Enterprise Mobility Roadmap · 2016. 7. 4. · usability improvements for user agent, ... •...

1

Enterprise Mobility Roadmap

Brian Uffelman Dir. Product Management, Enterprise Mobility

SYMANTEC VISION 2014

Disclaimer

“Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.”

Presentation Identifier Goes Here 2


Agenda

3

Upcoming Releases and Priorities

Near-Term Mobile Roadmap

Symantec App Center Solution

Top Mobility Goals

2

3

4

1


Welcome to Vision… Day 4!

4


Ultimate Goal of the Mobility

Address immediate

concerns about

MDM/MAM/BYOD/CY

OD

While providing

Security, Protection,

Control

To increase User and

organization

productivity

9


Customer Jobs in User-Control Era

6

Reconciling conflicting IT and end user desired outcomes

Users

• Choose my device(s) and use them for business and personal

• Gain access to email and network • Provision my own apps • Collaborate with others • Avoid calling help desk

“Help me maximize productivity on any device”

IT

• Configure and secure all endpoints accessing the corporate network

• Protect critical business data • Minimize risk of attack • Reduce cost of ownership

“Help me maximize user productivity and protection”

SYMANTEC VISION 2014 Presentation Identifier Goes Here 7


Enterprise Mobility Management (EMM)

8


Mobile Use Cases

9

Base = 2,317 North American and European information workers who use a smartphone for work

Source: Forrsights Workforce Employee Survey, Q2 2013

“What smartphone/tablet applications do you currently use for work?"

15%

18%

19%

20%

21%

25%

25%

28%

32%

36%

39%

40%

58%

73%

85%

Wikis for internal information sharing

Microblogging (e.g. Twitter)

Web meeting or webconferencing

Team document sharing sites (e.g., SharePoint)

Data dashboard or business intelligence application

Expense tracking and/or approval

Travel planning and status

Employee intranet or company portal

Specific line of business applications (e.g. sales)

Social networks (e.g. LinkedIn, Facebook)

Note taking application

Instant messaging/chat (not SMS/texting)

SMS (texting)

Calendar

Email


Focus on Four Key Customer “Jobs”/Goals

10

Manage Access & Identity

Data Management & Protection

Manage & Protect Any Device

Leverage Mobility to Maximize Productivity


Cloud Applications

Cloud Storage

Private Cloud

Mobile Workforce Productivity Vision – “The What” Information protection across three control points

APPS Core

Apps

Email

Browser

Synch And

Share

App

Protection

AppStore

Apps

Today: ”Mobile Devices”

Tomorrow: ”Convergence”

1

1

NETWORK / USER ACCESS

Mail Inspection App VPN Identity, Info GW

DLP/Enc, PKI.

DEVICE

Control Secure Insight

STOP


Mobile Workforce Productivity Vision

User: ”Joe”

1

2

? What is required to make the vision happen?

Cloud Applications

Cloud Storage

Private Cloud


Mobile Workforce Productivity Vision – “The What” Information protection across three control points

DEVICE

App Center Mobile Security App Insight

APPS

NETWORK / USER ACCESS

Secure App

Proxy (beta)

Portfolio

Integrations

1

3

Secure App

Ecosystem

Productivity

Apps

Secure

Workspace

Coming Soon

Secure Email

Gateway

mPKI

Support

Today: ”Mobile Devices”

Tomorrow: ”Convergence”

Cloud Applications

Cloud Storage

Private Cloud

Coming Soon


What We’ve Accomplished…

18

4.1

• Integrated MDM and MAM Console

4.2

• iOS 7 MDM Support

• MDM Mobile Core Technology Integration

• MPKI Integration

4.3

• Symantec Sealed Launch

• App Proxy (Beta)

• Secure Web Browser

• Bundled Encryption

4.4

• Norton Mobile Security Integration

• Email Proxy

• App Proxy

• Partner API’s

5.0

• Samsung SAFE support

• Windows Phone 8/8.1 support

• Multi-tenancy

• Performance, Scalability & UX enhancements – ACA and platform

1H 2013 Dec 2013 Jan 2014 Apr 2014 Q3CY201

4


Symantec Sealed Program – 72 Partners, 147 Apps!

