Post on 05-Jul-2018
transcript
8/15/2019 HUAWEI AnyOffice Mobile Security Solution Datasheet
1/12
Huawei AnyOfce Mobile
Security Solution
HUAWEI TECHNOLOGIES CO., LTD.
8/15/2019 HUAWEI AnyOffice Mobile Security Solution Datasheet
2/12
Huawei AnyOfce Mobile
Security Solution
Huawei AnyOfce MobileSecurity Solution1
8/15/2019 HUAWEI AnyOffice Mobile Security Solution Datasheet
3/12
In 2012, 20% of global employees brought their own mobile devices to work, such as the iPhone, iPad, or Android based devices.
Along with huge IT consumption, Bring Your Own Device (BYOD) is gradually becoming the new norm. Originally thought to be just
a trend concept, BYOD is now changing the way people work with quite an unstoppable momentum. With our own devices, we can
exchange emails, conduct research and follow-up on potential sales opportunities more exibly, promote information management
over enterprise, atten user interfaces, increase response times, and enhance decision-making efciency. However, the openness
of BYOD comes with enormous security and management risks. Therefore, is your enterprise ready for today's BYOD challenges?
1 Overview
BYOD makes an ofce borderless. Users can simultaneously work and play Web games on the same mobile devices. Personal
and ofce applications are crossing the boundary in between. For most enterprises, prohibiting the use of BYOD is just not
practical. Majority of today's working staff (especially new entrants) are quite familiar with handling mobile technologies and
have urged for BYOD support from enterprises. This need is forcing enterprises' IT management teams to not only adopts
BYOD technologies but change the way they conduct business and operate in the workplace. At the same time, BYOD brings
various problems and risks where an open and intelligent mobile platform leads to critical issues, including malicious code
embedding, data leakage, mix of both personal and enterprise applications, and multiple platforms with different structures.
IT departments are nding themselves in a rather unsettling position where standards policies and conguration rules of the enterprise
and those of the mobile devices are overlapping. Moreover, it is fairly difcult to graft security and management policies based on
traditional PCs onto mobile devices, especially mobile devices belonging to employees. Enterprises must employ strategies for BYOD,
including policy dening and management, and what mobile device to allow access to company information or levels of clearance.
Intelligent mobile devices function very much like PCs. However, they are completely without protection when accessing
company information through web pages, downloading applications, or sending emails. So far, there are more than 20,000
types of malicious mobile software, 30% of which are Trojan horses, aiming to steal privacy and sensitive data. With the abuse
of the root permission and the development of hack technologies, mobile devices are becoming the new hotbed for security-
related risks. 71% of enterprises consider mobile devices, especially android devices, as a key security hazard.
Migrating enterprise applications to various mobile devices is a nightmare for IT departments. These challenges include: how
to seamlessly and quickly transfer business to a mobile environment, how to avoid the high cost of in-house development,
and how to cope with a highly complex mobile environment.
With the thriving use of mobile applications, enterprises are in short of corresponding management measures. Employees can
download and install whatever application they want, which may reduce system availability, create huge security risks, or even
disable the device.
2 Trend and Challenge
Huawei AnyOfce MobileSecurity Solution 2
8/15/2019 HUAWEI AnyOffice Mobile Security Solution Datasheet
4/12
Mobile devices are mostly of a small size and are prone to loss or theft. 47% of the companies interviewed say that large amounts
of data are stored on mobile devices, including sensitive client information and classied data from emails. The loss of a single mobile
ofce device not only indicates the potential leaking of condential business information, but also possibly incurs law violations.
Targeting on the conict between employee needs and company policy compliance, Huawei provides a balanced solution.
The solution not only enables employees to access their company's intranet at any time, at any location, from any device,
but also ensures strong security protection. Huawei is dedicated to providing an end-to-end mobile security solution and
exible application launching. Paying high regards to mobile device security, network transmission security, application security,
sensitive data security, and security management, Huawei offers a unique balance between high efciency and security of
mobile ofce. Huawei provides a simple platform that supports the migration of all applications with excellent expandability
and low cost to help companies cope with the complex mobilization.
3.1 Architecture and Key Components
Mobile security and management essentially resolve three issues: identity, privacy, and compliance. Focusing on these three key
issues, Huawei provides enterprise clients with the most secure and user-friendly management solution in the industry today.
