Ca mdm marketing presentation

  • 254 views
Uploaded on

CA Mobile Device Management is the industry leading MDM solution that addresses today's need for a comprehensive and secure BYOD solution

CA Mobile Device Management is the industry leading MDM solution that addresses today's need for a comprehensive and secure BYOD solution

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
254
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
14
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Copyright © 2010 CA. All rights reserved.
  • Does this look familiar?


    Benedict to Francis
  • Despite the challenges we spoke of in the previous slides, there is no escaping from the Mobility tsunami is and will continue to affect most enterprises, across all industries….from Healthcare to Finance, from Government to Retail. Look at the staggering numbers!! ….almost three-quarters of users saying that they are already using their mobile devices for work purposes. And, IT doesn’t really have an option but to manage this trend!
  • ……users will actually use their mobile devices in the way the strategy plans for them. In order to maximize mobile device usage let employees use the devices they are most comfortable with. Not only are they happier but the lowered CapEx to IT is an added benefit.
  • Let’s talk about what kind of day-to-day challenges workers are facing:

    <click> For starters, take Mark: Mark works as an Account Director at a software company and obviously uses his personal smartphone for work purposes and unfortunately loses it at a bar while entertaining customers one night. He calls his 24-hour IT Hotline who say they can easily wipe out his phone. But wait, he also has his daughter’s Birthday party pictures from last month …..that’s a PROBLEM!!

    <click> Then there is Frank: Frank heads Compliance for a Pharma company. Frank is concerned about potential Apps that are malicious and will be at risk of putting his company out of e.g. HIPAA compliance

    <click> Finally, Ann: Ann is the IT Director at a large bank that has just allowed the BYOD policy in all their North American offices. Ann is overwhelmed with staff bringing in their favorite devices and forming a beeline outside the IT department to provision their devices to the corporate network. Ann and her team cannot keep up, and wishes there was an automatic way to do this …
  • SO what is happening at the highest level?

    While on one hand employees need the freedom to work on ANY device, from ANYwhere to be productive and happy, on the other hand IT needs to ensure they are still in CONTROL, all devices and apps are in compliance and corporate data is secure at all times ….AND all this without any adverse impact to the performance, scalability, and availability of the end-to-end mobility infrastructure.

    An optimum balance is called for ….

  • When you look at Mobility, broadly speaking it can cover three perspectives – internal IT – and how they enable the business with new mobile channels such device, app or content strategies – it could touch employees – which is most likely if IT are leading with increasing efficiencies which ultimate should be aimed at employee productivity – again, devices, apps or content approaches.

    Perhaps your approach is to grow the business with new revenue streams via a mobile channel that touch your customer base?

    Increasingly all are relevant and touch into each other and some stage…

    <<Segue to next slide>> This is driving our own solution strategy at CA….

  • — The management of Devices, apps and content
    — All of these disciplines are underpinned by a foundation of security, specifically identity & access mgmt, multifactor/advanced authentication
    — Mobile Service Management – is also overarching – the continuous discipline of service delivery.
  • .. We are constantly developing our portfolio and vision to help support your entire mobility strategies, or essentially discrete elements where you have a specific business need or requirement…..almost on ramps if you like…it all depends on the lens you are looking through and immediate business objectives/initiatives
  • At some stage device management (or not) will be discussed and I’d like to spend a few minutes discussing how we can assist you in what for some organizations is the first step on the ladder to a fully fledged mobility strategy…
  • Multi platform

    Consistant look and feel end-user self service portal

    BYOD / IT onboarding

    Selective wipe of corporate only data

    Pre configured Apps delivered upon enrollment

    Multi Language
  • Multi-tenancy in the SaaS solution creates opportunity for our partners. MSP’s can provide MDM services across different enterprises. I certainly can envision a partner building a strong presences in delivering MDM to small to medium businesses that are leveraging mobility.

    Included in the offering is tenant specific branding of the solution with customized app certificates and profiles as well as the ability to share common resources across customers in order to leverage economies of scale.
  • What is the the business issue we are trying to solve?

