Huawei AnyOffice Mobile

Security Solution

HUAWEI TECHNOLOGIES CO., LTD.

Huawei AnyOffice Mobile

Security Solution

Huawei AnyOffice Mobile Security Solution1

In 2012, 20% of global employees brought their own mobile devices to work, such as the iPhone, iPad, or Android based devices.

Along with huge IT consumption, Bring Your Own Device (BYOD) is gradually becoming the new norm. Originally thought to be just

a trend concept, BYOD is now changing the way people work with quite an unstoppable momentum. With our own devices, we can

exchange emails, conduct research and follow-up on potential sales opportunities more flexibly, promote information management

over enterprise, flatten user interfaces, increase response times, and enhance decision-making efficiency. However, the openness

of BYOD comes with enormous security and management risks. Therefore, is your enterprise ready for today's BYOD challenges?

1 Overview

BYOD makes an office borderless. Users can simultaneously work and play Web games on the same mobile devices. Personal

and office applications are crossing the boundary in between. For most enterprises, prohibiting the use of BYOD is just not

practical. Majority of today's working staff (especially new entrants) are quite familiar with handling mobile technologies and

have urged for BYOD support from enterprises. This need is forcing enterprises' IT management teams to not only adopts

BYOD technologies but change the way they conduct business and operate in the workplace. At the same time, BYOD brings

various problems and risks where an open and intelligent mobile platform leads to critical issues, including malicious code

embedding, data leakage, mix of both personal and enterprise applications, and multiple platforms with different structures.

IT departments are finding themselves in a rather unsettling position where standards policies and configuration rules of the enterprise

and those of the mobile devices are overlapping. Moreover, it is fairly difficult to graft security and management policies based on

traditional PCs onto mobile devices, especially mobile devices belonging to employees. Enterprises must employ strategies for BYOD,

including policy defining and management, and what mobile device to allow access to company information or levels of clearance.

Intelligent mobile devices function very much like PCs. However, they are completely without protection when accessing

company information through web pages, downloading applications, or sending emails. So far, there are more than 20,000

types of malicious mobile software, 30% of which are Trojan horses, aiming to steal privacy and sensitive data. With the abuse

of the root permission and the development of hack technologies, mobile devices are becoming the new hotbed for security-

related risks. 71% of enterprises consider mobile devices, especially android devices, as a key security hazard.

Migrating enterprise applications to various mobile devices is a nightmare for IT departments. These challenges include: how

to seamlessly and quickly transfer business to a mobile environment, how to avoid the high cost of in-house development,

and how to cope with a highly complex mobile environment.

With the thriving use of mobile applications, enterprises are in short of corresponding management measures. Employees can

download and install whatever application they want, which may reduce system availability, create huge security risks, or even

disable the device.

2 Trend and Challenge

Huawei AnyOffice Mobile Security Solution 2

Mobile devices are mostly of a small size and are prone to loss or theft. 47% of the companies interviewed say that large amounts

of data are stored on mobile devices, including sensitive client information and classified data from emails. The loss of a single mobile

office device not only indicates the potential leaking of confidential business information, but also possibly incurs law violations.

Targeting on the conflict between employee needs and company policy compliance, Huawei provides a balanced solution.

The solution not only enables employees to access their company's intranet at any time, at any location, from any device,

but also ensures strong security protection. Huawei is dedicated to providing an end-to-end mobile security solution and

flexible application launching. Paying high regards to mobile device security, network transmission security, application security,

sensitive data security, and security management, Huawei offers a unique balance between high efficiency and security of

mobile office. Huawei provides a simple platform that supports the migration of all applications with excellent expandability

and low cost to help companies cope with the complex mobilization.

3.1 Architecture and Key Components

Mobile security and management essentially resolve three issues: identity, privacy, and compliance. Focusing on these three key

issues, Huawei provides enterprise clients with the most secure and user-friendly management solution in the industry today.

3 Overview of Huawei AnyOffice Mobile Security Solution

* indicates a feature to be supported by later versions of Huawei AnyOffice Mobile Security Solution.

