Stratégies de croissance via la mobilité (ems)
•Download as PPTX, PDF•
0 likes•1,286 views
This document summarizes a presentation about Microsoft's Enterprise Mobility Suite (EMS) for enabling digital transformation through cloud services. The presentation discusses how EMS provides identity and access management, information protection, device and application management to secure access to corporate resources from any device. It also describes Advanced Threat Analytics for detecting threats and anomalous activities. Benefits of EMS include improved productivity, security cost avoidance, reduced infrastructure costs, and improved mobile device management.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (6)
Similar to Stratégies de croissance via la mobilité (ems)
Similar to Stratégies de croissance via la mobilité (ems) (20)
More from IAMCP Canada
More from IAMCP Canada (13)
Recently uploaded
Recently uploaded (20)
Stratégies de croissance via la mobilité (ems)
- 1. Conférence sur la Transformation Numérique par le Cloud The Cloud Digital Transformation Summit Montréal, 16 juin 2016 – Montreal, June 16 2016 Présenté par
- 2. Session 4 STRATÉGIES DE CROISSANCE VIA LA MOBILITÉ (EMS) GROWTH STRATEGY USING ENTERPRISE MOBILITY SUITE (EMS) Jérôme Bousquet Ayman Yassa SSP Mobility TSP Mobility Microsoft Microsoft
- 4. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently work away from their desks.*** of all software will be available on a SaaS delivery by 2020.** 66% 25% 33% *CEB The Future of Corporate ITL: 203-2017. 2013. **Forrester Application Adoption Trends: The Rise Of SaaS ***CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.
- 5. Is it possible to keep up? Employees Business partners Customers Is it possible to stay secure? Apps Devices Data Users Data leaks Lost device Compromised identity Stolen credentials
- 6. Is it possible to keep up? Employees Business partners Customers Microsoft’s vision Access everything from everything Manage and secure productivity Integrate with what you have Apps Devices Data Users
- 7. Enterprise Mobility Suite Access control and data protection integrated natively in the apps, devices, and the cloud SharePoint Online Exchange Online
- 8. Microsoft Azure Active Directory Premium Microsoft Azure Rights Management Premium Advanced Threat Analytics Easily manage identities across on-premises and cloud Single sign-on and self-service for corporate resources Leverage PC management, MDM, and MAM to protect corporate apps and data on almost any device Encryption, identity, and authorization to secure corporate files and email across phones, tablets, and PCs Identify suspicious activities and advanced threats in near real time with simple, actionable reporting Behavior-based threat analytics Information protection Identity and access management Device and app management Microsoft Intune System Center Configuration Manager
- 9. Making it easier to deliver a great brand experience Keeping the selling workforce productive Bringing a new level of efficiency to management
- 10. 243 average days an attacker resides within a victims network 76% network intrusions due to compromised user credentials 90%+ Business use >1 Billion Auths per day 520M User Accounts 86% Fortune 500 AD Foundational Current Investment MUCH integration Transforming Identity
- 11. Single sign-on Self-service experiences Common identity Conditional access SaaS applications Desktop Virtualization Access & information protection Mobile device & application management Hybrid identity
- 12. On-premises applications APPLICATION Per app policy Type of client (Web Rich, mobile) OTHER Location (IP Range) Risk Profile DEVICES Are domain joined Are compliant Platform type (Windows, iOS, Android) USER ATTRIBUTES User identity Group memberships Authentication strength • Allow • Enforce MFA • Block
- 13. Behavioral Analytics Detection for known attacks and issues Advanced Threat Detection An on-premises platform to identify advanced security attacks before they cause damage
- 14. Detect threats fast with Behavioral Analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives Prioritize and plan for next steps No need for creating rules, fine-tuning or monitoring a flood of security reports, the intelligence needed is ready to analyze and self-learning. ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who-what-when-and how” of your enterprise. Alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path. For each suspicious activity or known attack identified, ATA provides recommendations for the investigation and remediation.
