BYOD- its an Identity Thing                                    BYOD                                   Session #36         ...
A little bit about meMIS Training Institute                           Session # - Slide 2© COMPANY NAME
BYOD         WHATS THE BIG DEAL?MIS Training Institute          Session # - Slide 3© COMPANY NAME
MIS Training Institute   Session # - Slide 4© COMPANY NAME
B              Y   O   D          R B            Y   W   D            R          I              O   N   E            O    ...
Context                           COIT       BYOD                         Social                                          ...
[reputable analyst                         firm] says [X%] of                            Fortune 500 will                 ...
So why                 allow it?MIS Training Institute       Session # - Slide 8© COMPANY NAME
SHadow IT                         HAPPENSMIS Training Institute               Session # - Slide 9© COMPANY NAME
Employee productivity as a function of time                                                            Value prop         ...
Fundamental challenge                                        A single                                        device       ...
Err no….MIS Training Institute              Session # - Slide 12© COMPANY NAME
Choices         Mobile Device Management (MDM) applies          enterprise policy to the device as a whole              ...
GranularityMIS Training Institute                 Session # - Slide 14© COMPANY NAME
BYOD Balancing Act                                 Standards             Security                                         ...
Balancing Act                         ProductivityMIS Training Institute                   Session # - Slide 16© COMPANY N...
MIS Training Institute   Session # - Slide 17© COMPANY NAME
Productivity vs time                                    ideal                  reality                                    ...
GTD Requirements       1.                Initial GTD - Quickly get new                         employees up and running wi...
Balancing Act                         PrivacyMIS Training Institute                   Session # - Slide 20© COMPANY NAME
Privacy                                     the right to be                                        let alone—             ...
Privacy                         Granularity of IT controlMIS Training Institute                               Session # - ...
Partioning for privacy    1.       Divide the phone in half –             one side for business             applications &...
Balancing Act                         SecurityMIS Training Institute                   Session # - Slide 24© COMPANY NAME
ITS NOT ABOUT THE DEVICEMIS Training Institute                               Session # - Slide 25© COMPANY NAME
Its the dataMIS Training Institute                   Session # - Slide 26© COMPANY NAME
Protecting the data    1.       Ensure that user/app can access only appropriate             data                   Autho...
MIM?MIS Training Institute          Session # - Slide 28© COMPANY NAME
MDM – No screen captureMAM – No screen capture when in email appMIM – No screen capture for this documentMIS Training Inst...
Balancing Act                         StandardsMIS Training Institute                   Session # - Slide 32© COMPANY NAME
Why standards?            Framework implies interplay between                    Enterprise IdM                    MAM ...
Components      Enterprise                                                 SaaS    SaaS                                   ...
Standards                 SCIM (System for Cross-Domain                  Identity Management) to provision               ...
Components      Enterprise                            SCIM                                                   SaaS    SaaS ...
Bob pursuing other ventures      Enterprise            SCIM (delete)                                                      ...
Bob loses phone in cab      Enterprise          SCIM (status=0)                                                   SaaS    ...
Application Provider         Enterprise                                          Application Provider                     ...
Wrapping up
R    R                                        E                                            DE                             ...
Thank you                         @paulmadsenMIS Training Institute               Session # - Slide 44© COMPANY NAME
Summary1.       Divide device & leave employee personal         data alone2.       Provision apps via MAM based on employe...
Upcoming SlideShare
Loading in …5
×

Madsen byod-csa-02

645 views
614 views

Published on

Role of IdM in addressing BYOD

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
645
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Managing the device is misguided – CISO do not loose sleep over the loss of devices, but rather ……
  • Managing the device is misguided – CISO do not loose sleep over the loss of devices, but rather ……
  • Madsen byod-csa-02

