In 2012, 20% of global employees brought their own mobile devices to work, such as the iPhone, iPad, or Android based devices.
Along with huge IT consumption, Bring Your Own Device (BYOD) is gradually becoming the new norm. Originally thought to be just
a trend concept, BYOD is now changing the way people work with quite an unstoppable momentum. With our own devices, we can
exchange emails, conduct research and follow-up on potential sales opportunities more flexibly, promote information management
over enterprise, flatten user interfaces, increase response times, and enhance decision-making efficiency. However, the openness
of BYOD comes with enormous security and management risks. Therefore, is your enterprise ready for today's BYOD challenges?
1 Overview
BYOD makes an office borderless. Users can simultaneously work and play Web games on the same mobile devices. Personal
and office applications are crossing the boundary in between. For most enterprises, prohibiting the use of BYOD is just not
practical. Majority of today's working staff (especially new entrants) are quite familiar with handling mobile technologies and
have urged for BYOD support from enterprises. This need is forcing enterprises' IT management teams to not only adopts
BYOD technologies but change the way they conduct business and operate in the workplace. At the same time, BYOD brings
various problems and risks where an open and intelligent mobile platform leads to critical issues, including malicious code
embedding, data leakage, mix of both personal and enterprise applications, and multiple platforms with different structures.
IT departments are finding themselves in a rather unsettling position where standards policies and configuration rules of the enterprise
and those of the mobile devices are overlapping. Moreover, it is fairly difficult to graft security and management policies based on
traditional PCs onto mobile devices, especially mobile devices belonging to employees. Enterprises must employ strategies for BYOD,
including policy defining and management, and what mobile device to allow access to company information or levels of clearance.
Intelligent mobile devices function very much like PCs. However, they are completely without protection when accessing
company information through web pages, downloading applications, or sending emails. So far, there are more than 20,000
types of malicious mobile software, 30% of which are Trojan horses, aiming to steal privacy and sensitive data. With the abuse
of the root permission and the development of hack technologies, mobile devices are becoming the new hotbed for security-
related risks. 71% of enterprises consider mobile devices, especially android devices, as a key security hazard.
Migrating enterprise applications to various mobile devices is a nightmare for IT departments. These challenges include: how
to seamlessly and quickly transfer business to a mobile environment, how to avoid the high cost of in-house development,
and how to cope with a highly complex mobile environment.
With the thriving use of mobile applications, enterprises are in short of corresponding management measures. Employees can
download and install whatever application they want, which may reduce system availability, create huge security risks, or even
disable the device.
2 Trend and Challenge
Huawei AnyOffice Mobile Security Solution 2
Mobile devices are mostly of a small size and are prone to loss or theft. 47% of the companies interviewed say that large amounts
of data are stored on mobile devices, including sensitive client information and classified data from emails. The loss of a single mobile
office device not only indicates the potential leaking of confidential business information, but also possibly incurs law violations.
Targeting on the conflict between employee needs and company policy compliance, Huawei provides a balanced solution.
The solution not only enables employees to access their company's intranet at any time, at any location, from any device,
but also ensures strong security protection. Huawei is dedicated to providing an end-to-end mobile security solution and
flexible application launching. Paying high regards to mobile device security, network transmission security, application security,
sensitive data security, and security management, Huawei offers a unique balance between high efficiency and security of
mobile office. Huawei provides a simple platform that supports the migration of all applications with excellent expandability
and low cost to help companies cope with the complex mobilization.
3.1 Architecture and Key Components
Mobile security and management essentially resolve three issues: identity, privacy, and compliance. Focusing on these three key
issues, Huawei provides enterprise clients with the most secure and user-friendly management solution in the industry today.
3 Overview of Huawei AnyOffice Mobile Security Solution
* indicates a feature to be supported by later versions of Huawei AnyOffice Mobile Security Solution.
Terminal
Office-based
Non-Office-based
AnyOffice client
AnyOffice client
Firewall/UTM
AnyOffice security platform
Identity Privacy Compliance
Firewall/UTM MEAP
Device in
terface
Development platform
Supporting platform
Workflow
Business object
Ap
plicatio
nin
terface
Unified policyManagement
Platform*
Mobile SecurityAccess GatewayAnyOffice SVN
EnterpriseWiFi
3G/4G
SSL
LDAP
OA and otherserversPublic Wi-Fi
Access Intranet
Management securityApplication securityData protectionThreat defenseLink securityAccess controlAuthenticationand authorization
DMZ
UI designApplicationintegration
Application distributionIT services
Security managementAsset management
Application compilationApplication release and maintenance
Strong mobile authentication
Mobile NAC* Per App Tunnels Security managementApplication managementAssets managementIT services
DDoSNetwork antivirusNetwork IDS/IPS
Mobile sandboxWeb, email, and DLPAnti-theft
ApplicationControl
Huawei AnyOffice Mobile Security Solution3
3.2 AnyOffice Intelligent Mobile Access Client
AnyOffice is an unified mobile client that connects the user and the network/application. A simple client facilitates
management and maintenance capabilities.
