Endpoint Evolution

Endpoint Evolution Mobile Device Management – Protecting Sensitive Data Kawika Takayama Public Sector – Endpoint Management and MobilityMobility, Virtualization and the Emerging Workspace 1

Consumerization is Changing the Face of IT 1 Billion Consumer owned Evolving User Focused Management Smartphones or tables by 2016 365M will own Smartphone or Table 2014 Unmanaged in the Workplace* 246M Corp PCs 293M Personal PCs 819M SmartphonesApps/Info/Access 116M Tablets 70M Virtual Desktops 2011 177M Corp PCs Managed 300M Smartphones 15M Tablets 13M Virtual Desktops Relevant Devices Today Future Devices Traditional Device Focus Corporate-Owned Personally-Owned *Forrester Research Device Mobility, Virtualization and the Emerging Workspace 2

Mobility, Cloud and I.T. Mega- Pains Mobile Must support to enhance employees productivity I do not have the means to control security, risk, and Frustration compliance across all of these new I.T. platforms Private Cloud Cloud Must embrace to drive business agility and lower costsMobility, Virtualization and the Emerging Workspace 3

Operating System Diversity Skyrocketing Corporate Desktops First quarter PC forecast: 2009 to 2011 Windows down 2%, Mac+iPad up 250%87.3% 11% 1.7% - asymco, April, 2011 8% 1.3% Android devices outsold the iPhone 2-to-1 in the past three months - PCWorld, September, 2011 Windows Mac LinuxMobility, Virtualization and the Emerging Workspace 4

Stimulating an Evolution in Systems Management Device Centric User Centric Device Software Cloud User Services Location User Device Device User Mobile Data Devices Patches Location Virtual Desktops AppsMobility, Virtualization and the Emerging Workspace 5

Symantec’s HoneyNet Project – March 8, 2012 The Set Up Before the 50 smartphones were “lost,” a collection of simulated corporate and personal data was placed on them to simulate a real phone. While these apps had no actual functionality, they were able to transmit data back to us which logged what apps were activated and when – and the phone finder was presented with an error message or other plausible reason for the app not working. The phones were then dropped in high-traffic areas such as elevators, malls, and office food courts, in New York, Washington D.C., Los Angeles, the Bay Area, and Ottawa, Canada. As people found the smartphones and attempted to access apps and data, details were anonymously logged to track the “human threat” of a lost phone. What to Expect When You Lose Your Phone •96% of lost smartphones were accessed by their finders •89% of devices were accessed for personal-related apps and information •83% of devices were accessed for corporate-related apps and information •50% of smartphone finders notified the owner and gave contact information to return the device – however almost all of these people (86 percent) attempted to access information on the devices. . http://www.msnbc.msn.com/id/46665467 How safe if your smartphone’s Data?Mobility, Virtualization and the Emerging Workspace 6

The Importance of Patching 3rd Party Applications More than ⅔ of all endpoint vulnerabilities are found in Internet Security Threat 3rd party desktop applications Report (April 2011) • 30% increase in the overall number National Vulnerability Database of vulnerabilities in 2010 (6,253) Top 5 Vulnerable Applications Apple Safari | Mozilla Firefox | Google Chrome | • 161% increase in new vendors Microsoft Internet Explorer | Adobe Flash Player affected by vulnerabilities in 2010 • Chrome and Safari vulnerabilities on the rise • 346 vulnerabilities affecting browser plug-insMobility, Virtualization and the Emerging Workspace 7

Mobile Marketplace Of the 1 Billion consumer Smartphone and Tablets, Apple, Google, and Microsoft control 90% of the marketplace*Mobility, Virtualization and the Emerging Workspace 8

Endpoint Management Building Blocks Mobile • Enterprise enablement • Greater need for data security • Central enterprise app store Unified Application Management • More application types to manage 3 • Faster delivery of service • Greater need to enforce compliance Cross Platform Patch 2 Management • Greater threats to other platforms • Third party applications Consistent Tool Sets 1 • Reduce errors and training costs • Fewer steps for routine tasks • Reduce IT silo’sMobility, Virtualization and the Emerging Workspace 9

