IT security in the Superfast Mobile Age The impact of more of everything

Clive Bob Tarzey Longbottom,

Service Director, Analyst and director Quocirca Ltd

Quocirca Ltd Nov 2013

The high level security problem is More of everything to worry about.

DEVICES & THINGS
USERS

CLOUD

NETWORK TRAFFIC
Quocirca 2013

DATA

SOFTWARE & MALWARE

More users who are they?

Quocirca 2013

UK mid-market online interaction with external users

Overall Financial services

40

49
42 38 31

Sector

RDT Other commercial Manufacturing

0 20 40 Average internal users/external users ratio Quocirca: The mid-market conundrum June 2013 Quocirca 2013 UK mid-market IT managers

Supporting technology for more users

Federated identity and access management Single sign-on Social infrastructure
Support for bring-your-own-identity (BYOID)

Think of identity as the new IT perimeter

The identity perimeter

Quocirca Sept 2012
Quocirca 2013

Social media already as a source of identity for consumers

Quocirca: Digital identities and the open business, Feb 2013 Quocirca 2013 European enterprise and mid-market IT and IT security managers

Devices (and things) What are they? Are they safe?

Quocirca 2013

Device use what is BYOD? (Bring your own device)

Company issued and managed devices (not BYOD) Formal BYOD policy The security issue Choose you own device (CYOD) that cannot be Informal BYOD ignored Unwanted/unmanaged BYOD External guests (wanted and unwanted)

What Ive got is what Ill use DYOT

Quocirca 2013

Supporting security technology for mobile device security

Centralised security Device based security

VDI Data stores Web proxies Content filtering

Containerisation Password protection Malware protection Encryption Remote disablement and wipe (lost device) SIM recognition End of life

Plus use of mobile apps Mobile device management (MDM) Quocirca 2013 Mobile app management (MAM)

More network traffic What is in it?

Quocirca 2013

These data belies a truth, the user activity and risk will increasingly lie in the mobile component, the problem is seeing the wood for trees.
Quocirca 2013

How important are the following for your organisation when designing and implementing networks?
Accessibility, security and control for external users Minimal redundancy (N+1 availability) Implementing policy based controls within the network Content awareness 60% 31% 31% 25% 33% 33% 30% 24% 8% 22% 22% 23%

Open APIs Single management console for all devices

0% Essential Important

24%
24% 20%

36%
38% 40% 60%

26%
28% 80% 100%

Nice to have

Not of use

Dont know

Quocirca: In demand: the culture of online service provision Quocirca 2013 October 2013, North Europe enterprise IT managers

Supporting network security technologies

Network access control (NAC) In and out traffic filtering and inspection Encryption (also used against you) Next generation firewalls Security information and event management (SIEM) Application delivery controllers
Quocirca 2013

Data what is it, who wants to know?

Quocirca 2013

Relative increase in CPU and storage since 1996

Quocirca 2013

Source, European Bioinformatics Institute

Data security supporting technology

The biggest danger is data leaking on to mobile devices and then on to the cloud Management of mobile devices is central to the way data is protected Plus.
On device encryption Data classification Data loss prevention (DLP)

Big data a challenge and an opportunity

Context aware security (SIEM) Quocirca IT2013 operational intelligence

Software is it safe?

Quocirca 2013

Types of software to worry about (from a mobility perspective)

Web enabled applications; made available to mobile users Making them safe from attack Authorising access Mobile apps What is safe to use, how to control? Social media/consumer web services
Who is communicting with who? (compliance) Consummer cloud data storage

Malware bad software, bad apps

Quocirca 2013

Who do you provide web enabled services to?

B2B

52.8%

B2C

42.2%
20.1% provide to all three 27.2% provide to two/three 18.5% provided just one

Partners

37.9%

None
0% 10% 20%

34.2%
30% 40% 50% 60%

Quocirca: In demand: the culture of online service provision Quocirca 2013 October 2013, North Europe enterprise IT managers

Preferred method of mobile app provisioning

0% 10% 20% 30%

Directly to company Public app store Corporate app store

To secure container on To personal devices via Other Don't know/doesn't apply

Source: Antenna Software Quocirca 2013 Mobile Business Forecast June 2013

How do you know what is safe? How do you even start to check? What policies should be enforced? (MAM)

The mobile malware explosion

Beware the rise % of zero day malware

Quocirca 2013

Do you think you have malware undetected on the following?

Quocirca: The trouble heading for your business Quocirca 2013 Feb 2013, European IT and IT security managers

Supporting software security technology

Cloud infrastructure providers
Shared security models

Static/dynamic scanning (vulnerabilities) Web application firewalls Software reputation services Corporate app stores Mobile app management (MAM) Mobile app behaviour policy enforecment
Beyond what the app stores offer

Anti-malware (less and less effective) Network security

Quocirca 2013

Central to it all the cloud

Confidence in cloud use and cloud security means confidence in mobile and mobile security and is the key to unlocking the opportunity of the Superfast Mobile Age
Quocirca 2013

Comparison of % spend on IT security with attitude to cloud

Quocirca: The adoption of cloud-based services, July 2013 Quocirca 2013 European enterprise and mid-market IT and IT security managers

Cloud attitude versus IAM use Recognition of the identity perimeter

Quocirca: The adoption of cloud-based services, July 2013 European Quocirca 2013 enterprise and mid-market IT and IT security managers

The outcome from confidence through comprehensive mobile security

More opportunity More efficient business processes, more profit More reach, more customers More business, more growth

Quocirca 2013

Thank you: contact details

Bob Tarzey Analyst and director, Quocirca bob.tarzey@Quocirca.com +44 7900 275517

Download Quocirca reports referenced for free from www.quocirca.com Or free on request from Quocirca
Quocirca 2013

28