Security In A Hybrid MAM and MDM World


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security In A Hybrid MAM and MDM World

  1. 1. security in a hybrid mam & Mdm world Carlos Montero-Luque, SVP EngineeringTuesday, July 31, 12
  2. 2. mobility management • “It’s appropriate to manage the device if you own that device... If the corporation owns the device, it should manage that device. When is it valid to manage the application? Always” • Alan Murray, SVP Products, Apperian • “IT should not manage what it does not own” • GartnerTuesday, July 31, 12
  3. 3. enterprise mobility management • Enterprise Mobility Management has become a core policy for CIO’s • Mobile BYOD is no longer a trend, but a way of life for most organizations • The economics of BYOD, if done properly, are favorable for organizations that manage and embrace itTuesday, July 31, 12
  4. 4. mobility and It • The life of the IT manager has not changed, it simply got more complicated • Issues that were relegated to management behind a firewall are now extended by two major IT trends: • Cloud computing • Mobile computing • Security, compliance, governance, remediation, those issues are as important as everTuesday, July 31, 12
  5. 5. The dilemma for it • IT has two key responsibilities: • Provide expected and certifiable security, protection, compliance • Provide applications and content required by usersTuesday, July 31, 12
  6. 6. extending to mobility • The issues that are relevant in “traditional” client platforms are just as important in mobility: • Acquiring and deploying applications and content • Delivering content to users, securely • Enabling access to internal and external required content • Managing infrastructureTuesday, July 31, 12
  7. 7. CONSTRAINTS • IT needs to deal with these new requirements: • Cost-effectively • From multiple form-factors • Securely and by policy • With appropriate management • Dealing with a new IT experience • In BYOD environmentsTuesday, July 31, 12
  8. 8. Enterprise mobility management and security • Security is a core requirement • Mobile Application Management provides key elements for security in enterprise mobile environments • The draft of NIST Special Publication 800-124 defines security objectives: • Confidentiality of data • Integrity of data • Availability of resourcesTuesday, July 31, 12
  9. 9. apperian and enterprise mobile security • The Apperian AppBus architecture describes a holistic view for securing enterprise assets in a mobile environment • Securing access to the mobile environment, applications, and content via Mobile Application Management • Ensuring the integrity of content and applications • If needed, securing devices via Mobile Device Management or native device security toolsTuesday, July 31, 12
  10. 10. apperian appBus Custom Market apps place Admin portal Catalog inspect secure extend personalize Analyze engage AppBus Enterprise App Services Environment (EASE) inspect secure extend personalize analyze engage ✦ Code check & ✦ Device wipe ✦ SDK: notifications, ✦ Custom EULA ✦ App Inventory ✦ App ratings reporting ✦ Device lock ver checking & ✦ Branded catalog ✦ Usage reports ✦ Crowdsourcing forced updates ✦ Signing validation ✦ App delete ✦ App categories ✦ Device details ✦ Beta testing ✦ SSO (SAML 2.0) segmenting ✦ App Policies: data integration ✦ Limit app access by ✦ Malware detection encryption, copy/ role paste prevention, required passcode ✦ App-level VPNTuesday, July 31, 12
  11. 11. nist guidelines to improve mobile security • Develop models for system threats to devices and corporate assets accessed through them • Identification, likelihood, impact, analysis, controlsTuesday, July 31, 12
  12. 12. required security services • General policy • Data Communication and storage - Apperian EASE • User and device authentication - Apperian EASE • Applications - Apperian EASETuesday, July 31, 12
  13. 13. apperian EASE capabilities MAM#Lifecycle# Source Prepare protect manage publish ✓ Inspect apps for non-conformance & malware ✓ Apply set of policies to an App file with no coding ✓ Securely install Apps over-air to multiple devices to scale ✓ Provide private app catalog to deliver custom apps ✓ Create analytics on app usage by user/app/groupTuesday, July 31, 12
  14. 14. mobile device security policy • Which mobile devices can access enterprise resources • Which resources are accessible • Device provisioning • Administering management software • Consistency with non-mobile environmentsTuesday, July 31, 12
  15. 15. operational aspects in a mobile environment • Implementation and testing of a solution prototype • Securing devices to allow resource access • Maintaining the mobile environment securityTuesday, July 31, 12
  16. 16. SUMMARy • Enterprise Mobility Management is a core policy and needs to be a core capability for a growing number of CIOs • Security in a mobile environment has a number of layers to it, sometimes applying to devices, but always applying to corporate assets, including user access, applications, and content • Standardizing the security in an enterprise mobile environment uses a number of processes, tools, and techniques. MAM provides a comprehensive set of tools to secure corporate assets. MDM can complement those tools by managing device security, if neededTuesday, July 31, 12
  17. 17. ThanksTuesday, July 31, 12