MDM Jahresrück und Ausblick
Upcoming SlideShare
Loading in...5
×
 

MDM Jahresrück und Ausblick

on

  • 542 views

 

Statistics

Views

Total Views
542
Views on SlideShare
542
Embed Views
0

Actions

Likes
0
Downloads
5
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

MDM Jahresrück und Ausblick MDM Jahresrück und Ausblick Presentation Transcript

  • Kapsch BusinessComJahresrückblick/ -ausblick:MDM, MAM, BYOD, DLP...und jetzt auch noch „mobile First“?Kapsch BusinessComDI (FH) Daniel Ruby | Titel der Präsentation Untertitel der Präsentation | 1
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed… - Android Fragmentation MDM is the solutionMastervorlage zur Gestaltung von PowerPoint-Präsentationen - BYOD (bring your own device) - Apps / appstores / app deployment - Mobile malware - Network requirements / WiFi / QoS Bandwidth - Data at Rest - The dropbox problem - Privacy & Compliance - Cost Control - Secure Access to corporate ressources - Certificates - Rollout / Lifecycle Management - Device Lockdown Kapsch BusinessCom| | 2
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed…Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom| | 3
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed…Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom| | 4
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed…Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom| | 5
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed…Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom| | 6
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed…Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom| | 7
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed…Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom| | 8
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed…Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom| | 9
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed…Mastervorlage zur Gestaltung von PowerPoint-Präsentationen OS X v10.8 OS X v10.7 Kapsch BusinessCom | 10 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed…Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom | 12 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed…Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom | 13 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - iOS 6 Global HTTP ProxyMastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom | 14 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed…Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom | 15 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed… MDM is the solution - Androidzur Gestaltung von PowerPoint-Präsentationen FragmentationMastervorlage - BYOD (bring your own device) - Apps / appstores / app deployment - Mobile malware - Network requirements / WiFi / QoS Bandwidth - Data at Rest - The dropbox problem - Privacy & Compliance - Cost Control - Secure Access to corporate ressources - Certificates - Rollout / Lifecycle Management - Device Lockdown Kapsch BusinessCom | 16 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up…Enterprise... - Android Fragmentation -> The Android Challenge in theMastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom | 17 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up…Enterprise... - Android Fragmentation -> The Android Challenge in theMastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom | 18 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - mobile device landscape changed… MDM is the solution - Android zur Gestaltung von PowerPoint-Präsentationen FragmentationMastervorlage - BYOD (bring your own device) - Apps / appstores / app deployment - Mobile malware - Network requirements / WiFi / QoS Bandwidth - Data at Rest - The dropbox problem - Privacy & Compliance - Cost Control - Secure Access to corporate ressources - Certificates - Rollout / Lifecycle Management - Device Lockdown Kapsch BusinessCom | 19 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - BYOD (bring your own device)Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom | 20 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - BYOD (bring your own device)Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Compliance Schutz Zugangsschutz - Passcode Policy - Apple App-store / Google Play - Verschlüsselung - App Inventory- & Deployment - Remote Wipe - App Black- / Whitelist - Trennung Privat- und Firmengeräte - OS Updates/Releases Patchlevel Zugriff auf Management Firmenressourcen - Active Sync Access (Mail, Kalender, Kontakte) - Gerätekonfiguration - Netzwerk Zugang (WLAN Profile, APN settings, Dataguard) - Ausbringung von Zertifikaten - Sharepoint (Dokumente, Präsentationen) - Enforcement Möglichkeiten - VPN (Zugriff von überall möglich?) - Cloud Services Kapsch BusinessCom | 21 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - BYOD (bring your own device)Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Microsoft Exchange Active Sync (EAS Policies) Kapsch BusinessCom | 22 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - BYOD (bring your own device)Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Apple iphone Configuration Utility Kapsch BusinessCom | 23 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - BYOD (bring your own device)Mastervorlage zur Gestaltung Secure Container solutions (z.B. Checkpoint mobile Blade) von PowerPoint-Präsentationen Corporate Mail Sync in a secure workspace Secure Access to Web Portal EWS Exchange Server MAB Integrated Document Security Kapsch BusinessCom | 24 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrapIron - BYOD (bring your own device) MDM/mobile up…Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom | 25 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - BYOD (bring your own device)Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom | 26 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - BYOD (bring your own device)Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom | 27 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenKapsch Security – wrap up… - BYOD (bring your own device)Mastervorlage zur Gestaltung von PowerPoint-Präsentationen Kapsch BusinessCom | 28 |
