Madsen byod-csa-02
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Madsen byod-csa-02

on

  • 754 views

Role of IdM in addressing BYOD

Role of IdM in addressing BYOD

Statistics

Views

Total Views
754
Views on SlideShare
753
Embed Views
1

Actions

Likes
2
Downloads
11
Comments
0

1 Embed 1

https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Managing the device is misguided – CISO do not loose sleep over the loss of devices, but rather ……
  • Managing the device is misguided – CISO do not loose sleep over the loss of devices, but rather ……

Madsen byod-csa-02 Presentation Transcript

  • 1. BYOD- its an Identity Thing BYOD Session #36 Thursday, November8, 2012 Its an identity thing 1.45-2.45pm Paul Madsen (@pmadsen) Senior Technical Architect Ping IdentityMIS Training Institute Session # - Slide 1© COMPANY NAME
  • 2. A little bit about meMIS Training Institute Session # - Slide 2© COMPANY NAME
  • 3. BYOD WHATS THE BIG DEAL?MIS Training Institute Session # - Slide 3© COMPANY NAME
  • 4. MIS Training Institute Session # - Slide 4© COMPANY NAME
  • 5. B Y O D R B Y W D R I O N E O N U U V GG R I H C T EMIS Training Institute© COMPANY NAME S Session # - Slide 5
  • 6. Context COIT BYOD Social will.i.am keynoting Cloudforce App stores Personal CloudMIS Training Institute Session # - Slide 6© COMPANY NAME
  • 7. [reputable analyst firm] says [X%] of Fortune 500 will confront BYOD by [201Y]MIS Training Institute Session # - Slide 7© COMPANY NAME
  • 8. So why allow it?MIS Training Institute Session # - Slide 8© COMPANY NAME
  • 9. SHadow IT HAPPENSMIS Training Institute Session # - Slide 9© COMPANY NAME
  • 10. Employee productivity as a function of time Value prop BYOD productivity Traditional 9-5 Sun Mon Tue Wed Thur Fri SatMIS Training Institute Session # - Slide 10© COMPANY NAME
  • 11. Fundamental challenge A single device must support two mastersMIS Training Institute Session # - Slide 11© COMPANY NAME
  • 12. Err no….MIS Training Institute Session # - Slide 12© COMPANY NAME
  • 13. Choices  Mobile Device Management (MDM) applies enterprise policy to the device as a whole  PIN, wipe, VPN etc  Mobile Application Management (MAM) focuses on the business apps ON the device  App store, security added onto binaries either through SDK or wrappingMIS Training Institute Session # - Slide 13© COMPANY NAME
  • 14. GranularityMIS Training Institute Session # - Slide 14© COMPANY NAME
  • 15. BYOD Balancing Act Standards Security Productivity PrivacyMIS Training Institute Session # - Slide 15© COMPANY NAME
  • 16. Balancing Act ProductivityMIS Training Institute Session # - Slide 16© COMPANY NAME
  • 17. MIS Training Institute Session # - Slide 17© COMPANY NAME
  • 18. Productivity vs time ideal reality Now what was my password again?? productivity Whoa, I can still login! Well I guess I can play Angry Birds until IT sets me up hired firedMIS Training Institute time Session # - Slide 18© COMPANY NAME
  • 19. GTD Requirements 1. Initial GTD - Quickly get new employees up and running with the applications their role demands 2. Ongoing GTD - Provide employees single sign on experience in day to day work 3. Stop GTD - Reduce/remove permissions when necessaryMIS Training Institute Session # - Slide 19© COMPANY NAME
  • 20. Balancing Act PrivacyMIS Training Institute Session # - Slide 20© COMPANY NAME
  • 21. Privacy the right to be let alone— the most comprehen sive of rights and the right Louis Dembitz BrandeisMIS Training Institute© COMPANY NAME most Session # - Slide 21
  • 22. Privacy Granularity of IT controlMIS Training Institute Session # - Slide 22© COMPANY NAME
  • 23. Partioning for privacy 1. Divide the phone in half – one side for business applications & data, another for personal 2. ITs mandate is to manage & secure the apps & data on the business side 3. IT has no mandate (nor, hopefully, desire) to touch apps & data on the personal sideMIS Training Institute Session # - Slide 23© COMPANY NAME
  • 24. Balancing Act SecurityMIS Training Institute Session # - Slide 24© COMPANY NAME
  • 25. ITS NOT ABOUT THE DEVICEMIS Training Institute Session # - Slide 25© COMPANY NAME
  • 26. Its the dataMIS Training Institute Session # - Slide 26© COMPANY NAME
  • 27. Protecting the data 1. Ensure that user/app can access only appropriate data  Authorization based on role 2. Protect data in transit IDM  SSL 3. Protect data on device  PIN, Encryption MAM 4. Remove access to data when appropriate MDM  Wipe stored data (or keys)  Revoke access to fresh dataMIS Training Institute Session # - Slide 27© COMPANY NAME
  • 28. MIM?MIS Training Institute Session # - Slide 28© COMPANY NAME
  • 29. MDM – No screen captureMAM – No screen capture when in email appMIM – No screen capture for this documentMIS Training Institute Session # - Slide 29© COMPANY NAME
  • 30. Balancing Act StandardsMIS Training Institute Session # - Slide 32© COMPANY NAME
  • 31. Why standards?  Framework implies interplay between  Enterprise IdM  MAM architecture  MAM servers  MAM agent  Applications  On-prem  SaaSMIS Training Institute Session # - Slide 33© COMPANY NAME
  • 32. Components Enterprise SaaS SaaS 1 2 MAM Device MAM Browser SaaS1 SaaS2MIS Training Institute Session # - Slide 34© COMPANY NAME
  • 33. Standards  SCIM (System for Cross-Domain Identity Management) to provision identities as necessary to MAM and SaaS providers  SAML (Security Assertion Markup Language) to bridge enterprise identity to MAM and SaaS providers  OAuth to authorize MAM agents, and SaaS native appsMIS Training Institute Session # - Slide 35© COMPANY NAME
  • 34. Components Enterprise SCIM SaaS SaaS SCIM 1 SAMLMAM O SCIM O A SAML A U SAML O U T A T H U H Device MAMT Browser H SaaS1 SaaSMIS Training Institute Session # - Slide 36© COMPANY NAME
  • 35. Bob pursuing other ventures Enterprise SCIM (delete) SaaS SaaS SCIM (delete) 1 MAM SCIM (delete) W I p e Device MAM Browser SaaS1 SaaS wipe wipeMIS Training Institute Session # - Slide 37© COMPANY NAME
  • 36. Bob loses phone in cab Enterprise SCIM (status=0) SaaS SaaS SCIM (status=0) 1 MAM SCIM (status=0) L O C K = Device Y MAM Browser SaaS1 SaaSMIS Training Institute Session # - Slide 38© COMPANY NAME
  • 37. Application Provider Enterprise Application Provider Application Provider Device Native app Native app Native Authz Native app app Native agent Native app app Native appMIS Training Institute Session # - Slide 41© COMPANY NAME
  • 38. Wrapping up
  • 39. R R E DE S a S Business T t T Personal a MAM App App T Policy o k Apps T o e k n e s Identity Identity Corp Identity n Identity s TokensMIS Training Institute Session # - Slide 43© COMPANY NAME
  • 40. Thank you @paulmadsenMIS Training Institute Session # - Slide 44© COMPANY NAME
  • 41. Summary1. Divide device & leave employee personal data alone2. Provision apps via MAM based on employee identity & roles into employee side3. Provision tokens to those apps via IdM based on employee identity & roles4. Apps use tokens on API calls to corresponding CloudMIS Training Institute Session # - Slide 45© COMPANY NAME