Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    |

Secure  ContainerizationAbilitare  all’utilizzo  aziendale  i  device  mobili  personali  !Domenico  Catalano  Security  Principal  Sales  Consultant  !Small  Device  -­‐  Big  Data:  Sicurezza  in  un  mondo  senza  Fili  La  Sapienza  -­‐  4    Luglio  2014

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    |

Safe  Harbor  Statement

The  following  is  intended  to  outline  our  general  product  direction.  It  is  intended  for  information  purposes  only,  and  may  not  be  incorporated  into  any  contract.  It  is  not  a  commitment  to  deliver  any  material,  code,  or  functionality,  and  should  not  be  relied  upon  in  making  purchasing  decisions.  The  development,  release,  and  timing  of  any  features  or  functionality  described  for  Oracle’s  products  remains  at  the  sole  discretion  of  Oracle.

Oracle  Confidential  –  Internal/Restricted/Highly  Restricted3

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

Program  Agenda

1

2

3

4

5

Challenges  

Mobile  Device  Risks  

New  Security  Requirements  

Demo  

Q&A

4

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

Bring  Your  Own  Device  (BYOD)A  new  mobile  security  imperative

5

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

Challenges

By  2015  there  will  be  as  many  as  6.7B  personal  smartphones  used  globally 89%

of  employees  are  using  smartphone  devices  for  work,  and  nearly  half  of  them  are  doing  so  without  permission

ITIT  Organization  are  un-­‐prepared  for  the  new  security  requirements  and  regulatory  challenges

The  proliferation  is  complicated  by  the  variety  of  platforms  and  operating  system  versions

6

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

The  Rules  have  Changed

Mobile  devices  have  redefined  perimeter  security

The  Network  is  no  longer  the  main  point  of  control

The  new  security  perimeter  is  users,  devices,  and  data

7

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

Mobile  Device  RiskVulnerabilities

8

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

76%of  all  enterprise  data  breaches  are  the  result  of  weak  or  stolen  credentials  

9

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

Mobile  MalwareMobile  Device  Risk

• Mobile  malware  has  increased  58%  from  2011  to  2012.  • The  most  common  activity  carried  out  by  malware  today  is  stealing  sensitive  data  on  the  device.  • Half  of  all  attacks  target  organization  of  2500  employees  or  more.  • Mobile  device  are  a  key  target  for  Cybercriminals.

10

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

Lost  or  Stolen  DevicesMobile  Device  Risk

11

• In  the  US  alone,  113  cell  phone  are  lost  or  stolen  every  minute.  • Today  84%  of  organisations  have  a  firm  policy  that  departing  employees  must  surrender  their  personal  devices.  • Organizations  should  consider  what  might  the  end  user  delete,  or  retain  before  turning  their  devices  in.  • There  are  no  consistent  and  common  policies  across  mobile  devices,  whether  personal  or  corporate  owned.

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

Application  ManagementMobile  Device  Risk

• Applications  have  quickly  became  the  greatest  enabler  for  business  to  empower  their  employees  with  real  time  data.  • Application  can  be  a  conduit  for  privileged  access  abuse,  misuse  and  data  theft.  • It  is  predicted  that  25%  of  enterprises  will  have  their  own  application  stores  by  2017.

12

Balance  between  Securing  Enterprise  Application  data  and  Employee  Privacy

New  Security  Requirements

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

New  Security  RequirementsIdentity  Management  

Secure  Container  

Single  Sign-­‐on  

Application  Management  

VPN  Independent  

Device  Provisioning  

Multi-­‐user  Devices  

Lost  &  Stolen  Device

14

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

Mobile  Security  Strategy

15

CONTAINERS CONTROLS EXPERIENCE

Isolate  corporate  data,  support  remote  wipe,  restrict  data  transfer

Secure  applications  &  communication,  

corporate  application  store

Role  based  access,  self  service  request,  sign-­‐on  

fraud  detection

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

ContainerizationHow  are  Secure  Containers  made?

• Application  Wrapping  • Functionality  injected  into  existing  applications  • Enforces  security  at  the  application  level  – Data  encryption  at  rest  – Authentication  – Policy  Enforcement  

• No  code  changes  required  by  developer

16

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

Key  ManagementCryptography

• Secure  Container  uses  a  key  hierarchy  to  protect  data.    • All  keys  are  derived  from  user  credentials  that  are  never  stored.  • Key  hierarchy  involves  multiple  keys  to  support  different  sensitivity  of  data  – Unique  key  used  for  the  user’s  authentication  certificate.  – A  different  key  is  used  for  the  browser  cache.  

• The  Security  Container  distributes  and  manages  keys  for  all  the  enterprise  apps.

17

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

Oracle’s  Mobile  Security  Components

18

Authentication / SSO Data at Rest Encryption

Data in Transit Encryption

DLP Policy

Browser

PIM (email, calendar, contacts,

tasks, notes)

Doc Editor

App Catalog

File Manager

Secure Intranet

Secure Mail

Secure Files

App Distribution

Secure Apps Enterprise Apps

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted

Oracle  Mobile  Security:  Demo

19

DEMO

Copyright  ©  2014  Oracle  and/or  its  affiliates.  All  rights  reserved.    | Oracle  Confidential  –  Internal/Restricted/Highly  Restricted20