Mobile Security – Synthesizing Strategy

Steve Ippoliti

December 12, 2012

Companies Run on Documents

CEO Board of

Directors

• SEC filings

• Tax/audit filings

• SOX reports

• Placements

• Board reports

CIO /

CTO

Human

Resources

• Compliance

reports: GLBA,

SOX, PCI, etc.

• Contracts

• Proprietary

systems

• Compensation

• Bonus data

• Employee equity grants

CFO Legal

• Contracts

• Corp Dev/M&A

• eDiscovery Business

Partners

Banking

Customers

Investors

M&A

Companies

• Board Documents

• Strategy Plans

Investment

Banking

• Advisory Services

• M&A deal materials

Market

Research

Real Estate

Services

• Buy-side research

• Sell-side research

Banking

Services

• Loans, Letter of

Credit

• Performance report

• Wealth

Management/

Investment fund

performance data

• Mortgage

documents

• Ecological

assessment

documents

• Property debt

documents

Urgency: “The Box” Syndrome

The average organization has

13 file sync applications in use

76% of organizations send traffic

to Dropbox (2GB/mo. average)

Source: Palo Alto Networks, Ponemon Institute

90% of organizations lost critical,

confidential data this year

Reconciling Post-PC Users and IT

What Users Want

Sync:

Mobile / Tablet /

Desktop / Web /

BYOD

Collaborate:

Share /

Annotate /

Manage

Just Works:

Picture Perfect

Documents,

Fast, Elegant,

Interface

Data Security and

Control

Tracking and

Compliance

Cloud or On

Premise

Deployment

What Enterprise IT Needs

Integration to

Enterprise Systems

Document Security – Current State

Inside the Perimeter

FW

IPS

IAM DLP

MDM

C

A

B

MDM

How Data is Lost vs. Scope of Protection by Product

Lost Device

27

25

12 5

Accidental Sharing

Insider

MDM

DLP / MAM Typical File Sharing

Source: Forrester Research 9/2012

Document Security – With Document Centric Protection

FW

IPS

IAM DLP

MDM

Inside the Perimeter

A

B

C

MDM

How Data is Lost vs. Scope of Protection by Product

Lost Device

27

25

12 5

Accidental Sharing

Insider

Lost Device

Accidental Sharing

External Attack

Insider Etc

MDM

DLP / MAM Typical File Sharing

Source: Forrester Research 9/2012

Data-Centric Protection

Compliance Scope Has Changed

Compliance in the Traditional Enterprise

Compliance in the Mobile, Extended Enterprise

Collect + monitor system logs, review/alert on issues

Data itself must generate an audit log of every event on

every device for review + alerting

Effective for Regulated Data on:

IT-Managed Infrastructure

Mobile Devices

Third Parties’ Devices /

Infrastructure

Effective for Regulated Data on:

IT-Managed Infrastructure

Mobile Devices

Third Parties’ Devices /

Infrastructure

SIEM

Log Management

GRC

SIEM

Log Management

GRC

Use Case: IP Protection Solution

0

100

200

300

400

500

600

700

800

900

1 3 5 7 9

11

13

15

17

19

21

23

Week

Inte

rna

l U

se

rs

• Use case: IP protection

• Requirements:

- Protect product designs,

manufacturing instructions, and

quality standards

- Full BYOD – must control data on

devices not managed/owned by

Nike

• Rolled out Nike HQ and hundreds of

subcontracted factory users

• Used for millions of product designs

Deployment

Analyst Perspective: Forrester

Corporate Overview

Analyst Recognition Company Background

“Shake[s] up ERM with secure document sharing as a service”

Cool Vendor

Represents “next generation of DLP and DRM solutions”

Customer Base

• Founded in 2008

• Headquartered in Palo Alto, CA

• 80+ employees

• Deep security DNA (EMC/RSA, ArcSight, Check Point, McAfee, Symantec)

Thank You

Steve Ippoliti SteveI@WatchDox.com 914.806.0637 www.WatchDox.com