    Think of the Dropbox ‘problem’ – users are emailing presentations and corporate documents to their dropbox and similar repositories, so they can access the content they need to do their job effectively on any device, anywhere

    Consumerization of IT has made File Sync and Share a must have capability for an organization.
    Its more than file syncing though – its about content collaboration also.

    Its about solving the business issues of:
    Ensuring Data Loss Prevention content level security at rest, in use and in motion
    keeping files synchronized across multiple personal and enterprise devices (including PCs)
    Sharing large files with colleagues, partners and customers – securely

    Who is a leader in DLP?
    *Gartner, Inc., "Magic Quadrant for Content-Aware Data Loss Prevention,” January 3, 2013.

  • .. We are constantly developing our portfolio and vision to help support your entire mobility strategies, or essentially discrete elements where you have a specific business need or requirement…..almost on ramps if you like…it all depends on the lens you are looking through and immediate business objectives/initiatives
  • Business benefits of an app strategy, internal or external:

    INTERNAL – think:
    Business process re-engineering
    Atomization
    Simplify complex processes
    Increase engagement with complex processes
    Improve Compliance
    Simpler processes will be complied with
    Mobile Apps enforce the MO for mission critical data
    Security, compliance and risk management benefits

    EXTERNAL – business goals would be:
    Accelerating Innovation
    Driving New Revenue channels
    Reaching customers everywhere, anytime
  • .. That is constantly being developed to help support your entire mobility strategies or discrete elements where you have a specific business need or requirement…..

    TODO: Keep same idea but reordered details of app dev in line with lifecycle we define later
  • Let’s build up a complete solution by looking at a simple problem from humble beginnings:
    Imagine a healthcare environment. Suppose we have multiple back-end systems, each of which have different interfaces to access their data and to transact with the application: a database that contains information on drug side effects, which uses SQL as the interface to the data; a Clinical records system that has evolved over the past 15 years and is today a .net application back-end but is still accessed through a client/server front-end; and a Patient records system, which, because it is also used by internet-based patient self-service applications, has evolved to be a web-based application accessed through Web Services style interfaces.

    The healthcare enterprise would like to implement a tablet app for doctors and clinicians to manage patient prescriptions. The app would enable them to query the patient’s prescription history, to check whether current prescriptions cause side effect contra-indications with new proposed prescriptions, and to enter new prescriptions.

    This app needs to interact with all 3 back-end applications to provide these functions, however to interact with 3 styles of API is complex, error prone, and bandwidth intensive.

    Additionally being a sensitive app, it is of regulatory importance to ensure that data security and confidentiality is maintained, which requires that access to data is controlled both at the server and at the tablet. This in turn requires we know which devices are being used to access data, and which users are accessing data, with policy controls enforced based on this. Finally we need to handle “lost device” scenarios and remove confidential data and the prescribing applications in the event that a clinician loses their device, or simply when they choose to upgrade their device and transfer their work to a new device.

    How to handle this challenge?

    Only CA can provide a “one stop shop” for the integrated security and service management tools that are required. Let’s see how…
  • First we need to integrate the different back-end APIs such that it is easier to interact with the different back-end data and applications.

    A Layer 7 Mobile Access Gateway from CA Technologies can integrate the different back-end datasources and republish those as one simple set of RESTful APIs that are simple to consume from the mobile platform. The gateway handles all data mapping, translation, and marshalling between the back-end systems, exposing simple transactions for prescription history, side effect conflict search, and new prescription entry in a way that is simpler for the app designer to use. This enables the app designer to focus on the user experience aspects of the app rather than the data and back-end transaction logic integration, making the app easier to architect and develop. This will result in faster time to market and improved security since no unnecessary back-end functions will be exposed externally and systems that are simpler to build tend to be inherently more secure following the maxim “complexity” is the enemy of security.

    As examples, the prescription history transaction would need to integrate back-end calls to the SQL clinician and patient records systems. The “side effect conflict check” transaction would access the patient records system and the SQL database of drug side effects. The “new prescription” transaction would update both the patient and clinician records systems.
  • Access to the republished API is protected by the Layer 7 gateway. Layer 7 can accept an OAuth token as proof of authenticated identity, i.e. proof that the identity described by the token has been authenticated by a trusted service. This means we need a source of tokens….

