how$do$ileverage$mobile$to$enable$the$ …...how$do$ileverage$mobile$to$enable$the$...

How Do I Leverage Mobile to Enable the Business without Sacrificing Security?

Copyright © 2013 AirWatch, LLC. All rights reserved. Proprietary & ConfidenKal.

Consider the User All users do not act equal and therefore should not be treated equal

2

Mobile “light” users HR

Field sales

Fully enabled mobile users IT

ExecuKves

Outside the network Partners / agents

Contractors Part-‐Kme employees


Consider What You Need to Secure

3

Mobile “light” users Internal apps

Email Documents

Fully enabled mobile users Email

Documents Corporate infrastructure – VPN, Wi-‐Fi, cerKficates,

NAC, etc.

Outside the network Internal apps


Now Decide How to Pair the User Paradigm with the Appropriate Security

4

It’s about the data

Where does the data live?

Who is the user accessing it?

How is the user accessing it?

When is the user accessing it?

Where is the user accessing it?


Enterprise Mobility Management Mobile Security

Mobile Device Management

Mobile ApplicaCon Management

Mobile Content Management

Mobile Email Management

5


Flexible Deployment OpKons

6

Stand-‐alone MAM Stand-‐alone MCM

ApplicaKons Content

MDM, MAM and MCM

Devices

ApplicaKons

Content


Enable Device Choice •  MulK-‐pla]orm support for latest makes,

models, OEMs of smartphones, tablets, laptops

•  Limit device pla]orms, model, OS and number of devices per user with device white/blacklist

•  Set limitaKons on the maximum number of devices allowed per user

•  Prevent jail-‐broken devices from enrolling

7

o  Apple o  Android o  BlackBerry o  Mac OS X

o  Symbian o  Windows Mobile o  Windows Phone


Value of Mobile Apps in the Enterprise Increase employee producKvity

Extend workflow of internal applicaKons

Improve employee saKsfacKon

Foster creaKvity and collaboraKon

8


ApplicaKon Lifecycle Management

9

AirWatch App SDK

Public App Stores

Enterprise App Catalog

Purchase or Develop 1 Distribute 3 Secure 2 Track 4

AirWatch App Wrapping

App inventory, installed apps, versions, etc.

User raKngs

AuthenKcaKon, EncrypKon, etc.

Apple’s Volume Purchase Program or Custom B2B


ApplicaKon Security Encrypt data and prevent backup

Prevent access to apps when device is compromised

Create blacklists, whitelists and app compliance policies

AuthenKcate users with username and password

Restrict access to pre-‐installed apps on a device

Restrict use of device Bluetooth and camera within apps (Android)

Disable iTunes, Google Play, Windows Store, other app stores

AutomaKcally remove apps upon un-‐enrollment from AirWatch

10


ApplicaKon Audit and Compliance Detect app compliance

Configure compliance rules

Blacklisted

Whitelisted

Required

Detect Terms of Use acceptance and remove app if not compliant

11



12

Fully Integrated with MDM

Stand-‐alone Enterprise App Catalog

Hybrid

Example: BYOD

Example: Corporate-‐owned


Corporate Content Users need anyKme, anywhere access to corporate content

Widely available and free cloud file sharing services

ProliferaKon of personal accounts used for business

Rapid adopKon of mobile devices and file sharing apps

Employee-‐owned devices with access to corporate content

Employees need a secure way to collaborate on content

13


Flexible Content Storage

14

Cloud On Premise

Enterprise IntegraKon Service

AirWatch Cloud Private Cloud Amazon Cloud Google Drive

SharePoint File servers

Network drives

CombinaKon of Cloud and On-‐premise Storage

Hybrid


AirWatch Mobile Content Management Secure Content LockerTM

Protect sensiKve content in a corporate container

Secure document distribuKon and mobile access

Ensure end users have the latest materials

Anywhere, anyKme access to criKcal content

15


Enterprise-‐grade Security AuthenKcate using exisKng corporate credenKals

Support two factor authenKcaKon, SAML, cerKficates and PKI

Encrypt data in transit and at rest

Disable access if device is compromised

Perform remote wipe of corporate content

Prevent ediKng, prinKng and opening content in other apps

Restrict access to a specific locaKon with geofencing

16


Container for Email Amachments

17

Open email amachments in Secure Content Locker

Block email amachments based on document file type

Prevent copy/paste of data from an amachment to 3rd party apps

Encrypt amachments using AES 256-‐bit encrypKon

Wipe amachment content from compromised devices

Open Into



18

Fully Integrated MCM and MDM

Stand-‐alone MCM

Hybrid MCM and MDM

Example: BYOD

Example: Corporate-‐owned


MiKgate Business Risks •  Require users to accept Terms of Use to access corporate services

