Embracing BYOD Trend Without Compromising
Security, Employee Privacy, or the Mobile Experience!
Shanmugarajah (Shan)
Direc...
Agenda	
  
• Work- New definition
• Enterprise Mobility Challenges
• Different Approaches to Data Security
• BYOD
• WSO2 E...
16 years back	
  
Employees	
  
Enterprise	
  
Data	
  
Device	
   Device	
  
Work	
  
• Happens inside a place
• Dependent on specific Tech...
Now	
  
Thanks to technology	
  
Enterprise	
  
Data	
  
Employees	
  
Device	
  
Data	
   Work	
  
•  Independent of place
• Independent of Technology
• R...
Enterprise Mobility ?	
  
•  New trend towards a shift in work habits.
•  Employees working out of the office with
Mobile devices and cloud services...
Challenges	
  
Allow Mobility in your organization ?	
  
Enterprise	
  
Data	
  
Employees	
  
Device	
  
COPE	
   BYOD	
  
Public Store	
  
•  Data Security
•  Remote Device Management
•  Enterprise Store
•  Enterprise Application Development & Management	
  
Ch...
Data Security	
  
How the data can be compromised ?
Device being lost or stolen
Malicious App stealing the data
Data Leak	...
Enterprise needs some kind of Tool to
solve the enterprise Mobility challenge!
EMM	
  
Data Security - Approach 1	
  
Mobile Device Management	
  
•  Enforce password policy on the device
•  Encrypt data when locked (AES 256 FIPS 140-2)
•  Enterprise Data WIPE & Device...
Vendor
Apps	
  
Enterprise Apps	
  
Apps from Public Store	
  
Apps in the Device	
  
Challenge
1.Need to separate enterpr...
Data Security - Approach 2 - Separate Apps and Data	
  
Within Device	
   Away from Device	
  
Away from Device
• Desktop Virtualization or VDI technology (Citrix XenDesktop,VMWare
Horizon View, Dell vWorkspace, Remot...
Dual persona, two separate and independent end user environments in a single device.	
  
Mobile Virtualization
Virtualized...
Other Dual Persona’s	
  
Blackberry Z10	
  Samsung Note 3	
  
KNOX Container	
  
Not all the devices support dual persona
iOS does not support or Apple will not allow to modify the OS	
  
•  Desktop virt...
Data Security - Approach 3	
  
Mobile App Management	
  
• MAM gets you a step closer to managing
what you care about
• MA...
Mobile App Management (MAM)	
  
1. MAM (Controlling App behavior)
1a. SDK Approach
1b. App wrapping
2. OS MAM - iOS MAM th...
Data security features	
  
1.  Encrypt the data at transmit use app VPN tunnel or app tunnel
2.  Encrypt the data at rest ...
MAM SDK Approach	
  
SDK contains all the necessary API to implement the MAM features
Provides enterprise-grade security w...
MAM - App Wrapping	
  
App Wrapper Tool	
  
•  For apps already built
•  Need unsigned app binary.
•  Not to apps from pub...
MAM Solution (Controlling app behavior)
• Works across all versions of Android and iOS
• Native apps provide a superior us...
•  Remote Device Management (MDM)
•  Enterprise Store
•  Enterprise Application Development & Management
(MEAP, mBaas)	
  ...
Embracing BYOD in Enterprise - Benefits!
•  Cost
•  Device Maintenance
•  Improved Productivity!
User-Experience and Privacy in BYOD!
More than one Enterprise Apps
Every app needs login
Desktop apps have SSO
Why not giv...
WSO2 Enterprise Mobility Manager
WSO2 EMM!
WSO2 EMM Features	
  
•  MDM
•  Enterprise Store with Publisher
•  Mobile App Management	
  
Mobile Device Management	
  
•  Employee / Corporate Owned
•  Supports Android, iOS
•  Identity integration
•  Policy Mana...
Configuration	
  
Android Features	
  
• Device Lock
• User password protected WIPE
• Clear Password
• Send Message
• Wi-F...
iOS Features	
  
• Device Lock
• Clear Passcode
• Wi-Fi
• Camera
• VPN
• APN
• Email
• Calendar
• LDAP
• Black - Listing A...
WSO2 EMM Screens	
  
•  Supports multiple platforms
•  Android
•  Native, Hybrid Application (.apk)
•  Web Application
•  Market Place Applicat...
WSO2 EMM – Publisher	
  
Store	
  	
  
Supports multiple platforms
User subscription
Advanced search options
App sorting
Support for existing user ...
WSO2 EMM – Store	
  
Application Management Console	
  
• Mobile app policy enforcement
• Compliance monitoring
• Bulk app push
• User App Mana...
WSO2 EMM – App Management	
  
Enterprise	
  
Data	
  
COPE	
   BYOD	
  
Public Store	
  
Mobile Project Management	
  
Unified Store
Backend API, mBaaS ...
Roadmap	
  
• App Containerization (SDK Approach)
• Samsung KNOX Integration
• Dynamic Policy
• mBaaS
• MEAP 	
  
Summary	
  
• Different approaches to BYOD problem
• Based on your requirement
Can be MAM , or it can be hybrid (MDM & MAM...
Consumerization is a two-way street.
You need to make sure your users understand
the need to keep resources safe, but you ...
Q/A	
  
Thank you	
  
Upcoming SlideShare
Loading in …5
×

WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Employee Privacy, or the Mobile Experience

417 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
417
On SlideShare
0
From Embeds
0
Number of Embeds
23
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Employee Privacy, or the Mobile Experience

  1. 1. Embracing BYOD Trend Without Compromising Security, Employee Privacy, or the Mobile Experience! Shanmugarajah (Shan) Director Architecture, Enterprise Mobility WSO2 Inc.!
  2. 2. Agenda   • Work- New definition • Enterprise Mobility Challenges • Different Approaches to Data Security • BYOD • WSO2 EMM • Summary  
  3. 3. 16 years back  
  4. 4. Employees   Enterprise   Data   Device   Device   Work   • Happens inside a place • Dependent on specific Technology • Resources Within the premise Owned by enterprise
  5. 5. Now   Thanks to technology  
  6. 6. Enterprise   Data   Employees   Device   Data   Work   •  Independent of place • Independent of Technology • Resources Within the premise and outside Owned by enterprise and employees
  7. 7. Enterprise Mobility ?  
  8. 8. •  New trend towards a shift in work habits. •  Employees working out of the office with Mobile devices and cloud services to perform business tasks.   Enterprise Mobility  
  9. 9. Challenges   Allow Mobility in your organization ?  
  10. 10. Enterprise   Data   Employees   Device   COPE   BYOD   Public Store  
  11. 11. •  Data Security •  Remote Device Management •  Enterprise Store •  Enterprise Application Development & Management   Challenges  
  12. 12. Data Security   How the data can be compromised ? Device being lost or stolen Malicious App stealing the data Data Leak   What is the data ? • Email message or the attachment • Documents like pdf,word,excel,ppt,text • Browser accessing HTML pages,cookies • Contact,Calendar,Notes • Application with Database   Why the data is sensitive ? • It can be highly confidential like quotation value, salary details • It can have a high impact if it goes to the wrong person   Who can compromise ? External Internal  
  13. 13. Enterprise needs some kind of Tool to solve the enterprise Mobility challenge! EMM  
  14. 14. Data Security - Approach 1   Mobile Device Management  
  15. 15. •  Enforce password policy on the device •  Encrypt data when locked (AES 256 FIPS 140-2) •  Enterprise Data WIPE & Device WIPE •  iCloud Backup Disable   How MDM can solve this challenge ?   •  If the password is compromised •  Malware or malicious app stealing data •  MDM has very little control over data sharing and DLP   Data Security - Approach 1 - MDM   Drawbacks  
  16. 16. Vendor Apps   Enterprise Apps   Apps from Public Store   Apps in the Device   Challenge 1.Need to separate enterprise apps and data 2.Able to Control it 3.Limit interaction with personal apps and data.  
  17. 17. Data Security - Approach 2 - Separate Apps and Data   Within Device   Away from Device  
  18. 18. Away from Device • Desktop Virtualization or VDI technology (Citrix XenDesktop,VMWare Horizon View, Dell vWorkspace, Remote Desktop Microsoft. • Web Apps Within Device • Virtualized OS’s on the mobile device (Hypervisor 1 and 2)   Data Security - Approach 2 - Separate Apps and Data  
  19. 19. Dual persona, two separate and independent end user environments in a single device.   Mobile Virtualization Virtualized OS’s on mobile (Hypervisor 1 and 2)   BlackBerry Balance Samsung KNOX  
  20. 20. Other Dual Persona’s   Blackberry Z10  Samsung Note 3   KNOX Container  
  21. 21. Not all the devices support dual persona iOS does not support or Apple will not allow to modify the OS   •  Desktop virtualization •  Web apps •  Mobile virtualization Each one of those options has its flaws.  
  22. 22. Data Security - Approach 3   Mobile App Management   • MAM gets you a step closer to managing what you care about • MAM brings the perimeter closer to the corporate resources  
  23. 23. Mobile App Management (MAM)   1. MAM (Controlling App behavior) 1a. SDK Approach 1b. App wrapping 2. OS MAM - iOS MAM through MDM 3. App Store and Managing apps with MDM  