19

Mail

•Native app

•Symantec Secure Email

•Ikonic Mail+

Calendar

•Symantec Secure Mail

•Readdle Calendars 5

•LookeeLoo Meebles

File sync/share

•Norton Zone

•Box

•Accellion

Secure text/messaging

•TigerText

•Medigram

•Gryphn ArmorText

Document reading/editing

•GoodReader

•Quickoffice

•Polaris Office

Note Taking

•Notes Plus

•NotePad Pro-iTech

•Tapose

Forrester Advisory Day | Confidential: Do Not Distribute


Symantec App Center 4.4 Release

• Email Proxy for access control and compliance

• App Proxy GA for sealed apps and internal enterprise apps

• Mobile Security integration – entitlement and reporting of

Android mobile security with Norton Mobile Security App

• Platform usability and performance – Performance and

usability improvements for user agent, App Center dashboard

• Enhanced platform integration capability – wrapping APIs,

additional app management, tenant creation API (in multi-

tenancy mode)

20


5.0 Release Summary

• MDM - Address SAFE and Windows Phone 8.1 with basic MDM capabilities

• Mobile Security – Standalone product support

• Platform/Server - Performance/scalability, Multi-tenancy and selected UI improvements

• Platform/ACA – UI usability and performance improvements

• MAM - App Management Command APIs; Advanced App Configuration

• Product re-naming and EOL of older products


Upcoming Releases and Key Priorities

22


H3 Deliver on Convergence - Devices, Apps, Data

H1 Broaden Platform Support

Complete Android and Windows 8 integrations

Email Gateways

Enterprise platform capabilities

H2 Accelerate Symantec Technology Integration

Content management with Zone, integrated with Mobile

Integrate device security & App Insight

Differentiated SYMC integrations – DLP, PKI, Identity and Security Gateways

Multi-tenancy and scalability advancements

Deliver and protect corporate apps and content on any endpoint - Mobile, Mac, PC – with single policy

Control point for content inspection and access across cloud services and mobile, integrated with endpoint

Product Priorities - 3 Horizons

PC

23


Longer Term Areas of Investigation – Horizon 2 and 3

24

Focus Area Area of investigation

• Identity and Access • Biometric based authentication to device, app or workspace integrated with corporate AD / Identity

• Eliminates the need for a corporate password

• Data Protection and Productivity enablement

• Enable free flow of data to any environment while maintaining security by embedding data policies at the content level

• Requires ability to tag, track and enforce policy across any app – leverage Encryption and DLP assets

• Intelligence

• Provide the enterprise with a rich set of actionable intelligence allowing them to have complete visibility into usage patterns, risks, etc.

• Leverage Symantec’s rich set of big data assets including Mobile Insight, Norton Mobile Security, Wrapped Apps, etc

• Converging Endpoint Management and Protection

• One solution to manage and protect any endpoint • Federated App Store across any device based on user role

and access


CY2015

5.1 / 5.2 (preliminary)

January 2014

4.3

Norton Mobile Security (NMS) Integration

Email Gateway

Secure App Proxy

Multi-tenancy

Partner API’s

Norton Zone

Q3CY2014

5.0

Samsung SAFE Support

Android MDM Core

Windows Phone 8.1 for MDM/MAM

Performance, Stability and Usability Enhancements – ACA and Platform

External API enhancements

Expanded multi-tenancy support

Short Term Product Roadmap

* Planned but not committed

25

April 2014

4.4

Symantec Sealed Launch

Secure App Proxy (Beta)

Secure Browser

Bundle Encryption

Productivity Apps

Device Mgmt.

Threat Protection

App Protection

Identity

Productivity Apps

Device Mgmt.

Threat Protection

App Protection

Identity

Productivity Apps

Device Mgmt.