    1. 1. BYOD- its an Identity Thing BYOD Session #36 Thursday, November8, 2012 Its an identity thing 1.45-2.45pm Paul Madsen (@pmadsen) Senior Technical Architect Ping IdentityMIS Training Institute Session # - Slide 1© COMPANY NAME
    2. 2. A little bit about meMIS Training Institute Session # - Slide 2© COMPANY NAME
    3. 3. BYOD WHATS THE BIG DEAL?MIS Training Institute Session # - Slide 3© COMPANY NAME
    4. 4. MIS Training Institute Session # - Slide 4© COMPANY NAME
    5. 5. B Y O D R B Y W D R I O N E O N U U V GG R I H C T EMIS Training Institute© COMPANY NAME S Session # - Slide 5
    6. 6. Context COIT BYOD Social will.i.am keynoting Cloudforce App stores Personal CloudMIS Training Institute Session # - Slide 6© COMPANY NAME
    7. 7. [reputable analyst firm] says [X%] of Fortune 500 will confront BYOD by [201Y]MIS Training Institute Session # - Slide 7© COMPANY NAME
    8. 8. So why allow it?MIS Training Institute Session # - Slide 8© COMPANY NAME
    9. 9. SHadow IT HAPPENSMIS Training Institute Session # - Slide 9© COMPANY NAME
    10. 10. Employee productivity as a function of time Value prop BYOD productivity Traditional 9-5 Sun Mon Tue Wed Thur Fri SatMIS Training Institute Session # - Slide 10© COMPANY NAME
    11. 11. Fundamental challenge A single device must support two mastersMIS Training Institute Session # - Slide 11© COMPANY NAME
    12. 12. Err no….MIS Training Institute Session # - Slide 12© COMPANY NAME
    13. 13. Choices  Mobile Device Management (MDM) applies enterprise policy to the device as a whole  PIN, wipe, VPN etc  Mobile Application Management (MAM) focuses on the business apps ON the device  App store, security added onto binaries either through SDK or wrappingMIS Training Institute Session # - Slide 13© COMPANY NAME
    14. 14. GranularityMIS Training Institute Session # - Slide 14© COMPANY NAME
    15. 15. BYOD Balancing Act Standards Security Productivity PrivacyMIS Training Institute Session # - Slide 15© COMPANY NAME
    16. 16. Balancing Act ProductivityMIS Training Institute Session # - Slide 16© COMPANY NAME
    17. 17. MIS Training Institute Session # - Slide 17© COMPANY NAME
    18. 18. Productivity vs time ideal reality Now what was my password again?? productivity Whoa, I can still login! Well I guess I can play Angry Birds until IT sets me up hired firedMIS Training Institute time Session # - Slide 18© COMPANY NAME
    19. 19. GTD Requirements 1. Initial GTD - Quickly get new employees up and running with the applications their role demands 2. Ongoing GTD - Provide employees single sign on experience in day to day work 3. Stop GTD - Reduce/remove permissions when necessaryMIS Training Institute Session # - Slide 19© COMPANY NAME
    20. 20. Balancing Act PrivacyMIS Training Institute Session # - Slide 20© COMPANY NAME
    21. 21. Privacy the right to be let alone— the most comprehen sive of rights and the right Louis Dembitz BrandeisMIS Training Institute© COMPANY NAME most Session # - Slide 21
    22. 22. Privacy Granularity of IT controlMIS Training Institute Session # - Slide 22© COMPANY NAME
    23. 23. Partioning for privacy 1. Divide the phone in half – one side for business applications & data, another for personal 2. ITs mandate is to manage & secure the apps & data on the business side 3. IT has no mandate (nor, hopefully, desire) to touch apps & data on the personal sideMIS Training Institute Session # - Slide 23© COMPANY NAME
    24. 24. Balancing Act SecurityMIS Training Institute Session # - Slide 24© COMPANY NAME
    25. 25. ITS NOT ABOUT THE DEVICEMIS Training Institute Session # - Slide 25© COMPANY NAME
    26. 26. Its the dataMIS Training Institute Session # - Slide 26© COMPANY NAME
    27. 27. Protecting the data 1. Ensure that user/app can access only appropriate data  Authorization based on role 2. Protect data in transit IDM  SSL 3. Protect data on device  PIN, Encryption MAM 4. Remove access to data when appropriate MDM  Wipe stored data (or keys)  Revoke access to fresh dataMIS Training Institute Session # - Slide 27© COMPANY NAME
    28. 28. MIM?MIS Training Institute Session # - Slide 28© COMPANY NAME
    29. 29. MDM – No screen captureMAM – No screen capture when in email appMIM – No screen capture for this documentMIS Training Institute Session # - Slide 29© COMPANY NAME
    30. 30. Balancing Act StandardsMIS Training Institute Session # - Slide 32© COMPANY NAME
    31. 31. Why standards?  Framework implies interplay between  Enterprise IdM  MAM architecture  MAM servers  MAM agent  Applications  On-prem  SaaSMIS Training Institute Session # - Slide 33© COMPANY NAME
    32. 32. Components Enterprise SaaS SaaS 1 2 MAM Device MAM Browser SaaS1 SaaS2MIS Training Institute Session # - Slide 34© COMPANY NAME
    33. 33. Standards  SCIM (System for Cross-Domain Identity Management) to provision identities as necessary to MAM and SaaS providers  SAML (Security Assertion Markup Language) to bridge enterprise identity to MAM and SaaS providers  OAuth to authorize MAM agents, and SaaS native appsMIS Training Institute Session # - Slide 35© COMPANY NAME
    34. 34. Components Enterprise SCIM SaaS SaaS SCIM 1 SAMLMAM O SCIM O A SAML A U SAML O U T A T H U H Device MAMT Browser H SaaS1 SaaSMIS Training Institute Session # - Slide 36© COMPANY NAME
    35. 35. Bob pursuing other ventures Enterprise SCIM (delete) SaaS SaaS SCIM (delete) 1 MAM SCIM (delete) W I p e Device MAM Browser SaaS1 SaaS wipe wipeMIS Training Institute Session # - Slide 37© COMPANY NAME
    36. 36. Bob loses phone in cab Enterprise SCIM (status=0) SaaS SaaS SCIM (status=0) 1 MAM SCIM (status=0) L O C K = Device Y MAM Browser SaaS1 SaaSMIS Training Institute Session # - Slide 38© COMPANY NAME
    37. 37. Application Provider Enterprise Application Provider Application Provider Device Native app Native app Native Authz Native app app Native agent Native app app Native appMIS Training Institute Session # - Slide 41© COMPANY NAME
    38. 38. Wrapping up
    39. 39. R R E DE S a S Business T t T Personal a MAM App App T Policy o k Apps T o e k n e s Identity Identity Corp Identity n Identity s TokensMIS Training Institute Session # - Slide 43© COMPANY NAME
    40. 40. Thank you @paulmadsenMIS Training Institute Session # - Slide 44© COMPANY NAME
    41. 41. Summary1. Divide device & leave employee personal data alone2. Provision apps via MAM based on employee identity & roles into employee side3. Provision tokens to those apps via IdM based on employee identity & roles4. Apps use tokens on API calls to corresponding CloudMIS Training Institute Session # - Slide 45© COMPANY NAME

    ×