  24. 24. Data security features   1.  Encrypt the data at transmit use app VPN tunnel or app tunnel 2.  Encrypt the data at rest & decrypt only when viewing 3.  Two factor authentication 4.  Data Loss prevention (Disable Cut,Copy and Paste) 5.  Data at rest should be controlled (Delete) 6.  Policy based Data control , where policy can be pushed and updated   MAM controlling apps behavior   Additional Features 1. Enterprise Apps in the mobile should be able to use SSO 2. Data can be shared between application 3. DLP (cut,copy,paste) should be enabled between enterprise applications  
  25. 25. MAM SDK Approach   SDK contains all the necessary API to implement the MAM features Provides enterprise-grade security with user authentication, single sign on, copy/paste prevention, data encryption, app-level policies, compliance monitoring and management.  
  26. 26. MAM - App Wrapping   App Wrapper Tool   •  For apps already built •  Need unsigned app binary. •  Not to apps from public app stores. •  Can do basics of encryption, authentication, or app-level VPNs. •  Can intercept, block, or spoof API calls made •  Can change the app icon  
  27. 27. MAM Solution (Controlling app behavior) • Works across all versions of Android and iOS • Native apps provide a superior user experience. Remote desktops, web apps, and virtualized mobile devices each have their place in the EMM world, but MAM has distinct advantages.   Data Security - Best Approach  
  28. 28. •  Remote Device Management (MDM) •  Enterprise Store •  Enterprise Application Development & Management (MEAP, mBaas)   Other Challenges in Enterprise  
  29. 29. Embracing BYOD in Enterprise - Benefits! •  Cost •  Device Maintenance •  Improved Productivity!
  30. 30. User-Experience and Privacy in BYOD! More than one Enterprise Apps Every app needs login Desktop apps have SSO Why not give the same experience Native App! Monitor the personal data like contact info, app info Location info of the user   User- Experience   Privacy  
  31. 31. WSO2 Enterprise Mobility Manager WSO2 EMM!
  32. 32. WSO2 EMM Features   •  MDM •  Enterprise Store with Publisher •  Mobile App Management  
  33. 33. Mobile Device Management   •  Employee / Corporate Owned •  Supports Android, iOS •  Identity integration •  Policy Management •  Containerization (Email) •  Self Service Provisioning •  Role Based Permission •  End-User MDM Console •  Enterprise Wipe •  Reports & Analytics  
  34. 34. Configuration   Android Features   • Device Lock • User password protected WIPE • Clear Password • Send Message • Wi-Fi • Camera • Encrypt Storage • Mute • Password Policy • Change Lock Code • App Blacklisting   • Location • Battery Information • Memory Information • Operator Information • Root Detection • Application Information   Information  
  35. 35. iOS Features   • Device Lock • Clear Passcode • Wi-Fi • Camera • VPN • APN • Email • Calendar • LDAP • Black - Listing Apps • Enterprise WIPE • Password Policy   • Battery Information • Memory Information • Application Information   Configuration   Information  
  36. 36. WSO2 EMM Screens  
  37. 37. •  Supports multiple platforms •  Android •  Native, Hybrid Application (.apk) •  Web Application •  Market Place Application (Google Play) [Free] •  iOS (iPhone, iPad) •  Native, Hybrid Application (.ipa) - Need to have enterprise developer account •  Web Application •  Apple Store Application [Free] •  VPP Application (Next Release)   Publisher    
  38. 38. WSO2 EMM – Publisher  
  39. 39. Store     Supports multiple platforms User subscription Advanced search options App sorting Support for existing user stores (Widgets, Gadgets, Books, Magazines , APIs). Single-Sign on  
  40. 40. WSO2 EMM – Store  
  41. 41. Application Management Console   • Mobile app policy enforcement • Compliance monitoring • Bulk app push • User App Management • Tracking app Installation  
  42. 42. WSO2 EMM – App Management  
  43. 43. Enterprise   Data   COPE   BYOD   Public Store   Mobile Project Management   Unified Store Backend API, mBaaS API   Development IDE   MDM  MEAP   Big Picture  
  44. 44. Roadmap   • App Containerization (SDK Approach) • Samsung KNOX Integration • Dynamic Policy • mBaaS • MEAP  
  45. 45. Summary   • Different approaches to BYOD problem • Based on your requirement Can be MAM , or it can be hybrid (MDM & MAM) • End-user experience and their privacy is important  
  46. 46. Consumerization is a two-way street. You need to make sure your users understand the need to keep resources safe, but you also need to make corporate resources accessible.! IT Consumerization  
  47. 47. Q/A  
  48. 48. Thank you  

×