Mobile Privacy and Security19.04.2012 14:00-16:00
Privacy in the age of BYOD and Enterprise Mobility
BYOD, or Bring Your Own Device, is a trend which means that corporate IT may no longer control what devices employees use to connect to corporate applications. In this new environment, employees use iPads and smartphones for work, expecting to use enterprise applications anytime and anywhere. This presents significant challenges, including the fact that devices may not interface directly with corporate identity management systems. In this track, we examine the implications of BYOD on the enterprise. We consider the challenges firms encounter when trying to use products like CA SiteMinder and Oracle Access Manager to secure mobile access? Are current policies / auth schemes suitable? How promising are opportunities such as locating-based auth and mobile-as-authentication-means? Users now come from multiple clients. Can these policies/auth schemes properly handle different combination of user + client identity and trust scenarios?
Mobile data Security and Privacy
Physical security of mobile devices is poor. It is good practice to enforce stronger data security and privacy policies for data bound to mobile clients, and have mandatory remote wipe functionalities. How can you implement tiered data security / privacy policies that are mobile aware? For example, when a REST API is being called by a web app from an internal IP, enforce minimum restrictions, where as if the caller is an iPhone application, enforce maximum restrictions.
Securing the Mobile API Ecosystem
Many organizations are deploying APIs, using REST and JSON, to enable mobile application developers to create apps using their APIs. In this way, an organisation can quickly create an ecosystem of developers creating apps for their services. However, how can these APIs be secured? How is usage controlled? This session focuses on API Management in the age of mobile.