the overlooked vulnerability: byod adoption tests enterprise network security

The BYOD Threat Facing the Enterprise The BYOD Threat Facing the Enterprise NetworkNetwork

Secure Mobile Strategies Minimize Risk and Improve ProductivitySecure Mobile Strategies Minimize Risk and Improve Productivity

Chris Rodriguez, Industry AnalystNetwork SecurityAugust 28, 2013

© 2012 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied or otherwise reproduced without the written approval of Frost & Sullivan.

2

Today’s Presenter

•Experience base in the information and communication technologies (ICT) sector, specializing in the areas of:

Enterprise firewall, next generation firewall (NGFW) and unified threat management (UTM), vulnerability management, vulnerability research, intrusion prevention systems (IPS), network access control (NAC), endpoint security software

•Six years of Industry Analyst experience

Chris Rodriguez

Industry AnalystFrost & Sullivan

Follow me on:https://twitter.com/CRodriguezS20

www.linkedin.com/pub/chris-rodriguez/20/46b/309/

3

Focus Points

• Why the Urgency? • But iPhones (and Other Mobile Devices) Are Impervious to

Malware, and Other Fairy Tales• Real Talk: Security is Not Easy• What are my Options? • But What Does This Mean for Me?• Q and A• Poll Results and Conclude

4

Poll Question

Why are you interested in mobile security?

A. To empower employee mobility and productivity with secure BYOD strategies

B. To defend against the mobile threat vector

C. To achieve compliance with regulatory requirements

D. To enhance asset management processes

5

Why the Urgency?

• The explosive growth in mobile device sales is unmanageable• Your organization cannot avoid the BYOD and mobility trend• BYOD introduces more risk

Source: Frost & Sullivan Analysis.

6

But iPhones (and Other Mobile Devices) Are Impervious to Malware, and Other Fairy Tales

Mobile malware is real and becoming commoditized.

1. There is no such thing as a secure operating system

2. Android operating system has more malware than Apple iOS devices

3. Mobile malware is becoming more commoditized and more pervasive

Source: The Android Malware Genome Project and Frost & Sullivan Analysis

7

But iPhones (and Other Mobile Devices) Are Impervious to Malware, and Other Fairy Tales (continued)

Source: Frost & Sullivan analysis.

Mobile devices are platforms to transmit traditional malware and APTs, even through legitimate apps such as Dropbox.

1. These apps are bypassing email security and firewall inspection points

2. Legitimate apps can be leveraged by advanced persistent threats

8

But iPhones (and Other Mobile Devices) Are Impervious to Malware, and Other Fairy Tales (continued)

Mobile fraud is everyone’s problem.

1. Greyware can push ads, or collect a little bit too much information, or charge for premium services

2. It is easy to overlook these excessive permissions or these disclaimers

3. BYOD practices ensure that fraudulent activity also affects businesses

Source: Frost & Sullivan analysis.

9

Real Talk: Security is Not Easy

Mobile threats require holistic solutions including data, device, and network protection.

1. Mobile devices present many challenges because of their ubiquitous and always connected nature

2. Mobile security has elements of data security, device security, and network-based protection

Source: Frost & Sullivan analysis.

10

Real Talk: Security is Not Easy (continued)

Mobile security cannot impede the end-user experience.

1. The biggest challenge is to avoid reducing functionality and accessibility

2. Some solutions separate the corporate data from personal data using a concept of containers or application wrapping

Source: Frost & Sullivan analysis.

11

Real Talk: Security is Not Easy (continued)

Budgetary constraints.

1. Ideally, mobile and BYOD security will follow a defense-in-depth strategy

2. Many organizations cannot afford large deployments of cutting-edge security technologies

Source: Frost & Sullivan analysis.

12

What are my Options?

Network security solutions – NAC, NGFW, data protection.

1. NGFW adds much more contextual data with which to create policies

2. Content security solutions follow a data-centric approach with decisions being made for particular sets of data

3. NAC is a powerful tool that enables companies to leverage comprehensive and real-time endpoint intelligence in their access policies

Source: Frost & Sullivan analysis.

13

What are my Options? (continued)

Mobile endpoint security software – e.g. Symantec, Webroot, McAfee, and ESET.

1. Protects against threats and malware

2. Helps end-users to understand which apps are high risk

3. Also protects against theft and loss

Source: Frost & Sullivan analysis.

14

What are my Options? (continued)

MDM offers some security but no native cyber threat protection capabilities.

1. MDM is focused on asset management capabilities including user identity management and remote management capabilities

2. A proper mobile endpoint security strategy will involve a combination of endpoint-based security software in tandem with network-based tools

Source: Frost & Sullivan analysis.

15

But What Does This Mean for Me?

Information security is a team sport from consumers to enterprise organizations to security vendors.

1. Unfortunately, the hackers are getting really good at this team sport

2. Further education is necessary to ensure that users understand the risks associated with jailbreaking and rooting their devices, and side-loading apps

3. BYOD means securing the devices that they do not control or own using network-based solutions

Source: Frost & Sullivan analysis.

16

But What Does This Mean for Me? (continued)

Mobile device security is a critical Greenfield opportunity for traditional security companies.

1. Low-priced security apps enable consumers to try multiple solutions

2. Smaller vendors with quality security apps can quickly gain a large install base and make a strong brand name in the security industry

Source: Frost & Sullivan market study entitled Analysis of the Global Mobile Endpoint Protection Market, 2013.

17

But What Does This Mean for Me? (continued)

Security vendors are developing MDM capabilities so MDM vendors must partner with or acquire security capabilities.

1. MDM vendors lack experience with threat prevention and malware detection capabilities

2. Endpoint security companies are developing MDM capabilities for their solutions

Source: Frost & Sullivan analysis.

18

Questions and Answers

19

Next Steps

Develop Your Visionary and Innovative SkillsGrowth Partnership Service Share your growth thought leadership and ideas or

join our GIL Global Community

Join our GIL Community Newsletter Keep abreast of innovative growth opportunities

Phone: 1-877-GOFROST (463-7678) Email: myfrost@frost.com

20

Your Feedback is Important to Us

Growth Forecasts?

Competitive Structure?

Emerging Trends?

Strategic Recommendations?

Other?

Please inform us by “Rating” this presentation.

What would you like to see from Frost & Sullivan?

21

http://twitter.com/frost_sullivan

Follow Frost & Sullivan on Facebook, LinkedIn, SlideShare, and Twitter

http://www.facebook.com/FrostandSullivan

https://www.linkedin.com/groups?gid=4480787

http://www.slideshare.net/FrostandSullivan

22

For Additional Information

Britni MyersCorporate CommunicationsICT (210) 477-8481Britni.Myers@frost.com

Chris RodriguezIndustry AnalystICT (210) 477-8423Chris.Rodriguez@frost.com

Michael SubyVP of ResearchICT Stratecast(720) 344-4860Mike.Suby@frost.com

Craig HaysSales ManagerICT(210) 247-2460Craig.Hays@frost.com