28 May 2013

IBM Smarter security helps you protect your data

IBM Smarter security helps you protect your data
IBM Smarter Planet:
 IBM is defining the smarter planet as "intelligent infrastructure for our energy grids, transportation system, food supply and healthcare networks... It is also about trillions of devices and objects connecting to the Internet and changing the way billions of people live and work.'
Security through smarter storage:
IBM Cloud Storage:
As mobile adoption grows, so do threats to mobile security
The projections tell a compelling tale: one billion enterprise smartphones and 1.2 billion mobile workers expected by 2014—with large enterprises tripling their smartphone user base by 2015.2 The adoption of consumer-owned rather than enterprise-dedicated devices in 85 percent of large companies by 2014.2 Half of organizations planning to deploy their own mobile applications within 12 months.2 But with rapid adoption come mounting threats. The need to maintain business agility and to support changing employee behaviors not only will feed continued growth in the use of mobile devices, it will require organizations to find ways to mitigate the operational risks associated with mobility.


While enterprises have learned security lessons from the PC and Internet era, mobility brings both new challenges and the evolution of previous ones. At the top of the threat list are lost and stolen devices, but rogue applications, social engineering, malware, identity theft, stolen data, malicious websites and denial of service are becoming more sophisticated and are constantly on the increase. At the same time, the diversity of platforms and applications, general lack of enterprise visibility and control, and increased complexity in demonstrating regulatory compliance make it more difficult for IT to support mobile initiatives. Most mobile platforms are not natively designed to provide comprehensive security, and with the explosive growth in numbers of mobile devices, hackers have a strong incentive to develop new techniques or create attacks aimed specifically at these devices.

Organizations must therefore put into place tools and processes that enable them to meet threats designed to exploit mobility-related vulnerabilities, including:
Ø  Credentials that enable access to business or personal accounts
Ø  Sensitive data such as confidential business or personal information
Ø  Device communication services
Ø  The mobile device itself, which can be a jumping-off point to accessing other corporate resources
Follow the flow of data
Unprotected endpoint devices are like open doors into sensitive information. Organizations need to guard the data on those devices—whether the data is at rest or in motion over unse-cured networks and infrastructure. Data protection must be the primary objective when developing an enterprise mobile strategy. Effective security for mobile environments should therefore be designed to follow the flow of data and to defend that data from unauthorized access. The design of an adaptive security posture should include policy management and security intelligence to guide the overall initiative as well as capabilities for protecting data throughout the mobile lifecycle.

With diverse devices in use throughout the enterprise— especially when the organization has adopted a “bring your own device” (BYOD) policy—it is first necessary to put into place comprehensive, cross-platform capabilities for managing and securing devices and applications. Secure access to enterprise assets should include secure connectivity with capabilities for managing identities, access and authorization. Conduct vulnerability testing of mobile applications to support the organization’s trust relationships with customers, employees and business partners. Visibility into the full data flow is important for keeping the mobile security program ahead of constantly growing threats. In the world of mobility, more so than in traditional IT environments, it is important that the security model adapt to the user rather than requiring the user to comply with mandates. Another reason for security to adapt to the user is that attacks tend to be more targeted at individuals, departments or organizations rather than being general, mass attacks. It is important to remember that user behavior is different when the issues are mobile devices and mobile access—more emphasis is placed on avoiding disruption of the user experience. The security model that adapts to a user’s mobile context—for example, location, type of content accessed, time of day or risk profile—and that has minimal impact on user experience will help ensure compliance with security policies and ultimately assist in securing enterprise data.

The IBM portfolio ensures business-driven mobile security

IBM takes a holistic approach to mobile security requirements, using the well-established IBM Security Framework as a reference. IBM Mobile Security solutions help customers address challenges in mobile device management, access management, application security and security intelligence. Each not only
delivers mobility-focused capabilities, but is designed to extend and complement existing IT security infrastructures, policies and procedures. Designed to help organizations transition from being reactive to taking the initiative in a constantly changing mobile security landscape, IBM solutions emphasize an integrated, end-to-end security model with visibility across the enterprise, as well as facilitate proactive responses.


