The document discusses mobile device management (MDM) and security strategies for smartphones and tablets in enterprises. It covers how the mobile landscape has changed with increased Android fragmentation, BYOD policies, and mobile malware threats. The presentation argues that MDM is the solution to address these changes and provides security, management and compliance capabilities for mobile devices.
2. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
- Android Fragmentation MDM is the solution
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
- BYOD (bring your own device)
- Apps / appstores / app deployment
- Mobile malware
- Network requirements / WiFi / QoS Bandwidth
- Data at Rest
- The dropbox problem
- Privacy & Compliance
- Cost Control
- Secure Access to corporate ressources
- Certificates
- Rollout / Lifecycle Management
- Device Lockdown
Kapsch BusinessCom|
| 2
3. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom|
| 3
4. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom|
| 4
5. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom|
| 5
6. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom|
| 6
7. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom|
| 7
8. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom|
| 8
9. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom|
| 9
10. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
OS X v10.8
OS X v10.7
Kapsch BusinessCom | 10
|
11. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom | 12
|
12. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom | 13
|
13. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- iOS 6 Global HTTP Proxy
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom | 14
|
14. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom | 15
|
15. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
MDM is the solution
- Androidzur Gestaltung von PowerPoint-Präsentationen
Fragmentation
Mastervorlage
- BYOD (bring your own device)
- Apps / appstores / app deployment
- Mobile malware
- Network requirements / WiFi / QoS Bandwidth
- Data at Rest
- The dropbox problem
- Privacy & Compliance
- Cost Control
- Secure Access to corporate ressources
- Certificates
- Rollout / Lifecycle Management
- Device Lockdown
Kapsch BusinessCom | 16
|
16. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…Enterprise...
- Android Fragmentation -> The Android Challenge in the
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom | 17
|
17. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…Enterprise...
- Android Fragmentation -> The Android Challenge in the
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom | 18
|
18. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- mobile device landscape changed…
MDM is the solution
- Android zur Gestaltung von PowerPoint-Präsentationen
Fragmentation
Mastervorlage
- BYOD (bring your own device)
- Apps / appstores / app deployment
- Mobile malware
- Network requirements / WiFi / QoS Bandwidth
- Data at Rest
- The dropbox problem
- Privacy & Compliance
- Cost Control
- Secure Access to corporate ressources
- Certificates
- Rollout / Lifecycle Management
- Device Lockdown
Kapsch BusinessCom | 19
|
19. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- BYOD (bring your own device)
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom | 20
|
20. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- BYOD (bring your own device)
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Compliance Schutz
Zugangsschutz
- Passcode Policy - Apple App-store / Google Play
- Verschlüsselung - App Inventory- & Deployment
- Remote Wipe - App Black- / Whitelist
- Trennung Privat- und Firmengeräte - OS Updates/Releases Patchlevel
Zugriff auf Management
Firmenressourcen
- Active Sync Access (Mail, Kalender, Kontakte) - Gerätekonfiguration
- Netzwerk Zugang (WLAN Profile, APN settings, Dataguard) - Ausbringung von Zertifikaten
- Sharepoint (Dokumente, Präsentationen) - Enforcement Möglichkeiten
- VPN (Zugriff von überall möglich?)
- Cloud Services
Kapsch BusinessCom | 21
|
21. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- BYOD (bring your own device)
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Microsoft Exchange Active Sync (EAS Policies)
Kapsch BusinessCom | 22
|
22. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- BYOD (bring your own device)
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Apple iphone Configuration Utility
Kapsch BusinessCom | 23
|
23. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- BYOD (bring your own device)
Mastervorlage zur Gestaltung Secure Container solutions (z.B. Checkpoint mobile Blade)
von PowerPoint-Präsentationen
Corporate Mail Sync in a secure
workspace
Secure Access to Web Portal
EWS
Exchange Server
MAB
Integrated Document Security
Kapsch BusinessCom | 24
|
24. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrapIron
- BYOD (bring your own device) MDM/mobile up…
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom | 25
|
25. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- BYOD (bring your own device)
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom | 26
|
26. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- BYOD (bring your own device)
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom | 27
|
27. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Kapsch Security – wrap up…
- BYOD (bring your own device)
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom | 28
|
28. Kapsch BusinessCom
Smartphones & Tablets im Unternehmen
Wrap up!
