A more connected government - noufexpo.com.kwnoufexpo.com.kw/egov1/images/thirteen.pdf · The...
Transcript of A more connected government - noufexpo.com.kwnoufexpo.com.kw/egov1/images/thirteen.pdf · The...
A more connected governmentAnywhere, any time
CloudSocialMobility Big data
Mobility as a megatrendThe influence of consumer technology and always-on connectivity
Changing
work styles
The mobile
citizen
Consumerization:
95% of information
workers use at least one self-
purchased device for work
Nearly
80% of
workers spend at
least some
portion of their
time working out
of the office
By
2016,
smartphones and
tablets will put power in
the pockets of a
billionglobal citizens
in 2013,
45%of new local government
applications will be mobile.
Support work use
of personal and
companion
devices
Provide field
workers with
small PCs, tablets
and smartphones
Use policies to manage access:
Identity | Device | Location | App/data
+
Support ANY compliant device… …without overloading IT
Embrace device choice Enable people to use the devices they want without compromising security
Embrace a growing, global, always-on mobile user communityBuild scalable, continuously-connected cloud services
Application Layer
Operating System
Layer
Hardware Layer
Infrastructure Layer
Mob
ile S
ecu
rity
Mobile Carriers
Handset
Manufacturers
Mobile Platform
Providers
Developers /
Application Providers
• Data loss
• Data Protection
Laws violation
• Data corruption
• Network sniffing – Logging /
Impersonation/illegal
transactions
• Tracking Passwords
• Self-propagating /
Spamming using Phone’s
contact list
Unsafe / Untested applications
could lead to device infection /
damage (e.g. change in
settings)
Application flaws – Buffer
Overflows, Cross-site scripting
– could compromise enterprise
data
Defcon & BlackHat conferences, summer 2013• Mactans: Injecting Malware into iOS
Devices via Malicious Chargers Mobile rootkits: Exploiting and rootkitting ARM TrustZone
• Torturing Open Government Systems for Fun, Profit and Time Travel
• Defeating SEAndroid
• A Practical Attack against MDM Solutions
• Android: one root to own them all
• BlackBerryOS 10 from a security perspective
• Bluetooth Smart: The Good, The Bad, The Ugly, and The Fix!
• How to Build a SpyPhone
I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell
Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot
Rooting SIM cards
Abusing Web APIs Through Scripted Android Applications
LTE BOOMS WITH VULNERABILITIES
Mobile Malware: Why the traditional AV paradigm is doomed and how to use physics to detect undesirable routines…
Deploying and managing applications across platforms is difficult.
Apps
Users expect to be able to work in any location and have access to all their work resources.
Users Data
Users need to be productive while maintaining compliance and reducing risk.
The explosion of devices is eroding the standards-based approach to corporate IT.
Devices
Bring Your Owm Device (BYOD)
• Cost savings
• Employee satisfaction and productivity
• Take advantage of the latest devices
• Faster refresh cycles
• Policy with minimum security requirements
• Compliance and ownership of data
• Segregating and retrieving company data
BYOD
• “This is a data, not a device discussion” Tony Scott, Microsoft CIO
• Start with a policy
Security and management Centralized management across platforms
MDMPC & Mac
Management
Multi-device application deliveryDetermine user access rights, then deliver based on device type.
Same user, same app, different device
Cloud-based Self-service Portal
Securely provision application from anywhere
Single point for application requests
Users only see the software they have permission to request
IT can publish access to resources with the Web Application Proxybased on device awareness and the users identity
IT can provide seamless corporate access with DirectAccess and automatic VPN connections.
Users can work from anywhere on their device with access to their corporate resources.
Users can register devices for single sign-on and access to corporate data with Workplace Join
Users can enroll devices for access to the Company Portal for easy access to corporate applications
IT can publish Desktop Virtualization (VDI) for access to centralized resources