Embracing BYOD Trend Without
Compromising Security, Employee
Privacy, or the Mobile Experience
Shanmugarajah (Shan)
Direct...
Agen
da• Work- New definition
• Enterprise Mobility Challenges
• Different Approaches to Data
Security
• BYOD
• WSO2 EMM
•...
16 years
back
Employ
ees
Enterp
rise
Da
ta
Devi
ce
Devi
ce
Wo
rk• Happens inside a place
• Dependent on specific
Technology
• Resources
...
No
w
Thanks to
technology
Enterp
rise
Data
Employ
Devi
ce
Data Wo
rk• Independent of place
•Independent of Technology
•Resources
Within the premise ...
Enterprise
Mobility ?
• New trend towards a shift in
work habits.
• Employees working out of
the office with Mobile
devices and cloud services
t...
Challen
ges
Allow Mobility in your
organization ?
Enterp
rise
Dat
a
Employ
ees
Devi
ce
CO BY
Public
Store
• Data Security
• Remote Device Management
• Enterprise Store
• Enterprise Application Development
& Management
Challenges
Data Security
How the data can be
compromised ?
Device being lost or
stolen
Malicious App stealing
the data
Data Leak
What...
Enterprise needs some kind
of Tool to solve the
enterprise Mobility challengeEM
M
Data Security -
Approach 1
Mobile Device
Management
• Enforce password policy on the
device
• Encrypt data when locked (AES
256 FIPS 140-2)
• Enterprise Data WIPE & Device
WI...
Vendor
Apps
Enterprise
Apps
Apps from Public
Store
Apps in the
Device Challenge
1.Need to separate
enterprise apps and
dat...
Data Security - Approach 2 -
Separate Apps and Data
Within
Device
Away from
Device
Away from Device
•Desktop Virtualization or VDI technology (Citrix
XenDesktop,VMWare Horizon View, Dell
vWorkspace, Remote...
Dual persona, two separate and independent end user
environments in a single device.
Mobile Virtualization
Virtualized OS’...
Other Dual
Persona’s
Blackberry
Z10
Samsung
Note 3
KNOX
Not all the devices support dual persona
iOS does not support or Apple will not
allow to modify the OS
• Desktop virtualiz...
Data Security -
Approach 3Mobile App
Management
• MAM gets you a step closer
to managing what you care
about
• MAM brings ...
Mobile App
Management (MAM)1. MAM (Controlling App behavior)
1a. SDK Approach
1b. App wrapping
2. OS MAM - iOS MAM through...
Data security
features1.Encrypt the data at transmit use app VPN tunnel
or app tunnel
2.Encrypt the data at rest & decrypt...
MAM SDK
ApproachSDK contains all the necessary API to implement
the MAM features
Provides enterprise-grade security with u...
MAM - App
Wrapping App
Wrapper
Tool
• For apps already built
• Need unsigned app binary.
• Not to apps from public app sto...
MAM Solution (Controlling app behavior)
•Works across all versions of Android and iOS
•Native apps provide a superior user...
• Remote Device Management
(MDM)
• Enterprise Store
• Enterprise Application Development
& Management
(MEAP, mBaas)
Other ...
Embracing BYOD in
Enterprise - Benefits
• Cost
• Device
Maintenance
• Improved
Productivity
User-Experience and
Privacy in BYOD
More than one Enterprise Apps
Every app needs login
Desktop apps have SSO
Why not give...
WSO2 Enterprise Mobility
Manager
WSO2 EMM
WSO2 EMM
WSO2 EMM
Features
• MDM
• Enterprise Store with
Publisher
• Mobile App Management
Mobile Device
Management• Employee / CorporateOwned
• Supports Android, iOS
• Identity integration
• Policy Management
• C...
Configuration
Android
Features
• Device Lock
• User password protectedWIPE
• Clear Password
• Send Message
• Wi-Fi
• Camer...
iOSFeatures
• Device Lock
• Clear Passcode
• Wi-Fi
• Camera
• VPN
• APN
• Email
• Calendar
• LDAP
• Black - ListingApps
• ...
WSO2 EMM
Screens
• Supports multiple platforms
• Android
• Native, Hybrid Application (.apk)
• Web Application
• Market Place Application (...
WSO2 EMM –
Publisher
Store
Supports multiple platforms
User subscription
Advanced search options
App sorting
Support for existing user stores (...
WSO2 EMM
– Store
Application Management
Console
• Mobile app policy
enforcement
• Compliance
monitoring
• Bulk app push
• User App
Manageme...