    1) Enter AuthMinder (or CloudMinder): AuthMinder provides cryptographically strong, two factor authentication that is built for the mobile. When the clinician wants to use the Prescription management app, first they authenticate using AuthMinder on their mobile device. The tablet or mobile device becomes one factor in the authentication scheme, greatly improving the security of access to the confidential patient prescription data.

    2) If authentication is successful AuthMinder returns an OAuth token proving the authentication result.

    3) The Prescription management app now sends this token to the Layer 7 Gateway when it accesses the republished APIs offered by the gateway. The gateway trusts the token and extracts the Identity the token was issued to. The Mobile Access Gateway can now apply an Identity-based policy to the API access, confident in the knowledge that the token could only have been issued to the clinician.

  • SiteMinder protects access to the web-based patient records system. As mentioned before this is accessed by patients via their web browser for various self-service tasks.

    As with the Layer 7 Mobile Access Gateway, SiteMinder can also trust OAuth tokens issued by a trusted service, which also means we need a source of tokens for it to trust…

    1) Enter AuthMinder (or CloudMinder): AuthMinder provides cryptographically strong, two factor authentication that is built for multi-channel web application access. When the patient wants to access the web-based patient records system, first they authenticate using AuthMinder / CloudMinder on their mobile device or PC.

    2) AuthMinder / CloudMinder returns an OAuth token proving the Identity of the patient and proving they have authenticated.

    3) SiteMinder now grants access the patient records self-service application, regardless of whether mobile or PC channel is used to access the web application.

    2) If authentication is successful AuthMinder returns an OAuth token proving the authentication result.

    3) The Prescription management app now sends this token to the Layer 7 Gateway when it accesses the republished APIs offered by the gateway. The gateway trusts the token and extracts the Identity the token was issued to. The Mobile Access Gateway can now apply an Identity-based policy to the API access, confident in the knowledge that the token could only have been issued to the clinician.

    4) When
  • We have already solved a number of difficult problems: from enabling the Prescription app to be developed easily to securing access to the app and the back-end data.
    Now we need to focus on the actual devices the clinicians will use.
    It would be very common for an enterprise to target the iPad for this kind of app. The Clinicians will want to use their own personally owned iPads. This will save the clinic significant capital expenditure, but care must be taken to ensure that we know which devices are in use; who owns them; the right apps are deployed; and that the clinical data can be removed when required.
    CA Mobile Device Management solves these problems.
    Firstly it provides an Enterprise App Store, enabling the clinic to distribute the Prescription app to the clinicians’ mobile devices; and only those devices. The Enterprise App Store is private to the clinic so there is no need to publish the Prescription app via a public app store. CA MDM ensures that the app is only published to the users who are intended to use the app. It does this by allowing the app distribution to be controlled according to the ActiveDirectory / LDAP group structure. Additionally CA MDM pushes the AuthMinder strong authentication app that is required to secure access to the application.
    Next we must ensure the devices have a secure configuration. Features such as device storage encryption, the prevention of backup and synchronisation of data to the clinicians’ home PCs, setting a passcode lock etc. All of these features can be centrally configured and enforced via MDM Configuration Policies.
    Finally when the clinician stops using the device for work purposes we must remove the Prescription app, all the data it created (if any) on the mobile device, and any corporate email access which was provisioned to the device when it was first enrolled under management. CA MDM automates this procedure, ensuring that compliance with patient privacy regulation is maintained by ensuring that stray data is not left on devices when they are no longer required for work use. In addition, in the event that a device is lost or stolen, CA MDM can remotely wipe the device, restoring it to a “factory reset” state.
  • One of our clinicians seeks an expert opinion from a consultant. They email certain patient data to the consultant, who, for our purposes, is identified in red.
  • CA-MDM has an Exchange and Lotus Notes plugin that references the MDM server to verify if the mobile device sending the email is under management and is in a compliant state, i.e. it has the latest Configuration Policy applied, the device is not jailbroken etc.
  • Eventually the clinician’s iPad (in red) will no longer be used for Prescribing and patient record access. When this time comes the device is un-enrolled the CA-MDM Server.
    This process selectively removes:
    The Prescribing app
    The AuthMinder strong authentication client and identity data
    The corporate email configuration
    The device Configuration Profile

    The device (in green) is returned to the clinician with all their personal data intact, but with all corporate data, apps, and configuration removed.

Transcript

  • 1. Enterprise Mobility Management Solutions Harish Lakshminarasimhan
  • 2. 2 Copyright © 2013 CA. All rights reserved. 20052013 What a difference 8 years make. St Peter’s Square 2005 vs. 2013 Does this look familiar?
  • 3. 3 Copyright © 2013 CA. All rights reserved. 40% of IT executives say they allow their users to access corporate information with their own smartphone... 70% of users say they are already accessing corporate information with their own smartphone -IDC Mobility …..its a deluge!
  • 4. 4 Copyright © 2013 CA. All rights reserved. The mobile enterprise Today’s employees will be most productive when they use the device they are most comfortable with.
  • 5. 5 Copyright © 2013 CA. All rights reserved. “120,000 cell phones are lost annually in Chicago taxi cabs”* *http://www.micro-trax.com/statistics/ …but, did you know? “~113 smartphones are stolen or lost every MINUTE”* 1.6M phones stolen in 2012** ** NY Attorney General’s website
  • 6. 6 Copyright © 2013 CA. All rights reserved. “How do I protect my corporate data on my mobile device in case it is stolen.” “How do I ensure what apps and features by employees can and cannot access?” “How do I manage exploding work-related telecom expenses on my employees’ devices.” Some Day-Day Use Cases ….
  • 7. 7 Copyright © 2013 CA. All rights reserved. Increased Productivity Security, Control, Performance “Follow IT policies, whichever device or app you use and what your role permits” ITUsers “I just want to do my job. Make it easy for me to work on ANY device from ANY where!!” ..where both Users and IT have their own expectations!
  • 8. 8 Copyright © 2013 CA. All rights reserved. CONTENT Grow business through improved customer engagement and accelerated application delivery Improve employee productivity and provide a secure mobile work environment Increase efficiency by mobilizing IT and automating processes CIO From the corner office! IT EMPLOYEES CUSTOMERS DEVICE APPS
  • 9. 9 Copyright © 2013 CA. All rights reserved. CA’s viewpoint on Mobility ….through the CIO lens Device Management App Development & Distribution App Management Operational Support Email & Content Management Identity & Access Management Security CONTENTDEVICE APPS
  • 10. 10 Copyright © 2013 CA. All rights reserved. CA solution portfolio for Enterprise Mobility Enablement CONTENTDEVICE APPS Device Management App Development & Distribution App Management Operational Support Email & Content Management CA MDM CA Application Delivery CA Layer7 API integration CA MAM CA App Perf. Management Nolio LISA CA MCM* CA MEM* CA Data Protection CA API Security & Management Access Control; *Minder
  • 11. 11 Copyright © 2013 CA. All rights reserved. Mobile Device Management (MDM) CONTENTDEVICE APPS Device Management App Development & Distribution App Management Operational Support Email & Content Management CA MDM CA Application Delivery CA Layer7 API integration CA MAM CA App Perf. Management Nolio LISA CA MCM* CA MEM* CA Data Protection CA API Security & Management Access Control; *Minder
  • 12. 12 Copyright © 2013 CA. All rights reserved. CA Mobile Device Management  Unmanaged to managed in 90 seconds  Simple, scalableSaaS-based Mobile DeviceManagement#BYOD #BYOT  User-friendlyEnterpriseApp Store and overthe airpolicy management  Nearreal-timedevicestatus, control and telecomexpenseanalytics  Multi deviceand OSsupport
  • 13. 13 Copyright © 2013 CA. All rights reserved. CA Mobile Device Management MANAGE • Remotewipe/lock • Applicationblacklist • Manageby policy • TelecomExpense Management SECURE • Policyenforcement • Quarantinejail-brokendevices • Email security,accesscontrol PROVISION • User-friendlyenroll • Zero-touchconfig • EnterpriseApp Store • VPP support SUPPORT • Trackdevices/Apps • KeepAppsup-to-date • OTAupdates,config
