How to Improve Your Organization’s Risk Management and Maximize Mobile and Cloud Security

Data breaches continue to make headlines on a daily basis and can pose significant threats to an organization’s bottom line. Attackers are exploiting vulnerabilities in cloud, mobile and Web applications, giving them access to treasure troves of organizational data. The sheer volume and breadth of potential vulnerabilities can make it challenging for organizations to focus their security initiatives, keep their skill sets current and maximize security budgets.

Key Resources

IBM has significant expertise in risk management, mobile and cloud security. Leading up to IBM InterConnect 2015, we thought you’d like to consult the following blogs from thought leaders who will present at the event:

  • Constantine Grancharov will co-present Session No. SAS-3428, titled, “Addressing Application Security: It’s a Matter of Risk Management” in the Application and Data track, along with Scott Takaoka from WhiteHat Security. Grancharov recently authored a blog post on the importance of adopting an application security risk management program in your organization to protect your valuable intellectual property, strategic plans and customer data.
  • Jonathan Carter from IBM partner Arxan and David Marshak from IBM will present a compelling session No. SAS-5600 about protecting mobile applications from potential attacks. The session is titled, “Think Like a Hacker! Common Techniques Used to Exploit Mobile Apps and How to Mitigate Them.” The companion blog post by Patrick Kehoe at Arxan challenges the misconceptions organizations have about the security of online app stores and provides recommendations about how you can mitigate your hacking risk.
  • Dan Wolff and Nataraj Nagaratnam IBM will present Session No. SAS-5859, “Cloud Is an Opportunity to Get Security Right.” In the session, they will discuss how organizations can better manage access, protect data and gain visibility into cloud access, user activity, threats and compliance by adopting cloud strategies. To learn how to make an internal case for cloud-based application security testing, check out the blog post I recently co-wrote with Eitan Worcel at IBM.

So what’s the best way to educate yourself about these topics so you can maximize your security spending and improve productivity? By registering to attend IBM InterConnect in person, in sunny Las Vegas, from Feb. 22 to Feb. 26.

Learn From Security Professionals Just Like You

Selected customer sessions in the Application and Data track at IBM InterConnect 2015 include the following:

  • A panel of experienced IBM Security client speakers will share best practices for leveraging security intelligence and analytics to help you improve your risk management program and make more informed security decisions (Session No. SAS-5009).
  • An international shopping center group will reveal how it modernized its security program to plan more effectively for security threats, assembled a collaborative team across the organization to implement a new distributed security model and promoted the new initiative throughout the business (Session No. SAS-2604).
  • A Canadian bank will educate you on how it implemented an enterprise-wide software security program, including how it adapted its organizational software security model to improve static and dynamic application security testing capabilities, reporting and management of performance metrics (Session No. SAS-3880).
  • A North American government entity will explain how it implemented a digital invoice certification program in order to comply with new legislation that required privileged data, such as payroll records and commercial invoices, to be digitally signed (Session No. SAS-5493).
  • A health care company will review how it managed its evaluation process for an application security testing solution, including developing vendor selection criteria, evaluating vendors, implementing the solution and jump-starting productivity after adopting the solution (Session No. SAS-2195).

For an overview of all the sessions in this track, consult the Application and Data Security track agenda.

Aerosmith at IBM InterConnect

This conference begins in less than a month, so register now and immediately add these sessions to your calendar with our convenient Agenda-Builder tool. Information about the planned Aerosmith concert may be found by clicking here.

In the meantime, stay tuned for follow-up blogs from our speakers and panelists, and check out more of our thought leadership blogs.

More from Application Security

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today