- 15. Abnormal Behavior Anomalous logins Remote execution Suspicious activity Security issues and risks Broken trust Weak protocols Known protocol vulnerabilities Malicious attacks Pass-the-Ticket (PtT) Pass-the-Hash (PtH) Overpass-the-Hash Forged PAC (MS14-068) Golden Ticket Skeleton key malware Reconnaissance BruteForce Unknown threats Password sharing Lateral movement
- 16. Desktop Virtualization Access & information protection Mobile device & application management Hybrid identity Consistent user experience Simplified device enrollment and registration Single console to manage devices
- 17. Mobile application management PC managementMobile device management ITUser Microsoft Intune Intune helps organizations provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
- 18. MANAGED MOBILE PRODUCTIVITY Managed apps Personal apps Personal apps Managed apps Corporate data Personal data Multi-identity policy Personal apps Managed apps Copy Paste Save Save to personal storage Paste to personal app Email attachment
- 20. Desktop Virtualization Access & information protection Mobile device & application management Hybrid identity Dynamic Access Control Rights management Secure access to work files
- 21. COMPREHENSIVE SOLUTION Any device/ any platform • Data-level encryption • All file types • LOB app protection Protect Share Track and revoke External user ******* Internal user ******* • Timeline view • Map view • Access and denials
- 22. Security-as-a-service extending visibility and control to cloud apps Comprehensive and proven protection Based on Adallom acquisition Committed to support third-party apps Discovery – Data Control – Threat Protection
- 23. Always up to date • Real-time updates • Keep up with new apps and devices Works with what you have • Support multiple platforms • Use existing investments Simple to set up and connect • Easy, secure connections • Simplified management COMPREHENSIVE SOLUTION
- 24. EMS Benefits Improved end user productivity getting access and logging into SAAS applications Security cost risk avoidance Reduced legacy license and infrastructure costs for enterprise mobility management Reduction in call volume to help desk resulting cost savings Improved mobile device registry and access, reducing work for the business and IT Reduced administrative efforts for IT staff managing mobile devices
- 26. MERCI / THANK YOU N’oubliez pas de compléter votre évaluation et de visiter le stand Vidéo Don’t forget to complete your evaluation and visit the Video booth Conférence sur la Transformation Numérique par le Cloud The Cloud Digital Transformation Summit Présenté par
Editor's Notes
- 1/5 vendre credentials for 1000$ 3 trillions cost loss productivity and loss Perimeter extends to the cloud Sony Target climatisation fournisseurs compte invités piratés (150M$) Mossack Fonseca panama papers update/credentials Qatar bank hier 1.GB data base Gold Corp société canadienne 14.8GB données volées Edouard Snowden social engineering Richard Fadden (Octobre 2014 à mars 2016 : Conseiller à la sécurité nationale auprès des premiers ministres Stephen Harper et Justin Trudeau ) est catégorique: les cyberattaques représentent aujourd'hui une menace tout aussi inquiétante pour le Canada que peut l'être le terrorisme. Or, cette menace est souvent passée sous silence, même si les conséquences néfastes potentielles sont considérables. Il souligne que les coûts des cyberattaques sont imposants: 12 milliards de dollars annuellement au Canada en vol de propriété intellectuelle et plus de 100 milliards aux États-Unis. But, lets start by spending a few minutes on the state of security today. Cybercriminals have evolved – becoming more organized and employing more sophisticated techniques and targeted attacks Enterprise security has failed to keep up – traditional security measures are proving to be largely ineffective, focus on preventing attacks at the perimeter is no longer working, and gaps between disconnected point solutions are being exploited by attackers $400B in annual damages - resulting from cyber attacks, making cybersecurity top of mind for enterprises – it was the CEO of Target who resigned following their announcement that 110 million records, including 40 million credit cards had been breached – security has become a boardroom problem
- There are a couple of mega trends that have been changing the world of work as many of us know it. The place where people work is no longer exclusively the workplace. People work from home, from cafes, from customer sites, on the road, in the air. In fact people can – and do – work from just about anywhere. Even when they’re in the office, people don’t expect to be sitting at their desk in order to be productive. We are in an era where mobility really is the new normal. The cloud-first, mobile-first world is here. People expect to have the ability to work where, when and how they choose. Using the devices they love and the apps they are familiar with. Just look at the story told by some of these stats: 66% of employees use personal devices for work. A large percentage of employees work away from their desk – even when they are in the office. And BYOD is going to mean a new way of working across apps and data.
- http://www.lapresse.ca/actualites/politique/politique-canadienne/201604/17/01-4972310-les-cyberattaques-menace-silencieuse.php Richard Fadden (National security advisor to Stephen Harper and Justin Trudeau) les cyberattaques représentent aujourd'hui une menace tout aussi inquiétante pour le Canada que peut l'être le terrorisme. Or, cette menace est souvent passée sous silence, même si les conséquences néfastes potentielles sont considérables. Il souligne que les coûts des cyberattaques sont imposants: 12 milliards de dollars annuellement au Canada en vol de propriété intellectuelle et plus de 100 milliards aux États-Unis.
