1. Embracing BYOD Trend Without Compromising
Security, Employee Privacy, or the Mobile Experience!
Shanmugarajah (Shan)
Director Architecture, Enterprise Mobility
WSO2 Inc.!

2. Agenda
• Work- New definition
• Enterprise Mobility Challenges
• Different Approaches to Data Security
• BYOD
• WSO2 EMM
• Summary

3. 16 years back

4. Employees
Enterprise
Data
Device
Device
Work
• Happens inside a place
• Dependent on specific Technology
• Resources
Within the premise
Owned by enterprise

5. Now
Thanks to technology

6. Enterprise
Data
Employees
Device
Data
Work
• Independent of place
• Independent of Technology
• Resources
Within the premise and outside
Owned by enterprise and employees

7. Enterprise Mobility ?

8. • New trend towards a shift in work habits.
• Employees working out of the office with
Mobile devices and cloud services to
perform business tasks.
Enterprise Mobility

9. Challenges
Allow Mobility in your organization ?

10. Enterprise
Data
Employees
Device
COPE
BYOD
Public Store

11. • Data Security
• Remote Device Management
• Enterprise Store
• Enterprise Application Development & Management
Challenges

12. Data Security
How the data can be compromised ?
Device being lost or stolen
Malicious App stealing the data
Data Leak
What is the data ?
• Email message or the attachment
• Documents like pdf,word,excel,ppt,text
• Browser accessing HTML pages,cookies
• Contact,Calendar,Notes
• Application with Database
Why the data is sensitive ?
• It can be highly confidential like quotation
value, salary details
• It can have a high impact if it goes to the
wrong person
Who can compromise ?
External
Internal

13. Enterprise needs some kind of Tool to
solve the enterprise Mobility challenge!
EMM

14. Data Security - Approach 1
Mobile Device Management

15. • Enforce password policy on the device
• Encrypt data when locked (AES 256 FIPS 140-2)
• Enterprise Data WIPE & Device WIPE
• iCloud Backup Disable
How MDM can solve this challenge ?
• If the password is compromised
• Malware or malicious app stealing data
• MDM has very little control over data sharing and DLP
Data Security - Approach 1 - MDM
Drawbacks

16. Vendor
Apps
Enterprise Apps
Apps from Public Store
Apps in the Device
Challenge
1.Need to separate enterprise apps
and data
2.Able to Control it
3.Limit interaction with personal
apps and data.

17. Data Security - Approach 2 - Separate Apps and Data
Within Device
Away from Device

18. Away from Device
• Desktop Virtualization or VDI technology (Citrix XenDesktop,VMWare
Horizon View, Dell vWorkspace, Remote Desktop Microsoft.
• Web Apps
Within Device
• Virtualized OS’s on the mobile device (Hypervisor 1 and 2)
Data Security - Approach 2 - Separate Apps and Data

19. Dual persona, two separate and independent end user environments in a single device.
Mobile Virtualization
Virtualized OS’s on mobile (Hypervisor 1 and 2)
BlackBerry Balance
Samsung KNOX

20. Other Dual Persona’s
Blackberry Z10
Samsung Note 3
KNOX Container

21. Not all the devices support dual persona
iOS does not support or Apple will not allow to modify the OS
• Desktop virtualization
• Web apps
• Mobile virtualization
Each one of those options has its flaws.

22. Data Security - Approach 3
Mobile App Management
• MAM gets you a step closer to managing
what you care about
• MAM brings the perimeter closer to the
corporate resources

23. Mobile App Management (MAM)
1. MAM (Controlling App behavior)
1a. SDK Approach
1b. App wrapping
2. OS MAM - iOS MAM through MDM
3. App Store and Managing apps with MDM

24. Data security features
1. Encrypt the data at transmit use app VPN tunnel or app tunnel
2. Encrypt the data at rest & decrypt only when viewing
3. Two factor authentication
4. Data Loss prevention (Disable Cut,Copy and Paste)
5. Data at rest should be controlled (Delete)
6. Policy based Data control , where policy can be pushed and updated
MAM controlling apps behavior
Additional Features
1. Enterprise Apps in the mobile should be able to use SSO
2. Data can be shared between application
3. DLP (cut,copy,paste) should be enabled between enterprise applications

25. MAM SDK Approach
SDK contains all the necessary API to implement the MAM features
Provides enterprise-grade security with user authentication, single sign
on, copy/paste prevention, data encryption, app-level policies, compliance
monitoring and management.