3 Overview of Huawei AnyOfceMobile Security Solution
* indicates a feature to be supported by later versions of Huawei AnyOfce Mobile Security Solution.
Terminal
Office-based
Non-Office-based
AnyOffice client
AnyOffice client
Firewall/UTM
AnyOffice security platform
Identity Privacy Compliance
Firewall/UTM MEAP
D ev i c ei n
t er f a c e
Development platform
Supporting platform
Workflow
Business object
A p pl i c
a t i on
i n t er f a c e
Unified policyManagement
Platform*
Mobile SecurityAccess GatewayAnyOffice SVN
EnterpriseWiFi
3G/4G
SSL
LDAP
OA and otherserversPublic Wi-Fi
Access Intranet
Management securityApplication securityData protectionThreat defenseLink securityAccess controlAuthentication
and authorization
DMZ
UI designApplicationintegration
ApplicationdistributionIT services
SecuritymanagementAssetmanagement
Application compilationApplication release andmaintenance
Strong mobileauthentication
Mobile NAC* SSL or UDP tunnelencryptionL3/L4 VPN
Security managementApplication managementAssets managementIT services
DDoSNetwork antivirusNetwork IDS/IPS
Mobile sandboxWeb, email, and DLPAnti-theft
ApplicationControl
Huawei AnyOfce MobileSecurity Solution3
8/15/2019 HUAWEI AnyOffice Mobile Security Solution Datasheet
5/12
3.2 AnyOfce Intelligent Mobile Access Client
AnyOfce is the only mobile client that connects the user and the network/application. A simple client facilitates management
and maintenance capabilities.
AnyOfce is a secure mobile ofce platform. In one-agent mode, it integrates a series of security applications, including
security sandbox, security email client, security browser, MDM software, L3VPN client, and virtual desktop. This meets universal
mobile ofce requirements and ensures secure, convenient, and efcient intranet access.
In addition, AnyOfce senses the access mode. With the interworking between the Mobile Security Access Gateway SVN
(SVN has the SSL VPN and Radius Proxy Function) of the company, AnyOfce intelligently changes security policies based
on user location (Intranet or the Internet), offering a sound user experience.
3.3 Whole Lifecycle Mobile Device Management
Huawei MDM can manage the mobile device based on the device’s whole lifecycle. Discover the new asset and
register it. Check the security status of the device during the deployment phase, such as password complexity, jailbreak
status and so on. Ensure the security of corporate data in the operational phase. In the retirement phase, the recycled
device can be re-registered and deleted enterprise’s data. Ensure the security of corporate data in BYOD devices.
3.4 Secure VPN Access
VPN mobile security access gateway SVN2000/5000 series is based on Huawei's high-availability hardware platform and
employs dedicated real-time operating system. The gateway provides industry-leading performance, security, and availability,
provides customers with exible and controllable E2E link encryption, and ensures VPN access security.
3.5 Carrier-Class Mobile Threat Prevention
At the border of the enterprise network, Huawei carrier-class USG rewalls provide in-depth protection at the network side. The
USG rewalls integrate Symantec's advanced intrusion prevention and anti-virus technologies, employ industry-leading Application
identication technologies, and provide content security capabilities, including Anti-virus, IPS, Anti-DDoS, and content ltering.
3.6 Unied Security Policy Management
Huawei AnyOffice solution implements a unified and highly intuitive security policy management platform simplifying
operations and management (O&M) and substantial IT cost savings. Security policies can vary with users, device types,
locations, and time zones, therefore implementing ne-grained security access control.
Huawei AnyOfce MobileSecurity Solution 4
8/15/2019 HUAWEI AnyOffice Mobile Security Solution Datasheet
6/12
4 Highlights
Compliance
Whole lifecycle devicemanagement
Privacy
Comprehensivedata security andthreat prevention
Identity
Unifed network
access control
C
P
I
4.1 Identity: Unied Access Control
4.1.1 Environment-Sensitive Network Access Control
AnyOfce can identify any device, user, location, time, and access mode through use of ne-grained access control.