- 1b $ investissement par an en securite Biggest antimalware and antivirus service in the world Billions device update for security every day 300 billions authentication every month 200 billions email for antivirus and antispam Windows as a service to update all the time 1b$ device updated per month Built in and not built on security Cyber defense operation center
- EMS is the only enterprise mobility solution designed to help manage and protect users, devices, apps (PC or mobile), and data. EMS helps customers improve their security footprint and plugs gaps that EVERY customer has. Includes: Hybrid identity management enabled by Azure Active Directory Premium and Advanced Threat Analytics. Mobile device management enabled by Microsoft Intune. Data protection enabled by Azure Rights Management. Enabling a modern workforce Managing devices is not enough to enable users to be productive and keep corporate data secure at the same time. A good solution needs to address both identity and access management, device and application management, and protection at the data level. EMS provides this. Microsoft takes a different approach where we believe that access control and data protection should be integrated natively in the apps, devices, and the cloud. With EMS, organizations can manage the access to the corporate data on-premises and in the cloud with conditional access capabilities but also protect the data once it is on the device with 4 layers of protection: identity, device, application, and data. And due to our cloud architecture, we significantly reduced the complexity, and made it very easy to configure. We will discuss this in more detail shortly.
- Microsoft Enterprise Mobility Suite is the only enterprise mobility solution designed to help manage and protect users, devices, apps (PC or mobile), and data. Unify identity: Give users single sign-on and self-service password management for any corporate resource and easily manage identities across on-premises and cloud – Azure Active Directory Premium. Manage and protect corporate apps and data: on virtually any device with Microsoft's mobile device management (MDM) and mobile application management (MAM) solution – Microsoft Intune. Protect data: Stay in control of your corporate data even when it’s shared with others, inside or outside of your organization. Encryption, identity, and authorization policies to secure corporate files and email across phones, tablets, and PCs.
- Many customers have seen success from taking this unified approach to solve a number of different business challenges. Aston Martin: Founded in 1913, Aston Martin sports cars are synonymous with luxury, heritage, and authentic craftsmanship. They were able to build on investments they had already made to manage the laptops and devices of their highly mobile and distributed workforce. They see benefit from managing all devices through a single console: “It’s one more example of how the interoperability of Microsoft products makes our lives easier.” Callaway Golf: Like many companies, Callaway Golf had to cut spending due to the global recession of 2009. Callaway needed a way to keep sales people productive by proactively manage sales computers and mobile devices. Our unified solution allows Callaway to maintain revenue flow by keeping salespeople’s computers running. Mitchells & Butlers: Established in 1898, Mitchells & Butlers runs many of the United Kingdom’s most famous restaurant and pub brands. For them empowering enterprise mobility is about efficiency for their IT staff. By taking a unified approach to management they can remotely manage a total of 20,000 corporate and mobile devices with only two people. So harnessing the power of enterprise mobility can be about cost or time efficiency, about providing a better service or staying at the cutting edge of your industry. Let’s take a deeper look at what Empowering Enterprise Mobility means for your business.
- 1b $ investissement par an en securite Biggest antimalware system in the world Windows as a service to update all the time Billions device update for security every day 300 billions authentication every month Built in and not built on security Cyber defense operation center Security graph with machine learning from all datas we collect
- For companies like Walsh, identity is not a nice to have – it’s at the core of an efficient workforce. To keep their employees as productive as possible, they need to provide a single identity that works across cloud and on-premises assets. With Identity Federation and Single Sign-On Users have one set of login credentials and passwords. And IT is able to more efficiently manage user identity. And when users do forget passwords, they have the ability to reset their own passwords – reducing the burden on IT and making the user more efficient by being able to resolve the issue quickly. Security remains paramount. Users have the ability to bring new devices into the enterprise, but IT can validate that devices connecting to the network are owned and controlled by individuals with the appropriate credentials. MFA helps to provide a layer of protection. Finally, Hybrid Identity provides IT with tools for monitoring suspicious activity on the network such as an employee accessing their expenses account from the San Francisco office at 9am and logging in from Hong Kong 45 minutes later! Identity is the first part of empowering Enterprise Mobility, but once you have your user identity in place, you can focus on making them productive of the devices they use to get their work done.
- Device management has increasingly become about new form factors. Most companies have solid solutions for corporately owned PCs, but mobile devices and non-domain joined PCs have brought new challenges. And it’s not all about BYOD either.
