Managed Mobility Services: Implementing a true mobile strategie
•Download as PPTX, PDF•
0 likes•169 views
Manage your mobile enterprise more effectively
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Managed Mobility Services: Implementing a true mobile strategie
Similar to Managed Mobility Services: Implementing a true mobile strategie (20)
More from Cor Ranzijn
More from Cor Ranzijn (7)
Recently uploaded
Recently uploaded (20)
Managed Mobility Services: Implementing a true mobile strategie
- 1. Managed Mobility Services: Implementing a true mobile strategy Manage your mobile enterprise more effectively 47012647USEN-00
- 2. © 2018 IBM Corporation 2 IBM Digital Workplace offerings help IT provide the capabilities for the modern workforce. IBM Mobile Virtualization Services IBM Mobile Collaboration Services IBM® Managed Mobility Services IBM Workplace Support Services with Watson®
- 3. © 2018 IBM Corporation 3 Consumer digital experience Traditional IT environment Mobility is a key component of the digital workplace. Endpoints Security Analytics Cloud Endpoints management Users Endpoints Users Legacy Access to the application and data needed anywhere, anytime, from any device,, while delivering a superb end user experience.
- 4. © 2018 IBM Corporation 4 The digital consumer experience is changing. Modernized systems and tooling Modern, best-in-class tools are less restrictive, security- rich and help deliver needed automation. Self-enablement Automation, excellent self-service tools and a CSAT-driven help desk foster self- sufficiency, drive engagement and improve employee satisfaction. Choice of modern devices Modern device options help translate into happier and more productive employees.
- 5. © 2018 IBM Corporation 5 The path to mobile management has evolved over the years. Devices MDM EMM UEM Endpoints Devices, application and content management Unified Endpoint ManagementMobile Device Management Enterprise Mobility Management
- 6. © 2018 IBM Corporation 6 Key considerations for enabling a mobile workforce. Can I integrate my UEM service with my current content management applications, such as Microsoft SharePoint or Network File Share? Can I limit access to individual users? How do I enable secure browsing? Am I able to monitor mobile data usage? Can I manage all of my devices? Apple iOS and Mac, Google Android and Chrome, Windows Phone, Windows 7, Windows 8, Windows 10 Will I be able to protect sensitive data?
- 7. © 2018 IBM Corporation 7 Optional considerations based on your specific requirements. Containerization Do I need the ability to create and apply security controls to separate work and personal data? Security-rich application access (VPN) Is it necessary to create a security-rich VPN/tunnel route to an enterprise server for access to business data? Would the UEM solution be used to provide a VPN for the whole device or just for individual application(s)? Application wrapping Are additional security and control features required for Enterprise applications, i.e. restrict copy & paste, enforce data encryption, require an app specific password. Application wrapping provides these additional security features, which can be applied to different user groups. There are two levels of application wrapping: Level 1: The UEM administrator uses the UEM solution to wrap the application, applying UEM-level security controls to the application. Level 2: The application developer uses the UEM Software Development Kit to include additional functionality, which can allow more granular security controls to be applied to the application. Some public applications are “pre-wrapped” by the vendor and available in the public application store. Threat management Is a threat management system that detects, analyzes and remediates malware on mobile devices a requirement for my enterprise?
- 8. © 2018 IBM Corporation 8 Optional considerations based on your specific requirements. (cont’d) Security-rich email Would the ability to enable security-rich email that provides additional security controls using an UEM-provided email application on the device be a requirement for my enterprise? Does my organization need to control mobile email access based on the compliance posture of the device? Security-rich document editing Would the ability to view and edit Microsoft Office documents using a special Office application provided by the UEM vendor, providing additional security controls such as password protection or restriction of “copy” or “paste” features, be a requirement for my enterprise? Cloud document synchronization Would the ability to store documents/files in a cloud repository (such as Box, Dropbox, Connections or the UEM provider’s cloud storage service) and more securely synchronize them to devices using the UEM service be a requirement for my enterprise? Telecom expense management Does my organization need the ability to track and report mobile data usage? Security-rich chat Would an instant messaging (chat) using an UEM-provided chat application that stores data in the container and provides additional security controls such as password protection or restriction of “copy” or “paste” features be required? Apple Mac, Windows PC and Chromebook Management Simple, low touch / modern management of Windows PCs, Apple Macs and Chromebooks using UEM tools. Note that this does not provide a like for like replacement of traditional, full blown, PC and Mac management tools. Alternative IBM offerings are available that can provide this if necessary.
