TOP THREATS TO MOBILE COMPUTING

Team 1: Yuyao Han, Farhin hasan, Xing jin, Ahmadreza Khosravi, Chirag Patel, Huidan Xu, Chen Yang
BYOD bring your own device?
Mobile Expense Management?
Remote Email Access?
Mobile Enabled Business Applications?
BYOD bring your own device?
Mobile Expense Management?
Remote Email Access?
Mobile Enabled Business Applications?
This simply makes you an enterprise that uses mobile
devices!
A MOBILE ENTERPRISE:
flexible and scalable enterprise-wide mobility using a holistic, integrated
approach
aligns mobility initiatives with each other and with business models, goals and
objectives
provide instant access to business-critical data and applications, while
maintaining high levels of security.
may utilize cloud technology to provide the scalable, on-demand infrastructure
use business analytics that draw data from both traditional sources and social
business interactions
WHAT IS MOBILE COMPUTING?
~ a versatile and potentially
strategic technology
~improves information quality and
accessibility
~ increases operational efficiency
~ enhances management
effectiveness.
MOBILE COMPUTING SERVICE
PROVIDERS
IBM MobileFirst Platform
IBM MobileFirst Strategy and Design
Services - Exploration, assessment and
planning of your mobile enterprise to
address current and future business and
technology requirements that are unique
to your organization, your industry and
your users.
IBM MobileFirst Development and
Integration Services - Services to help you
develop, deploy, integrate and manage
application and infrastructure elements
of the mobile enterprise while making the
most of your existing investments.
Verivo Akula
WHY ARE COMPANIES BECOMING
MOBILE?
Advantages
Marketplace instant and connected
Meets employee demands and increases
productivity
Increases sales and enhances customer
service
Improves operational efficiencies, reduces
costs more scalable mobile architecture
Differentiates and transforms customer
experience
Enables faster implementation of new
services and business models such as online
product delivery and employee
telecommuting by decreasing development
and test times
Challenges
Increased need for collaboration,
therefore need for cyber security
Security, security, security
The need for business and IT
strategy change
Mobile complexity and integration
The mobile skills gap
A DEEPER
LOOK INTO
CHALLENGES
Security Change in Strategy Complexity and
Integration
Mobile Skill Gap
identity and
device access
management
endpoint control -
presents the most
immediate security
challenge.
network security
protections for
confidential data
protection against
viruses and
malware.
Integrated mobile
enterprise requires
a corresponding
integration of
platforms,
processes and
organizational
decision making.
ready-for-mobile
application
development and
delivery to business-
to-employee (B2E)
and business-to-
customer (B2C)
communications
processes
cross-functional
integration
IT mobility stack
Application store
An average of
only 11 percent of
business have all
the skills needed
to implement and
maintain robust
and integrated
mobility.
gap may be filled
by increased
mobility staffing
investment.
IT professionals
with deep mobility
skills can be
difficult to find.
Implementing and
maintaining a
mobile enterprise
with the help of a
third party partner
may be the better
solution for many
organizations.
THE EVIL 8
Data loss from lost, stolen or decommissioned devices
Information-stealing mobile malware
Data loss and data leakage through poorly written third-party applications
Vulnerabilities within devices, operating system, design and third-party
applications
Unsecured WiFi, network access and rogue access points
Unsecured or rogue marketplaces
Insufficient management tools, capabilities and access to application
programming interfaces
Near-field communications and proximity-based hacking
SOLUTIONS TO TOP 3 SECURITY
THREATS TO MOBILE COMPUTING
Data loss from lost, stolen or
decommissioned devices
Identity management - using single
sign-on to assign access limitations
via a user name and password
combination and to track the
applications and data accessed by
an individual
Network access control and policy
management - integrated with
endpoint control tools check the
employee devices to be sure they
are compliant with corporate security
standards. If not compliant, endpoint
control protocols can automatically
deny access or quarantine the
device. Endpoint control can then
initiate an automated correction
process to bring the device back in
line with corporate standards.
Information-stealing mobile
malware
IT mobility stack - When the endpoint
control layer serves as the automated
integration point for the network and
communication layer, the
applications and provisioning layer
and the security and certificate
management layer, the complexities
of user access and security can be
simplified and managed more
efficiently and effectively. Within the
network and communication layer,
the mobile enterprise can leverage
the heightened scalability that is
required to manage large volumes of
voice, video and application
information.
Data loss and data leakage through
poorly written third-party applications
Application store - The mobile
enterprise allows for the creation of a
contained application store. Two
app stores can be created: one
where customers can download
applications, and one where
employees can download internal-
use applications or remote desktop
images, depending on corporate
preferences. The contained
application store provides built-in
application security from a single,
easy-to-access format that
employees and customers are
already familiar with.
RECENT SECURITY BREACHES
On Dec. 19, Target publicly confirmed the
data breach, which compromised personal
or payment information for as many as 110
million people. The company has so far said
that some 40 million payment card records
were stolen along with 70 million other
customer records during a massive cyber
attack over the holiday shopping season.
Target faces dozens of class actions and
potential action from banks seeking
reimbursement for millions of dollars in losses
due to fraud and the cost of card
replacements.
The Heartbleed Bug is a serious vulnerability
in the popular OpenSSL cryptographic
software library. It allows anyone on the
Internet to read the memory of the systems
protected by the vulnerable versions of the
OpenSSL software. This compromises the
secret keys used to identify the service
providers and to encrypt the traffic, the
names and passwords of the users and the
actual content. This allows attackers to
eavesdrop on communications, steal data
directly from the services and users and to
impersonate services and users.
The companys investigation has found that the
number of customer cards exposed during the
breach was lower than the original estimate of
1.1 million. The maximum number of customer
cards exposed, according to the most recent
estimate, is less than 350,000. Approximately
9,200 of those have been used fraudulently
since the attack. The hackers moved unnoticed
in the companys computers for more than
eight months, sometimes tripping hundreds of
alerts daily because their card-stealing software
was deleted automatically each day from the
Dallas-based retailers payment registers and
had to be constantly reloaded. Card data were
taken from July through October.
MOBILE COMPUTING SECURITY
OPTIONS
How difficult is it to switch between
security providers?
Costly
Time consuming
Not compatible with all
applications
Cannot operate multiple
security options on same
platform interoperability issues.
CHECKLIST WHEN TRANSFORMING
INTO A MOBILE ENTERPRISE
Detailed strategy development
Security and certificate management
Endpoint control
Network infrastructure, access and control
Applications and provisioning
Unified communications
Back-end integration
Skills: in-house versus third party
REFERENCES
https://zmail.utdallas.edu/service/home/~/Mobile%20Enterprise.pdf?auth=co&loc=e
n_US&id=9182&part=2
http://www.idi.ntnu.no/grupper/su/mowahs/links/MobileFramework.pdf
http://www.ocio.usda.gov/about-ocio/enterprise-applications-services-eas/eas-
mobile-computing-program-management-office
http://www.nytimes.com/2014/02/27/business/target-reports-on-fourth-quarter-
earnings.html?_r=0
http://www.usatoday.com/story/money/business/2014/02/26/target-
earnings/5829469/
http://bluesky.chicagotribune.com/chi-target-data-breach-bsi-news,0,0.story
http://www.businessweek.com/articles/2014-02-21/neiman-marcus-hackers-set-off-
60-000-alerts-while-bagging-credit-card-data
http://heartbleed.com/