SlideShare a Scribd company logo

BYOD - it's an identity thing

Download as PPTX, PDF
Paul Madsen
Paul Madsen

An identity-based model for dealing with BYOD

Technology
1 of 41
BYOD- it's an Identity Thing BYOD Paul Madsen (@pmadsen) Senior Technical Architect It's anPing Identity thing 'identity'
A little bit about me
BYOD WHAT'S THE BIG DEAL?
B Y O D R B Y W D R I O N E O N U U V GG R I H C T E S
Context COIT BYOD Social will.i.am keynoting Cloudforce App stores Personal Cloud
[reputable analyst firm] says [X%] of Fortune 500 will confront BYOD by [201Y]
So why allow it?
SHadow IT HAPPENS
Employee productivity as a function of time mobile productivity Traditional 9-5 Sun Mon Tue Wed Thur Fri Sat
Fundamental challenge A single device must support two 'masters'
Err no….
Choices • Mobile Device Management (MDM) applies enterprise policy to the device as a whole – PIN, wipe, VPN etc • Mobile Application Management (MAM) focuses on the business apps ON the device – App store, security added onto binaries either through SDK or 'wrapping'
Granularity
BYOD Balancing Act Standards Security Enablement Privacy
Balancing Act Productivity
Productivity vs time ideal reality 'Now what was my password again??' productivity 'Whoa, I can still login!' 'Well I guess I can play Angry Birds until IT sets me up' hired fired time
GTD Requirements 1. Initial GTD - Quickly get new employees up and running with the applications their role demands 2. Ongoing GTD - Provide employees single sign on experience in day to day work 3. Stop GTD - Reduce/remove permissions when necessary
Balancing Act Privacy
Privacy the right to be let alone— the most comprehen sive of rights and the right Louis Dembitz Brandeis most
Privacy Granularity of IT control
Partioning for privacy 1. Divide the phone in 'half' – one side for business applications & data, another for personal 2. IT's mandate is to manage & secure the apps & data on the business side 3. IT has no mandate (nor, hopefully, desire)
Balancing Act Security
IT'S NOT ABOUT THE DEVICE
It's the data
Protecting the data 1. Ensure that user/app can access only appropriate data – Authorization based on role 2. Protect data in transit – SSL IDM 3. Protect data on device – PIN, Encryption 4. Remove access to data when appropriate MAM – Wipe stored data (or keys) – Revoke access to fresh data MDM
MIM?
MDM – No screen capture MAM – No screen capture when in email app MIM – No screen capture for this document
Balancing Act Standards
Why standards? • Framework implies interplay between – Enterprise IdM – MAM architecture • MAM servers • MAM agent – Applications • On-prem • SaaS
Enterprise Components SaaS SaaS 1 2 MAM Device MAM Browser SaaS1 SaaS2
Standards • SCIM (System for Cross-Domain Identity Management) to provision identities as necessary to MAM and SaaS providers • SAML (Security Assertion Markup Language) to bridge enterprise identity to MAM and SaaS providers • OAuth to authorize MAM agents, and SaaS native apps
Enterprise Components SCIM SaaS SaaS SCIM 1 SAMLMAM O SCIM O A SAML A U SAML O U T A T H U H Device MAMT Browser H SaaS1 SaaS
Bob 'pursuing other ventures' EnterpriseSCIM (delete) SaaS SaaS SCIM (delete) 1 MAM SCIM (delete) W I p e Device MAM Browser SaaS1 SaaS wipe wipe
Bob 'loses phone in cab' EnterpriseSCIM (status=0) SaaS SaaS SCIM (status=0) 1 MAM SCIM (status=0) L O C K = Device Y MAM Browser SaaS1 SaaS
Application Provider Enterprise Application Provider Application Provider Device Native app Native app Native Authz Native app app Native agent Native app app Native app
Wrapping up
R R E DE S a S Business T t T Personal a MAM App App T Policy o k Apps T o e k n e s Identity Identity Corp Identity n Identity s Tokens
Thank you @paulmadsen
Summary 1. Divide device & leave employee personal data alone 2. Provision apps via MAM based on employee identity & roles into employee 'side' 3. Provision tokens to those apps via IdM based on employee identity & roles 4. Apps use tokens on API calls to corresponding Cloud