- 9. © 2018 IBM Corporation 9 Establishing your UEM program: SaaS or managed service? + As more organizations adopt UEM practices, there are two basic choices: DIY or use a managed service. + Many UEM vendors provide software as a service (SaaS), which is designed to be easy to set up. Step 1 Step 2 Step 3 Step 4 Assess and go to the vendor website. Click on link for no-charge trial offer. Fill out necessary information. UEM server in the cloud is created.
- 10. © 2018 IBM Corporation 10 Now comes the hard part: Configuring UEM components. UEM server in the cloud will be created Define the processes and procedures required to support the service Enable the service desk to support user calls on UEM Identify and configure applications that will be needed by users in the Enterprise Application Store Configure optional components (for example, secure browser, content management and so on) – dependent on the full scope of desired deployment Define the procedures to handle lost or stolen devices Define and configure security policies Produce and maintain the device enrollment guides ? ? ? ? ? ? ? ?
- 11. © 2018 IBM Corporation 11 Managed Mobility Services: The right path to UEM. + Configuring each of your required UEM components successfully by yourself can require significant time, resources and money. + A managed mobility service model provides a strategic approach designed to ease the cost and complexity of meeting UEM requirements. The transition, or transformation, phase uses IBM’s deep experience in project management and best practices. Post-deployment, the steady-state phase delivers ongoing support to run and manage the UEM service using Business as Usual resources and processes. Architecture and design Build and configure Service model definition Test and pilot Production rollout Maintain Support Run
- 12. © 2018 IBM Corporation 12 A closer look at the transition phase in a managed services model. Select and design Configure Define and produce Test or pilot Production rollout UEM vendor Hosting model Technical solution design UEM Gateway design/sizing/scaling – required for integration with the customer’s existing IT infrastructure Security profiles and compliance policies Enterprise email integration Enterprise app catalog Considerations specific to each additional UEM function to be enabled UEM enrolment Security profiles and compliance policies Enterprise app catalog Active directory or LDAP integration for identification and authentication Certificate authority integration Additional UEM components to be enabled User enrolment instructions or guides Service desk training or enablement Interlock and engagement process for other support team Support model for the full UEM service Device Retirement (e.g. employee leaving) Lost/stolen device App updates Incidents Changes New starter process User move (between Business Unit) process UEM infrastructure and functions, including gateways and connectors Mobile device functionality with UEM security and compliance policies applied Additional UEM function implemented App functionality User Acceptance Testing (UAT) and Pilot of UEM service before full deployment Define rollout plan and schedule Support initial bulk rollout of UEM to users
- 13. © 2018 IBM Corporation 13 A closer look at the steady-state phase in a managed services model. Maintain Support Report Software upgrade/patching of UEM Gateway servers Increase capacity of UEM Gateway servers, if required UEM vendor escalation for cloud outages and problem reporting/fixes Process maintenance and updates for managing enterprise mobility users - New starter process - Mover process - Leaver process - Lost or stolen device process - Application management process - Service Desk guide Initial service deployment support (assumption that a certain percentage of users enrolling to UEM need help) Ongoing user support (for example, how to answer questions, reset pass code, change devices, out-of-compliance devices) Support for gateway outages, including after-hours support Provide regular report on UEM service - Application upgrades - Vendor infrastructure outages - Mobility application server capacity - Compliance and application licensing
- 14. © 2018 IBM Corporation 14 Engaging Managed Mobility Services from IBM. + IBM helps you build a mobility strategy, tailored to your technology and business requirements. Our skilled resources, global reach and key vendor alliances can reduce costs and decrease overhead. Predictable subscription pricing helps you proactively budget and maintain flexibility. + A Managed Mobility Service from IBM also provides the following benefits: Subject matter experts IBM best practices Dedicated UEM teams Full-service managed UEM Step 1 Enable your UEM strategy Step 2 Partner with IBM® Managed Mobility Services
- 15. © 2018 IBM Corporation 15 + Join the conversation on YouTube, LinkedIn, Facebook and Twitter. Take the first step. + Contact an IBM mobility specialist to discuss how IBM Managed Mobility Services can determine the best approach for your organization. + Learn more: For more information about IBM Managed Mobility Services, visit our website.
