how$do$ileverage$mobile$to$enable$the$ …...how$do$ileverage$mobile$to$enable$the$...
TRANSCRIPT
How Do I Leverage Mobile to Enable the Business without Sacrificing Security?
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Consider the User All users do not act equal and therefore should not be treated equal
2
Mobile “light” users HR
Field sales
Fully enabled mobile users IT
ExecuKves
Outside the network Partners / agents
Contractors Part-‐Kme employees
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Consider What You Need to Secure
3
Mobile “light” users Internal apps
Email Documents
Fully enabled mobile users Email
Documents Corporate infrastructure – VPN, Wi-‐Fi, cerKficates,
NAC, etc.
Outside the network Internal apps
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Now Decide How to Pair the User Paradigm with the Appropriate Security
4
It’s about the data
Where does the data live?
Who is the user accessing it?
How is the user accessing it?
When is the user accessing it?
Where is the user accessing it?
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Enterprise Mobility Management Mobile Security
Mobile Device Management
Mobile ApplicaCon Management
Mobile Content Management
Mobile Email Management
5
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Flexible Deployment OpKons
6
Stand-‐alone MAM Stand-‐alone MCM
ApplicaKons Content
MDM, MAM and MCM
Devices
ApplicaKons
Content
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Enable Device Choice • MulK-‐pla]orm support for latest makes,
models, OEMs of smartphones, tablets, laptops
• Limit device pla]orms, model, OS and number of devices per user with device white/blacklist
• Set limitaKons on the maximum number of devices allowed per user
• Prevent jail-‐broken devices from enrolling
7
o Apple o Android o BlackBerry o Mac OS X
o Symbian o Windows Mobile o Windows Phone
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Value of Mobile Apps in the Enterprise Increase employee producKvity
Extend workflow of internal applicaKons
Improve employee saKsfacKon
Foster creaKvity and collaboraKon
8
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
ApplicaKon Lifecycle Management
9
AirWatch App SDK
Public App Stores
Enterprise App Catalog
Purchase or Develop 1 Distribute 3 Secure 2 Track 4
AirWatch App Wrapping
App inventory, installed apps, versions, etc.
User raKngs
AuthenKcaKon, EncrypKon, etc.
Apple’s Volume Purchase Program or Custom B2B
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
ApplicaKon Security Encrypt data and prevent backup
Prevent access to apps when device is compromised
Create blacklists, whitelists and app compliance policies
AuthenKcate users with username and password
Restrict access to pre-‐installed apps on a device
Restrict use of device Bluetooth and camera within apps (Android)
Disable iTunes, Google Play, Windows Store, other app stores
AutomaKcally remove apps upon un-‐enrollment from AirWatch
10
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
ApplicaKon Audit and Compliance Detect app compliance
Configure compliance rules
Blacklisted
Whitelisted
Required
Detect Terms of Use acceptance and remove app if not compliant
11
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Flexible Deployment OpKons
12
Fully Integrated with MDM
Stand-‐alone Enterprise App Catalog
Hybrid
Example: BYOD
Example: Corporate-‐owned
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Corporate Content Users need anyKme, anywhere access to corporate content
Widely available and free cloud file sharing services
ProliferaKon of personal accounts used for business
Rapid adopKon of mobile devices and file sharing apps
Employee-‐owned devices with access to corporate content
Employees need a secure way to collaborate on content
13
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Flexible Content Storage
14
Cloud On Premise
Enterprise IntegraKon Service
AirWatch Cloud Private Cloud Amazon Cloud Google Drive
SharePoint File servers
Network drives
CombinaKon of Cloud and On-‐premise Storage
Hybrid
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
AirWatch Mobile Content Management Secure Content LockerTM
Protect sensiKve content in a corporate container
Secure document distribuKon and mobile access
Ensure end users have the latest materials
Anywhere, anyKme access to criKcal content
15
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Enterprise-‐grade Security AuthenKcate using exisKng corporate credenKals
Support two factor authenKcaKon, SAML, cerKficates and PKI
Encrypt data in transit and at rest
Disable access if device is compromised