  • 14. 14 Copyright © 2013 CA. All rights reserved. CA MDM - Manage Provision Secure Manage Support • Cross Platform • Role based enterprise app store • Users access the latest version of apps needed for business • Deploy corporate developed Apps • Deploy wrapped apps • Mandatory/silent app installations • App update notifications Copyright © 2013 CA Technologies 14
  • 15. 15 Copyright © 2013 CA. All rights reserved. CA MDM - Provision Provision Secure Manage Support Copyright © 2013 CA Technologies 15 • Cross platform • Consistant look and feel end-user self service portal • BYOD / IT onboarding • Selective wipe of corporate only data • Pre configured Apps delivered upon enrollment
  • 16. 16 Copyright © 2013 CA. All rights reserved. CA MDM - Support Provision Secure Manage Support • Platform/App decision support • Comprehensive device hardware inventory • Comprehensive software analysis • Event reporting via MDM Server • Operations integration Copyright © 2013 CA Technologies 16
  • 17. 17 Copyright © 2013 CA. All rights reserved. CA MDM - Secure Provision Secure Manage Support • Content security features • Self service device locate • Remote Lock/Wipe • Email remediation for non compliant devices • Jailbreak/Root detection • App whitelist / blacklist • OTA enforcement of security policies Copyright © 2013 CA Technologies 17
  • 18. 18 Copyright © 2013 CA. All rights reserved. CA MDM – Multi-tenancy  Hirerachical structure to cater to carriers, MSPs who can in turn provide MDM services across different enterprise  Share common resources across enterprises, providing economies of scale  Super Admin console and a simple wizard to provision and deliver MDM services in matter of minutes  Tenant specific branding for MDM server and customized Mobile MDM App certs, profiles  Impersonation enterprise admin and access any enterprise portal with single login
  • 19. 19 Copyright © 2013 CA. All rights reserved. Advanced reporting, analytics, and device usage
  • 20. 20 Copyright © 2013 CA. All rights reserved. What is Unique about CA MDM CA MDM Device Diversity (includes Windows desktop) Highest Scalability and Availability Cross Product Integration Extended Analytics/Reporting
  • 21. 21 Copyright © 2013 CA. All rights reserved. Mobile Application Management CONTENTDEVICE APPS Device Management App Development & Distribution App Management Operational Support Email & Content Management CA MDM CA Application Delivery CA Layer7 API integration CA MAM CA App Perf. Management Nolio LISA CA MCM* CA MEM* CA Data Protection CA API Security & Management Access Control; *Minder
  • 22. 22 Copyright © 2013 CA. All rights reserved. Roadmap – CA Mobile Application Management ControlAnalyze SecureManage  Crash & defect collection, reporting  User satisfaction reporting  Dynamic real-time App analytics, security, risk monitoring  App Authentication, SSO, VPN  GeoFencing, TimeFencing  Remote app locking, wiping  App wrapping & containerization  Data encryption, at-rest, in-motion  Detailed App performance reports  Rich SDK providing MAM features  Capture & create automated tests  Remote control of apps for support  Remote live support in-app help
  • 23. 23 Copyright © 2013 CA. All rights reserved. Copyright © 2013 CA Technologies 23
  • 24. 24 Copyright © 2013 CA. All rights reserved. Copyright © 2013 CA Technologies 24
  • 25. 25 Copyright © 2013 CA. All rights reserved. Discipline: Content Management CONTENTDEVICE APPS Device Management App Development & Distribution App Management Operational Support Email & Content Management CA MDM CA Application Delivery CA Layer7 API integration CA MAM CA App Perf. Management Nolio LISA CA MCM* CA MEM* CA Data Protection CA API Security & Management Access Control; *Minder
  • 26. 26 Copyright © 2013 CA. All rights reserved. CA Mobile Content Management  Access controlled content synchronization  Seamless mobile access to SharePoint, DropBox, …  ActiveDirectory, LDAP integration  Content secured at-rest, in-motion  Secure e-mail attachments  SaaS or on-premise storage  Content editing, commenting, collaboration  Simple note editing, sharing  Fine-grained content access, sharing policies  Content-level access rights  Remote content wiping Secure Collaborate
  • 27. 27 Copyright © 2013 CA. All rights reserved. Mobile Content Management
  • 28. 28 Copyright © 2013 CA. All rights reserved.  Email access control  Use native mail client  Content aware encryption  Supports inter and intra company email Mobile Email Management
  • 29. 29 Copyright © 2013 CA. All rights reserved. CA solution portfolio for Enterprise Mobility Enablement CONTENTDEVICE APPS Device Management App Development & Distribution App Management Operational Support Email & Content Management CA MDM CA Application Delivery CA Layer7 API integration CA MAM CA App Perf. Management Nolio LISA CA MCM* CA MEM* CA Data Protection CA API Security & Management Access Control; *Minder
  • 30. 30 Copyright © 2013 CA. All rights reserved. EMM is not an island 30 CA EMM Identity & Policy Management Strong Auth Unified Device Handling Device and App Risk Profiling Support Desk Integration Data Leak protection Single Management point for all resources Protect App and Data with convenient, strong authentication Provide management for mobile and non-mobile. Enterprise and BYOD Eliminate risk by profiling devices and apps at run time Unified process for all support Prevent Data leak to, from and on devices, apps
  • 31. 31 Copyright © 2013 CA. All rights reserved. Continued Rise in Business Apps Business Applications continue to gain traction! • Nearly 81% plan to write to 2 or 3 OS’s, for business apps • Next 3 months, developers plan to develop: • Field Service, Data Collection, & Forms Apps (46.8%) • Productivity Apps (43.9%) • Business Intelligence Apps (34.9%) • Nearly 39% plan to write apps for a private enterprise app store 29.3%
  • 32. 32 Copyright © 2013 CA. All rights reserved. CA’s Mobility Vision DATADEVICE APPS Identity & Access Management Mobile DEVICE Management Mobile APPLICATION Management Mobile CONTENT EMAIL Management Security Addressing TODAY’s challenges Solving TOMORROW’S problems Mobile DevOPs Mobile (App) DEPLOYMENT APPS Mobile Services Management Release Mngnt Testing API Virtualization Crash Analytics Security Performance Operations Support Services, Support
  • 33. 33 Copyright © 2013 CA. All rights reserved.  Mobility is just an extension of what we do… – Address end-to-end functional areas – Unique in delivering an end-to-end service managed view  Strategic focus and investment leveraging CA leadership positions in cloud, security and management – Strong vision, roadmap and commitment  We are here to help you on all things, Mobility! Summary
  • 34. Pulling it all together… A Real –Life Use Case
  • 35. 35 Copyright © 2013 CA. All rights reserved.  Clinicians are using personally owned iPads for many things – Email – Clinical imaging access – Clinical data  Clinic wants to streamline the prescribing process so that it can be driven quickly from a tablet – Patient history immediately available – Current and previous prescriptions searched and correlated for contra indications, allergies, prescribing conflicts etc. – Immediate prescription processing – no form filling Let us imagine a healthcare company…
  • 36. 36 Copyright © 2013 CA. All rights reserved. Users and their devices Applications Needs Assessment Side-effects ( SQL Database Clinician records (Client/Server) Patient records (Web) SQL .net Web Services
  • 37. 37 Copyright © 2013 CA. All rights reserved. Users and devices Applications The App: Integrate and republish the APIs via Layer 7 Side-effects ( SQL Database Clinician records (Client/Server) Patient records (Web) SQL .net Web Services Mobile Access Gateway
  • 38. 38 Copyright © 2013 CA. All rights reserved. The Prescription app on Clinician’s device Applications Access Controls: Clinician using Prescription app Side-effects ( SQL Database Clinician records (Client/Server) Patient records (Web) SQL .net Web Services Mobile Access Gateway AuthMinder OAuth token OAuth token 1: Strong authentication 2: Token delivered 3: Token trusted by L7 Mobile Access GW Private key securely stored on the mobile
  • 39. 39 Copyright © 2013 CA. All rights reserved. Patients and their devices Applications Access Control: patient self-service, multi-channel Side-effects ( SQL Database Clinician records (Client/Server) Patient records (Web) SQL .net Web Services CA SiteMinder Patient self service web application AuthMinder OAuth token 1: Strong authentication 2: Token delivered 3: Web channel protected by SiteMinder OAuth token
  • 40. 40 Copyright © 2013 CA. All rights reserved. CA-MDM Clinicians and their devices Applications Clinicians and BYOD: device management and security Side-effects ( SQL Database Clinician records (Client/Server) Patient records (Web) SQL .net Web Services CA-MDM • Enterprise App Store • Device inventory • Configuration policy CA-MDM Configuration policy to manage the device • Configuration / passcode • Required apps • Device encryption • Remote wipe • Jailbreak detection • Maintains / monitors compliant state
  • 41. 41 Copyright © 2013 CA. All rights reserved. Mobile Email Management  Two simple rules:  Clinician must not have email access from unmanaged devices  Patient data must never be transmitted in clear Patient data; PII
  • 42. 42 Copyright © 2013 CA. All rights reserved. Clinicians and their devices Securing patient data over email Exchange server CA-MDM DataMinder CA-MEM LDAP 1) Email is sent asking for an expert opinion from a clinical consultant (with a red tie!)
  • 43. 43 Copyright © 2013 CA. All rights reserved. Clinicians and their devices Securing patient data over email Exchange server CA-MDM DataMinder CA-MEM LDAP 2) Exchange server checks with CA-MDM whether device sending the email is managed and in a compliant state
  • 44. 44 Copyright © 2013 CA. All rights reserved. Clinicians and their devices Securing patient data over email Exchange server CA-MDM DataMinder CA-MEM LDAP 3) If the device is properly managed it is allowed to send email. Next the email content is scanned with DataMinder to see if it contains patient confidential data….
  • 45. 45 Copyright © 2013 CA. All rights reserved. Clinicians and their devices Securing patient data over email Exchange server CA-MDM DataMinder CA MEM LDAP 4a) If the email does not contain any sensitive data it can be sent on its way….
  • 46. 46 Copyright © 2013 CA. All rights reserved. Clinicians and their devices Securing patient data over email Exchange server CA-MDM DataMinder CA-MEM LDAP 4b) If it does contain patient data the email must be encrypted. The consultant’s public key is retrieved from an LDAP directory.
  • 47. 47 Copyright © 2013 CA. All rights reserved. Clinicians and their devices Securing patient data over email Exchange server CA-MDM DataMinder CA-MEM LDAP 5) The email is encrypted and sent on to the consultant.
  • 48. 48 Copyright © 2013 CA. All rights reserved. Securing patient data over email CA-MEM 6) On their mobile device, consultant opens the email as usual. When they access the encrypted attachment they are asked to authenticate using the same process and credential they use for application access. 7) After successfully authenticating the email can be decrypted and the contents viewed.
  • 49. 49 Copyright © 2013 CA. All rights reserved. And finally, when it’s all over…
  • 50. 50 Copyright © 2013 CA. All rights reserved. Clinicians and BYOD: device management and security Requirement CA-MDM solution Maintain inventory of devices Manages device inventory and custody by user Prevent use of jailbroken / rooted devices Jailbreak detection and remediation policy Mandate the use of strong authentication and Prescription apps Enterprise App Store and policy-based app deployment Monitor / maintain compliant configuration, for example: Encryption: storage and backups Passcode lock Configuration Policies to control all aspects of device configuration and security Incident response / cleanup Remote lock, selective wipe, and factory reset capabilities