- 16. © 2018 IBM Corporation 16 Trademarks and notes @Copyright IBM Corporation 2018 IBM corporation New Orchard Road Armonk, NY 10504 + IBM, the IBM logo, ibm.com, and Watson are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml + Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. + This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. + The performance data discussed herein is presented as derived under specific operating conditions. Actual results may vary. + THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. + Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
- 17. Thank you
Editor's Notes
- <<Modern Workplace>> IBM Digital Workplace has service offerings around four different areas – Managed Mobility Services, Mobile Collaboration Services, Mobile Virtualization Services and Support Services with Watson.
- A traditional workplace has been the legacy way of accessing applications and data over a limited number of computing devices like laptop and desktops. Where as, now we talk about the digital consumer experience, or digital workplace. What is changing now includes: Providing multiple choices of modern workplace devices (not limited to laptop or desktop but also adding handheld devices) More automation to enable self-service tools for users to improve the overall experience and incident resolution time Modern systems and tools – to improve user productivity and capability to collaborate more effectively with distributed global teams All this is leading to a way to enable the user to access the workplace from any location, at any time, using their choice of devices, all with good performance.
- CSAT = Customer Satisfaction Score
- To institute a successful Enterprise Mobility Management (EMM) strategy, you should understand the specifics around each facet of mobility management. This knowledge can guide you to choose the right approach for managing your mobility program. Management of mobile devices originally started with Mobile Device Management (MDM), which was focused more on securing the device. The term “MDM” was adopted by the industry and is still widely used. As mobile devices progressed and were enhanced with new features/functions, additional management was developed to manage applications and content. Gartner defined a new term – Enterprise Mobility Management (EMM), which includes MDM, Mobile Application Management (MAM) and Mobile Content Management (MCM)1. Mobile Device Management (MDM) MDM is the capability to secure and configure the device, including security policy enforcement, configuration (for example, WiFi or VPN configuration) remote lock and wipe capability, user self-help portal and reporting. Basic enterprise email integration allows users to gain access to their corporate email, contacts and calendar from their device. Extended enterprise email integration allows the control of access to email based on the enrolment status and the compliance status of the device. Mobile Application Management (MAM) MAM is the capability to provision an enterprise application store and to install, update and remove public and private applications from a device. This can also include distribution rules to control which users get which apps and automatic deletion conditions. Mobile Content Management (MCM) MCM is the capability to configure secure access to content such as Microsoft SharePoint, Network File Shares and IBM Connections from a device with controls based on user names, passwords, IP address and device authentication. Security-rich enterprise browsing Enables security-rich web browsing from devices to the customer’s intranet via the EMM solution. Now Unified Endpoint Management (UEM) is the latest term, which extends EMM to include the management of both mobile devices and traditional endpoints such as PCs (laptops and desktops) and Macs. The industry is moving to a lower touch style for managing PCs/Macs, so the EMM vendors are extending their products to become UEM solutions. 1 https://www.networkworld.com/article/2361467/wireless/gartner-magic-quadrant-shifts-focus-from-mdm-to-enterprise-mobility-management.html
- Note The following features apply to Smart Phones and Tablets and do not necessarily apply to Windows PCs, Macs and Chromebooks: Containerization – Configuration and ongoing management of dual workspace or individual applications on the device. Create and apply security controls to separate work and personal data and optionally provide additional security (for example, prevent copy or paste capability from work to personal). Security-rich application access – As well as securing the application using Containerization, the application may also require a secure VPN/ tunnel route to a client’s enterprise server for access to business data. This is designed to be achieved by using the UEM solution to provide a VPN for the whole device or just for individual application(s). Application wrapping – The process of applying a management layer to a mobile application. Application wrapping allows a mobile application management administrator to set specific policy elements that can be applied to an application or group of applications. There are two levels of application wrapping: Level 1: The UEM administrator uses the UEM solution to wrap the application, allowing UEM-level security controls to be applied to the application (for example, disable copy and paste capability and require user authentication). Level 2: The application developer makes use of the UEM Software Development Kit to include some additional functionality. This allows more granular security controls to be applied to the application. Some public applications are “pre-wrapped” by the vendor and available in the public application store. Threat management – Helps detect, analyze and remediate malware on mobile devices.