Perform remote wipe of corporate content
Prevent ediKng, prinKng and opening content in other apps
Restrict access to a specific locaKon with geofencing
16
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Container for Email Amachments
17
Open email amachments in Secure Content Locker
Block email amachments based on document file type
Prevent copy/paste of data from an amachment to 3rd party apps
Encrypt amachments using AES 256-‐bit encrypKon
Wipe amachment content from compromised devices
Open Into
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Flexible Deployment OpKons
18
Fully Integrated MCM and MDM
Stand-‐alone MCM
Hybrid MCM and MDM
Example: BYOD
Example: Corporate-‐owned
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
MiKgate Business Risks • Require users to accept Terms of Use to access corporate services
• Enforce agreements when users enroll their device with AirWatch
• Inform users about data captured and acKons allowed on the device
• Track, report on compliance and update agreements over Kme
• Assign and enforce different agreements based on:
o User role – End users vs. administrators
o Ownership – Corporate vs. employee
o Pla]orm – iOS vs. Android
o Department, business unit or country
• Support mulK-‐lingual agreements across the company 19
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Protect Employee Privacy
20
GMail
Employee Device
Exchange
Personal Apps
Business Apps
Calls Messages
GPS LocaKon
User Info
Ensure privacy of personal data
• Set privacy policies that do not collect personal data
• Customize policies based on device ownership
• Corporate – Dedicated
• Corporate – Shared
• Employee – Owned
Define granular privacy policies
• GPS locaKon
• User info • Name • Phone number • Email account
• Telecom data • Calls • Messages • Data usage
• Public apps
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Self-‐Service Management Reduce IT burden by allowing users basic administraKon over devices
Allow users to manage simple tasks
Simplify enrollment, configuraKon and support
21
Self-‐service User CapabiliKes
Enroll addiKonal devices Perform remote commands
• Device query • Send message • Clear passcode • Wipe device
Download opKonal profiles View device informaKon
• Compliance audit • Installed profiles and apps • GPS locaKon
Request applicaKons Request technical support
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Compliance Engine
22
Build Policies ApplicaKon list Compromised status EncrypKon Model, OS version Passcode Roaming
Define EscalaCon Time based: • Minutes • Hours • Days Tiered acKons Repeat acKons
Specify AcCons Send SMS, Email, push noKficaKon Request device check-‐in Remove or block specific profiles Install compliance profile Remove all profiles Remove or block apps Enterprise wipe
1 2 3
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Logging Log all admin, device and system events for system monitoring
View by event type, severity level, category or module in AirWatch console
Integrate with Windows Event Viewer
Export events manually as a CSV file or automaKcally as a Syslog file
Configure Syslog message format, including message tag, content and Syslog facility
23
Severity Date/Time User Module Category Event
11/18/12 7:43 AM EST
jdoe App Catalog
Device App Install Failed
11/18/12 7:09 AM EST
asmith Admin Policy Admin User Edited Passcode Policy
11/18/12 6:37 AM EST
Jthomas Admin User Manage-‐ment
Added to Sales User Group
11/18/12 6:17 AM EST
nhorton Device Device Device Remotely Wiped
11/18/12 6:01 AM EST
rjones Self-‐service Portal
Login SSP User Log-‐in success
Warning
InformaKon
CriKcal
InformaKon
InformaKon
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
Managed by North America IT Department
Geographies
Users & Devices
Business Units
MulK-‐Tenancy
24
Global Company ACME
Enterprises
North America Asia
Corporate Retail Corporate Manufacturing
Managed by APAC
IT Department
Maintain control at a global level
APAC Enterprise Systems
North America Enterprise Systems
User 1 User 2 LOB 1 User 3 LOB 2
Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.
6,000 customers
150 countries
18 languages
1,200 employees
About AirWatch
25
Leadership built ManhaOan Associates (NASDAQ: MANH) to 2,000+ employees and $300+ million in revenue, $1 billion market cap with no outside capital
Largest MDM provider with 1,200+ employees, 350+ focused on R&D
Provides mobility soluKons to 6,000+ global customers
Leaders in mobile security, device, applicaCon and content management across mulKple pla]orms
Our Mission: Simplify Enterprise MobilityTM