1 / 29

Securing Cloud and Mobile Pragmatic Enterprise Security Architecture

Securing Cloud and Mobile Pragmatic Enterprise Security Architecture. Prabath Siriwardena (@prabath) WSO2 Director, Security Architecture. Within the first decade of the 21 st century – internet worldwide increased from 350 million to more than 2 billion .

dylan
Download Presentation

Securing Cloud and Mobile Pragmatic Enterprise Security Architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Cloud and Mobile Pragmatic Enterprise Security Architecture Prabath Siriwardena (@prabath) WSO2 Director, Security Architecture

  2. Within the first decade of the 21st century – internet worldwide increased from 350 million to more than 2 billion.

  3. Mobile phone subscribers increased from 750 million to 5 billion Today it’s around 6 billion

  4. Only 30% of mobile users, password protect their mobile devices

  5. Many SaaS providers ignore multifactor authentication for mobile applications

  6. 113cell phones are lost or stolen every minute in the U.S and $7 million worth of smartphones are lost daily

  7. 62% of mobile workers currently use their personal smartphones for work

  8. http://www.websense.com/assets/reports/websense-2013-threat-report.pdfhttp://www.websense.com/assets/reports/websense-2013-threat-report.pdf

  9. Mobile Device Management systems need to be an integral part of the corporate Identity Management

  10. Cloud service providers are becoming mobile friendly with REST/JSON APIs

  11. OAuth 2.0 dominates Mobile and API security

  12. Avoid using Resource Owner Password OAuth grant type

  13. Mobile applications secured with OAuth can be vulnerable to phishing

  14. Your Facebook or Twitter account credentials can be quite easily phished through your mobile phone - than from a laptop computer

  15. The need to bake-in client key and the secret key into the mobile app itself is an issue yet to solve

  16. OAuth has given a better failover capability to mobile applications in case of an attack

  17. It takes an average of 20 seconds for a user to log into a resource

  18. Single Sign On increases user productivity

  19. Authorization Server (IdP) Browser based Single Sign On Mobile Device Native App Native Web Browser

  20. Mobile Device Native Single Sign On Native App Native IdP App

  21. OpenID Foundation is working on standardizing Native Single Sign On based on OpenID Connect

  22. SAML2 IdP SAML2 IdP Authorization Server (IdP) Federated Single Sign On Mobile Device Native App Native Web Browser

  23. Federated Single Sign On with heterogeneous Authorization Servers

  24. Secured / Confidential data channels

  25. TLS, JSON Web Encryption (JWE)

  26. Cloud API Managed Cloud APIs Mobile App API Gateway

More Related