L'utilizzo di smartphone, tablet e netbook personali negli ambienti di lavoro sta ridefinendo gli spazi e i tempi del business, generando nuove esigenze: gli utenti richiedono l'accesso facile e immediato ai contenuti aziendali ovunque essi si trovino, mentre l'IT deve garantire alle informazioni sicurezza e controllo, prevenendo manomissioni o perdite di dati.
User Experience & Security: ecco la grande sfida del BYOD - Bring Your Own Device.
In questo webinar CleverMobile Solutions di 45 minuti approfondiremo quali sono i 10 requisiti fondamentali che un'azienda deve soddisfare per poter conciliare le richieste degli utenti e quelle dell'IT:
- Supporto multi-piattaforma
- Accesso immediato ai sistemi di ECM (Enterprise Content Management, come SharePoint)
- Crittografia dati
- Gestione centralizzata di utenti e device
- Protezione file proattiva
- Controllo completo dei device
- Integrazione fra i sistemi enterprise
- Tracciabilità dei file condivisi
- Possibilità di scelta fra cloud pubblica, privata o ibrida
- No all'uso di applicazioni e servizi consumer
Speaker: Gary McConnell, Managing Partner Clever Consulting, responsabile di progetti di BYOD on-going presso alcune delle più importanti società italiane. http://linkd.in/GaryIn
PER RICHIEDERE UNA LIVE DEMO SCRIVI A info@clevermobile.it o chiama lo 02 80509734.
Ulteriori info sul portale italiano dedicato a Mobile Device Management e BYOD: www.clevermobile.it
2. Agenda
• The Mobile explosion
• Consumer Vs Enterprise
• Mobile Device Management
• Application Security
• Communication Security
• Content Security
• Security Checklist
2
3. The Mobile Explosion 2B Devices
<5 Years
THE PC ERA THE WEB ERA THE MOBILE ERA
• A PC on every desk • A Browser on any desk • Multiple Devices for Each User
• Ubiquitous Access to Apps and • Ubiquitous Access to Apps and
Data from any Browser Data from any Device
600M 30 600M 15
PCs Years Users Years
?
4. Shipment Tablets + Smartphone > PC in 2010
Tablets
Smartphones
Notebook PCs
Desktop PCs
Global shipments
1.3M
Sept 2012
113 Smartphones lost
every minute in the US
That’s 5 Million / month
Android activations per day
5. Consumer Expectations Meet Enterprise
“I want to use “I want to be
whatever able to work
device I like” anywhere”
“I want an
“I do my own awesome
IT now, thank you experience”
very much!”
“I want to access my APPS and DATA anywhere
on the device of my choice.”
6. “How do I Multi-OSdo
“How I
distribute apps manage the
and embrace explosion of
BYOD?” applications
App Stores
and OSs?”
“How do I
manage security
“How do I
and identity across
mobilize content?”
all this?” File Sharing
“I need to move at consumer speed,
Identity, security compliance, DLP
yet with security and compliance”
7. User Driven Multi-OS Management
Device Choice Security
Micro-Mobile Apps Consumer Speed
User Experience Compliance
“The more the CIO says no, the less secure
the organization becomes.”
Vivek Kundra, U.S. Federal CIO
8. Consumer Services
Great user experience
Easy to use
Multi device
Security
Where are my files?
* for
Who can access my files? Corporate
Compliance? Data
9. A complete MDM Platform Enables…
A B
End User Complete IT Mobile
Services Management
To secure and manage mobile
apps, documents, and devices
10. A
End User
Services
Device Secure Email Apps Content
Choice
Native Secure Separation Between
Experience Enterprise & Personal
11. Cloud Deployment Flexibility
The Mobile Iron
Platform
100K devices per Appliance
10Ks of certificates
Secure
Cloud Service
On-Premise
Deployment
13. Unique Value:
AppTunnel per App VPN
FIREWALL
Traditional VPN
AppTunnel
AppTunnel
AppTunnel
SENTRY
AppTunnel
MobileIron Confidential
14. Enterprise Persona
• Application Single Sign On
(App SSO)
• Password Protects all the
Enterprise Apps
• Logon / Logoff from the
Enterprise Container
• Limit “open in”, “copy/paste”
But the user wants the semplicity of ....
18. Enterprise File Sharing
• Securely browse, view, edit, send, and share files on a mobile device.
• Works with Word, Excel, PowerPoint, PDF, JPEG, PNG, just about
any type of file.
• Save files securely on a mobile device for offline use.
• Upload files securely from the device to a secure workspace.
• Share secure links to files or share folders with internal and external
users.
• Collaborate in real-time by adding or replying to comments.
• Subscribe to notifications to learn who has added files or commented
on files.
• Log in using LDAP credentials.
18
19. Enterprise File Sharing Features
• Cloud Choice
– Private Cloud (in-house)
– Public Cloud
– Hybrid
• Auditable File Tracking and Reporting
• Sharepoint Integration
• Integration with Notes and Outlook
• Ldap/AD integration
• DLP Integration
• MultiSite deployment
19
20. BYOD Security Preparation
1. Multiple platform support
2. Seamless access to existing ECM stores
3. Enhanced encryption for apps and data
4. Centralized management
5. Proactive file protection
6. Complete device control
7. Required enterprise integrations
8. File sharing visibility
9. Deployment choice
10. Say “no” to consumer-class services
20
Main Point:The Mobile Tornado is our term for the situation IT faces today – specifically the rapid influx of Mobile Devices – and Applications – into the workplace. No longer are employees using only the standard corporate issued laptop and the corporate approved/mandated applications. Employees are using whatever devices they want – often a personal smartphone or tablet – and they are using apps, such as DropBox or Evernote that are available in the AppStore or android marketplace, to perform work activities. We are in the early stages of the Mobile Era, but this Era is larger and is moving more quickly that any other phase of IT evolution before it. The time to start preparation is now. (or you’ll be swept up…by the tornado….)If the Web revolution has thought us anything is that companies who get on top of these trends and leverage the resulting technology innovations become the winners in their marketWe are now finding that mobile workers can have multiple devices – laptop pc (windows), Ipad table and an android phone!
Main Point: Here we show some statistics to articulate how rapidly mobile devices are entering the workplaceThe past of mobility was RIM, then in 2009 Apple iOS started to chenge the game, going forward the market is going to be more and more fragmented and heterogeneous Combined shipments of Smartphones and Tablets surpassed shipments of PCs in 2010. Now in 2012, only two years later, shipments of Tablets and Smartphones are almost double that of PCs! – the mobile device is becoming the industry standard! The PC is dead!As of September 2012, there were 1.3MM Android activations – PER DAY – and a lot of those devices are being used for both personal and business use – business applications and data are sitting right next to employees’ vacation photos and Angry Birds…or Bad Piggies…And mobile devices are easily lost…or stolen…here we see a stat that 113 million smartphones are lost EVERY MINUTE– that’s 5 million a month – in the US alone. Mobility combined with multiple devices does mean greater risk – we as IT professions will need to mitigate that risk
Main Point: The Mobile Tornado combined with IT Consumerization – changes everything – your employees expect from their employer the same IT choice, flexibility, and ease of use that they experience at home.Concept - Consumerization of IT: [or IT-ization of the consumer] Wikipedia defines consumerization as “The growing tendency for new information technology to emerge first in the consumer market and then spread into business and government organizations. The emergence of consumer markets as the primary driver of information technology innovation is seen as a major IT industry shift, as large business and government organizations dominated the early decades of computer usage and development. (and of course wikipedia is always right!) This consumerization is changing employees’ expectations of corporate ITThey want to use whatever device they want to – often multiple devices that will of course then need to syncThey want to work anywhere, which means you need to supply easy and secure access to work applications and data from multiple devices and multiple access pointsThe number of wifi hotspots in the US nearly doubled in 2011 – mobile workers are connecting everywhere – unsecure hotspots in hotels, airports, conference centers, cafes, trains etc…. And of course home officesThey want to handle their own IT – deploy apps – connect to the corporate network – access contentAnd – it all has to be fun – and easy – like the with the iPhone or with the Android device.It is a consumer driven transformation. It is cultural, it is a change and it is here.And secured mobile devices are more exposed
Main Point: Mobility means big changes and new challenges for ITIt used to be so easy! Ok that may be a “slight” overstatement, but the corporate IT environment used to be much more contained and the IT department used to have much more control. IT determined which devices employees could use, and which applications could be installed on those devices. Access to these applications and corporate content was usually done within the corporate firewall or through a secure VPN connection. The network edge was well-defined and well-protectedUsers once used to navigate the web, now they use cloud based services for task such as contact management to booking travel to expense management.Communication used to be limited to email, file exchange between companies was either via email attachments or ftp or other controlled methods.The type of files have also changed – now with smartphones we have video, audio anc pictures being exchanged - word and excel are still there but the content being distributed has changedNow, employees are bringing their own devices to work and are accessing the network from outside the firewall – they are taking those devices, and the access to corporate content and applications wherever they go – the Network Edge is now wherever your employees are – or wherever their devices end up – and it requires a new approach to access and security Main Point:So IT is now at the center of everything – and is facing both increased challenges mixed with increased expectations from employeesWe’ll try to qualify some of those challenges here – and I am sure many of these resonate with all of you.How do I manage the explosion of devices, and applications, in a multi-OS environment?How do I distribute apps securely? How do enable an employee to use both business and personal apps on their device? How do I make this self-service to the end-user – basically how do I create a corporate app store?How do I mobilize content? And enable me to manage access to the content on the end-user’s personal device?And how do I do this securely?? Which complying with employer and government mandated security regulationsBottom Line: Corporate IT must meet the standards set by consumer technology while maintaining security compliance.
Main Point: This summarizes the new IT reality – the new tension between the wishes of the employee and the requirements of the employerEmployees - want their work IT to be just like what they experience at home – and they want to use whatever device they choose to bring to workEmployers – need their data, their content, their valuable intellectual property protected – while at the same time empowering their employees to be as productive as possibleIT – needs to meet the demands of bothAnd as we all know if we try to contain our “consumers” they’ll just go around us – and that just leads to big problems – dropbox anyone?This is the first phase of the mobile tornado. It does not have to be this way., MobileIron has the solution…
Here we need to Just say no!Byofss?
Main Point: The MobileIron platform provides value to everyone – End-users are provided with a set of services that enable them to utilize their mobile devices to access business apps and content and – IT is given a single, integrated mobile platform to manage the enterprise mobile environment in a scalable, extensible, and secure manner.
Main Point: Here we want to introduce specific end user services that we enable– and define the value that we provide to the business employee. Most importantly, when it comes to the end user, we give them what they’re asking for –access to their apps and their data to get their job done on a mobile device – starting from email, to secure browsing, and including other third party and internally-developed mobile applications – and all business content a user requires. Its also important to note that we do all this while preserving the native user experience – because if the mobile platform gets in the way of the native experience – productivity and acceptance will sufferBut again point back to how we support IT, while delivering End User Services – we enable these mobile services in a secure environment, that maintains clean separation between enterprise applications and data and anything the user has on the device from a personal standpoint.
Main Point: The MobileIron Mobility Platform can be deployed in two ways – either as a secure cloud service, Our Connected Cloud solution, or as an on-premise deployment. Highest scalability in the industry, running up to 100K devices on a single appliance
The first innovation is MobileIron’sAppConnect security layer.Itprovides a comprehensive solution to the challenges we’ve seen first hand from out customers. The challenge is how to they secure applications and data at rest on the mobile device. [Advance animation]We tackle this in six core areas. [Advance animation]The first one is User Authentication. This ensures that only an authorized user is able to access an application and any data stored inside it. [Example did the user put in the right AppConnect passcode to access the application] [Advance animation]The second is App Authorization, which ensures that a device meets minimum security criteria for an application to be executed. [For example make sure the device isn’t jail broken] [Advance animation]The third is Access Policy, which defines the behavior of an application from a security and data loss prevention standpoint. Including attributes such as whether a user can copy and paste information, or open information into other external apps. [Advance animation]Fourth is Encryption, which ensures that data at rest on Android is secure even if the version of Android does not support encryption. With 50% of Android devices still running version 2.3, which does not support encryption, AppConnect and its secure storage is critical to ensuring data within enterprise applications is kept secure. [Advance animation]Fifth is Usage and Analytics, which provides visibility into what applications are being used and how much. [Advance animation]Sixth is Selective Wipe, which ensures that enterprise data can be reliably deleted, leaving personal data, such as pictures, music, and videos in tact. [Advance animation]Together this proprietary MobileIron technology is the AppConnect security layer. [Advance Animation]These are innovations we are bringing to both iOS and Android.We developed this solution in house to ensure stability, no third party dependencies, and rapid innovations to meet customer needs.
Our second of three innovations is AppTunnel. [Advance animation]AppTunnel provides secure connections behind the corporate firewall that are unique to each application.AppTunnel ensures that only authorized devices, users, and applications are able to establish connections behind the firewall.Certificates embedded in each application, and validated by MobileIron Sentry, ensure that application sessions are secured and trusted.Customers can have confidence in AppTunnel as it builds upon MobileIron’s proven technology for securing mobile mail. [Advance animation]Furthermore AppConnect applications are only able to communicate with other AppConnect applications. This protects the data in each AppConnect container from being accessed except by authorized AppConnect Apps.Review AppConnect FAQ Page for answers to:https://atlas.mobileiron.com/wiki/display/PRDM/AppConnect+FAQ2) Will AppConnect wrapped iOS apps that use AppTunnel require any special app development or changes?No. An AppConnect wrapped iOS app can take advantage of AppTunnel without special development.
Multiple platform support: Even if you’re a Blackberry shop today, you don’t know what the future holds, so you need to be able to support iOS, Android and Blackberry devices should the need arise.Seamless access to existing ECM stores: Allow users to gain anytime, anywhere access to data – whether stored in SharePoint or another ECM system – and share files with internal or external audiences, without a VPN.Enhanced encryption: To lower data breach risks, your solution of choice should encrypt data both in transit and at rest, across all devices – whether in the cloud or on-premise.Centralized management: Easily configure user permissions and manage user policies and profiles, including role-based access controls – ideally from a single, web-based interface.Proactive file protection: Extend your organization’s established content/file monitoring policies to all file sharing activities by integrating with commercially available DLP and anti-virus solutions.Complete device control: Ask about remote monitoring, logging, and wiping capabilities, to provide much-needed visibility and control should a device be lost or stolen.Required enterprise integrations: Ensure that the solution you’re evaluating will support your existing infrastructure, applications, and security processes, such as LDAP, Active Directory, single sign-on, authentication, FTP, and SMTP.File sharing visibility: With evolving regulatory requirements, you need granular reporting capabilities, real-time file tracking, and automated audit trails to maintain compliance standings.Deployment choice: Whether a public cloud, private cloud, or hybrid environment, evaluate which deployment provides maximum data security and availability and will have your users up and running quickly.Say “no” to consumer-class services: Prohibit users from seeking out their own consumer-based solutions, such as Dropbox, to prevent being left in the dark about where files have been sent and to whom.