AnyOffice is a secure mobile office platform. It integrates a series of security applications, including security sandbox, security
email client, security browser, and MDM software. This meets universal mobile office requirements and ensures secure,
convenient, and efficient intranet access.
In addition, AnyOffice senses the access mode. With the interworking between the Mobile Security Access Gateway SVN
(SVN has the SSL VPN and Radius Proxy Function) of the company, AnyOffice intelligently changes security policies based
on user location (Intranet or the Internet), offering a sound user experience.
3.3 Whole Lifecycle Mobile Device Management
Huawei MDM can manage the mobile device based on the device’s whole lifecycle. Discover the new asset and
register it. Check the security status of the device during the deployment phase, such as password complexity, jailbreak
status and so on. Ensure the security of corporate data in the operational phase. In the retirement phase, the recycled
device can be re-registered and deleted enterprise’s data. Ensure the security of corporate data in BYOD devices.
3.4 Secure VPN Access
VPN mobile security access gateway SVN2000/5000 series is based on Huawei's high-availability hardware platform and
employs dedicated real-time operating system. The gateway provides industry-leading performance, security, and availability,
provides customers with flexible and controllable E2E link encryption, and ensures VPN access security.
3.5 Carrier-Class Mobile Threat Prevention
At the border of the enterprise network, Huawei carrier-class USG firewalls provide in-depth protection at the network side. The
USG firewalls integrate Symantec's advanced intrusion prevention and anti-virus technologies, employ industry-leading Application
identification technologies, and provide content security capabilities, including Anti-virus, IPS, Anti-DDoS, and content filtering.
3.6 Unified Security Policy Management
Huawei AnyOffice solution implements a unified and highly intuitive security policy management platform simplifying
operations and management (O&M) and substantial IT cost savings. Security policies can vary with users, device types,
locations, and time zones, therefore implementing fine-grained security access control.
Huawei AnyOffice Mobile Security Solution 4
4 Highlights
Compliance
Whole lifecycle device management
Privacy
Comprehensive data security and threat prevention
Identity
Unified networkaccess control
C
P
I
4.1 Identity: Unified Access Control
4.1.1 Environment-Sensitive Network Access Control
AnyOffice can identify any device, user, location, time, and access mode through use of fine-grained access control.
Enterprise IT staff can configure multiple policy templates for one user on the unified policy management platform and
send them to AnyOffice. AnyOffice intelligently senses the network environment and triggers the corresponding security
module. The security module works with SVN to implement precise network access control. From an airport lounge to
the company's branch, users can switch to the internal plaintext by per app tunnels automatically. This whole process is
transparent to users. AnyOffice therefore provides a simple and seamless user access experience.
4.1.2 Unified Security Policy Management
The unified policy management platform ensures that all policies come from the same source, which ensures the security
policy compliance. With AnyOffice, literally, anyone can access a company's intranet using any authorized smart phone or
tablet PC over any network (enterprise wireless network or remote wireless network). Furthermore, AnyOffice intuitive and
user-friendly UI not only enhances work efficiency, but also provides visibility and control into of employee mobile devices.
3.7 Simple Enterprise Mobile Application Launching Platform
Enterprises are having difficulties in transplanting and launching mobile applications. Huawei Mobile Enterprise Application
Platform (MEAP) moves enterprise applications smoothly by providing a more simple and easy integrated development
environment and supporting various application types, such as HTML5, Native, or Hybrid, and realizes multi-platform
launching per one development. This significantly simplifies the development process and tremendously lowers costs.
Huawei AnyOffice Mobile Security Solution5
Data during transmission•
The mobile security access gateway SVN VPN provides per app tunnels, ensuring data privacy and preventing malicious
data sniffing and tampering.
Data on the server•
Mobile devices are vulnerable to theft and loss. Each year, the list of data leaks caused by mobile device loss or theft grows.