Enterprise IT staff can congure multiple policy templates for one user on the unied policy management platform and
send them to AnyOfce. AnyOfce intelligently senses the network environment and triggers the corresponding security
module. The security module works with SVN to implement precise network access control. From an airport lounge to
the company's branch, users can from the SVN L4VPN channel switch to the internal plaintext automatically. This whole
process is transparent to users. AnyOfce therefore provides a simple and seamless user access experience.
4.1.2 Unied Security Policy Management
The unied policy management platform ensures that all policies come from the same source, which ensures the security
policy compliance. With AnyOfce, literally, anyone can access a company's intranet using any authorized smart phone or
tablet PC over any network (enterprise wireless network or remote wireless network). Furthermore, AnyOfce intuitive and
user-friendly UI not only enhances work efciency, but also provides visibility and control into of employee mobile devices.
3.7 Simple Enterprise Mobile Application Launching Platform
Enterprises are having difculties in transplanting and launching mobile applications. Huawei Mobile Enterprise Application
Platform (MEAP) moves enterprise applications smoothly by providing a more simple and easy integrated development
environment and supporting various application types, such as HTML5, Native, or Hybrid, and realizes multi-platform
launching per one development. This signicantly simplies the development process and tremendously lowers costs.
Huawei AnyOfce MobileSecurity Solution5
8/15/2019 HUAWEI AnyOffice Mobile Security Solution Datasheet
7/12
• Data during transmission
The mobile security access gateway SVN VPN provides strong Layer-3/Layer-4 encryption, ensuring data privacy and
preventing malicious data snifng and tampering.
• Data on the server
Mobile devices are vulnerable to theft and loss. Each year, the list of data leaks caused by mobile device loss or theft grows.
AnyOfce, interworking with the management back end, provides functions, including remote lock, remote data wiping,
data backup and restoration, GPS, and auto-alarm, to ensure data security in case of device losses.
4.2.2 Carrier-Class Mobile Threat Prevention on the Network Side
• At the border of the enterprise network, Huawei carrier-class USG rewalls provide protection at the network side.
• Prevent threats from the Internet: DDoS attacks, illegitimate access control, hacker intrusion, virus, Trojan horses, and
malicious mails.
4.2 Privacy: Comprehensive Data Security and Threat Prevention
4.2.1 End-to-End Data Leak Prevention
Data on the device: AnyOfce client creates a secure zone between personal and company affairs all on one mobile device
using sandbox technology. This considerably minimizes the risks associated with data leakage, network viruses, and malicious
intrusions brought by the mix of personal and corporate information, and strikes a balance between employee daily use of
technology and enterprise policies. When a user logs in to the AnyOfce platform, all company data assets, applications, and
services are encrypted and kept in a secure environment away from personal applications. The AnyOfce process functions as
the core of the system, monitoring all running applications. Personal applications cannot access company applications. Data
access, copying, modifying and saving between personal and company applications are blocked. Users/Administrators can alsocustomize policies to enable or disable applications from being uploaded or downloaded. AnyOfce can also erase temporary
or condential les upon logoff to prevent data leakage.
Forcible separation
Storage encryption
Behavior monitoring Trace cleaning after logoff
Personal Application
Personal Data
Create Operate Log off
Enterprise Data
Enterprise Application
Mail CRM…OA
Huawei AnyOfce MobileSecurity Solution 6
8/15/2019 HUAWEI AnyOffice Mobile Security Solution Datasheet
8/12
4.3.1 Acquire
Huawei AnyOffice mobile security solution complies with the ITIL Asset Management Standards, supports the discovery,
registration, and password initialization of standard devices and personal devices, and provides the customized templates of
the letter of commitment of mobile device usage.
4.3.2 Deploy
Enterprises must ensure the level of security and standard compliance of mobile devices. Huawei AnyOfce mobile
security solution supports and enforces security policies, conguration and management delivery over a host rewall,
VPN, and WiFi network.
The core of the solution is the secure allocation of mobile applications. Huawei AnyOffice mobile security solution
integrates company App stores and secures allocation, installation, and configuration of applications. Moreover,
companies can use AnyOfce to dene policies for whitelisted and blacklisted applications, ensuring that the right person
accesses the right application and data. AnyOffice provides signature authentication. Authorized services cannot be
tampered or uninstalled, which adds extra protection and maintains the application integrity on the mobile device.