•  Enforce agreements when users enroll their device with AirWatch

•  Inform users about data captured and acKons allowed on the device

•  Track, report on compliance and update agreements over Kme

•  Assign and enforce different agreements based on:

o  User role – End users vs. administrators

o  Ownership – Corporate vs. employee

o  Pla]orm – iOS vs. Android

o  Department, business unit or country

•  Support mulK-‐lingual agreements across the company 19


Protect Employee Privacy

20

GMail

Employee Device

Exchange

Personal Apps

Business Apps

Calls Messages

GPS LocaKon

User Info

Ensure privacy of personal data

•  Set privacy policies that do not collect personal data

•  Customize policies based on device ownership

•  Corporate – Dedicated

•  Corporate – Shared

•  Employee – Owned

Define granular privacy policies

•  GPS locaKon

•  User info •  Name •  Phone number •  Email account

•  Telecom data •  Calls •  Messages •  Data usage

•  Public apps


Self-‐Service Management Reduce IT burden by allowing users basic administraKon over devices

Allow users to manage simple tasks

Simplify enrollment, configuraKon and support

21

Self-‐service User CapabiliKes

Enroll addiKonal devices Perform remote commands

•  Device query •  Send message •  Clear passcode •  Wipe device

Download opKonal profiles View device informaKon

•  Compliance audit •  Installed profiles and apps •  GPS locaKon

Request applicaKons Request technical support


Compliance Engine

22

Build Policies ApplicaKon list Compromised status EncrypKon Model, OS version Passcode Roaming

Define EscalaCon Time based: •  Minutes •  Hours •  Days Tiered acKons Repeat acKons

Specify AcCons Send SMS, Email, push noKficaKon Request device check-‐in Remove or block specific profiles Install compliance profile Remove all profiles Remove or block apps Enterprise wipe

1 2 3


Logging Log all admin, device and system events for system monitoring

View by event type, severity level, category or module in AirWatch console

Integrate with Windows Event Viewer

Export events manually as a CSV file or automaKcally as a Syslog file

Configure Syslog message format, including message tag, content and Syslog facility

23

Severity Date/Time User Module Category Event

11/18/12 7:43 AM EST

jdoe App Catalog

Device App Install Failed

11/18/12 7:09 AM EST

asmith Admin Policy Admin User Edited Passcode Policy

11/18/12 6:37 AM EST

Jthomas Admin User Manage-‐ment

Added to Sales User Group

11/18/12 6:17 AM EST

nhorton Device Device Device Remotely Wiped

11/18/12 6:01 AM EST

rjones Self-‐service Portal

Login SSP User Log-‐in success

Warning

InformaKon

CriKcal

InformaKon

InformaKon


Managed by North America IT Department

Geographies

Users & Devices

Business Units

MulK-‐Tenancy

24

Global Company ACME

Enterprises

North America Asia

Corporate Retail Corporate Manufacturing

Managed by APAC

IT Department

Maintain control at a global level

APAC Enterprise Systems

North America Enterprise Systems

User 1 User 2 LOB 1 User 3 LOB 2


6,000 customers

150 countries

18 languages

1,200 employees

About AirWatch

25

Leadership built ManhaOan Associates (NASDAQ: MANH) to 2,000+ employees and $300+ million in revenue, $1 billion market cap with no outside capital

Largest MDM provider with 1,200+ employees, 350+ focused on R&D

Provides mobility soluKons to 6,000+ global customers

Leaders in mobile security, device, applicaCon and content management across mulKple pla]orms

Our Mission: Simplify Enterprise MobilityTM