Presentation on theme: "Application Security: Bake In or Add (Sometime) Later? Jeff Kalwerisky Security Evangelist for Alpha Tech and VP, Information Security & Technical Training."— Presentation transcript:
Application Security: Bake In or Add (Sometime) Later? Jeff Kalwerisky Security Evangelist for Alpha Tech and VP, Information Security & Technical Training CPEinteractive, Inc.
Famous Quote “Who am I and Why Am I Here?” Admiral James Stockdale, Vietnam war hero & Ross Perot’s V-P candidate in 1992 A recovering software developer Not an Alpha developer Sole focus: Information Security – AKA Keeping “them” away from the crown jewels Security Evangelist for Alpha for many years
Thinking About Security Starts Here Information Security
“Just the Facts, Ma’am” Of popular mobile apps have security baked in and use tools to defend against hack attacks Of the top 100 Android & iOS apps have been successfully hacked
Why Should I Care? Revenue Loss Unauthorized Access to Sensitive Data Intellectual Property Theft Fraud Altered user Experience Brand Damage
COMPLIANCE! With an alphabet soup of regulations and standards What Really Keeps CxOs Up at Night PA-DSS 3.0 PCI-DSS 3.0 (GLBA) The Men in Black: Auditors
CIO and CEO of Target fired after embarrassing security breach which compromised 40-million(!) customer credit and debit cards Not to Mention Career-Limiting X X
Not All (Mobile) Apps Are Equal High Risk Apps... Location-Aware Collect Personal Info Use remote servers to handle user data Access sensitive databases Low(er) Risk Apps... Alarm Clock To-Do List with no connection Apps that never talk to the Web or Corporate databases
Basic security is built into the tool – Unlike many other development tools – We’re looking at ya, MS-Access...! But it’s getting much more complex – BYOD, BYOA, COPE*, Cloud, Big Data Analytics, social media, the Internet of Things,... The Way * Corporate-Owned, Personally-Enabled
Your consent to our cookies if you continue to use this website.