  • Kapsch BusinessComSmartphones & Tablets im UnternehmenWrap up!Kapsch Security – wrap up… - mobile device landscape changed… - Android FragmentationMastervorlage zur Gestaltung von PowerPoint-Präsentationen - BYOD (bring your own device) appstores / app deployment - Apps / appstores / app deployment - Mobile malware - Network requirements / WiFi //QoS Bandwidth Network requirements / WiFi QoS Bandwidth Rest - Data at Rest - The dropbox problem & Compliance - Privacy & Compliance - Cost Control - Secure Access to corporate ressources Certificates - Certificates Rollout / Lifecycle Management - Rollout / Lifecycle Management Lockdown - Device Lockdown Mobile Device Management mit Kapsch BusinessCom | 29 |
  • Kapsch BusinessCom Questions ? DI (FH) Daniel Ruby System Engineer Security ICT Infrastructure Kapsch BusinessCom Wienerbergstraße 53 | A-1120 Vienna | Austria Phone +43 (0) 50 811 5455 | Mobile +43 664 628 5455 E-mail daniel.ruby@kapsch.net | www.kapschbusiness.comPlease Note:The content of this presentation is the intellectual property of Kapsch AG and all rights are reserved with respect to the copying, reproduction, alteration, utilization,disclosure or transfer of such content to third parties. The foregoing is strictly prohibited without the prior written authorization of Kapsch BusinessCom AG. Productand company names may be registered brand names or protected trademarks of third parties and are only used herein for the sake of clarification and to theadvantage of the respective legal owner without the intention of infringing proprietary rights. |
  • Kapsch BusinessComMDM Dienstleistungs Module by Kapsch Modul: Authentication & Certificates Modul: Best Practice – Device Enablement & Rollout Modul: High Availability - Sentry |
  • Kapsch BusinessComMDM Dienstleistungs Module by Kapsch |
  • Kapsch BusinessComMDM Dienstleistungs Module by Kapsch |
  • Kapsch BusinessComMDM Dienstleistungs Module by Kapsch |
  • Kapsch BusinessCom MobileIron and ISE Workflow Initial Device Connection User connects to BYOD 802.1X EAP/PEAP and they log in with their corporate username and password or connects to Open SSID for on-boarding Initial Connection Redirect to ISE Device Registration Page User is not registered with ISE so the user is redirected to the Cisco Captive Portal Page on ISE so they can register their device for user self service later on NTLM, Kerberos or LDAP If EAP/Peap-MSChap v2 Authenticated Active Directory Cisco ISE DMZ Certificate Server Trust |
  • Kapsch BusinessCom MobileIron and ISE Workflow Initial Device Connection Redirect to ISE MDM Registration Page The user opens up a browser and tries to access a The user is resource at whichare redrected to the protected unknown so they point ISE does a ISE MDM enrollment page lookup against the MobileIron API to see if it’s a known user/mac address Do you know this user? Active Directory Look up by MAC Address Cisco ISE I do not DMZ Certificate Server Trust |
  • Kapsch BusinessCom MobileIron and ISE Workflow Initial Device Connection • Mobile Device Security, Lockdown, and Application Policies • SSL VPN and WiFi Settings • iOS Restrictions • Corporate Apps/Configuration/Identity • Authentication Certificate(s) • Corporate Root Certificate(s) • Device Inventory • Application Inventory • Multi-User • Kiosk Mode …and follows the directions to install the MobileIron MyPhone@Work Client and enroll with the VSP Active Directory Cisco ISE LDAP SCEP Certificate DMZ Enrollment Certificate Server Trust |
  • Kapsch BusinessCom Post ISE Registration/MI Enrollment (in policy) User connects to same SSID using certificate and new WiFi profile that were provisioned from MobileIron. This new profile uses EAP-TLS for authentication (certificate auth) instead of EAP/PEAP (username and password) Cisco ISE returns access Wireless Controller asks Cisco ISE instructions to wireless for directions on what the user controller should have access to User can Access Internet and Trusted Resources Do you know this user? Active Directory Look up by MAC Address Cisco ISE Yes Device Posture is Returned Device IS Compliant DMZ Certificate Server Trust |
  • Kapsch BusinessComPost ISE Registration/MI Enrollment (out of policy) User connects to same SSID using certificate and new WiFi profile that were provisioned from MobileIron. This new profile uses EAP-TLS for authentication X (certificate auth) instead of EAP/PEAP (username and password) Cisco ISE returns access Wireless Controller asks Cisco ISE instructions to wireless for directions on what the user controller should have access to User can Access Internet Resources Only Do you know this user? Active Directory Look up by MAC Address Cisco ISE Yes Device Posture is Returned Device is NOT Compliant DMZ Certificate Server Trust |
  • Kapsch BusinessComBetrieb – Certificate Management mit SCEP |