Terminal

Office-based

Non-Office-based

AnyOffice client

AnyOffice client

Firewall/UTM

AnyOffice security platform

Identity Privacy Compliance

Firewall/UTM MEAP

Device in

terface

Development platform

Supporting platform

Workflow

Business object

Ap

plicatio

nin

terface

Unified policyManagement

Platform*

Mobile SecurityAccess GatewayAnyOffice SVN

EnterpriseWiFi

3G/4G

SSL

LDAP

Email

OA and otherserversPublic Wi-Fi

Access Intranet

Management securityApplication securityData protectionThreat defenseLink securityAccess controlAuthenticationand authorization

DMZ

UI designApplicationintegration

Application distributionIT services

Security managementAsset management

Application compilationApplication release and maintenance

Strong mobile authentication

Mobile NAC* Per App Tunnels Security managementApplication managementAssets managementIT services

DDoSNetwork antivirusNetwork IDS/IPS

Mobile sandboxWeb, email, and DLPAnti-theft

ApplicationControl

Huawei AnyOffice Mobile Security Solution3

3.2 AnyOffice Intelligent Mobile Access Client

AnyOffice is an unified mobile client that connects the user and the network/application. A simple client facilitates

management and maintenance capabilities.

AnyOffice is a secure mobile office platform. It integrates a series of security applications, including security sandbox, security

email client, security browser, and MDM software. This meets universal mobile office requirements and ensures secure,

convenient, and efficient intranet access.

In addition, AnyOffice senses the access mode. With the interworking between the Mobile Security Access Gateway SVN

(SVN has the SSL VPN and Radius Proxy Function) of the company, AnyOffice intelligently changes security policies based

on user location (Intranet or the Internet), offering a sound user experience.

3.3 Whole Lifecycle Mobile Device Management

Huawei MDM can manage the mobile device based on the device’s whole lifecycle. Discover the new asset and

register it. Check the security status of the device during the deployment phase, such as password complexity, jailbreak

status and so on. Ensure the security of corporate data in the operational phase. In the retirement phase, the recycled

device can be re-registered and deleted enterprise’s data. Ensure the security of corporate data in BYOD devices.

3.4 Secure VPN Access

VPN mobile security access gateway SVN2000/5000 series is based on Huawei's high-availability hardware platform and

employs dedicated real-time operating system. The gateway provides industry-leading performance, security, and availability,

provides customers with flexible and controllable E2E link encryption, and ensures VPN access security.

3.5 Carrier-Class Mobile Threat Prevention

At the border of the enterprise network, Huawei carrier-class USG firewalls provide in-depth protection at the network side. The

USG firewalls integrate Symantec's advanced intrusion prevention and anti-virus technologies, employ industry-leading Application

identification technologies, and provide content security capabilities, including Anti-virus, IPS, Anti-DDoS, and content filtering.

3.6 Unified Security Policy Management

Huawei AnyOffice solution implements a unified and highly intuitive security policy management platform simplifying

operations and management (O&M) and substantial IT cost savings. Security policies can vary with users, device types,

locations, and time zones, therefore implementing fine-grained security access control.

Huawei AnyOffice Mobile Security Solution 4

4 Highlights

Compliance

Whole lifecycle device management

Privacy

Comprehensive data security and threat prevention

Identity

Unified networkaccess control

C

P

I

4.1 Identity: Unified Access Control

4.1.1 Environment-Sensitive Network Access Control

AnyOffice can identify any device, user, location, time, and access mode through use of fine-grained access control.

Enterprise IT staff can configure multiple policy templates for one user on the unified policy management platform and

send them to AnyOffice. AnyOffice intelligently senses the network environment and triggers the corresponding security

module. The security module works with SVN to implement precise network access control. From an airport lounge to

the company's branch, users can switch to the internal plaintext by per app tunnels automatically. This whole process is

transparent to users. AnyOffice therefore provides a simple and seamless user access experience.

4.1.2 Unified Security Policy Management

The unified policy management platform ensures that all policies come from the same source, which ensures the security

policy compliance. With AnyOffice, literally, anyone can access a company's intranet using any authorized smart phone or

tablet PC over any network (enterprise wireless network or remote wireless network). Furthermore, AnyOffice intuitive and

user-friendly UI not only enhances work efficiency, but also provides visibility and control into of employee mobile devices.

3.7 Simple Enterprise Mobile Application Launching Platform

Enterprises are having difficulties in transplanting and launching mobile applications. Huawei Mobile Enterprise Application

Platform (MEAP) moves enterprise applications smoothly by providing a more simple and easy integrated development

environment and supporting various application types, such as HTML5, Native, or Hybrid, and realizes multi-platform

launching per one development. This significantly simplifies the development process and tremendously lowers costs.

Huawei AnyOffice Mobile Security Solution5

Data during transmission•

The mobile security access gateway SVN VPN provides per app tunnels, ensuring data privacy and preventing malicious

data sniffing and tampering.

Data on the server•

Mobile devices are vulnerable to theft and loss. Each year, the list of data leaks caused by mobile device loss or theft grows.