AnyOffice, interworking with the management back end, provides functions, including remote lock, remote data wiping,
data backup and restoration, GPS, and auto-alarm, to ensure data security in case of device losses.
4.2.2 Carrier-Class Mobile Threat Prevention on the Network Side
At the border of the enterprise network, Huawei carrier-class USG firewalls provide protection at the network side. •
Prevent threats from the Internet: DDoS attacks, illegitimate access control, hacker intrusion, virus, Trojan horses, and •
malicious mails.
4.2 Privacy: Comprehensive Data Security and Threat Prevention
4.2.1 End-to-End Data Leak Prevention
Data on the device: AnyOffice client creates a secure zone between personal and company affairs all on one mobile device
using sandbox technology. This considerably minimizes the risks associated with data leakage, network viruses, and malicious
intrusions brought by the mix of personal and corporate information, and strikes a balance between employee daily use of
technology and enterprise policies. When a user logs in to the AnyOffice platform, all company data assets, applications, and
services are encrypted and kept in a secure environment away from personal applications. The AnyOffice process functions as
the core of the system, monitoring all running applications. Personal applications cannot access company applications. Data
access, copying, modifying and saving between personal and company applications are blocked. Users/Administrators can also
customize policies to enable or disable applications from being uploaded or downloaded. AnyOffice can also erase temporary
or confidential files upon logoff to prevent data leakage.
Forcible separation
Storage encryption
Behavior monitoring Trace cleaning after logoff
Personal Application
Personal Data
Create Operate Log off
Enterprise Data
Enterprise Application
Mail CRM…OA
Huawei AnyOffice Mobile Security Solution 6
4.3.1 Acquire
Huawei AnyOffice mobile security solution complies with the ITIL Asset Management Standards, supports the discovery,
registration, and password initialization of standard devices and personal devices, and provides the customized templates of
the letter of commitment of mobile device usage.
4.3.2 Deploy
Enterprises must ensure the level of security and standard compliance of mobile devices. Huawei AnyOffice mobile
security solution supports and enforces security policies, configuration and management delivery over a host firewall,
VPN, and WiFi network.
The core of the solution is the secure allocation of mobile applications. Huawei AnyOffice mobile security solution
integrates company App stores and secures allocation, installation, and configuration of applications. Moreover,
companies can use AnyOffice to define policies for whitelisted and blacklisted applications, ensuring that the right person
accesses the right application and data. AnyOffice provides signature authentication. Authorized services cannot be
tampered or uninstalled, which adds extra protection and maintains the application integrity on the mobile device.
4.3.3 Run
Much attention must be paid to the security of data and applications during daily business operations. Huawei
AnyOffice supports password policies, jail breaking detection and isolation, and control over possible data leaking
channel, including the SIM card, SD card, camera, Bluetooth, WIFI, USB, GPS, and recording. Mobile device is
vulnerable to loss. AnyOffice provides key data encryption, remote data backup/recovery/synchronization, and remote
lock and data wiping options. What's more, IT departments can enhance application security by remote upgrading
and patching. On the management back end, IT departments can query and audit the model, operating system, and
Device Lifecycle
Acquire Deploy
Retire Run
Prevent threats between mobile devices at the LAN and the server side: Control over unauthorized access to the intranet •
server, malicious intrusion of employees, and the spread of network viruses, worms and Trojan horses.
Prevent information from being leaked between the mobile office terminal and the Internet•
4.3 Compliance: Lifecycle-Based Mobile Device Management
Huawei AnyOffice Mobile Security Solution7
version of all mobile devices, and export asset audit report.
A company's daily IT workload is a key indicator of a mobile office. Huawei AnyOffice supports the self-service portal where
employees can perform operations, including registration, password resetting, loss report generation, remote locking, data
backup and recovery, and data wiping. This significantly lightens the burden of the IP department. The management back end
also supports more complex management functions, including message push and fault location. In addition, the management
API can be integrated with the existing company's Helpdesk system, enhancing IT service efficiency.
4.3.4 Retire
Upon employee resignation or device loss, to prevent data leakage, the IT department can uninstall the application on the
device, wipe away any remaining data, and finally annul the device. If a company issued device needs to be recycled, the
recycled device can be re-registered, re-bound, and reinstalled with security policies and applications.
5 Mobile Application Security5.1 Security Browser
With more and more enterprise applications emerging, Web-based applications and services for systems, such as meeting
system, attendance system, file query system, and CRM, a unified browser for accessing all applications is becoming the norm.