- Security-rich email – An UEM-provided email application on the device that stores data in the container and provides additional security controls (such as required password and restricted copy/paste). Optionally enable the ability to control mobile access to enterprise email based on the security & compliance posture of the device (including automated device quarantine / un-quarantine). This requires an UEM email Gateway to be deployed. There are 2 types of Gateway: Remote Powershell: Users Powershell commands to control device access – email traffic is not routed through this gateway In-line: Deployed between the mobile device and the email servers, email synchronization traffic passes through this gateway, enabling it to perform a real-time ‘gatekeeper’ function. Security-rich document editing – Provides the ability to view and edit Microsoft Office documents using a special Office application provided by the UEM vendor. This application stores data on the device in the container and provides additional security controls such as required password and restricted copy/paste. Cloud document synchronization – Provides the ability to store documents or files in a cloud repository (such as Box, Dropbox, Connections or the UEM provider’s cloud storage service) and more securely synchronize them to devices using the UEM service. Telecom expense management – Tracks and reports on mobile data usage. Security-rich chat – The ability to use instant messaging (chat) with an UEM-provided chat application that stores data in the container and provides additional security controls such as required password or restricted copy/paste. Apple Mac, Windows PC and Chromebook Management – UEM can also provide a simple, low touch / modern management of Windows PCs, Apple Macs and Good Chromebooks. Note that not all of the features and scope of a managed service apply to PC and Macs managed using UEM. Also it is not a complete, like for like, replacement of traditional full blown PC/Management. There are separate, dedicated, IBM MMS PC and Mac management offerings that can provide this, using dedicated tools such as JAMF (for Mac) and BigFix or SCCM (for Windows PC).
- As you’ve seen, getting set up on SaaS is fairly straightforward. But now comes the challenge of configuring each of your required UEM components. This phase takes an investment of skilled resources, time and money to implement successfully. Define the processes and procedures required to support the service Integrate UEM with existing enterprise IT services such as directory, email, certificate authority, content repositories (for example, SharePoint), which will require on-premises gateway server(s) that need to be designed, sized, installed, configured, tested and maintained. Configure security policies Differ by device type (due to the different capabilities of the devices) Configure applications in the Enterprise Application Store The types of devices to be used - corporate owned versus personal. Configure any optional components that may be in scope. Dependent on scope of UEM services required. A SaaS deployment will include each of these components, but each will need to be configured before it is actually usable. Enable the service desk to support user calls on UEM Define the various processes – new starter/mover/leaver (what happens to enterprise data on a leaver’s device?) Produce and maintain the device enrollment guides Define the procedures to handle lost or stolen devices What about running and managing UEM once it has been implemented (steady-state support)? Keep up to date with new devices/operating systems and the new features and functions used
- Selection of the UEM vendor Hosting model selection (SaaS vs On-Premises vs Dedicated SaaS) Technical solution design (matching business requirements to UEM features and configuration options) UEM Gateway design/sizing/scaling – required for integration with the customer’s existing IT infrastructure Install, configure and test the UEM Gateway(s) Configure active directory/Lightweight Directory Access Protocol (LDAP) Integration for Identification and Authentication Active directory group synchronization LDAP search queries Configure certificate authority integration Certificates for automatic mobile user authentication with UEM Certificates for automatic mobile user authentication with other services, for example, VPN or WiFi Enrolment configuration Authentication method iOS Apple Push Notification Services (APNS) iOS Device Enrolment Program (DEP) Samsung Knox Mobile Enrolment Android for Work / Android Zero Touch Windows Phone enterprise certificate Configure MDM Profiles device settings/restrictions, which are different for each device operating system the settings and capabilities are