AnyOffice, interworking with the management back end, provides functions, including remote lock, remote data wiping,

data backup and restoration, GPS, and auto-alarm, to ensure data security in case of device losses.

4.2.2 Carrier-Class Mobile Threat Prevention on the Network Side

At the border of the enterprise network, Huawei carrier-class USG firewalls provide protection at the network side. •

Prevent threats from the Internet: DDoS attacks, illegitimate access control, hacker intrusion, virus, Trojan horses, and •

malicious mails.

4.2 Privacy: Comprehensive Data Security and Threat Prevention

4.2.1 End-to-End Data Leak Prevention

Data on the device: AnyOffice client creates a secure zone between personal and company affairs all on one mobile device

using sandbox technology. This considerably minimizes the risks associated with data leakage, network viruses, and malicious

intrusions brought by the mix of personal and corporate information, and strikes a balance between employee daily use of

technology and enterprise policies. When a user logs in to the AnyOffice platform, all company data assets, applications, and

services are encrypted and kept in a secure environment away from personal applications. The AnyOffice process functions as

the core of the system, monitoring all running applications. Personal applications cannot access company applications. Data

access, copying, modifying and saving between personal and company applications are blocked. Users/Administrators can also

customize policies to enable or disable applications from being uploaded or downloaded. AnyOffice can also erase temporary

or confidential files upon logoff to prevent data leakage.

Forcible separation

Storage encryption

Behavior monitoring Trace cleaning after logoff

Personal Application

Personal Data

Create Operate Log off

Enterprise Data

Enterprise Application

Mail CRM…OA

Huawei AnyOffice Mobile Security Solution 6

4.3.1 Acquire

Huawei AnyOffice mobile security solution complies with the ITIL Asset Management Standards, supports the discovery,

registration, and password initialization of standard devices and personal devices, and provides the customized templates of

the letter of commitment of mobile device usage.

4.3.2 Deploy

Enterprises must ensure the level of security and standard compliance of mobile devices. Huawei AnyOffice mobile

security solution supports and enforces security policies, configuration and management delivery over a host firewall,

VPN, and WiFi network.

The core of the solution is the secure allocation of mobile applications. Huawei AnyOffice mobile security solution

integrates company App stores and secures allocation, installation, and configuration of applications. Moreover,

companies can use AnyOffice to define policies for whitelisted and blacklisted applications, ensuring that the right person

accesses the right application and data. AnyOffice provides signature authentication. Authorized services cannot be

tampered or uninstalled, which adds extra protection and maintains the application integrity on the mobile device.

4.3.3 Run

Much attention must be paid to the security of data and applications during daily business operations. Huawei

AnyOffice supports password policies, jail breaking detection and isolation, and control over possible data leaking

channel, including the SIM card, SD card, camera, Bluetooth, WIFI, USB, GPS, and recording. Mobile device is

vulnerable to loss. AnyOffice provides key data encryption, remote data backup/recovery/synchronization, and remote

lock and data wiping options. What's more, IT departments can enhance application security by remote upgrading

and patching. On the management back end, IT departments can query and audit the model, operating system, and

Device Lifecycle

Acquire Deploy

Retire Run

Prevent threats between mobile devices at the LAN and the server side: Control over unauthorized access to the intranet •

server, malicious intrusion of employees, and the spread of network viruses, worms and Trojan horses.

Prevent information from being leaked between the mobile office terminal and the Internet•

4.3 Compliance: Lifecycle-Based Mobile Device Management

Huawei AnyOffice Mobile Security Solution7

version of all mobile devices, and export asset audit report.

A company's daily IT workload is a key indicator of a mobile office. Huawei AnyOffice supports the self-service portal where

employees can perform operations, including registration, password resetting, loss report generation, remote locking, data

backup and recovery, and data wiping. This significantly lightens the burden of the IP department. The management back end

also supports more complex management functions, including message push and fault location. In addition, the management

API can be integrated with the existing company's Helpdesk system, enhancing IT service efficiency.

4.3.4 Retire

Upon employee resignation or device loss, to prevent data leakage, the IT department can uninstall the application on the

device, wipe away any remaining data, and finally annul the device. If a company issued device needs to be recycled, the

recycled device can be re-registered, re-bound, and reinstalled with security policies and applications.

5 Mobile Application Security5.1 Security Browser

With more and more enterprise applications emerging, Web-based applications and services for systems, such as meeting

system, attendance system, file query system, and CRM, a unified browser for accessing all applications is becoming the norm.