- Now let’s take a closer look at Microsoft Intune and how Intune delivers enterprise mobility management. With Intune, you can provide employees with access to corporate applications, data, and resources from anywhere on almost any device, while helping to keep corporate information secure. With Intune’s Mobile Device Management (MDM) capabilities, you can: Restrict access to Exchange email based upon device enrollment and compliance policies Deploy certificates, WiFi, VPN, and email profiles automatically once a device is enrolled for management Simplify device enrollment in the case of large scale deployments using Apple Configurator or Intune service accounts Provide a self-service Company Portal for users to enroll their own devices and install corporate applications across iOS, Android, Windows and Windows Phone Intune also provides Mobile Application Management (MAM) capabilities, you can: Maximize mobile productivity with Intune-managed Office mobile apps while still protecting corporate data by restricting actions such as copy/cut/paste/save outside of your managed app ecosystem Extend these same management capabilities to your existing line-of-business apps using the Intune App Wrapping Tool Provide secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps for Intune Additionally, you can also manage PCs using Intune: Provide lightweight, agentless management from the cloud or deliver agent-based management Connect Intune to System Center 2012 R2 Configuration Manager to manage all of your devices on-premises and in the cloud, including Macs, Unix/Linux servers, PCs, and mobile devices from a single management console Provide real-time protection against malware threats on managed computers Collect information about hardware configurations and software installed on managed computers Deploy software based on policies set by the administrator
- Let’s quickly see how these 4 layers of protection can help deliver a great and secure email experience with EMS and Outlook. First, EMS ensures that only authorized users are permitted to access corporate email and documents by using security features at the identity layer such as cloud-based authentication and authorization, multi-factor authentication, and advanced security reports that leverage Microsoft Azure machine learning capabilities. At the next layer, EMS is able to manage and enforce device-level settings such encryption and password requirements via mobile device management (MDM). EMS also provides the protection at the application layer with mobile application management (MAM) capabilities that help prevent the leakage of corporate data by restricting actions in Office mobile apps such as cut, copy, paste, and save as. And with the unique multi-identity capabilities, employees can use a single app (such as Outlook) for both personal and corporate use while EMS helps to ensure the corporate data is separated and protected. Finally, EMS goes beyond app-layer protection to help secure highly confidential documents at the file-layer. Using EMS, employees can encrypt virtually any type of a file, set granular permissions, and track usage to ensure that only the right people inside and outside of the organization can access email attachments and documents, wherever the files are located.
- We’ve covered off user identity and mobile device and application management. But perhaps the reason that the two previous topics are so important is because it’s users accessing data on their devices that causes risk to the business. Data getting into the wrong hands can be a costly and embarrassing business. Nobody wants to be Target! But even less spectacular breaches can damage your business or lead to serious consequences, especially in industries with stringent regulation.
- Discovery (context for cloud usage shadow IT automated risk score, ongoing analytics) no agent required Data Control (access data sharing DLP, policy definition, policy enforcement (investigate file user quarantine block transactions) Threat Protection (high risk usage incidents, abnormal user behavior, attack detection) Adallom israel security services broker cloud app security Discover o365breach in 2013 Service secret israeliens découvre une faille dans O365 token hijacking en 2013
- Ajouter le coût standard pour EMS volume D GOV Benefits. The composite organization experienced the following risk-adjusted benefits that represent those experienced by the interviewed companies: • Improved end user productivity getting access and logging into software-as-a-service (SaaS) applications. New business users can get access to SaaS applications 25% more quickly. Changes to existing users’ access were also improved by the same degree. The time it takes to log into applications decreased from 6 seconds to instantaneous because of single sign-on capability. Combined, all of these factors improved end user productivity. • Security cost risk avoidance. Microsoft EMS reduces the risk of an internal or external security incident occurring that would require a costly recovery. These incidents range in their impact, but the security enabled by the authentication and access and information protection provided by Microsoft EMS saves over $390,000 annually. • Reduced legacy license and infrastructure costs for enterprise mobility management. Because Microsoft EMS displaces on-premises mobile device management tools, the organization recovers license and infrastructure costs that would be directed to another provider. • Reduction in call volume to the help desk, resulting in cost savings. The majority of calls to the help desk are for password resets. With Microsoft EMS, calls can be deflected 75% of the time because of user self-service capabilities regarding forgotten passwords. • Improved mobile device registry and access, reducing work for the business and IT. Microsoft EMS provides the ability to register for, enroll in, and manage mobile devices from a self-service portal. This decreases IT and business user costs for registrations. Devices can be registered 40% more quickly. • Reduced administrative efforts for IT staff managing mobile devices. With Microsoft EMS, IT provisions and deprovisions users automatically, reducing their workload. IT employees spend 35% less time building integrations between cloud and on-premises applications because of the pre-integrations within the Microsoft EMS solution