26. MAM - App Wrapping
App Wrapper Tool
• For apps already built
• Need unsigned app binary.
• Not to apps from public app stores.
• Can do basics of encryption, authentication, or app-level VPNs.
• Can intercept, block, or spoof API calls made
• Can change the app icon

27. MAM Solution (Controlling app behavior)
• Works across all versions of Android and iOS
• Native apps provide a superior user experience.
Remote desktops, web apps, and virtualized mobile devices each
have their place in the EMM world, but MAM has distinct
advantages.
Data Security - Best Approach

28. • Remote Device Management (MDM)
• Enterprise Store
• Enterprise Application Development & Management
(MEAP, mBaas)
Other Challenges in Enterprise

29. Embracing BYOD in Enterprise - Benefits!
• Cost
• Device Maintenance
• Improved Productivity!

30. User-Experience and Privacy in BYOD!
More than one Enterprise Apps
Every app needs login
Desktop apps have SSO
Why not give the same experience
Native App!
Monitor the personal data like contact info, app info
Location info of the user
User- Experience
Privacy

31. WSO2 Enterprise Mobility Manager
WSO2 EMM!

32. WSO2 EMM Features
• MDM
• Enterprise Store with Publisher
• Mobile App Management

33. Mobile Device Management
• Employee / Corporate Owned
• Supports Android, iOS
• Identity integration
• Policy Management
• Containerization (Email)
• Self Service Provisioning
• Role Based Permission
• End-User MDM Console
• Enterprise Wipe
• Reports & Analytics

34. Configuration
Android Features
• Device Lock
• User password protected WIPE
• Clear Password
• Send Message
• Wi-Fi
• Camera
• Encrypt Storage
• Mute
• Password Policy
• Change Lock Code
• App Blacklisting
• Location
• Battery Information
• Memory Information
• Operator Information
• Root Detection
• Application Information
Information

35. iOS Features
• Device Lock
• Clear Passcode
• Wi-Fi
• Camera
• VPN
• APN
• Email
• Calendar
• LDAP
• Black - Listing Apps
• Enterprise WIPE
• Password Policy
• Battery Information
• Memory Information
• Application Information
Configuration
Information

36. WSO2 EMM Screens

37. • Supports multiple platforms
• Android
• Native, Hybrid Application (.apk)
• Web Application
• Market Place Application (Google Play) [Free]
• iOS (iPhone, iPad)
• Native, Hybrid Application (.ipa) - Need to have enterprise developer account
• Web Application
• Apple Store Application [Free]
• VPP Application (Next Release)
Publisher

38. WSO2 EMM – Publisher

39. Store
Supports multiple platforms
User subscription
Advanced search options
App sorting
Support for existing user stores (Widgets, Gadgets, Books,
Magazines , APIs).
Single-Sign on

40. WSO2 EMM – Store

41. Application Management Console
• Mobile app policy enforcement
• Compliance monitoring
• Bulk app push
• User App Management
• Tracking app Installation

42. WSO2 EMM – App Management

43. Enterprise
Data
COPE
BYOD
Public Store
Mobile Project Management
Unified Store
Backend API, mBaaS API
Development IDE
MDM
MEAP
Big Picture

44. Roadmap
• App Containerization (SDK Approach)
• Samsung KNOX Integration
• Dynamic Policy
• mBaaS
• MEAP

45. Summary
• Different approaches to BYOD problem
• Based on your requirement
Can be MAM , or it can be hybrid (MDM & MAM)
• End-user experience and their privacy is important

46. Consumerization is a two-way street.
You need to make sure your users understand
the need to keep resources safe, but you also
need to make corporate resources accessible.!
IT Consumerization

47. Q/A

48. Thank you