Recommended

Mobilemonday b2b mobco
Mobilemonday b2b mobcoMobilemonday b2b mobco
Mobilemonday b2b mobcoMobile Monday Brussels
 
2011 VMI DEMO Conference Highlights
2011 VMI DEMO Conference Highlights2011 VMI DEMO Conference Highlights
2011 VMI DEMO Conference HighlightsJulie_Vasquez
 
Penrillian.com - Mobile Money
Penrillian.com - Mobile MoneyPenrillian.com - Mobile Money
Penrillian.com - Mobile MoneyMobileMoney
 
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Novell
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)itforum-roundtable
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15finalMahmoud Moustafa
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
February 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile TestingFebruary 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile TestingLeigh Williamson
 

Recommended

Mobilemonday b2b mobco
Mobilemonday b2b mobcoMobilemonday b2b mobco
Mobilemonday b2b mobcoMobile Monday Brussels
 
2011 VMI DEMO Conference Highlights
2011 VMI DEMO Conference Highlights2011 VMI DEMO Conference Highlights
2011 VMI DEMO Conference HighlightsJulie_Vasquez
 
Penrillian.com - Mobile Money
Penrillian.com - Mobile MoneyPenrillian.com - Mobile Money
Penrillian.com - Mobile MoneyMobileMoney
 
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Novell
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)itforum-roundtable
 
Isc2conferancepremay15final
Isc2conferancepremay15finalIsc2conferancepremay15final
Isc2conferancepremay15finalMahmoud Moustafa
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
February 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile TestingFebruary 2013 IBM/DeviceAnywhere Webcast on Mobile Testing
February 2013 IBM/DeviceAnywhere Webcast on Mobile TestingLeigh Williamson
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloudreshmaroberts
 
Snap n send
Snap n send Snap n send
Snap n send Mohit Jain
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityCSAIsrael
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Mobile Security
Mobile Security Mobile Security
Mobile Security Fresh Digital Group
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCloudIDSummit
 
What an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderWhat an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderNovell
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security IntelligenceIBMGovernmentCA
 
Enterprise Apps Future State
Enterprise Apps Future StateEnterprise Apps Future State
Enterprise Apps Future StateBruce MacVarish
 
ITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITSM Academy, Inc.
 
Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5Michel van den Berg
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsAlex Amies
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloudsallysogeti
 
Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosNextel S.A.
 
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...Lincoln Murphy
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Webinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi TenancyWebinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi TenancyScioSales
 
iScan Online - PCI DSS Mobile Task Force
iScan Online - PCI DSS Mobile Task ForceiScan Online - PCI DSS Mobile Task Force
iScan Online - PCI DSS Mobile Task ForceMAX Risk Intelligence by LOGICnow
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloudreshmaroberts
 
In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...John Mancini
 
Securing Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldSecuring Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldApperian
 

More Related Content

What's hot

When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloudreshmaroberts
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityCSAIsrael
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCloudIDSummit
 
What an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderWhat an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderNovell
 
Enterprise Apps Future State
Enterprise Apps Future StateEnterprise Apps Future State
Enterprise Apps Future StateBruce MacVarish
 
ITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITSM Academy, Inc.
 
Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5Michel van den Berg
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsAlex Amies
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloudsallysogeti
 
Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosNextel S.A.
 
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...Lincoln Murphy
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Webinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi TenancyWebinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi TenancyScioSales
 

What's hot (19)

When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloud
 
Snap n send
Snap n send Snap n send
Snap n send
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud Security
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Mobile Security
Mobile Security Mobile Security
Mobile Security
 
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise SecurityCIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
CIS13: Don't Let Mobile be the Achilles Heel for Your Enterprise Security
 
What an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud ProviderWhat an Enterprise Should Look for in a Cloud Provider
What an Enterprise Should Look for in a Cloud Provider
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Enterprise Apps Future State
Enterprise Apps Future StateEnterprise Apps Future State
Enterprise Apps Future State
 
ITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy Webinar
 
Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5Smart mobility conference presentation mvd b v5
Smart mobility conference presentation mvd b v5
 
IBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational SolutionsIBM SmartCloudEnterprise use of IBM Rational Solutions
IBM SmartCloudEnterprise use of IBM Rational Solutions
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
 
Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizados
 
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
Monetizing Multi-Tenancy in SaaS by Sixteen Ventures. Presented at SaaS Unive...
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
Webinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi TenancyWebinar - Business Implications of SaaS Multi Tenancy
Webinar - Business Implications of SaaS Multi Tenancy
 
iScan Online - PCI DSS Mobile Task Force
iScan Online - PCI DSS Mobile Task ForceiScan Online - PCI DSS Mobile Task Force
iScan Online - PCI DSS Mobile Task Force
 

Similar to BYOD - it's an identity thing

When where why cloud
When where why cloudWhen where why cloud
When where why cloudreshmaroberts
 
In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...John Mancini
 
Securing Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldSecuring Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldApperian
 
2016 IBM Watson IoT Forum
2016 IBM Watson IoT Forum2016 IBM Watson IoT Forum
2016 IBM Watson IoT ForumDeirdre Curran
 
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台Mike Chang
 
Avner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP SeminarAvner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP SeminarAvner Algom
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Arrow ECS UK
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
Avner algom feb 7 2012
Avner algom feb 7 2012Avner algom feb 7 2012
Avner algom feb 7 2012Avner Algom
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identityNordic APIs
 
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2
 
20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentationTim Willoughby
 
Why the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsWhy the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsErnest Mueller
 
Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12Wireless_Analytics
 
Citrix synergy 2012 debrief
Citrix synergy 2012 debriefCitrix synergy 2012 debrief
Citrix synergy 2012 debriefJason Poyner
 
La era de los smart devices mexico
La era de los smart devices mexicoLa era de los smart devices mexico
La era de los smart devices mexicoGeneXus
 

Similar to BYOD - it's an identity thing (20)

When where why cloud
When where why cloudWhen where why cloud
When where why cloud
 
In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...
 
Securing Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD WorldSecuring Mobile Apps: New Approaches for the BYOD World
Securing Mobile Apps: New Approaches for the BYOD World
 
2016 IBM Watson IoT Forum
2016 IBM Watson IoT Forum2016 IBM Watson IoT Forum
2016 IBM Watson IoT Forum
 
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台
 
Avner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP SeminarAvner Algom IGT Opening HP Seminar
Avner Algom IGT Opening HP Seminar
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Avner algom feb 7 2012
Avner algom feb 7 2012Avner algom feb 7 2012
Avner algom feb 7 2012
 
Criticality of identity
Criticality of identityCriticality of identity
Criticality of identity
 
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
WSO2Con Asia 2014 -  Embracing BYOD Trend Without Compromising Security, Emp...
 
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Emplo...
 
20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
Why the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsWhy the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systems
 
Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12Temia Mobile Device Management Webinar 03 21-12
Temia Mobile Device Management Webinar 03 21-12
 
Citrix synergy 2012 debrief
Citrix synergy 2012 debriefCitrix synergy 2012 debrief
Citrix synergy 2012 debrief
 
La era de los smart devices mexico
La era de los smart devices mexicoLa era de los smart devices mexico
La era de los smart devices mexico
 

More from Paul Madsen

Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoTPaul Madsen
 
Native application Single SignOn
Native application Single SignOnNative application Single SignOn
Native application Single SignOnPaul Madsen
 
Madsen byod-csa-02
Madsen byod-csa-02Madsen byod-csa-02
Madsen byod-csa-02Paul Madsen
 
A recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMA recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMPaul Madsen
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01Paul Madsen
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04Paul Madsen
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkPaul Madsen
 
Gluecon oauth-03
Gluecon oauth-03Gluecon oauth-03
Gluecon oauth-03Paul Madsen
 
Proxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAMLProxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAMLPaul Madsen
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01Paul Madsen
 

More from Paul Madsen (12)

Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
 
Native application Single SignOn
Native application Single SignOnNative application Single SignOn
Native application Single SignOn
 
Madsen byod-csa-02
Madsen byod-csa-02Madsen byod-csa-02
Madsen byod-csa-02
 
A recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMA recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdM
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision Framework
 
Gluecon oauth-03
Gluecon oauth-03Gluecon oauth-03
Gluecon oauth-03
 
Proxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAMLProxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAML
 
DIWD Concordia
DIWD ConcordiaDIWD Concordia
DIWD Concordia
 
Oauth 01
Oauth 01Oauth 01
Oauth 01
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Recently uploaded (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