Kapsch Security – wrap up…
- mobile device landscape changed…
- Android Fragmentation
Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
- BYOD (bring your own device)
appstores / app deployment
- Apps / appstores / app deployment
- Mobile malware
- Network requirements / WiFi //QoS Bandwidth
Network requirements / WiFi QoS Bandwidth
Rest
- Data at Rest
- The dropbox problem
& Compliance
- Privacy & Compliance
- Cost Control
- Secure Access to corporate ressources
Certificates
- Certificates
Rollout / Lifecycle Management
- Rollout / Lifecycle Management
Lockdown
- Device Lockdown
Mobile Device Management mit
Kapsch BusinessCom | 29
|
29. Kapsch BusinessCom
Questions ?
DI (FH) Daniel Ruby
System Engineer Security
ICT Infrastructure
Kapsch BusinessCom
Wienerbergstraße 53 | A-1120 Vienna | Austria
Phone +43 (0) 50 811 5455 | Mobile +43 664 628 5455
E-mail daniel.ruby@kapsch.net | www.kapschbusiness.com
Please Note:
The content of this presentation is the intellectual property of Kapsch AG and all rights are reserved with respect to the copying, reproduction, alteration, utilization,
disclosure or transfer of such content to third parties. The foregoing is strictly prohibited without the prior written authorization of Kapsch BusinessCom AG. Product
and company names may be registered brand names or protected trademarks of third parties and are only used herein for the sake of clarification and to the
advantage of the respective legal owner without the intention of infringing proprietary rights.
|
30. Kapsch BusinessCom
MDM Dienstleistungs Module by Kapsch
Modul: Authentication & Certificates
Modul: Best Practice – Device Enablement & Rollout
Modul: High Availability - Sentry
|
34. Kapsch BusinessCom
MobileIron and ISE Workflow
Initial Device Connection
User connects to BYOD 802.1X EAP/PEAP and they log in
with their corporate username and password or connects to
Open SSID for on-boarding
Initial Connection
Redirect to ISE Device
Registration Page
User is not registered with ISE so the user is redirected to the
Cisco Captive Portal Page on ISE so they can register their device
for user self service later on NTLM, Kerberos or LDAP
If EAP/Peap-MSChap v2 Authenticated
Active Directory
Cisco ISE
DMZ Certificate Server
Trust |
35. Kapsch BusinessCom
MobileIron and ISE Workflow
Initial Device Connection
Redirect to ISE MDM
Registration Page
The user opens up a browser and tries to access a
The user is resource at whichare redrected to the
protected unknown so they point ISE does a
ISE MDM enrollment page
lookup against the MobileIron API to see if it’s a
known user/mac address
Do you know this user? Active Directory
Look up by MAC Address
Cisco ISE
I do not
DMZ Certificate Server
Trust |
36. Kapsch BusinessCom
MobileIron and ISE Workflow
Initial Device Connection
• Mobile Device Security, Lockdown, and Application
Policies
• SSL VPN and WiFi Settings
• iOS Restrictions
• Corporate Apps/Configuration/Identity
• Authentication Certificate(s)
• Corporate Root Certificate(s)
• Device Inventory
• Application Inventory
• Multi-User
• Kiosk Mode
…and follows the directions to install the MobileIron
MyPhone@Work Client and enroll with the VSP
Active Directory
Cisco ISE
LDAP
SCEP Certificate
DMZ Enrollment
Certificate Server
Trust |
37. Kapsch BusinessCom
Post ISE Registration/MI Enrollment (in policy)
User connects to same SSID using certificate and new
WiFi profile that were provisioned from MobileIron.
This new profile uses EAP-TLS for authentication
(certificate auth) instead of EAP/PEAP (username and
password)
Cisco ISE returns access
Wireless Controller asks Cisco ISE instructions to wireless
for directions on what the user controller
should have access to
User can Access Internet
and Trusted Resources
Do you know this user? Active Directory
Look up by MAC Address
Cisco ISE
Yes
Device Posture is Returned
Device IS Compliant
DMZ Certificate Server
Trust |
38. Kapsch BusinessCom
Post ISE Registration/MI Enrollment (out of policy)
User connects to same SSID using certificate and new
WiFi profile that were provisioned from MobileIron.
This new profile uses EAP-TLS for authentication
X
(certificate auth) instead of EAP/PEAP (username and
password)
Cisco ISE returns access
Wireless Controller asks Cisco ISE instructions to wireless
for directions on what the user controller
should have access to
User can Access Internet
Resources Only
Do you know this user? Active Directory
Look up by MAC Address
Cisco ISE
Yes
Device Posture is Returned
Device is NOT Compliant
DMZ Certificate Server
Trust |