SlideShare una empresa de Scribd logo

BYOD - it's an identity thing

Paul Madsen
Paul Madsen

An identity-based model for dealing with BYOD

Tecnología
1 de 41
Descargar para leer sin conexión
BYOD- it's an Identity Thing BYOD Paul Madsen (@pmadsen) Senior Technical Architect It's anPing Identity thing 'identity'
A little bit about me
BYOD WHAT'S THE BIG DEAL?
B Y O D R B Y W D R I O N E O N U U V GG R I H C T E S
Context COIT BYOD Social will.i.am keynoting Cloudforce App stores Personal Cloud
[reputable analyst firm] says [X%] of Fortune 500 will confront BYOD by [201Y]
So why allow it?
SHadow IT HAPPENS
Employee productivity as a function of time mobile productivity Traditional 9-5 Sun Mon Tue Wed Thur Fri Sat
Fundamental challenge A single device must support two 'masters'
Err no….
Choices • Mobile Device Management (MDM) applies enterprise policy to the device as a whole – PIN, wipe, VPN etc • Mobile Application Management (MAM) focuses on the business apps ON the device – App store, security added onto binaries either through SDK or 'wrapping'
Granularity
BYOD Balancing Act Standards Security Enablement Privacy
Balancing Act Productivity
Productivity vs time ideal reality 'Now what was my password again??' productivity 'Whoa, I can still login!' 'Well I guess I can play Angry Birds until IT sets me up' hired fired time
GTD Requirements 1. Initial GTD - Quickly get new employees up and running with the applications their role demands 2. Ongoing GTD - Provide employees single sign on experience in day to day work 3. Stop GTD - Reduce/remove permissions when necessary
Balancing Act Privacy
Privacy the right to be let alone— the most comprehen sive of rights and the right Louis Dembitz Brandeis most
Privacy Granularity of IT control
Partioning for privacy 1. Divide the phone in 'half' – one side for business applications & data, another for personal 2. IT's mandate is to manage & secure the apps & data on the business side 3. IT has no mandate (nor, hopefully, desire)
Balancing Act Security
IT'S NOT ABOUT THE DEVICE
It's the data
Protecting the data 1. Ensure that user/app can access only appropriate data – Authorization based on role 2. Protect data in transit – SSL IDM 3. Protect data on device – PIN, Encryption 4. Remove access to data when appropriate MAM – Wipe stored data (or keys) – Revoke access to fresh data MDM
MIM?
MDM – No screen capture MAM – No screen capture when in email app MIM – No screen capture for this document
Balancing Act Standards
Why standards? • Framework implies interplay between – Enterprise IdM – MAM architecture • MAM servers • MAM agent – Applications • On-prem • SaaS
Enterprise Components SaaS SaaS 1 2 MAM Device MAM Browser SaaS1 SaaS2
Standards • SCIM (System for Cross-Domain Identity Management) to provision identities as necessary to MAM and SaaS providers • SAML (Security Assertion Markup Language) to bridge enterprise identity to MAM and SaaS providers • OAuth to authorize MAM agents, and SaaS native apps
Enterprise Components SCIM SaaS SaaS SCIM 1 SAMLMAM O SCIM O A SAML A U SAML O U T A T H U H Device MAMT Browser H SaaS1 SaaS
Bob 'pursuing other ventures' EnterpriseSCIM (delete) SaaS SaaS SCIM (delete) 1 MAM SCIM (delete) W I p e Device MAM Browser SaaS1 SaaS wipe wipe
Bob 'loses phone in cab' EnterpriseSCIM (status=0) SaaS SaaS SCIM (status=0) 1 MAM SCIM (status=0) L O C K = Device Y MAM Browser SaaS1 SaaS
Application Provider Enterprise Application Provider Application Provider Device Native app Native app Native Authz Native app app Native agent Native app app Native app
Wrapping up
R R E DE S a S Business T t T Personal a MAM App App T Policy o k Apps T o e k n e s Identity Identity Corp Identity n Identity s Tokens
Thank you @paulmadsen
Summary 1. Divide device & leave employee personal data alone 2. Provision apps via MAM based on employee identity & roles into employee 'side' 3. Provision tokens to those apps via IdM based on employee identity & roles 4. Apps use tokens on API calls to corresponding Cloud