BYOD - it's an identity thing

  • 1. BYOD- it's an Identity Thing BYOD Paul Madsen (@pmadsen) Senior Technical Architect It's anPing Identity thing 'identity'
  • 2. A little bit about me
  • 4.
  • 5. B Y O D R B Y W D R I O N E O N U U V GG R I H C T E S
  • 6. Context COIT BYOD Social will.i.am keynoting Cloudforce App stores Personal Cloud
  • 7. [reputable analyst firm] says [X%] of Fortune 500 will confront BYOD by [201Y]
  • 10. Employee productivity as a function of time mobile productivity Traditional 9-5 Sun Mon Tue Wed Thur Fri Sat
  • 11. Fundamental challenge A single device must support two 'masters'
  • 13. Choices • Mobile Device Management (MDM) applies enterprise policy to the device as a whole – PIN, wipe, VPN etc • Mobile Application Management (MAM) focuses on the business apps ON the device – App store, security added onto binaries either through SDK or 'wrapping'
  • 15. BYOD Balancing Act Standards Security Enablement Privacy
  • 17.
  • 18. Productivity vs time ideal reality 'Now what was my password again??' productivity 'Whoa, I can still login!' 'Well I guess I can play Angry Birds until IT sets me up' hired fired time
  • 19. GTD Requirements 1. Initial GTD - Quickly get new employees up and running with the applications their role demands 2. Ongoing GTD - Provide employees single sign on experience in day to day work 3. Stop GTD - Reduce/remove permissions when necessary
  • 21. Privacy the right to be let alone— the most comprehen sive of rights and the right Louis Dembitz Brandeis most
  • 22. Privacy Granularity of IT control
  • 23. Partioning for privacy 1. Divide the phone in 'half' – one side for business applications & data, another for personal 2. IT's mandate is to manage & secure the apps & data on the business side 3. IT has no mandate (nor, hopefully, desire)
  • 25. IT'S NOT ABOUT THE DEVICE
  • 27. Protecting the data 1. Ensure that user/app can access only appropriate data – Authorization based on role 2. Protect data in transit – SSL IDM 3. Protect data on device – PIN, Encryption 4. Remove access to data when appropriate MAM – Wipe stored data (or keys) – Revoke access to fresh data MDM
  • 28. MIM?
  • 29. MDM – No screen capture MAM – No screen capture when in email app MIM – No screen capture for this document
  • 31. Why standards? • Framework implies interplay between – Enterprise IdM – MAM architecture • MAM servers • MAM agent – Applications • On-prem • SaaS
  • 32. Enterprise Components SaaS SaaS 1 2 MAM Device MAM Browser SaaS1 SaaS2
  • 33. Standards • SCIM (System for Cross-Domain Identity Management) to provision identities as necessary to MAM and SaaS providers • SAML (Security Assertion Markup Language) to bridge enterprise identity to MAM and SaaS providers • OAuth to authorize MAM agents, and SaaS native apps
  • 34. Enterprise Components SCIM SaaS SaaS SCIM 1 SAMLMAM O SCIM O A SAML A U SAML O U T A T H U H Device MAMT Browser H SaaS1 SaaS
  • 35. Bob 'pursuing other ventures' EnterpriseSCIM (delete) SaaS SaaS SCIM (delete) 1 MAM SCIM (delete) W I p e Device MAM Browser SaaS1 SaaS wipe wipe
  • 36. Bob 'loses phone in cab' EnterpriseSCIM (status=0) SaaS SaaS SCIM (status=0) 1 MAM SCIM (status=0) L O C K = Device Y MAM Browser SaaS1 SaaS
  • 37. Application Provider Enterprise Application Provider Application Provider Device Native app Native app Native Authz Native app app Native agent Native app app Native app
  • 39. R R E DE S a S Business T t T Personal a MAM App App T Policy o k Apps T o e k n e s Identity Identity Corp Identity n Identity s Tokens
  • 41. Summary 1. Divide device & leave employee personal data alone 2. Provision apps via MAM based on employee identity & roles into employee 'side' 3. Provision tokens to those apps via IdM based on employee identity & roles 4. Apps use tokens on API calls to corresponding Cloud

Editor's Notes

  1. Managing the device is misguided – CISO do not loose sleep over the loss of devices, but rather ……
  2. Managing the device is misguided – CISO do not loose sleep over the loss of devices, but rather ……