Use Symantec Mobile Management to enforce policyand compliance controls Secure Protect enterprise data and infrastructure from attack and theft Enable Activate enterprise access, apps and data easily and automatically Manage Control inventory and configuration with massive scalabilityRedefining Mobile Protection 10

Now Selling!Odyssey Athena/Mobile Management for SCCM• Managed through the Microsoft SCCM platform• Provides a similar feature set to Symantec Mobile Management 11

3 Mobile Platform Enhancements Enables “Powered by Symantec”Multiple Consoles Global Policy Editor Configuration Profile Service Tenant Administration Service Device Notification ServiceSymantec Services Device Enrollment Service Notification Feedback Service Device Provisioning Service Console Integrator Device Inventory Service Certificate Management Multiple OSs Core products Add-ons Symantec Mobile Management (existing product) Symantec DLP for Tablets (existing product) Symantec Mobile Management for SCCM (new product) Symantec Managed PKI (existing product) Symantec Advances Enterprise Mobility Strategy 12

Symantec Mobile Superiority• Symantec IS Security – Secure architecture satisfies DOD requirements – More than just MDM – DLP, SEP Mobile• Scalability/Robustness – Most clients per server (40,000+) – Proven platform (can’t be built overnight)• Unified Management – Any MDM will solve today’s tactical issues (executive iPads) – As mobile becomes mainstream, a silo solution is the wrong answer• Future Proofing – MDM is commoditizing, converging with security and PCLCM solutions. Where will “pure play” vendors be a year from now? We are already there.Mobility, Virtualization and the Emerging Workspace

Symantec Mobile ManagementRobust mobile policy and compliance • Enterprise Enablement • Activation of devices across platforms • Software Delivery via Mobile App Store & Mobile Library • Configuration & policy management • Mobile Security • Security configuration, alerts, jailbreak protection • Corporate / personal separation / remote wipe • Identity and certificate management • Enterprise Management • Asset reporting • Single infrastructure console • Scalable architectureMobility, Virtualization and the Emerging Workspace 14

Actual Customers Challenges Banking & Finance VP of Desktop Operations • Cost containment for over 4,000 “Streaming is a stepping applications • Support Brick and Mortar reduction stone to any device initiative • Pressure to support personal devices anywhere” Healthcare & Pharmaceuticals VP of Client Architecture “Any app, any device, Key Challenges • 75% of current workforce is mobile anytime in a secure • Self Service permeates all IT projects fashion” Entertainment & Gaming VP of Desktop Operations “Self Service across • Creative atmosphere driven towards Mac • Enable end user choice in hardware & devices is devices • Consistent software management across key to our IT business platforms model”Mobility, Virtualization and the Emerging Workspace 15

Symantec Mobile Device Solutions TodayMobile Device Security Mobile Device Management Inventory Symantec MMS Threat Protection (SEP Mobile Ed) Configuration Symantec MMS Network Access Control Intelligent Software (SNAC Mobile Ed) Management Symantec MMS Remote Assistance Symantec MMS Mobility, Virtualization and the Emerging Workspace 16

Symantec Mobile Management 7.1Advanced iPhone/iPad/iOS Management• Key Requirements/Features – Native iOS integration • Native agent for iPads and iPhones – Removal of dependency on MS Exchange • Easy device enrollment – User authentication – Automatic download of a device certificate – Automatic initial download of all security and management policies, including the Apple Configuration Utility settings – Identify and block jailbroken phone and other non-compliant devices (min OS, hardware type, etc.) • Collection of detailed asset inventory, e.g. device is jailbroken, what apps are installed, etc. • Confirms security and management policies have been applied to the device – Apple Configuration in Mobile Management 7.1 Console • Support for all of the native MDM features in iOS 4.0 and 5.0 • Define and deploy settings from the Mobile Management 7.1/SMP console – VPN/Wireless settings, Proxy settings, Control iTunes, Safari and other features, etc. – Automatic download and application of new policies • Enterprise app store (“library”) – Enables delivery of in-house apps and content to device – Supports links to Third party apps in Apple App StoreMobility, Virtualization and the Emerging Workspace 17