WSO2 EMM – App
Management
Enterpri
se
Data
CO
PE
BYO
D
Public
Store
Mobile Project
Management
Mobile Project
Management
Unified Store
Backend API,
m...
Roadma
p• App Containerization (SDKApproach)
• Samsung KNOX Integration
• Dynamic Policy
• mBaaS
• MEAP
Summ
ary
• Different approaches to BYOD problem
• Based on your requirement
Can be MAM , or it can be hybrid
(MDM & MAM)
•...
Consumerization is a two-way
street.
You need to make sure your
users understand the need to
keep resources safe, but you
...
Q/
A
Thank
you
Upcoming SlideShare
Loading in …5
×

WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Employee Privacy, or the Mobile Experience

640 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Employee Privacy, or the Mobile Experience

  1. 1. Embracing BYOD Trend Without Compromising Security, Employee Privacy, or the Mobile Experience Shanmugarajah (Shan) Director Architecture, Enterprise Mobility WSO2 Inc.
  2. 2. Agen da• Work- New definition • Enterprise Mobility Challenges • Different Approaches to Data Security • BYOD • WSO2 EMM • Summary
  3. 3. 16 years back
  4. 4. Employ ees Enterp rise Da ta Devi ce Devi ce Wo rk• Happens inside a place • Dependent on specific Technology • Resources Within the premise Owned by enterprise
  5. 5. No w Thanks to technology
  6. 6. Enterp rise Data Employ Devi ce Data Wo rk• Independent of place •Independent of Technology •Resources Within the premise and outside Owned by enterprise and employees
  7. 7. Enterprise Mobility ?
  8. 8. • New trend towards a shift in work habits. • Employees working out of the office with Mobile devices and cloud services to perform business tasks. Enterprise Mobility
  9. 9. Challen ges Allow Mobility in your organization ?
  10. 10. Enterp rise Dat a Employ ees Devi ce CO BY Public Store
  11. 11. • Data Security • Remote Device Management • Enterprise Store • Enterprise Application Development & Management Challenges
  12. 12. Data Security How the data can be compromised ? Device being lost or stolen Malicious App stealing the data Data Leak What is the data ? • Email message or the attachment • Documents like pdf,word,excel,ppt,text • Browser accessing HTML pages,cookies • Contact,Calendar,Notes • Application with Database Why the data is sensitive ? • It can be highly confidential like quotation value, salary details • It can have a high impact if it Who can compromise ? External Internal
  13. 13. Enterprise needs some kind of Tool to solve the enterprise Mobility challengeEM M
  14. 14. Data Security - Approach 1 Mobile Device Management
  15. 15. • Enforce password policy on the device • Encrypt data when locked (AES 256 FIPS 140-2) • Enterprise Data WIPE & Device WIPE • iCloud Backup Disable How MDM can solve this challenge ? • If the password is compromised • Malware or malicious app stealing data Data Security - Approach 1 - MDM Drawba cks
  16. 16. Vendor Apps Enterprise Apps Apps from Public Store Apps in the Device Challenge 1.Need to separate enterprise apps and data 2.Able to Control it 3.Limit interaction with personal apps and data.
  17. 17. Data Security - Approach 2 - Separate Apps and Data Within Device Away from Device
  18. 18. Away from Device •Desktop Virtualization or VDI technology (Citrix XenDesktop,VMWare Horizon View, Dell vWorkspace, Remote Desktop Microsoft. •Web Apps Within Device • Virtualized OS’s on the mobile device Data Security - Approach 2 - Separate Apps and Data
  19. 19. Dual persona, two separate and independent end user environments in a single device. Mobile Virtualization Virtualized OS’s on mobile (Hypervisor 1 and 2) BlackBerry Balance Samsung KNOX
  20. 20. Other Dual Persona’s Blackberry Z10 Samsung Note 3 KNOX
  21. 21. Not all the devices support dual persona iOS does not support or Apple will not allow to modify the OS • Desktop virtualization • Web apps • Mobile virtualization Each one of those options has its flaws.
