enterprise mobility: secure containerization
DESCRIPTION
This presentation introduces the new challenges related the enterprise mobility, the risks associate with devices mobile and the new security requirements that the enterprise needs to address, including the main aspects of the secure containerization: application Wrapping, secure communication, encryption at rest and Data Leakage prevention.TRANSCRIPT
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Secure ContainerizationAbilitare all’utilizzo aziendale i device mobili personali !Domenico Catalano Security Principal Sales Consultant !Small Device -‐ Big Data: Sicurezza in un mondo senza Fili La Sapienza -‐ 4 Luglio 2014
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Oracle Confidential – Internal/Restricted/Highly Restricted3
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
Program Agenda
1
2
3
4
5
Challenges
Mobile Device Risks
New Security Requirements
Demo
Q&A
4
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
Bring Your Own Device (BYOD)A new mobile security imperative
5
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
Challenges
By 2015 there will be as many as 6.7B personal smartphones used globally 89%
of employees are using smartphone devices for work, and nearly half of them are doing so without permission
ITIT Organization are un-‐prepared for the new security requirements and regulatory challenges
The proliferation is complicated by the variety of platforms and operating system versions
6
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
The Rules have Changed
Mobile devices have redefined perimeter security
The Network is no longer the main point of control
The new security perimeter is users, devices, and data
7
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
Mobile Device RiskVulnerabilities
8
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
76%of all enterprise data breaches are the result of weak or stolen credentials
9
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
Mobile MalwareMobile Device Risk
• Mobile malware has increased 58% from 2011 to 2012. • The most common activity carried out by malware today is stealing sensitive data on the device. • Half of all attacks target organization of 2500 employees or more. • Mobile device are a key target for Cybercriminals.
10
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
Lost or Stolen DevicesMobile Device Risk
11
• In the US alone, 113 cell phone are lost or stolen every minute. • Today 84% of organisations have a firm policy that departing employees must surrender their personal devices. • Organizations should consider what might the end user delete, or retain before turning their devices in. • There are no consistent and common policies across mobile devices, whether personal or corporate owned.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
Application ManagementMobile Device Risk
• Applications have quickly became the greatest enabler for business to empower their employees with real time data. • Application can be a conduit for privileged access abuse, misuse and data theft. • It is predicted that 25% of enterprises will have their own application stores by 2017.
12
Balance between Securing Enterprise Application data and Employee Privacy
New Security Requirements
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
New Security RequirementsIdentity Management
Secure Container
Single Sign-‐on
Application Management
VPN Independent
Device Provisioning
Multi-‐user Devices
Lost & Stolen Device
14
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
Mobile Security Strategy
15
CONTAINERS CONTROLS EXPERIENCE
Isolate corporate data, support remote wipe, restrict data transfer
Secure applications & communication,
corporate application store
Role based access, self service request, sign-‐on
fraud detection
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
ContainerizationHow are Secure Containers made?
• Application Wrapping • Functionality injected into existing applications • Enforces security at the application level – Data encryption at rest – Authentication – Policy Enforcement
• No code changes required by developer
16
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
Key ManagementCryptography
• Secure Container uses a key hierarchy to protect data. • All keys are derived from user credentials that are never stored. • Key hierarchy involves multiple keys to support different sensitivity of data – Unique key used for the user’s authentication certificate. – A different key is used for the browser cache.
• The Security Container distributes and manages keys for all the enterprise apps.
17
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
Oracle’s Mobile Security Components
18
Authentication / SSO Data at Rest Encryption
Data in Transit Encryption
DLP Policy
Browser
PIM (email, calendar, contacts,
tasks, notes)
Doc Editor
App Catalog
File Manager
Secure Intranet
Secure Mail
Secure Files
App Distribution
Secure Apps Enterprise Apps
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
Oracle Mobile Security: Demo
19
DEMO
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted20