cis13: samsung’s perspective on mobile identity
Post on 09-May-2015
1.834 Views
Preview:
DESCRIPTION
TRANSCRIPT
MOBILE ENTERPRISE IDENTITY
7/11/13 © Samsung 2013. All rights reserved. 1
State of Identity
2
Industry Trends
§ Cloud, Mobile and Compliance requirements are the three top business and technology waves impacting enterprise IT – BYO Servers & BYO Applications – BYO Laptops & BYO Devices
§ Identity is at the center of all three waves
Samsung Confidential 3
Current State of Enterprise Identity
D A T A C E N T E R
DATA C
EN
TER
SERVERS
DATA C
EN
TER
APPS Smartphones and Tablets
End Users
Laptops
C L O U D ID
ID
ID
ID
ID ID
ID
ID ID
ID
ID
ID
ID
ID
Samsung Confidential 4
Multiple Login for Users. Multiple Identity Infrastructure for IT.
State of Identity
5
But Can You Con(n)
SAMSUNG KNOX
7/11/13 © Samsung 2013. All rights reserved. 6
Introducing Samsung KNOX
7/11/13 © Samsung 2013. All rights reserved. 7
Multi-layered approach to OS Security
7/11/13 © Samsung 2013. All rights reserved. 8
• Isolated virtual Android environment
• Activated by Enterprise Identity • Integrated with Enterprise Active
Directory
• Managed by Group Policy Manager*
Enterprise Application Container
7/11/13 © Samsung 2013. All rights reserved. 9
Enterprise Application Container
Personal Applications
*supports other consoles such as MDMs
Secure Android Platform
• Virtual Android Environment - home screen, launcher, apps,
widgets, notifications
- Additional apps from enterprise app store
• Activated on signing with enterprise identity
• Encrypted file system with AES 256-bit encryption.
• Data sharing, apps, files, network completely isolated
• Policies to allow remote IT configuration and management.
Isolated Virtual Android Environment
7/11/13 © Samsung 2013. All rights reserved. 10
Activate Knox Container with Enterprise Identity
Samsung Confidential 11
§ Enroll to create container
§ Use AD/GPM to manage container
§ Use same to sign into other cloud services
Centrify SSO (SaaS)
Container
SSO
…
KNOX Android Framework
Intranet
Centrify Cloud Proxy
1
Enroll with Enterprise IdenBty
3
Leverage same for SSO
2
Manage with AD/GPM
AD/GPM Knox Container Management
7/11/13 © Samsung 2013. All rights reserved. 12
§ Samsung KNOX allows AD/GPM-based Container Management for enterprises that do not desire a traditional MDM system
§ Multi-application SSO is built into the Knox Container
§ The container identifies the user to the apps
§ The container can get AD attributes for the apps
§ Apps can request security tokens for their web app/service
SSO built in the Knox Container
Samsung Confidential 13
§ Container policies follow the user’s account lifecycle automatically – Ex. upon termination,
employees must not be able to access company information from any device
§ AD changes automatically apply to container on user devices: – Role changes may require
updated access policies – Termination requires auto-
removal of access credentials and company data
Integrated Admin Follows User Lifecycle
User enrolls their own devices
Update device security seIngs or new group
de-‐provision device
Lock account and full device wipe
Delete or disable account and de-‐provision device
Ac*ve Directory
Samsung Confidential 14
Knox Smart Card support
7/11/13 © Samsung 2013. All rights reserved. 15
§ Samsung Knox supports Smart Cards – Requires a compatible bluetooth
CAC reader such as the baiMobile™ 3000MP Bluetooth ® Smart Card Reader.
§ Currently allows – Browser, email and VPN can
use credentials on the smart card – KNOX also support two-factor authentication for the device lock
screen using the CAC – Other applications may also utilize the CAC card via PKCS 11 APIs
top related