• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
593
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
18
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. security in a hybrid mam & Mdm world Carlos Montero-Luque, SVP EngineeringTuesday, July 31, 12
  • 2. mobility management • “It’s appropriate to manage the device if you own that device... If the corporation owns the device, it should manage that device. When is it valid to manage the application? Always” • Alan Murray, SVP Products, Apperian • “IT should not manage what it does not own” • GartnerTuesday, July 31, 12
  • 3. enterprise mobility management • Enterprise Mobility Management has become a core policy for CIO’s • Mobile BYOD is no longer a trend, but a way of life for most organizations • The economics of BYOD, if done properly, are favorable for organizations that manage and embrace itTuesday, July 31, 12
  • 4. mobility and It • The life of the IT manager has not changed, it simply got more complicated • Issues that were relegated to management behind a firewall are now extended by two major IT trends: • Cloud computing • Mobile computing • Security, compliance, governance, remediation, those issues are as important as everTuesday, July 31, 12
  • 5. The dilemma for it • IT has two key responsibilities: • Provide expected and certifiable security, protection, compliance • Provide applications and content required by usersTuesday, July 31, 12
  • 6. extending to mobility • The issues that are relevant in “traditional” client platforms are just as important in mobility: • Acquiring and deploying applications and content • Delivering content to users, securely • Enabling access to internal and external required content • Managing infrastructureTuesday, July 31, 12
  • 7. CONSTRAINTS • IT needs to deal with these new requirements: • Cost-effectively • From multiple form-factors • Securely and by policy • With appropriate management • Dealing with a new IT experience • In BYOD environmentsTuesday, July 31, 12
  • 8. Enterprise mobility management and security • Security is a core requirement • Mobile Application Management provides key elements for security in enterprise mobile environments • The draft of NIST Special Publication 800-124 defines security objectives: • Confidentiality of data • Integrity of data • Availability of resourcesTuesday, July 31, 12
  • 9. apperian and enterprise mobile security • The Apperian AppBus architecture describes a holistic view for securing enterprise assets in a mobile environment • Securing access to the mobile environment, applications, and content via Mobile Application Management • Ensuring the integrity of content and applications • If needed, securing devices via Mobile Device Management or native device security toolsTuesday, July 31, 12
  • 10. apperian appBus Custom Market apps place Admin portal Catalog inspect secure extend personalize Analyze engage AppBus Enterprise App Services Environment (EASE) inspect secure extend personalize analyze engage ✦ Code check & ✦ Device wipe ✦ SDK: notifications, ✦ Custom EULA ✦ App Inventory ✦ App ratings reporting ✦ Device lock ver checking & ✦ Branded catalog ✦ Usage reports ✦ Crowdsourcing forced updates ✦ Signing validation ✦ App delete ✦ App categories ✦ Device details ✦ Beta testing ✦ SSO (SAML 2.0) segmenting ✦ App Policies: data integration ✦ Limit app access by ✦ Malware detection encryption, copy/ role paste prevention, required passcode ✦ App-level VPNTuesday, July 31, 12
  • 11. nist guidelines to improve mobile security • Develop models for system threats to devices and corporate assets accessed through them • Identification, likelihood, impact, analysis, controlsTuesday, July 31, 12
  • 12. required security services • General policy • Data Communication and storage - Apperian EASE • User and device authentication - Apperian EASE • Applications - Apperian EASETuesday, July 31, 12
  • 13. apperian EASE capabilities MAM#Lifecycle# Source Prepare protect manage publish ✓ Inspect apps for non-conformance & malware ✓ Apply set of policies to an App file with no coding ✓ Securely install Apps over-air to multiple devices to scale ✓ Provide private app catalog to deliver custom apps ✓ Create analytics on app usage by user/app/groupTuesday, July 31, 12
  • 14. mobile device security policy • Which mobile devices can access enterprise resources • Which resources are accessible • Device provisioning • Administering management software • Consistency with non-mobile environmentsTuesday, July 31, 12
  • 15. operational aspects in a mobile environment • Implementation and testing of a solution prototype • Securing devices to allow resource access • Maintaining the mobile environment securityTuesday, July 31, 12
  • 16. SUMMARy • Enterprise Mobility Management is a core policy and needs to be a core capability for a growing number of CIOs • Security in a mobile environment has a number of layers to it, sometimes applying to devices, but always applying to corporate assets, including user access, applications, and content • Standardizing the security in an enterprise mobile environment uses a number of processes, tools, and techniques. MAM provides a comprehensive set of tools to secure corporate assets. MDM can complement those tools by managing device security, if neededTuesday, July 31, 12
  • 17. ThanksTuesday, July 31, 12