Securing the Mobile enterprise


Published on

Track: Mobility in the Enterprise

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Securing the Mobile enterprise

  1. 1. © 2013 IBM CorporationSecuring the Mobile EnterpriseJude LancasterProduct ManagerEndpoint Manager for Mobile Devices
  2. 2. 11IBM Endpoint Manager Mobile Device management
  3. 3. 2IBM Endpoint Manager ArchitectureTEM ServerDBConsole / Web ReportsRelay(s)Android devices* Apple iOS devices*Apple PushNotificationServershttp / 52311http / 52311ManagementExtenderServers, desktops, laptops*Relayhttp / 52311TCP port 2195 port 5223 to** Managing devices that are not connected to the internal network requires opening the management port to theInternet (HTTP 52311 for Laptops and Android or HTTPS 443 for Apple iOS devices)BigFix ServerBlackberry*BEShttps / 443
  4. 4. 33• Securely enable and accelerateBYOD mobility• Mobilize every employee with secureconnectivity to apps and services• Scale without limits, withoutinfrastructure costsNext generation mobilityMobile meets CloudCompany
  5. 5. 4DIVIDE OVERVIEWCompanyDual Persona• Native user experience• Secure work containerfor iOS & Android• Extensible to VPN & UCBusiness Applications• Common apps for allemployees• Third-party apps byemployee group• External file storage optionCloud Management• IT control of the container• User self-service• MDM APIs4
  6. 6. 55Ibm endpoint manager + divideComplete MDM BYOD SolutionDual PersonaLeverages the sophisticated policies andfeatures of IBM MDM and EndpointManagementManagement of Divide as a “virtual device”including safe, secure distribution andmanagement of apps+ +Immediate solution for BYOD challengesand security concerns for Mobility OS’sSeamless delivery: same Divide App,binding to IBM MDM at time of enrollmentBusiness AppsIBM Endpoint Manager
  7. 7. 6Architected for reliability6No Enterprise Data traverses the Divide CloudManagementTrafficControlDataCustomer Email ServerWhat is stored in the Divide cloud?Device InventoryEmail addressesPolicy settingsDIVIDE MANAGERCustomer SiteDIVIDESmart DevicesIBM Endpoint ManagerCompany
  8. 8. 7DUAL PERSONA IS FOUNDATIONALSeparate and Secure Dual Personas• Data security• Enterprise apps and services• Easy to manage and control• Native user experience• Choice of device, services• Freedom and privacy7
  9. 9. 8“ Lorem ipsumdolor sit amet,consectetueradipiscing elit.Integerpharetra, felis idvolutpatadipiscing quam lectus82 U.K.-basedanalyst firm Gfk“When asked why usersare loyal to theirsmartphones, 72%cited ease of use andthe ability to quicklynavigate their phonesmenu.”2What users wantChoice of native user experiencePERSONAL WORKSPACEENTERPASSCODETap Divide app iconDouble tap Home buttonto access Divide
  10. 10. 99• Professional-grade email, contacts, calendar and browser• Data-at-rest is protected with AES 256 bitencryption• Data-in-motion leverages existing VPNinvestments• Secure cloud based file storage (optional)• Separate voice and messaging(including future 2-number UC)• Internally developed apps uploaded andassigned via policy – in minutes and withno developer modifications• Divide App security automaticallyprovides data-at-rest AES-256 bitencryption• Divide Extensions provide extraordinaryintegration with 3rd party Apps and Cloud servicesGEARED FOR INNOVATIONLeveraging the App EcosystemSTANDARD DIVIDE APPS THIRD PARTY APPS
  11. 11. 1010What it organizations need for byodDivide Container SecurityData Protection• Device PIN/passcode• Passcode history and complexity• Passcode failure actions• FIPS 140-2 validated encryption• Full and selective device wipe• Wipe on SIM removal/rooted• VPN support• S/MIME supportOTA Self-Service Provisioning• ActiveSync email• VPN configurationContainer Controls• Whitelisting – application push• Blacklisting• Location based services• Data leakage prevention• URL blockingCompliance Management and Reporting• Device hardware• Operating system• Policy compliance• Compromised device status• Voice, Data, and SMS usage reporting
  12. 12. 11Extensible for the future11Company
  13. 13. 12Securing next generation mobilityIBM Endpoint Manager with Divide delivers a comprehensive platform for mobility12Unified tracking andmanagement ofeverything a mobileuser needs includingemployee owneddevices andcorporate providedsmartphones,tablets and laptopsA “single pane-of-glass” to provisionand manage mobiledevices, laptops andthe Divideworkspace in theeasiest waypossible.Directly connectsthe Divideworkspace with ITapps and servicesvia the corporateVPN for complete ITcontrol.The Divideworkspace providesa native userexperience thatusers expect andlove and isextensible to ITvoice and dataservices.Security &ComplianceInventoryTrackingDeviceManagementSecure & ReliableAccess ManagementUserExperienceA fully integratednext generationsolution formobility thatdelivers simplicityand scaleLimited to mobiledevices withseparate facilities totrack corporate andemployee owneddevices with manualconsolidation of dataA “swivel-chair”approach withseparate consoles tomanage mobiledevices and theGood email sandboxbreeds operationalcomplexity andrequires additionaladmin training.No VPN integrationfor personal deviceswith all datatraversing the GoodNOC and on-premise servers,creating issues ofreliability and scale.The Good sandboxdelivers aproprietary “one sizefits all’ userexperience thatusers reject and isemail-centric.An inherentlysiloedapproach tomobility thatinflates costsand complexityA single policymanagement andcompliance platformeliminates securitygaps and simplifiespolicy administrationand enforcementSeparate facilitiesfor policymanagement andcompliance createsoperationaloverhead and erroropportunities
  14. 14. 13The right solution for byod?13A firstgenerationsolutionpurpose-builtfor email syncA nextgenerationsolutionpurpose-builtfor BYODDeviceManagementX✔Manages theDivideworkspaceand integrateswith IBMEndpointManager fordevice MDMDoes notintegrate withdeployedMDMsolutionsSecure“Workspace”✔XProvides asecureworkspacethat preservesthe native iOSand AndroiduserexperienceProvides anemail sandboxwith aproprietaryuser interfaceSecureVPN✔XProvides VPNconnectivitybetween theworkspaceand corporateappsNo VPNintegration -all datatraverses theGood NOCAppChoice✔XApp wrappertechnologyenables theuse of anythird partyapp within theworkspaceThird-partyapps must bemodified andrecompiledusing theGood SDK ($)Avg TCO/User$$$$$$$$$
  15. 15. 14Questions