4.3.3 Run
Much attention must be paid to the security of data and applications during daily business operations. Huawei
AnyOfce supports password policies, jail breaking detection and isolation, and control over possible data leaking
channel, including the SIM card, SD card, camera, Bluetooth, WIFI, USB, GPS, and recording. Mobile device is
vulnerable to loss. AnyOfce provides key data encryption, remote data backup/recovery/synchronization, and remote
lock and data wiping options. What's more, IT departments can enhance application security by remote upgrading
and patching. On the management back end, IT departments can query and audit the model, operating system, and
DeviceLifecycle
A c q
u i r e
D e p l o y
R e t i r e R u n
• Prevent threats between mobile devices at the LAN and the server side: Control over unauthorized access to the intranet
server, malicious intrusion of employees, and the spread of network viruses, worms and Trojan horses.
• Prevent information from being leaked between the mobile ofce terminal and the Internet
4.3 Compliance: Lifecycle-Based Mobile Device Management
Huawei AnyOfce MobileSecurity Solution7
8/15/2019 HUAWEI AnyOffice Mobile Security Solution Datasheet
9/12
8/15/2019 HUAWEI AnyOffice Mobile Security Solution Datasheet
10/12
5.3 Security SDK
The sheer variety of mobile devices and complexity of enterprise application pose enormous difculties for secure
mobile application development. Huawei AnyOfce solution has powerful security SDK, provides application-level data
encryption interfaces for enterprise self-development mobile applications, supports mainstream operating systems such
as iOS, Android, make the mobile applications more secure.
6 Choosing HuaweiHuawei provides enterprise and industry clients with a leading mobile office security solution. Mobile office involves the
terminal device, lower layer rmware, system software, and applications. It is an integrated ecological chain that requires
the cooperation between the upstream and downstream vendors. Huawei, with great openness, works with OEM vendors,
integrators, and mobile and wireless carriers to realize the unique value of AnyOfce, provide device-based and application-
level security, facilitate enterprise mobile ofce, and enhance ROI.
With Huawei AnyOfce, you can:
• Create a secure zone that separates the enterprise and personal environment, reaching the equilibrium between the
security and efciency of mobile ofce.
• Prevent E2E leak of sensitive data that is stored, transmitted, and accessed.
• Employ the industry-leading secure access and unied security policy management platform.
• Implement device-based and application-level security control.
• Manage mobile devices through the whole lifecycle, including the acquisition, deployment, running, and recycling.
Components
Component Product
Mobile client AnyOfce Agent
Mobile security access gateway AnyOfce SVN2000-M /SVN5000-M Series
Intelligent mobile terminal Huawei MediaPad and Ascend Phone
Unied threat management gateway (UTM) USG 2000/5000
MDM data server MDM business server
Unied policy management platform* AnyOfce Manager
Huawei AnyOfce MobileSecurity Solution9
8/15/2019 HUAWEI AnyOffice Mobile Security Solution Datasheet
11/12
8/15/2019 HUAWEI AnyOffice Mobile Security Solution Datasheet
12/12
Copyright © Huawei Technologies Co., Ltd. 2014. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademark Notice
, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.
Other trademarks, product, service and company names mentioned are the property of their respective owners.
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Industrial Base
Bantian Longgang
Shenzhen 518129, P.R. China
Tel: +86-755-28780808
Version No.: M3-035026-20140101-C-4.0
www.huawei.com
General Disclaimer
THE INFORMATION IN THIS DOCUMENT MAY CONTAIN PREDICTIVE STATEMENTS
INCLUDING, WITHOUT LIMITATION, STATEMENTS REGARDING THE FUTURE FINANCIAL
AND OPERATING RESULTS, FUTURE PRODUCT PORTFOLIO, NEW TECHNOLOGY, ETC.
THERE ARE A NUMBER OF FACTORS THAT COULD CAUSE ACTUAL RESULTS AND
DEVELOPMENTS TO DIFFER MATERIALLY FROM THOSE EXPRESSED OR IMPLIED IN THE
PREDICTIVE STATEMENTS. THEREFORE, SUCH INFORMATION IS PROVIDED FOR REFERENCE
PURPOSE ONLY AND CONSTITUTES NEITHER AN OFFER NOR AN ACCEPTANCE. HUAWEI
MAY CHANGE THE INFORMATION AT ANY TIME WITHOUT NOTICE.