The secure browser provides key security defense capabilities. First, the security browser is based on the security sandbox
module of AnyOffice. It can separate personal applications from company ones, and limit access to the enterprise application
through browsers. Second, the security browser integrates the per app tunnel function. You do not need to install or enable
other VPN software to access the company intranet. Third, the secure browser supports incognito browsing. Temporary files,
cookies, and histories are deleted upon user logout. In addition, the data saved on the local disk is also encrypted. At last, the
secure browser also supports the blacklist, which helps prevent phishing and malicious software.
5.2 Security Pushmail
Email is the most widely used of all the mobile office applications. The security mail client can receive and send mails using
protocols, including SMTP, POP3, and PMAP4, and can push mails in real time.
Meanwhile, Security Pushmail reduces the data leakage and malicious virus risks brought by mobile mails. It supports
per app tunnel, implementing automatic transmission encryption. Mails are encrypted on the terminal device with
complex algorithms. The key is dynamically obtained and is not saved on the terminal device. In addition, the secure
mail supports comprehensive security policies, including whether to permit the mail forwarding, attachment download
and upload, and attachment online browsing. The IT department can deliver role-specific control policies.
Huawei AnyOffice Mobile Security Solution 8
5.3 Security SDK
The sheer variety of mobile devices and complexity of enterprise application pose enormous difficulties for secure
mobile application development. Huawei AnyOffice solution has powerful security SDK, provides application-level data
encryption interfaces for enterprise self-development mobile applications, supports mainstream operating systems such
as iOS, Android, make the mobile applications more secure.
6 Choosing HuaweiHuawei provides enterprise and industry clients with a leading mobile office security solution. Mobile office involves the
terminal device, lower layer firmware, system software, and applications. It is an integrated ecological chain that requires
the cooperation between the upstream and downstream vendors. Huawei, with great openness, works with OEM vendors,
integrators, and mobile and wireless carriers to realize the unique value of AnyOffice, provide device-based and application-
level security, facilitate enterprise mobile office, and enhance ROI.
With Huawei AnyOffice, you can:
Create a secure zone that separates the enterprise and personal environment, reaching the equilibrium between the •
security and efficiency of mobile office.
Prevent E2E leak of sensitive data that is stored, transmitted, and accessed.•
Employ the industry-leading secure access and unified security policy management platform.•
Implement device-based and application-level security control.•
Manage mobile devices through the whole lifecycle, including the acquisition, deployment, running, and recycling.•
Components
Component Product
Mobile client AnyOffice Agent
Mobile security access gateway AnyOffice SVN2000-M /SVN5000-M Series
Intelligent mobile terminal Huawei MediaPad and Ascend Phone
Unified threat management gateway (UTM) USG 2000/5000
MDM data server MDM business server
Unified policy management platform* AnyOffice Manager
Huawei AnyOffice Mobile Security Solution9
Platforms supported by AnyOffice Agent
Device Platform Version
iPad / iPhone iOS 5.0 or later
Android mobile phone (Huawei, Samsung, or others) Android 4.0 or later
Android tablet (Huawei, Samsung, or others) Android 4.0 or later
* Huawei AnyOffice mobile security solution will support the platform marked with "*" in the in the later version.
Huawei AnyOffice Mobile Security Solution 10
Copyright © Huawei Technologies Co., Ltd. 2014. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademark Notice
, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.
Other trademarks, product, service and company names mentioned are the property of their respective owners.
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Industrial Base
Bantian Longgang
Shenzhen 518129, P.R. China
Tel: +86-755-28780808
Version No.: M3-035026-20141229-C-5.0
www.huawei.com
General Disclaimer
THE INFORMATION IN THIS DOCUMENT MAY CONTAIN PREDICTIVE STATEMENTS
INCLUDING, WITHOUT LIMITATION, STATEMENTS REGARDING THE FUTURE FINANCIAL
AND OPERATING RESULTS, FUTURE PRODUCT PORTFOLIO, NEW TECHNOLOGY, ETC.
THERE ARE A NUMBER OF FACTORS THAT COULD CAUSE ACTUAL RESULTS AND
DEVELOPMENTS TO DIFFER MATERIALLY FROM THOSE EXPRESSED OR IMPLIED IN THE
PREDICTIVE STATEMENTS. THEREFORE, SUCH INFORMATION IS PROVIDED FOR REFERENCE
PURPOSE ONLY AND CONSTITUTES NEITHER AN OFFER NOR AN ACCEPTANCE. HUAWEI
MAY CHANGE THE INFORMATION AT ANY TIME WITHOUT NOTICE.