April 09, 2012 API Mobility Security
Copyright © 2012 Deloitte Development LLC. All rights reserved. 1
Mobile computing has been growing at a staggering rate across all age groups,
income groups, industries, geographies and cultures and is widely expected to
continue its exponential growth rate over the next five years.
The mobility landscape
Mobile cellular subscriptions
surpassed 5B in 2010 (Gartner)
300M smartphones sold globally in
2010 (Forrester)
One of the major device vendors has
sold 20M smartphones in Q2 2011
and 15M tablets since product
launch in 2010 (Strategy Analytics)
83% of US population owns
cellphones; 35% of these are
smartphones (Pew Research)
By end of 2011, over 85% of the
handsets will be able to access the
mobile web (Gartner)
Smartphone unit sales will surpass
laptop unit sales in 2012 (Gartner)
Approximately 470M smartphones
will be sold globally in 2011 (IDC)
Approximately 980M smartphones
will be sold globally in 2016 (IMS)
By 2015, global mobile data traffic
volume will be approximately 25
times 2010 volume (FCC)
Current mobile landscape Expected growth
Mobility and mobility services are not only gaining ground among consumers
but also among enterprises
Copyright © 2012 Deloitte Development LLC. All rights reserved. 2
Mobility trends and adoption
At a high level, entities go through three stages of adoption for mobility.
Though mobility offers wide range of products and services, it has its own set
of security vulnerabilities due to the changing threat landscape
Bu
sin
ess Im
pact/
Nu
mb
er
of
Mo
bile A
pp
s
Stage 1 Stage 2 Stage 3
Mobile Veneer:
• Mobile access to existing apps
• No mobile app development
• Result: Poor user experience
(UX) and negligible
productivity, customer
satisfaction or revenue gains
Mobilize Existing
Applications:
• Develop new graphical user
interfaces (GUIs) on top of
existing business logic
• Result: Acceptable UX and
noticeable productivity, CRM
& revenue gains
Mobility-Centric Innovation:
• Develop completely new apps
that leverage mobility benefits
• Result: User-centered UX and
new productivity, CRM and
revenue opportunities
Copyright © 2012 Deloitte Development LLC. All rights reserved. 4
Mobility risk categories
Without appropriate due diligence and planning for mobility adoption or expansion,
unintended consequences can quickly ambush business goals, inhibit progress of
critical IT initiatives, devalue business benefits and expose the organization to
significant risk.
Copyright © 2012 Deloitte Development LLC. All rights reserved. 5
Strategies for tackling mobile risks
Data centric
Minimal device data
footprint
Communications
encryption
Virtualization
Data integrity
Device centric
Mobile device
management (MDM)
Strict device policy
enforcement
Local data encryption
Secure
containers/partitions
Application centric
Developer training
System development
life cycle
Primary or multi-
platform IDE
Application distribution
& maintenance
Exam
ple
co
ntr
ols
Copyright © 2012 Deloitte Development LLC. All rights reserved. 6
Key decision points drive strategy and the resulting
architecture…
Other considerations
Manage Security In-House Outsource Security vs.
3rd Party Tools Native Platform Tools vs.
Application Management Application Guidance vs.
Full Data Access Restricted Data Access vs.
Bring-Your-Own Corporate Provided vs.
Copyright © 2012 Deloitte Development LLC. All rights reserved. 7
Mobility reference architecture
Applications Development (Design, Implement, Test) Strategy Development
Business Analysis
(Opportunity ID,
Business Case)
Mobile Enablement
Strategy/Roadmap
Mobility Readiness
Assessment
End-to-end Network
Design
Industry
Regulatory/Compliance/
Security Analysis
Mobile Solution
Architecture
Creative/UX/UI Design
Mobile Middleware
Integration Data Mgmt
Native Development
Objective C (iOS),
Java
Cross-Platform Dev
Sybase SUP,
HTML5, Adobe
Enterprise Systems Integration
ERP, Web/Ecommerce
and Legacy Systems
Reporting/BI/DW
Enablement
Mobile Analytics
Feedback
Security
Mobile application
security
Mobile security policy
and governance
Mobile security strategy
and architecture
Mobile device and
operations security
Deployment, Distribution, Management, Operations
Mobile Device
Management
Enterprise App Store Support Readiness
Operational / Organizational
Readiness Product Mgmt
Enablement IT Governance
Cloud and Social
Business
Strategy
Enterprise Mobility
Infrastructure
App concept to
development
Enterprise
Integration Security
Business Strategy
App Concept to Development
Mobility Infrastructure
Enterprise Integration Strategy
Security, Privacy & Compliance
Copyright © 2012 Deloitte Development LLC. All rights reserved. 8
1. Understand the specific
mobility use cases
2. Understand key mobility
risks that affect the
organization and its
constituents
3. Incorporate key business
drivers and objectives
4. Implement security controls
through both policy and
technology
5. Enable, not disable adoption
of new innovations (it’s not
stopping here…)
Taking an organization and constituent-centric approach
What are early adopters doing?