Securing cloud and mobile pragmatic enterprise security architecture
Sponsored Links
This presentation is the property of its rightful owner.
1 / 29

Securing Cloud and Mobile Pragmatic Enterprise Security Architecture PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on
  • Presentation posted in: General

Securing Cloud and Mobile Pragmatic Enterprise Security Architecture. Prabath Siriwardena (@prabath) WSO2 Director, Security Architecture. Within the first decade of the 21 st century – internet worldwide increased from 350 million to more than 2 billion .

Download Presentation

Securing Cloud and Mobile Pragmatic Enterprise Security Architecture

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Securing Cloud and Mobile Pragmatic Enterprise Security Architecture

Prabath Siriwardena (@prabath)

WSO2

Director, Security Architecture


Within the first decade of the 21st century – internet worldwide increased from 350 million to more than 2 billion.


Mobile phone subscribers increased from

750 million to 5 billion

Today it’s around 6 billion


Only 30% of mobile users, password protect their mobile devices


Many SaaS providers ignore multifactor authentication for mobile applications


113cell phones are lost or stolen every minute in the U.S and $7 million worth of smartphones are lost daily


62% of mobile workers

currently use their personal smartphones for work


http://www.websense.com/assets/reports/websense-2013-threat-report.pdf


Mobile Device Management systems need to be an integral part of the corporate

Identity Management


Cloud service providers are

becoming mobile friendly with REST/JSON APIs


OAuth 2.0 dominates Mobile and API security


Avoid using Resource Owner Password OAuth grant type


Mobile applications secured with OAuth can be vulnerable to phishing


Your Facebook or Twitter account credentials can be quite easily phished through your mobile phone - than from a laptop computer


The need to bake-in client key and the secret key into the mobile app itself is an issue yet to solve


OAuth has given a better failover capability to mobile applications in case of an attack


It takes an average of 20 seconds for a user to log into a resource


Single Sign On increases user productivity


Authorization Server (IdP)

Browser based Single Sign On

Mobile Device

Native App

Native Web Browser


Mobile Device

Native Single Sign On

Native App

Native IdP App


OpenID Foundation is working on standardizing Native Single Sign On based on

OpenID Connect


SAML2 IdP

SAML2 IdP

Authorization Server (IdP)

Federated Single Sign On

Mobile Device

Native App

Native Web Browser


Federated Single Sign On with heterogeneous Authorization Servers


Secured / Confidential data channels


TLS, JSON Web Encryption (JWE)


Cloud API

Managed Cloud APIs

Mobile App

API Gateway


  • Login