Apple Configuration Profiles (Policies)• Passcode Profile • Restrictions – Require passcode – App installation – Allow simple value – Camera – Require alphanumeric value – Screen capture – Passcode length – Automatic sync of mail accounts while – Number of complex characters roaming – Maximum passcode age – Voice dialing when locked – Time before auto-lock – In-application purchasing – Number of unique passcodes before reuse – Require encrypted backups to iTunes – Grace period for device lock – Explicit music & podcasts in iTunes – Number of failed attempts before wipe – Allowed content ratings for movies, TV – Control Configuration Profile removal by user shows, apps• Certificates and identities – Safari security preferences – Credentials – YouTube – SCEP – iTunes Store• Exchange ActiveSync – App Store• Email (IMAP/ POP) – Safari• VPN (L2TP, PPTP, IPSec, Cisco, Juniper, • LDAP F5, custom) • CalDAV• Wi-Fi (Open, WEP, WPA, WPA2, WEP • CardDAV Enterprise, WPA Enterprise, etc.) • Subscribed calendars• Advanced – APN, Proxy settings • Web ClipsMobility, Virtualization and the Emerging Workspace 18

Apple iOS 4 and 5 MDM Actions and Asset Info• Mgmt Console Actions • Inventory Data – Remote wipe – Device information • Unique Device Identifier (UDID) – Remote lock • Device name – Reset passcode • iOS and build version • Model name and number – Update Policies • Serial number • Updates configuration and Provisioning • Capacity and space available • IMEI Profiles over the air • Modem firmware • Performs selective wipe of specific • Location (Lat./Long.) settings/email when selected policies are – Network information removed • ICCID • Bluetooth® and Wi-Fi MAC addresses – Send Inventory • Current carrier network – Remove MDM and reset agent • SIM carrier network • Carrier settings version • Provides full selective wipe by removal of all • Phone number profiles and content • Data roaming setting (on/off) – Configuration profile targeting – Compliance and security information • Based on standard policy targeting • Configuration Profiles installed • Certificates installed with expiry dates • Admin defined list of policies • List of all restrictions enforced • Hardware encryption capability • Passcode present – Applications • Applications installed (app ID, name, version, size, and app data size) • Provisioning Profiles installed with expiry datesMobility, Virtualization and the Emerging Workspace 19

Athena MDM Agent for Android • Policies – Minimum symbols required in – Wipe data1 password2 – Lock now – Minimum numerical digits required in password2 – Reset password – Minimum uppercase letters – Password enabled required in password2 – Set maximum failed passwords – Password expiration (number for wipe of days)2 – Set maximum inactivity time to – Password history (max lock number of past passwords – Set password minimum length stored)2 – Alphanumeric password – Password complex characters required required2 – Minimum letters required in – Data Encryption2 password2 – Camera Disable3 – Minimum lowercase letters 1 - Wipes user data on device; does required in password2 not wipe memory (SD) card – Minimum non-letter characters 2 - Android 3.x+ required required in password2 3 - Android 4.x+ requiredPresentation Identifier Goes Here 20

Athena MDM Agent for BlackBerry®• Premium support for BlackBerry smartphones – Simplified enrollment with AD authentication – Extended hardware and software inventory – Zero-touch management – Live remote assistance – remote control, etc.Presentation Identifier Goes Here 21

Enterprise Mobility Roadmap Advancing our mobility strategy DLP Sept 2011 March 2012 Summer/Fall 2012* Comprehensive iOS Support Single Sign-On for Cloud/Web Advancing MDM Support Public and Enterprise Apps Services (O3) (iOS, Android, WP7/8) Symantec Mobile Management IT Analytics for Mobile iOS Document Library & for SCCM (Odyssey Athena) Enterprise Appstore Secure Sync & Share June 2012 Collaboration Q1 2012 DLP for Tablets & SMM - Advanced AndroidSMM DLP enhancements (Jan) Management Mobile Security - Android AgentVeriSign MPKI Integration (Feb) Symantec Confidential and Proprietary 22 *Disclaimer - Roadmap contents and timing subject to change without notice

Introducing DLP for Tablets New Technology = New Challenges Introduced Nov 2011 Execs pushing How do you say adoption “Yes”? Access to corporate email and network How do you demonstrate compliance? No control off-network How do you All the access, secure IP? few of the controlsMobility, Virtualization and the Emerging Workspace 24