Threat Protection

App Protection

Identity

Productivity Apps

Device Mgmt.

Threat Protection

App Protection

Identity

Network Network Network Network

Convergence Convergence Convergence Convergence

DLP Integration*

Identity Gateway Integration*

Expanded Symantec Productivity App Suite*

Mobile Insight*

Cloud Data Security *

VIP integration with ACA*

Private Cloud Offering*

Data Tagging and Monitoring*

Zone for Content Center*

Converged Management and Protection - Mobile, Mac, PC*

= No Capabilities = Below Competition = Parity with Competition = Better than Competition = Sustained Differentiator


Focus on Four Key Customer “Jobs”/Goals

26



Manage & Protect Any Device



Symantec Mobility Roadmap

27



Manage & Protect

Any Device


• Track and Monitor Data Flows

• Data Protection via Integration with Symantec DLP

• Enforce Data Policies

• Data Classification

• Virtualized Content Access

• Data Rights Management

• Cloud Data Policies

• Application Reputation

• Integrated Network Threat Prevention

• Email Security

• Application Management and Protection for Traditional Devices

• Context Aware Application Policy

• Traditional Device Support

• Mobile OS Support Support

• Support for Operational Devices

• Managing Next Gen Connected Devices

• Blacklisting/Whitelisting of Apps based on App Insight

• Managing Attachments

• Integration of One-Time Passwords

• Multi-Account SSO

• Federated Identity

• Certificate management at the device, apps, and workspace with delegate authority

• Simplified Agent Experience

• Symantec Sealed Personas

• Productivity Apps: PIM (Email; Calendar; Contacts)

• Productivity Apps: Secure Browser (Intranet Access)

• Productivity Apps: File Sync & Share

• Productivity Apps: Secure Messaging (SMS)

• Productivity Apps: SharePoint/Network File Share/Cloud Connector

• IT Productivity: Providing Deployment Best-Practice

• IT Productivity: Ensure Business Compliance

• IT Productivity: Simplified Admin Experience


SYMANTEC MOBILITY CENTER: Beyond 5.0+

28


Top Mobile DLP Use Cases

• Monitor and restrict email data flows to and from mobile endpoints (attachments, content, mail flow policies, etc)

• Protect information/data flowing to and from an app on a mobile endpoint

• Monitor on-device data and enforce data sensitivity policies on mobile endpoints (similar to PC/Desktop functionality)

– Monitor/Restrict/Enforce data flow between apps

– Monitor/Restrict/Enforce data from the device to attachments (USB, Datacard, Bluetooth)

• Classify data based on sensitivity or confidentiality

• Enforce Data Confidentiality Policies

29


Internet

Future Vision: End-to-End Data Protection

30

DMZ Cloud Services

Data Policy Controls Encryption IAM DLP Endpoint Management eDiscovery

Data Policy Controls IAM DLP eDiscovery

Gateway

= Next Gen Mobility Agent


Why do I need App Reputation?

• With BYOD, user and corporate data live together – so when apps ask the users for permission to access data it impacts your organization as well.

• Cost to determine if each individual app is safe is prohibitively expensive - Mobile Insight provides a behavior-based malware detection along with risk management approach to screening mobile apps

• Helps enterprise users really understand what the mobile apps are really doing and what Enterprise data they have access to

31


Malware Isn’t The Only Concern

32

Even legitimate apps can…

Read and collect private data from the device

Embed annoying ad libraries to monetize free apps

Drain battery and consume bandwidth, costing money and decreasing device lifespan

