Securing the Mobile enterprise
0 likes320 views
This document discusses IBM Endpoint Manager, a mobile device management solution. It describes the IBM Endpoint Manager architecture, which includes a server, database, console, and relays to manage devices running Android, iOS, and other platforms. It also discusses how IBM Endpoint Manager can be used to manage the Divide dual persona solution, providing secure distribution and management of apps in the Divide workspace container on mobile devices. The document outlines key capabilities of the integrated IBM Endpoint Manager and Divide solution for securely enabling BYOD mobility at scale without additional infrastructure costs.
Securing the Mobile enterprise
- 1. © 2013 IBM Corporation Securing the Mobile Enterprise Jude Lancaster Product Manager Endpoint Manager for Mobile Devices
- 2. 1 1 IBM Endpoint Manager Mobile Device management
- 3. 2 IBM Endpoint Manager Architecture TEM Server DB Console / Web Reports Relay(s) Android devices* Apple iOS devices* Apple Push Notification Servers http / 52311 http / 52311 Management Extender Servers, desktops, laptops* Relay http / 52311 TCP port 2195 to gateway.push.apple.com TCP port 5223 to *.push.apple.com * Managing devices that are not connected to the internal network requires opening the management port to the Internet (HTTP 52311 for Laptops and Android or HTTPS 443 for Apple iOS devices) BigFix Server Blackberry* BES https / 443
- 4. 3 3 • Securely enable and accelerate BYOD mobility • Mobilize every employee with secure connectivity to apps and services • Scale without limits, without infrastructure costs Next generation mobility Mobile meets Cloud Company
- 5. 4 DIVIDE OVERVIEW Company Dual Persona • Native user experience • Secure work container for iOS & Android • Extensible to VPN & UC Business Applications • Common apps for all employees • Third-party apps by employee group • External file storage option Cloud Management • IT control of the container • User self-service • MDM APIs 4
- 6. 5 5 Ibm endpoint manager + divide Complete MDM BYOD Solution Dual Persona Leverages the sophisticated policies and features of IBM MDM and Endpoint Management Management of Divide as a “virtual device” including safe, secure distribution and management of apps + + Immediate solution for BYOD challenges and security concerns for Mobility OS’s Seamless delivery: same Divide App, binding to IBM MDM at time of enrollment Business AppsIBM Endpoint Manager
- 7. 6 Architected for reliability 6 No Enterprise Data traverses the Divide Cloud Management Traffic Control Data Customer Email Server What is stored in the Divide cloud? Device Inventory Email addresses Policy settings DIVIDE MANAGER Customer Site DIVIDE Smart Devices IBM Endpoint Manager Company
- 8. 7 DUAL PERSONA IS FOUNDATIONAL Separate and Secure Dual Personas • Data security • Enterprise apps and services • Easy to manage and control • Native user experience • Choice of device, services • Freedom and privacy 7
- 9. 8 “ Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Integer pharetra, felis id volutpatadipisci ng quam lectus 8 2 U.K.-based analyst firm Gfk “When asked why users are loyal to their smartphones, 72% cited ease of use and the ability to quickly navigate their phone's menu.”2 What users want Choice of native user experience PERSONAL WORKSPACEENTER PASSCODE Tap Divide app icon Double tap Home button to access Divide
- 10. 9 9 • Professional-grade email, contacts, calendar and browser • Data-at-rest is protected with AES 256 bit encryption • Data-in-motion leverages existing VPN investments • Secure cloud based file storage (optional) • Separate voice and messaging (including future 2-number UC) • Internally developed apps uploaded and assigned via policy – in minutes and with no developer modifications • Divide App security automatically provides data-at-rest AES-256 bit encryption • Divide Extensions provide extraordinary integration with 3rd party Apps and Cloud services GEARED FOR INNOVATION Leveraging the App Ecosystem STANDARD DIVIDE APPS THIRD PARTY APPS
- 11. 10 10 What it organizations need for byod Divide Container Security Data Protection • Device PIN/passcode • Passcode history and complexity • Passcode failure actions • FIPS 140-2 validated encryption • Full and selective device wipe • Wipe on SIM removal/rooted • VPN support • S/MIME support OTA Self-Service Provisioning • ActiveSync email • VPN configuration Container Controls • Whitelisting – application push • Blacklisting • Location based services • Data leakage prevention • URL blocking Compliance Management and Reporting • Device hardware • Operating system • Policy compliance • Compromised device status • Voice, Data, and SMS usage reporting
- 12. 11 Extensible for the future 11Company
- 13. 12 Securing next generation mobility IBM Endpoint Manager with Divide delivers a comprehensive platform for mobility 12 Unified tracking and management of everything a mobile user needs including employee owned devices and corporate provided smartphones, tablets and laptops A “single pane-of- glass” to provision and manage mobile devices, laptops and the Divide workspace in the easiest way possible. Directly connects the Divide workspace with IT apps and services via the corporate VPN for complete IT control. The Divide workspace provides a native user experience that users expect and love and is extensible to IT voice and data services. Security & Compliance Inventory Tracking Device Management Secure & Reliable Access Management User Experience A fully integrated next generation solution for mobility that delivers simplicity and scale Limited to mobile devices with separate facilities to track corporate and employee owned devices with manual consolidation of data A “swivel-chair” approach with separate consoles to manage mobile devices and the Good email sandbox breeds operational complexity and requires additional admin training. No VPN integration for personal devices with all data traversing the Good NOC and on- premise servers, creating issues of reliability and scale. The Good sandbox delivers a proprietary “one size fits all’ user experience that users reject and is email-centric. An inherently siloed approach to mobility that inflates costs and complexity A single policy management and compliance platform eliminates security gaps and simplifies policy administration and enforcement Separate facilities for policy management and compliance creates operational overhead and error opportunities
- 14. 13 The right solution for byod? 13 A first generation solution purpose-built for email sync A next generation solution purpose-built for BYOD Device Management X ✔Manages the Divide workspace and integrates with IBM Endpoint Manager for device MDM Does not integrate with deployed MDM solutions Secure “Workspace” ✔ X Provides a secure workspace that preserves the native iOS and Android user experience Provides an email sandbox with a proprietary user interface Secure VPN ✔ X Provides VPN connectivity between the workspace and corporate apps No VPN integration - all data traverses the Good NOC App Choice ✔ X App wrapper technology enables the use of any third party app within the workspace Third-party apps must be modified and recompiled using the Good SDK ($) Avg TCO/ User $$$$ $$$$ $
- 15. 14 Questions