Why use Symantec DLP for Tablets? Comprehensive Coverage Corporate Email Personal Email Social Media Cloud Apps Most User Works over Wi-Fi and 3G Friendly Enables full use and productivity of the device. Our approach does NOT • Require a restrictive “sandbox” approach, or • Break business processes by restricting what data can go to the iPad Lowest TCO Symantec DLP for Tablets™ is tightly integrated w/ Symantec DLP Suite: • Common, advanced technologies for detecting confidential information • Consistent application of DLP policy • Seamless, integrated reporting & analyticsRedefining Mobile Protection 25

Symantec™ Data Loss Prevention for Tablets• Extends DLP to the newest endpoint – Bridges the BYOD gap• Prevents IP and PII data loss – Corporate and Web email – Web uploads and postings – Popular Apps• Demonstrate compliance to auditors• Educate your users• Standalone or as part of the Symantec™ Data Loss Prevention SuiteMobility, Virtualization and the Emerging Workspace 26

Data Loss Prevention for Tablets – Sample Use CaseSimilar to Data Loss Prevention for Endpoint capability Problem DLP Policy DLP Actions Results • Users send • DLP inspects all • Monitor only, • User behavioral sensitive data outbound email notify, block or change via email remove sensitive • Automated data compliance • Risk reducedMobility, Virtualization and the Emerging Workspace 27

Cross Platform Asset Lifecycle Management New Applications Update Applications Retire Applications (Purchased Software) (Version Control) (Recover Licenses) Policy Management Issues Visibility Control EffortMobility, Virtualization and the Emerging Workspace 28

Altiris Client Management Suite for Mac Discovery and Inventory Intelligent Software & Patch Management Remote Assistance Imaging and Deployment 29Mobility, Virtualization and the Emerging Workspace

Application Streaming and Virtualization Separating the things that matter Streaming Server Operating System Operating System Traditionally Installed Streamed and VirtualizedMobility, Virtualization and the Emerging Workspace 30

Securely Deliver and Manage Any Serviceto Any User in Any Location Support any device Manage applications Enable servicesregardless of ownership regardless of type regardless of location Laptops Desktops & Tablets SaaS Social & Physical Thin Clients Delivery Cloud Apps Services App Store Delivery Models Virtual Apps & DesktopsMobility, Virtualization and the Emerging Workspace 31

Introducing Symantec O3 A New Cloud Information Protection Platform Symantec O3™ Access Information Cloud Control Security Compliance Control Protection Visibility Private CloudRedefining Mobile Protection 32

How Symantec O3 Works – User View End-User Any Device Symantec O3™ Symantec O3 Symantec O3 Symantec O3™ Gateway Intelligence Center Identity and Access Broker Context-based Policies Information Gateway Status Monitoring Layered Protection Log and Audit Services 2F Authentication DLP Encryption Cloud, SaaS and Web Applications Public Cloud Services Datacenter / Private CloudRedefining Mobile Protection 33

Symantec Service Offering Accelerated Adoption Program A free 2 day workshop that supports customer migrations from 6.x to 7.1 Distance Learning Assessment A free service offering to Education Accounts to provide insight on how to establish a world class distance learning program Mobile Security Assessment 5 week evaluation to identify risk inherent in the enterprise from the use of iPhones, iPads, and Android devices Malicious Activity Assessment Free non-intrusive evaluation of network traffic on a customer’s entire network or a specific network segmentMobility, Virtualization and the Emerging Workspace 34

EMM Partner Solution Integrators ITS Partners Privilege Management and Lockdown Mobile Management-as- a-Service Device Lockdown Network Resource Management Intuitive Network Mgmt Endpoint Management-as- a-Service Cloud Services ITMS eiPower Green Energy Power Management and Control Service CatalogRequest Fulfillment and Service Catalog Mobile Deployment App Package Mobile Solutions & Support for SCCM (Now Apart of Symantec) DeployExpert and HiiS Install, License Entitlement, App DeliveryPublic Sector SE Management Team 35

Thank you!Mobility, Virtualization and the Emerging Workspace

Endpoint Evolution

by Carahsoft

Accessibility

Categories

Upload Details

Usage Rights

Statistics

Endpoint Evolution Presentation Transcript