  22. 22. Data Security - Approach 3Mobile App Management • MAM gets you a step closer to managing what you care about • MAM brings the perimeter closer to the corporate resources
  23. 23. Mobile App Management (MAM)1. MAM (Controlling App behavior) 1a. SDK Approach 1b. App wrapping 2. OS MAM - iOS MAM through MDM 3. App Store and Managing apps with MDM
  24. 24. Data security features1.Encrypt the data at transmit use app VPN tunnel or app tunnel 2.Encrypt the data at rest & decrypt only when viewing 3.Two factor authentication 4.Data Loss prevention (Disable Cut,Copy and Paste) 5.Data at rest should be controlled (Delete) 6.Policy based Data control , where policy can be pushed and updated MAM controlling apps behavior Additional Features 1.Enterprise Apps in the mobile should be able to use SSO 2.Data can be shared between application
  25. 25. MAM SDK ApproachSDK contains all the necessary API to implement the MAM features Provides enterprise-grade security with user authentication, single sign on, copy/paste prevention, data encryption, app-level policies, compliance monitoring and management.
  26. 26. MAM - App Wrapping App Wrapper Tool • For apps already built • Need unsigned app binary. • Not to apps from public app stores. • Can do basics of encryption, authentication, or app-level VPNs. • Can intercept, block, or spoof API calls made
  27. 27. MAM Solution (Controlling app behavior) •Works across all versions of Android and iOS •Native apps provide a superior user experience. Remote desktops, web apps, and virtualized mobile devices each have their place in the EMM world, but MAM has distinct advantages. Data Security - Best Approach
  28. 28. • Remote Device Management (MDM) • Enterprise Store • Enterprise Application Development & Management (MEAP, mBaas) Other Challenges in Enterprise
  29. 29. Embracing BYOD in Enterprise - Benefits • Cost • Device Maintenance • Improved Productivity
  30. 30. User-Experience and Privacy in BYOD More than one Enterprise Apps Every app needs login Desktop apps have SSO Why not give the same experience Native App Monitor the personal data like contact info, app info User- Experience Priva cy
  31. 31. WSO2 Enterprise Mobility Manager WSO2 EMM WSO2 EMM
  32. 32. WSO2 EMM Features • MDM • Enterprise Store with Publisher • Mobile App Management
  33. 33. Mobile Device Management• Employee / CorporateOwned • Supports Android, iOS • Identity integration • Policy Management • Containerization (Email) • Self Service Provisioning • Role Based Permission • End-User MDM Console • Enterprise Wipe • Reports & Analytics
  34. 34. Configuration Android Features • Device Lock • User password protectedWIPE • Clear Password • Send Message • Wi-Fi • Camera • Encrypt Storage • Mute • Password Policy • Change Lock Code • App Blacklisting • Location • BatteryInformation • MemoryInformation • OperatorInformation • Root Detection • ApplicationInformation Informati on
  35. 35. iOSFeatures • Device Lock • Clear Passcode • Wi-Fi • Camera • VPN • APN • Email • Calendar • LDAP • Black - ListingApps • EnterpriseWIPE • PasswordPolicy • BatteryInformation • MemoryInformation • ApplicationInformation Configuration Informati on
  36. 36. WSO2 EMM Screens
  37. 37. • Supports multiple platforms • Android • Native, Hybrid Application (.apk) • Web Application • Market Place Application (Google Play) [Free] • iOS (iPhone, iPad) • Native, Hybrid Application (.ipa) - Need to haveenterprise developer account • Web Application • Apple Store Application [Free] • VPP Application (Next Release) Publisher
  38. 38. WSO2 EMM – Publisher
  39. 39. Store Supports multiple platforms User subscription Advanced search options App sorting Support for existing user stores (Widgets, Gadgets, Books, Magazines , APIs). Single-Sign on
  40. 40. WSO2 EMM – Store
  41. 41. Application Management Console • Mobile app policy enforcement • Compliance monitoring • Bulk app push • User App Management • Tracking app
  42. 42. WSO2 EMM – App Management
  43. 43. Enterpri se Data CO PE BYO D Public Store Mobile Project Management Mobile Project Management Unified Store Backend API, mBaaS API Unified Store Backend API, mBaaS API Development IDE Development IDE MDMMDMME AP Big Picture
  44. 44. Roadma p• App Containerization (SDKApproach) • Samsung KNOX Integration • Dynamic Policy • mBaaS • MEAP
  45. 45. Summ ary • Different approaches to BYOD problem • Based on your requirement Can be MAM , or it can be hybrid (MDM & MAM) • End-user experience and their privacy is important
  46. 46. Consumerization is a two-way street. You need to make sure your users understand the need to keep resources safe, but you also need to make corporate resources accessible. IT Consumeriz ation
  47. 47. Q/ A
  48. 48. Thank you

×