Secure mobile content SharePoint Best Practices Conference 2013

830 views

Published on

How can we securely provide access to email and SharePoint content?

Can BYOD and Mobility be secure and easily managed?

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
830
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
30
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • A company is Mobile First when 1 – all new applications and business processes are available to Mobile devices FirstCLICK2 – Corporate documents are securely available on any deviceCLICK3 – and most importantly, end users choose the device they want to use and security is enforced by IT without getting in the way of an outstanding user experienceThis last point is paramount. For the first time in the history of IT, we have an opportunity to allow end users to carry out business processes on a device and with a user experience that they love and they WANT to use.
  • Lost Devices – From the beginning we could assist with trying to find devices, and we could SELECTIVELY wipe our corporate data and configuration from the devicesSome devices will appear to accept ActiveSync host directives – but then NOT actually do it! An Agent on the device, using the MFG API – does enforce our policy!Installation – Obtain the App in the store – then one very simple registration to then connect to the device and user – Interaction with Active Directory, policy engine in MI and our internal PKI – full configuration “appears” after registration!
  • We went from more than 900 devices managed via our BES to none in 5 years.Those Blackberry devices were replaced by a much more diverse set of devices all chosen by our employees – NOT by the IT Group!We are certain that the new fleet of devices is at least as secure – if not more secure – than the old one! We have BYOD working securely!In addition the setup and management of the new fleet of diverse devices works very efficiently and delivers data people need to do their jobs better!(Old BES only delivered email / calendar – NOT Apps!)
  • We went from more than 900 devices managed via our BES to none in 5 years.Those Blackberry devices were replaced by a much more diverse set of devices all chosen by our employees – NOT by the IT Group!We are certain that the new fleet of devices is at least as secure – if not more secure – than the old one! We have BYOD working securely!In addition the setup and management of the new fleet of diverse devices works very efficiently and delivers data people need to do their jobs better!(Old BES only delivered email / calendar – NOT Apps!)
  • Secure mobile content SharePoint Best Practices Conference 2013

    1. 1. Best Practices for Securing Mobile ContentMike Brannon, National GypsumOjas Rege, MobileIronBest Practices Conference (May 17, 2013)
    2. 2. 22
    3. 3. 3
    4. 4. 4
    5. 5. 5Definition…Mobile First organizationsembrace mobility as their primaryIT platform in order to transformtheir businesses and increase theircompetitivenessContent of all types iseasily and securelyavailable on any deviceCONTENTEnd users choose theirdevicesSecurity is invisibleto end usersUser experience is the#1 design criteriaUSER EXPERIENCESNew apps aredeveloped and deliveredto mobile devices firstCore businessprocesses can beperformed on anydeviceAPPLICATIONSIn a Mobile First Company…
    6. 6. 66Traditional enterprise security6Firewall& VPN
    7. 7. 77The perimeter is goneCopy/PasteOpen-inForward
    8. 8. 88The more the CIO says no,the less secure the organization becomes.Vivek Kundra, Former U.S. Federal CIOResponsible, not restrictiveMike Brannon, National Gypsum
    9. 9. 99Securing data-at-rest
    10. 10. 1010OpenInCopySaveViewSharePoint documentsOpenInCopySaveViewEmail attachmentsMobileIron Confidential10Two primary document repositories• Solve “open in” problem• Store documents securely on device• Control cut / copy / paste actions• Selectively wipe documents• Prevent unauthorized distribution• Control end-to-end with policy• Leverage existing content repositories
    11. 11. 1111Securing email attachments11Email App Secure Content ViewerEmail withAttachmentREMOVE
    12. 12. 1212Secure Content ViewerSecuring SharePoint12REMOVESharepoint
    13. 13. 1313Closed-loop actions when compromised13RemediationNotifyBlockQuarantineClosed-loop actions• Notify user and admin• Prevent access• Remove saved files• Remove SharePoint config• Protect enterprise personaMobileIron Confidential
    14. 14. National Gypsum Company is a fully integrated building products manufacturerHeadquartered in Charlotte, NC withmines and quarries, andmanufacturing plants across NorthAmerica
    15. 15. 1515National Gypsum Implementation• Risks / Threats Addressed:– Loss of Company Data / Lost Devices / Departing Employees– All Devices and Users Registered / Security Policies Enforced– Ease of Use for Employees AND Improved Security & Efficiency• What We Deployed (And Timeline)– MobileIron device (VSP) and support (Sentry) – All Smartphones– Blackberry (now gone), Apple iOS and Android Devices– Push Secure WiFi Config to Minimize Data Use On Premise– Rush To Adopt iPads – From 0 to 100’s of Devices!– More than email access! Apps for SharePoint and Data!– Manage “Allowed” and “Disallowed” Settings / Apps (DropBox)– Leverage Internal PKI and Push Webclips – Deliver Data
    16. 16. 1616• Where Are We Now?– BES Retired – 70% iOS, 25% Android, 5% Windows Devices– iPad is currently only supported Tablet – Testing others (Surface?)– Plans to allow Windows 8 and MAC OS/X BYOD– Colligo Briefcase for SharePoint Document Access– Two Apps Deployed on iOS with “One Tap For Data”National Gypsum Implementation
    17. 17. 1717National Gypsum Implementation
    18. 18. 1818Best practices for mobile content DLP18Closed-loop complianceContinuousmanagementOS integrityOS versioningPasscode / encryptionAuto-wipeIdentitySecure tunnelAttachment protectionSecure content hubRole of cloudCredible ecosystemMobileIron Confidential
    19. 19. 1919Security considerations 2013+ …“No” not a sustainable option -> provide credible alternativesMassive content ecosystem -> crowd-source but don’t lock-inUncertain economics -> establish “help-yourself-desk”Dynamic risk at endpoint -> automate your mobile trust modelContent always one-click from cloud -> co-habitate responsiblyBlurring between content and app -> explore new forms
    20. 20. 2020Content doesn’t exist in isolationEnterpriseMobile PersonaNative experienceData separationShared policy Selective wipeSecure communicationsEmailApps CertsPolicyContentFederated identity
    21. 21. 2121Journey to the Mobile First EnterpriseDevice SecurityBYOD (user choice)Email access (secure ActiveSync)Multi-OS security (BlackBerry replacement)App & ContentEnablement1st gen of mobile appsMobile docs (SharePoint)Cloud protectionsBusinessTransformationNew user & business experiences
    22. 22. 222222FirstEnterprise app storeBYOD privacySelective wipeJailbreak detectionEmail attachment DLP97% Customer supportsatisfaction4500+ Customers globally(3000 in last 15 months)8 of top 10 global automotive7 of top 10 global pharma5 of top 10 global banksStrongest mobile ecosystemRecognizedGartner: Leaders QuadrantIDC: #1 growth and shareDeployedSecurity and management for mobileenterprise apps, documents, and devicesInnovation andCustomer SuccessBest mobile enterprise service
    23. 23. Thank youMike Brannon (mebrannon@nationalgypsum.comOjas Rege (ojas@mobileiron.com, twitter @orege)

    ×