Users demand more from mobile security – malware detection is the table stakes


Mobile Insight Statistics

33

Malicious APKs 1,066,611

APKs w/Privacy Leaks

5,751,964

APKs 10,732,318

App titles 3,413,556

APKs w/ Ad Libraries 4,069,030

APKs w/ High Severity Privacy Leaks

1,423,876

1,200,456 Signers (Publishers) Majority of Bad Actors

Russia

China

Stores Crawled Continuously

200+

30 Thousand new apps processed every 24 hours 1 trillion rows of metadata

SYMANTEC VISION 2014 34 Symantec Confidential

How Mobile Insight will work for you

SECURITY Classifies apps as trusted, unknown or malware

PRIVACY Identifies apps that put your Enterprise information at risk

GREYWARE Stops annoyances like Madware and other intrusive behaviors

PERFORMANCE Identifies apps that can excessively drain battery or use large amounts of data

REAL WORLD INFORMATION We run apps to reports on unusual observed, actual behavior

NOISE & FEAR REDUCTION Accurate reporting of the highest potential privacy risks and most intrusive apps

1. App Center

sends request for app

information

2. Mobile Insight

retrieves information about

the app

3. Information is fed back to confirm if the app poses any

threat or annoyances

4. App Center

provides application

details back to admin to make policy decisions


Leveraging Mobile Insight

• Providing necessary intelligence for your enterprise users

• Allowing admins to inspect apps for malware and policy compliance prior to distributing the apps into Enterprise

• Using mobile insight intelligence to blacklist apps with harmful characteristics like ad network, data leakage risks, etc

36


• Near term

– Samsung SAFE and Windows Phone 8.1 BYOD – Enrollment, inventory, Actions (locate, lock, wipe, etc.)

– SAFE delivery/removal of apps

– SAFE & Windows Phone 8.1 Exchange ActiveSync, passcodes, restrictions and WiFi profiles

Device Management for BYOD & Corp End User Devices

37

• Medium term

– Extending ‘services’ cert uses to SAFE, WP8.1 and cert delivery from Microsoft Certificate Authorities

– Extend BYOD MDM settings to

– iOS 8, Android 5.0, Windows Phone 8.2 MDM updates

Enabling personal connectivity to corporate services


Enhancing App Center for Operational Device Management

• Near-term App Center device management handling

– Improve licensing and device targeting to support operational device scenarios

– End-end operational lifecycle designed into App Center

– Multi-user support for App Center enrollment/management

38

• Medium-Long Term - Operational MDM feature improvements

– iOS & Android operational device simplification

• Simplified operational device setup, including Apple Device Enrollment program

• Full OTA profile handling

• Kiosk/Supervised device improvements

– Longer Term

• Extended Android manufacturer APIs

• Windows Phone operational APIs

SYMANTEC VISION 2014 39

TODAY Symantec is viewed as a collection of products and brands, and is known as an AntiVirus company.

FY15 Symantec is the brand of choice and is the information protection authority that instills the confidence to do anything

FY16-19 Symantec is viewed as a thought leader making the world a safer place by delivering innovative, integrated solutions to customers most critical technology and information problems.

Brand Strategy


Seamless Embedded Mobile User Authentication

• Seamless Certificate Management & Usage

– Near term:

• Extending WiFi, VPN and EAS certificate delivery to new platforms

– Medium term:

• Cert lifecycle automation

• Certs for app wrapping connectivity

– Longer term:

• Simplified authentication

40

• Embedded Two Factor User Authentication

– Near term:

• User and Admin portal VIP integration

– Medium term:

• VIP integrated into wrap layer

• Hardware root of trust

• Biometric authentication

• Integrated Access Manager Support

– Near term:

• Wrapped browser access to SAM

• App Center SAML SSO to web apps via SAM

SYMANTEC VISION 2014 Presentation Identifier Goes Here 41

Q&A

SYMANTEC PROPRIETARY/CONFIDENTIAL – INTERNAL USE ONLY Copyright © 2014 Symantec Corporation. All rights reserved.

Thank you!

Presentation Identifier Goes Here 42

• Brian Uffelman

• [email protected]

• 408-420-6250

Date post:	04-Sep-2020
Category:	Documents
Upload:	others
View:	5 times
Download:	0 times

Enterprise Mobility Roadmap · 2016. 7. 4. · usability improvements for user agent, ... •...

Documents