Mobile enterprise security roadmap


No matter how capable a mobile security solution is, its value is greatly diminished if it cannot be efficiently deployed or easily managed. The organization needs to carefully assess the overall risks to the enterprise and the effort required for initial roll-out and ongoing management of a solution. To help build an effec-tive mobile enterprise strategy and roadmap, IBM can deliver a range of comprehensive professional security services, either directly or through local business partners.


Building on technology leadership and worldwide engagements with organizations across industries and of all sizes, IBM takes a risk-based approach to securing the mobile enterprise with the following steps:

Securing the mobile device:

Capture detailed device information and identify non- compliant devices;  detect  “jail broken”  or “rooted” devices

Enforce security best practices and take corrective action including updates, denying or removing access, virtual private network configuration and delivery of anti-malware solutions

Remotely locate, lock and perform selective wipes when devices are lost, stolen or decommissionedLeverage a single infrastructure to deliver controls for a broad set of enterprise endpoints including smartphones, tablets, desktops, laptops and servers

Protecting access to enterprise resources:

Deploy context-aware authentication and authorization of mobile users and their devices

Support mobile-friendly open standards such as OAuth

Implement strong session management and protectionExtend the infrastructure employed for protecting access from any endpoint with the ability to address requirements unique to mobile computing

Delivering safe mobile applications:

Support developers with security features including data encryption, direct updates and application validation

Perform vulnerability assessments during development, testing and runtime to mitigate the risk of deploying unsafe applications

Employ a secure channel through which to deliver mobile applications to enterprise mobile usersOffer a secure runtime environment for mobile applications that enables centralized management with application locking

Attaining visibility and delivering an adaptive security posture:

Generate reports on compliance

Assess consistency of security policy enforcement

Be proactive in responding to emerging threats and adapt to changing user behaviors



Why IBM technologies?


With IBM solutions, organizations can support mobile employees, enable mobile collaboration with partners and nurture customer relationships. They can realize new revenue channels as they reduce risk. They can ensure effective security for their mobile environments with capabilities for mobile device management, mobile identity and access management, network and data protection, and mobile application security. The industry-leading IBM X-FORCE® research and development team provides the expertise for a solid, preemptive security approach. The team provides reports documenting all aspects of threats that affect Internet security, as well as maintaining a comprehensive threats and vulnerabilities database that powers the preemptive protection delivered by IBM products. In addition, the team distributes alerts and advisories that provide information about how IBM products and services can protect against the latest threats.

Security intelligence, analytics and governance, risk and compliance At the device Manage device and data People Data Applications IBM Security Framework domains Infrastructure Malware protection Application security Secure access Over the network and enterprise Monitor and protect Secure connectivity Secure applications For the mobile application Integrate securely Manage applications Mobile security strategy and lifecycle management IBM Endpoint Manager for Mobile IBM Mobile Device Security (hosted) IBM Worklight IBM Security Access Manager for Mobile IBM WebSphere DataPower IBM QRadar IBM Lotus Mobile Connect Internet Corporate intranet IBM Security AppScan IBM WebSphere DataPower IBM Worklight Meet mobility needs with IBM solutions

 Security Info Graphics:





Managed security video IBM:

IBM's Managed and Cloud Services solutions offer your organisation a simple, efficient and cost-effective way to delegate time-consuming and complex IT activities

 to learn more visit www-935.ibm.com/services/au/en/it-servic­es/managedservices.html





A video animation made with atoms:


For more information please contact me at:Drs. Albert Spijkers
DBA Consulting
web:            http://www.dbaconsulting.nl
blog:            DBA Consulting blog
profile:         DBA Consulting profile
Facebook :   DBA Consulting on Facebook
email:          info@dbaconsulting.nl 

0 reacties:

Post a Comment