The secure browser provides key security defense capabilities. First, the security browser is based on the security sandbox

module of AnyOffice. It can separate personal applications from company ones, and limit access to the enterprise application

through browsers. Second, the security browser integrates the per app tunnel function. You do not need to install or enable

other VPN software to access the company intranet. Third, the secure browser supports incognito browsing. Temporary files,

cookies, and histories are deleted upon user logout. In addition, the data saved on the local disk is also encrypted. At last, the

secure browser also supports the blacklist, which helps prevent phishing and malicious software.

5.2 Security Pushmail

Email is the most widely used of all the mobile office applications. The security mail client can receive and send mails using

protocols, including SMTP, POP3, and PMAP4, and can push mails in real time.

Meanwhile, Security Pushmail reduces the data leakage and malicious virus risks brought by mobile mails. It supports

per app tunnel, implementing automatic transmission encryption. Mails are encrypted on the terminal device with

complex algorithms. The key is dynamically obtained and is not saved on the terminal device. In addition, the secure

mail supports comprehensive security policies, including whether to permit the mail forwarding, attachment download

and upload, and attachment online browsing. The IT department can deliver role-specific control policies.

Huawei AnyOffice Mobile Security Solution 8

5.3 Security SDK

The sheer variety of mobile devices and complexity of enterprise application pose enormous difficulties for secure

mobile application development. Huawei AnyOffice solution has powerful security SDK, provides application-level data

encryption interfaces for enterprise self-development mobile applications, supports mainstream operating systems such

as iOS, Android, make the mobile applications more secure.

6 Choosing HuaweiHuawei provides enterprise and industry clients with a leading mobile office security solution. Mobile office involves the

terminal device, lower layer firmware, system software, and applications. It is an integrated ecological chain that requires

the cooperation between the upstream and downstream vendors. Huawei, with great openness, works with OEM vendors,

integrators, and mobile and wireless carriers to realize the unique value of AnyOffice, provide device-based and application-

level security, facilitate enterprise mobile office, and enhance ROI.

With Huawei AnyOffice, you can:

Create a secure zone that separates the enterprise and personal environment, reaching the equilibrium between the •

security and efficiency of mobile office.

Prevent E2E leak of sensitive data that is stored, transmitted, and accessed.•

Employ the industry-leading secure access and unified security policy management platform.•

Implement device-based and application-level security control.•

Manage mobile devices through the whole lifecycle, including the acquisition, deployment, running, and recycling.•

Components

Component Product

Mobile client AnyOffice Agent

Mobile security access gateway AnyOffice SVN2000-M /SVN5000-M Series

Intelligent mobile terminal Huawei MediaPad and Ascend Phone

Unified threat management gateway (UTM) USG 2000/5000

MDM data server MDM business server

Unified policy management platform* AnyOffice Manager

Huawei AnyOffice Mobile Security Solution9

Platforms supported by AnyOffice Agent

Device Platform Version

iPad / iPhone iOS 5.0 or later

Android mobile phone (Huawei, Samsung, or others) Android 4.0 or later

Android tablet (Huawei, Samsung, or others) Android 4.0 or later

* Huawei AnyOffice mobile security solution will support the platform marked with "*" in the in the later version.

Huawei AnyOffice Mobile Security Solution 10

Copyright © Huawei Technologies Co., Ltd. 2014. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademark Notice

, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.

Other trademarks, product, service and company names mentioned are the property of their respective owners.

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Industrial Base

Bantian Longgang

Shenzhen 518129, P.R. China

Tel: +86-755-28780808

Version No.: M3-035026-20141229-C-5.0

www.huawei.com

General Disclaimer

THE INFORMATION IN THIS DOCUMENT MAY CONTAIN PREDICTIVE STATEMENTS

INCLUDING, WITHOUT LIMITATION, STATEMENTS REGARDING THE FUTURE FINANCIAL

AND OPERATING RESULTS, FUTURE PRODUCT PORTFOLIO, NEW TECHNOLOGY, ETC.

THERE ARE A NUMBER OF FACTORS THAT COULD CAUSE ACTUAL RESULTS AND

DEVELOPMENTS TO DIFFER MATERIALLY FROM THOSE EXPRESSED OR IMPLIED IN THE

PREDICTIVE STATEMENTS. THEREFORE, SUCH INFORMATION IS PROVIDED FOR REFERENCE

PURPOSE ONLY AND CONSTITUTES NEITHER AN OFFER NOR AN ACCEPTANCE. HUAWEI

MAY CHANGE THE INFORMATION AT ANY TIME WITHOUT NOTICE.