different for the various versions of the device operating system iOS Supervised Devices Android for Work policies Samsung for Knox BYOD vs Corporate owned vs COPE Configure application publishing and distribution iOS Volume Purchase Program (VPP) Configuration Application wrapping process and testing Configure compliance policies What conditions to check for – for example, jailbreak/rooted device detection What actions to take on condition detection Different policies for BYOD vs Corporate owned vs COPE Configure email integration Automated email block/allow based on device UEM enrolment status Automated email block/allow based on device compliance status Microsoft Exchange – new device quarantine automation Attachment handling policy Configure additional UEM options in scope Security-rich browser Content management Security-rich email Security-rich document editing Cloud document synchronization Threat management Telecom Expense Management Per application VPN Whole device VPN Secure Chat Produce user enrolment instructions/guides. One for each in scope device operating system. Testing of all configured UEM features/services Testing of device functionality and compatibility with UEM services. Performed for each in scope device type Support for User Acceptance Test (UAT) and pilot of UEM service before full deployment Service Desk training/enablement to provide Level 1 support for UEM service calls Ruggedized device considerations Ruggedized Android specific considerations (particularly Zebra devices) Ruggedized Windows Mobile specific considerations (particularly Zebra devices) Disaster recovery High availability
- Maintain and update user enrolment guides, as required Maintain and update Service Desk problem determination guides, as required Provide updated training to Service Desk if needed Provide steady-state support for users Answer ‘how to’ questions on UEM functions New or Replacement device enrolment Password/passcode resets Utilize the agreed process/tools for incident/problem/change management Determine and implement optimal performance settings for the UEM gateway servers Participate in required audits and root cause analyses related to the UEM application Monitor UEM vendor announcements to stay up to date with latest updates and releases from the UEM vendor Monitor new device operating system announcements to stay up to date with latest updates and new features
- IBM is an industry-leading provider of services and integrated solutions for the mobile enterprise. With more than 10 years of real-world experience delivering managed mobility solutions to hundreds of clients, and more than half a billion devices managed worldwide–including more than 100,000 IBM employees currently using smartphones and tablets–we can tap our specialized skills in mobile technologies, communications and IT networks to help you plan, implement and manage your mobile initiatives. Combining an understanding of your challenges and business needs with expertise gained from delivering mobility services, our dedicated UEM team can get your mobile projects off the ground quickly. IBM managed mobility skills helps ease the cost and complexity of technology upgrades, mobile application support and multidevice, multiplatform mobile integration. Mobility Services begins with a high-level project initiation meeting to review objectives and methodology. The transition phase is based on IBM’s deep experience in project management and best practices, whether you are implementing new services or transitioning your existing services to us. Once your IBM Managed Mobility solution is deployed, the IBM team will provide ongoing support for the specific services you have selected. Because the solution is highly scalable, it can support an increasing number of users when you are ready to add them. A Managed Mobility Service from IBM provides the following benefits: Access to UEM subject matter experts from the Managed Mobility Services (MMS), with more than 10 years of real-world experience with UEM across various industries. UEM continues to be a niche skill. Use of IBM’s Best Practices, developed through engagements with hundreds of customers (managing millions of devices) over the past 15 years or more. Dedicated UEM teams with the ability to scale up resources as required to meet customer needs, which negates the need for the customer to maintain their own UEM skills (education, training, certification, and so on). UEM can be complex, but this complexity is designed to be eased by using skilled IBM resources. An IBM Managed UEM service is not just about the technical implementation, it is a full service comprising the processes, procedures, templates, user guides, Service Desk enablement, incident and problem management and more.