victims of the breach. 8

9 2. Regulatory Fines 3. Financial Loss 1. Brand Decline = Loss of trust from Citizens! 9

10 Mobile Devices in the Enterprise Employees, Citizens, Students, Vendors using mobile devices Evolution of BYOD > Bring your own device 10

11 90 % companies with mobile apps in % will depend on social networking to connect with customers and prospects 76 % 10 % Store passwords Store passwords as Source: Information week Aug

12 Mobile Security is Beyond Device Management 46% Of organizations that allow BYOD reported experiencing a data or security breach Source: Trend Micro Survey, Feb % Of helpdesks struggle to keep up with mobile apps support Source: Mobility Revolution Redux, March % Building corporate app stores Source: Partnerpedia Survey, Aug 2011 MOBILE SECURITY STARTS FROM INSIDE 12

13 Mobile Identity & Access Challenges? Developer Limited resources to support chatty clients No SSO across native mobile applications Challenging to secure access to data stored on legacy systems Risky to allow business transactions from untrusted devices 13

14 Guess: The cost of remediating a breach exceeds the cost of preventing a breach by.. 10X We need to start taking a proactive approach to security!!! 14

15 Identity Theft Quality of Service Data Security & Integrity Regulatory Compliance SS #s Denial of Service Collaboration PII Credit Card Info Fraud Privacy PCI Personal Profile NIST Security Model IRS 1075 HIPPA/HITECH BUSINESS HAVE 15

16 Demystifying Mobile Identity Management and Standards Shujaat Ali Principal Security Consultant 16

17 This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. 17

18 Custom Brittle P o i n t 2 P o i n t E x p e n s i v e Internal Users Only Maintenance Not Scaleable Legacy Proprietary C l i e n t S e r v e r Fragmentation Inflexible Slow VPN Based First Generation Integration Rigid Hard Coded Status Quo 18

19 CHANGING MOBILE APPLICATION DEMANDS LIMITED POWER & STORAGE EMPLOYEE OWNED DEVICES DESIGNED FOR WIRELESS & 3G 19

20 APP APP APP APP APP APP APP NATIVE 20

21 REST APP VPN APP APP APP APP APP DOES NOT SCALE 21

22 State-full Cross-network Lower Energy Usage Device Independent REST INTERFACES SIMPLIFIES MOBILE APPS 22

23 Corporate DMZ Corporate Network Mobile Browser Webgate OAM Protected Resource Oracle Access Manager API Gateway Native Application Mobile and Social Data Interfaces / Oracle Entitlements Server Directory Services 23

24 CONTEXT AWARE AUTHENTICATION Account Detail Device Aware! Location Aware!? Time Aware! Device Fingerprint 24

25 PATIENT RECORD xxx xx x PATIENT RECORD 25

26 Select Login Authorize 26

27 Name: REAL EXAMPLE CONNECTING COLLEGE TEST PREP STUDENTS College: Major: Minor: Graduation Date: or Login with Facebook Student Advisor: High School: Test Date: Submit 27

28 Blacklist Devices Better Experience Single Point of Revocation 28

29 MONITORING & REPORTING 29

30 Alerts Location Risk Access Trends Browser & OS statistics 30

31 Access Management Device Tracking Device Registration White\Black List Platform Security Services GPS & WIFI Location Mobile Interfaces KBA & OTP Directory Services User Registration White Pages 31

32 Facebook G a d g e t s u m b l r kedin Curation Mixi I nstagram Search Engine Optimization Advertisements Games Twitter Promotions G o o g l e + Pinterest U R L S h o r t e n e r s S o c i a l P u b l i s h i n g Social Marketing Renren 32

33 Facebook MySpace WordPress Yahoo! V e r i s i g n Pinterest Yahoo! Mixi I nstagram flikr G o o g l e M y O p e n I D AOL 33

34 Facebook G a d g e t s u m b l r kedin Curation Mixi I nstagram Search Engine Optimization Advertisements Games Twitter Promotions G o o g l e + Pinterest U R L S h o r t e n e r s S o c i a l P u b l i s h i n g Social Marketing Renren 34

35 Facebook Yahoo! MySpace Photobucket Twitter N e t f l i x Dropbox SmugMug Y a m m e r Evernote LinkedIn TripIt OpenSocial G o o g l e Vimeo 35

36 36

37 Questions? 37

38 THANK YOU FOR YOUR ATTENTION Feel free to contact us at 38

39 39