Roundtable: Mobile Privacy and Security
Moderator:
Even though mobile devices bring along many advantages, privacy and security are not among their strengths. In this round table, we will look into the main issues of mobile privacy and security breaches – and explore what can be done against it.
After attending this you will be able to:
- Explain the main risks associated with mobile devices based on real life examples.
- Explain the risks associated with allowing employees to use their own mobile devices for their work in the organization.
- Describe best practices for securing mobile devices with the organization.
- Describe best practices for securing data accessed by employees using their own mobile devices.
This Roundtable qualifies for 3 Group Learning based CPEs.
 |
KuppingerCole is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing education on the National Registry of CPE Sponsors. State Boards of accountancy have final authority on the acceptance of individual courses for CPE credits. Complaints regarding registered sponsors may be submitted to the National Registry through its website: www.learningmarket.org For more information regarding administrative policies such as complaint and refund, please contact Mr. Levent Kara at our office's telephone +49 211 23707710, email: lk@kuppingercole.com |
Mobile Privacy and Security
Privacy in the age of BYOD and Enterprise Mobility
BYOD, or Bring Your Own Device, is a trend which means that corporate IT may no longer control what devices employees use to connect to corporate applications. In this new environment, employees use iPads and smartphones for work, expecting to use enterprise applications anytime and anywhere. This presents significant challenges, including the fact that devices may not interface directly with corporate identity management systems. In this track, we examine the implications of BYOD on the enterprise. We consider the challenges firms encounter when trying to use products like CA SiteMinder and Oracle Access Manager to secure mobile access? Are current policies / auth schemes suitable? How promising are opportunities such as locating-based auth and mobile-as-authentication-means? Users now come from multiple clients. Can these policies/auth schemes properly handle different combination of user + client identity and trust scenarios?
Mobile data Security and Privacy
Physical security of mobile devices is poor. It is good practice to enforce stronger data security and privacy policies for data bound to mobile clients, and have mandatory remote wipe functionalities. How can you implement tiered data security / privacy policies that are mobile aware? For example, when a REST API is being called by a web app from an internal IP, enforce minimum restrictions, where as if the caller is an iPhone application, enforce maximum restrictions.
Securing the Mobile API Ecosystem
Many organizations are deploying APIs, using REST and JSON, to enable mobile application developers to create apps using their APIs. In this way, an organisation can quickly create an ecosystem of developers creating apps for their services. However, how can these APIs be secured? How is usage controlled? This session focuses on API Management in the age of mobile.
Bridging from Mobile to on-Premise
Bridging from Mobile to on-Premise
Organisations are under pressure to deliver applications to mobile devices. However, many of the applications to be deployed to mobile clients currently reside behind the firewall. How can this gap be bridged? In this track, the question of mobile-enablement of on-premises applications is addressed.