Recomendados

Mobilemonday b2b mobco
Mobilemonday b2b mobcoMobilemonday b2b mobco
Mobilemonday b2b mobcoMobile Monday Brussels
 
2011 VMI DEMO Conference Highlights
2011 VMI DEMO Conference Highlights2011 VMI DEMO Conference Highlights
2011 VMI DEMO Conference HighlightsJulie_Vasquez
 
Penrillian.com - Mobile Money
Penrillian.com - Mobile MoneyPenrillian.com - Mobile Money
Penrillian.com - Mobile MoneyMobileMoney
 
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Novell
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)itforum-roundtable
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15finalMahmoud Moustafa
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
February 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile TestingFebruary 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile TestingLeigh Williamson
 

Recomendados

Mobilemonday b2b mobco
Mobilemonday b2b mobcoMobilemonday b2b mobco
Mobilemonday b2b mobcoMobile Monday Brussels
 
2011 VMI DEMO Conference Highlights
2011 VMI DEMO Conference Highlights2011 VMI DEMO Conference Highlights
2011 VMI DEMO Conference HighlightsJulie_Vasquez
 
Penrillian.com - Mobile Money
Penrillian.com - Mobile MoneyPenrillian.com - Mobile Money
Penrillian.com - Mobile MoneyMobileMoney
 
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Novell
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)itforum-roundtable
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15finalMahmoud Moustafa
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
February 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile TestingFebruary 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile TestingLeigh Williamson
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloudreshmaroberts
 
Snap n send
Snap n send Snap n send
Snap n send Mohit Jain
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityCSAIsrael
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Mobile Security
Mobile Security Mobile Security
Mobile Security Fresh Digital Group
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCloudIDSummit
 
What an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderWhat an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderNovell
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security IntelligenceIBMGovernmentCA
 
Enterprise Apps Future State
Enterprise Apps Future StateEnterprise Apps Future State
Enterprise Apps Future StateBruce MacVarish
 
ITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITSM Academy, Inc.
 
Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5Michel van den Berg
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsAlex Amies
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloudsallysogeti
 
Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosNextel S.A.
 
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...Lincoln Murphy
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Webinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi TenancyWebinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi TenancyScioSales
 
iScan Online - PCI DSS Mobile Task Force
iScan Online - PCI DSS Mobile Task ForceiScan Online - PCI DSS Mobile Task Force
iScan Online - PCI DSS Mobile Task ForceMAX Risk Intelligence by LOGICnow
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloudreshmaroberts
 
In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...John Mancini
 
Securing Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldSecuring Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldApperian
 

Más contenido relacionado

La actualidad más candente

When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloudreshmaroberts
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityCSAIsrael
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCloudIDSummit
 
What an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderWhat an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderNovell
 
Enterprise Apps Future State
Enterprise Apps Future StateEnterprise Apps Future State
Enterprise Apps Future StateBruce MacVarish
 
ITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITSM Academy, Inc.
 
Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5Michel van den Berg
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsAlex Amies
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloudsallysogeti
 
Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosNextel S.A.
 
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...Lincoln Murphy
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Webinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi TenancyWebinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi TenancyScioSales
 

La actualidad más candente (19)

When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloud
 
Snap n send
Snap n send Snap n send
Snap n send
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud Security
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Mobile Security
Mobile Security Mobile Security
Mobile Security
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
 
What an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderWhat an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud Provider
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Enterprise Apps Future State
Enterprise Apps Future StateEnterprise Apps Future State
Enterprise Apps Future State
 
ITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy Webinar
 
Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational Solutions
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
 
Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizados
 
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
Webinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi TenancyWebinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi Tenancy
 
iScan Online - PCI DSS Mobile Task Force
iScan Online - PCI DSS Mobile Task ForceiScan Online - PCI DSS Mobile Task Force
iScan Online - PCI DSS Mobile Task Force
 

Similar a BYOD - it's an identity thing

When where why cloud
When where why cloudWhen where why cloud
When where why cloudreshmaroberts
 
In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...John Mancini
 
Securing Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldSecuring Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldApperian
 
2016 IBM Watson IoT Forum
2016 IBM Watson IoT Forum2016 IBM Watson IoT Forum
2016 IBM Watson IoT ForumDeirdre Curran
 
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台Mike Chang
 
Avner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP SeminarAvner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP SeminarAvner Algom
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Arrow ECS UK
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
Avner algom feb 7 2012
Avner algom feb 7 2012Avner algom feb 7 2012
Avner algom feb 7 2012Avner Algom
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identityNordic APIs
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2
 
20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentationTim Willoughby
 
Why the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsWhy the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsErnest Mueller
 
Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12Wireless_Analytics
 
Citrix synergy 2012 debrief
Citrix synergy 2012 debriefCitrix synergy 2012 debrief
Citrix synergy 2012 debriefJason Poyner
 
La era de los smart devices mexico
La era de los smart devices mexicoLa era de los smart devices mexico
La era de los smart devices mexicoGeneXus
 

Similar a BYOD - it's an identity thing (20)

When where why cloud
When where why cloudWhen where why cloud
When where why cloud
 
In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...
 
Securing Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldSecuring Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD World
 
2016 IBM Watson IoT Forum
2016 IBM Watson IoT Forum2016 IBM Watson IoT Forum
2016 IBM Watson IoT Forum
 
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台
 
Avner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP SeminarAvner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP Seminar
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Avner algom feb 7 2012
Avner algom feb 7 2012Avner algom feb 7 2012
Avner algom feb 7 2012
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identity
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
 
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
 
20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
Why the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsWhy the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systems
 
Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12
 
Citrix synergy 2012 debrief
Citrix synergy 2012 debriefCitrix synergy 2012 debrief
Citrix synergy 2012 debrief
 
La era de los smart devices mexico
La era de los smart devices mexicoLa era de los smart devices mexico
La era de los smart devices mexico
 

Más de Paul Madsen

Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoTPaul Madsen
 
Native application Single SignOn
Native application Single SignOnNative application Single SignOn
Native application Single SignOnPaul Madsen
 
Madsen byod-csa-02
Madsen byod-csa-02Madsen byod-csa-02
Madsen byod-csa-02Paul Madsen
 
A recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMA recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMPaul Madsen
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01Paul Madsen
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04Paul Madsen
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkPaul Madsen
 
Gluecon oauth-03
Gluecon oauth-03Gluecon oauth-03
Gluecon oauth-03Paul Madsen
 
Proxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAMLProxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAMLPaul Madsen
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01Paul Madsen
 

Más de Paul Madsen (12)

Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
 
Native application Single SignOn
Native application Single SignOnNative application Single SignOn
Native application Single SignOn
 
Madsen byod-csa-02
Madsen byod-csa-02Madsen byod-csa-02
Madsen byod-csa-02
 
A recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMA recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdM
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision Framework
 
Gluecon oauth-03
Gluecon oauth-03Gluecon oauth-03
Gluecon oauth-03
 
Proxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAMLProxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAML
 
DIWD Concordia
DIWD ConcordiaDIWD Concordia
DIWD Concordia
 
Oauth 01
Oauth 01Oauth 01
Oauth 01
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01
 

Último

QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 

Último (20)

QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 

BYOD - it's an identity thing

  • 1. BYOD- it's an Identity Thing BYOD Paul Madsen (@pmadsen) Senior Technical Architect It's anPing Identity thing 'identity'
  • 2. A little bit about me
  • 4.
  • 5. B Y O D R B Y W D R I O N E O N U U V GG R I H C T E S
  • 6. Context COIT BYOD Social will.i.am keynoting Cloudforce App stores Personal Cloud
  • 7. [reputable analyst firm] says [X%] of Fortune 500 will confront BYOD by [201Y]
  • 10. Employee productivity as a function of time mobile productivity Traditional 9-5 Sun Mon Tue Wed Thur Fri Sat
  • 11. Fundamental challenge A single device must support two 'masters'
  • 13. Choices • Mobile Device Management (MDM) applies enterprise policy to the device as a whole – PIN, wipe, VPN etc • Mobile Application Management (MAM) focuses on the business apps ON the device – App store, security added onto binaries either through SDK or 'wrapping'
  • 15. BYOD Balancing Act Standards Security Enablement Privacy
  • 17.
  • 18. Productivity vs time ideal reality 'Now what was my password again??' productivity 'Whoa, I can still login!' 'Well I guess I can play Angry Birds until IT sets me up' hired fired time
  • 19. GTD Requirements 1. Initial GTD - Quickly get new employees up and running with the applications their role demands 2. Ongoing GTD - Provide employees single sign on experience in day to day work 3. Stop GTD - Reduce/remove permissions when necessary
  • 21. Privacy the right to be let alone— the most comprehen sive of rights and the right Louis Dembitz Brandeis most
  • 22. Privacy Granularity of IT control
  • 23. Partioning for privacy 1. Divide the phone in 'half' – one side for business applications & data, another for personal 2. IT's mandate is to manage & secure the apps & data on the business side 3. IT has no mandate (nor, hopefully, desire)
  • 25. IT'S NOT ABOUT THE DEVICE
  • 27. Protecting the data 1. Ensure that user/app can access only appropriate data – Authorization based on role 2. Protect data in transit – SSL IDM 3. Protect data on device – PIN, Encryption 4. Remove access to data when appropriate MAM – Wipe stored data (or keys) – Revoke access to fresh data MDM
  • 28. MIM?
  • 29. MDM – No screen capture MAM – No screen capture when in email app MIM – No screen capture for this document
  • 31. Why standards? • Framework implies interplay between – Enterprise IdM – MAM architecture • MAM servers • MAM agent – Applications • On-prem • SaaS
  • 32. Enterprise Components SaaS SaaS 1 2 MAM Device MAM Browser SaaS1 SaaS2
  • 33. Standards • SCIM (System for Cross-Domain Identity Management) to provision identities as necessary to MAM and SaaS providers • SAML (Security Assertion Markup Language) to bridge enterprise identity to MAM and SaaS providers • OAuth to authorize MAM agents, and SaaS native apps
  • 34. Enterprise Components SCIM SaaS SaaS SCIM 1 SAMLMAM O SCIM O A SAML A U SAML O U T A T H U H Device MAMT Browser H SaaS1 SaaS
  • 35. Bob 'pursuing other ventures' EnterpriseSCIM (delete) SaaS SaaS SCIM (delete) 1 MAM SCIM (delete) W I p e Device MAM Browser SaaS1 SaaS wipe wipe
  • 36. Bob 'loses phone in cab' EnterpriseSCIM (status=0) SaaS SaaS SCIM (status=0) 1 MAM SCIM (status=0) L O C K = Device Y MAM Browser SaaS1 SaaS
  • 37. Application Provider Enterprise Application Provider Application Provider Device Native app Native app Native Authz Native app app Native agent Native app app Native app
  • 39. R R E DE S a S Business T t T Personal a MAM App App T Policy o k Apps T o e k n e s Identity Identity Corp Identity n Identity s Tokens
  • 41. Summary 1. Divide device & leave employee personal data alone 2. Provision apps via MAM based on employee identity & roles into employee 'side' 3. Provision tokens to those apps via IdM based on employee identity & roles 4. Apps use tokens on API calls to corresponding Cloud

Notas del editor

  1. Managing the device is misguided – CISO do not loose sleep over the loss of devices, but rather ……
  2. Managing the device is misguided – CISO do not loose sleep over the loss of devices, but rather ……