Embracing BYOD Trend Without Compromising Security, Employee Privacy, or the Mobile Experience!

Shanmugarajah (Shan) Director Architecture, Enterprise Mobility

WSO2 Inc.!

Agenda  

• Work- New definition •  Enterprise Mobility Challenges •  Different Approaches to Data Security •  BYOD • WSO2 EMM •  Summary  

16 years back  

Employees  

Enterprise  

Data  

Device   Device  

Work  

• Happens inside a place • Dependent on specific Technology • Resources Within the premise Owned by enterprise

Now  

Thanks to technology  

Enterprise  

Data  

Employees  

Device  

Data   Work  

•  Independent of place • Independent of Technology • Resources Within the premise and outside Owned by enterprise and employees

Enterprise Mobility ?  

•  New trend towards a shift in work habits. •  Employees working out of the office with

Mobile devices and cloud services to perform business tasks.  

Enterprise Mobility  

Challenges  

Allow Mobility in your organization ?  

Enterprise  

Data  

Employees  Device  

COPE   BYOD  

Public Store  

•  Data Security •  Remote Device Management •  Enterprise Store •  Enterprise Application Development & Management  

Challenges  

Data Security  How the data can be compromised ? Device being lost or stolen Malicious App stealing the data Data Leak  

What is the data ? • Email message or the attachment • Documents like pdf,word,excel,ppt,text • Browser accessing HTML pages,cookies • Contact,Calendar,Notes • Application with Database  Why the data is sensitive ? • It can be highly confidential like quotation

value, salary details • It can have a high impact if it goes to the

wrong person  

Who can compromise ? External Internal  

Enterprise needs some kind of Tool to solve the enterprise Mobility challenge!

EMM  

Data Security - Approach 1  Mobile Device Management  

•  Enforce password policy on the device •  Encrypt data when locked (AES 256 FIPS 140-2) •  Enterprise Data WIPE & Device WIPE •  iCloud Backup Disable  

How MDM can solve this challenge ?  

•  If the password is compromised •  Malware or malicious app stealing data •  MDM has very little control over data sharing and DLP  

Data Security - Approach 1 - MDM  

Drawbacks  

Vendor Apps  

Enterprise Apps  

Apps from Public Store  

Apps in the Device  Challenge 1.Need to separate enterprise apps and data 2.Able to Control it 3.Limit interaction with personal apps and data.  

Data Security - Approach 2 - Separate Apps and Data  Within Device   Away from Device  

Away from Device • Desktop Virtualization or VDI technology (Citrix XenDesktop,VMWare

Horizon View, Dell vWorkspace, Remote Desktop Microsoft. • Web Apps

Within Device •  Virtualized OS’s on the mobile device (Hypervisor 1 and 2)  

Data Security - Approach 2 - Separate Apps and Data  

11  

Dual persona, two separate and independent end user environments in a single device.  

Mobile Virtualization Virtualized OS’s on mobile (Hypervisor 1 and 2)  

BlackBerry Balance Samsung KNOX  

Other Dual Persona’s  Blackberry Z10  Samsung Note 3  

KNOX Container  

Not all the devices support dual persona iOS does not support or Apple will not allow to modify the OS  

•  Desktop virtualization •  Web apps •  Mobile virtualization Each one of those options has its flaws.  

MAM gets you a step closer to managing what you care about MAM brings the perimeter closer to the corporate resources  

Data Security - Approach 3  Mobile App Management  

• MAM gets you a step closer to managing what you care about

• MAM brings the perimeter closer to the corporate resources  

Mobile App Management (MAM)  1. MAM (Controlling App behavior) 1a. SDK Approach 1b. App wrapping 2. OS MAM - iOS MAM through MDM 3. App Store and Managing apps with MDM  

Data security features  1.  Encrypt the data at transmit use app VPN tunnel or app tunnel 2.  Encrypt the data at rest & decrypt only when viewing 3.  Two factor authentication 4.  Data Loss prevention (Disable Cut,Copy and Paste) 5.  Data at rest should be controlled (Delete) 6.  Policy based Data control , where policy can be pushed and updated  

Additional Features 1. Enterprise Apps in the mobile should be able to use SSO 2. Data can be shared between application 3. DLP (cut,copy,paste) should be enabled between enterprise

applications  

MAM controlling apps behavior  

Additional Features 1. Enterprise Apps in the mobile should be able to use SSO 2. Data can be shared between application 3. DLP (cut,copy,paste) should be enabled between enterprise applications  

8  

MAM SDK Approach  

SDK contains all the necessary API to implement the MAM features Provides enterprise-grade security with user authentication, single sign on, copy/paste prevention, data encryption, app-level policies, compliance monitoring and management.  

MAM - App Wrapping  

App Wrapper Tool  

•  For apps already built •  Need unsigned app binary. •  Not to apps from public app stores. •  Can do basics of encryption, authentication, or app-level VPNs. •  Can intercept, block, or spoof API calls made •  Can change the app icon  

MAM Solution (Controlling app behavior) • Works across all versions of Android and iOS • Native apps provide a superior user experience. Remote desktops, web apps, and virtualized mobile devices each

have their place in the EMM world, but MAM has distinct advantages.  

Data Security - Best Approach  

•  Remote Device Management (MDM) •  Enterprise Store •  Enterprise Application Development & Management (MEAP, mBaas)  

Other Challenges in Enterprise  

Embracing BYOD in Enterprise - Benefits!

•  Cost •  Device Maintenance •  Improved Productivity!

User-Experience and Privacy in BYOD!

More than one Enterprise Apps Every app needs login Desktop apps have SSO Why not give the same experience Native App!

Monitor the personal data like contact info, app info Location info of the user  

User- Experience  

Privacy  

WSO2 Enterprise Mobility Manager WSO2 EMM!

WSO2 EMM Features  

•  MDM •  Enterprise Store with Publisher •  Mobile App Management  

Mobile Device Management  •  Employee / Corporate Owned •  Supports Android, iOS •  Identity integration •  Policy Management •  Containerization (Email) •  Self Service Provisioning •  Role Based Permission •  End-User MDM Console •  Enterprise Wipe •  Reports & Analytics  

Configuration  Android Features  

• Device Lock • User password protected WIPE • Clear Password • Send Message • Wi-Fi • Camera • Encrypt Storage • Mute • Password Policy • Change Lock Code • App Blacklisting  

• Location • Battery Information • Memory Information • Operator Information • Root Detection • Application Information  

Information  

iOS Features  

• Device Lock • Clear Passcode • Wi-Fi • Camera • VPN • APN • Email • Calendar • LDAP • Black - Listing Apps • Enterprise WIPE • Password Policy  

• Battery Information • Memory Information • Application Information  

Configuration   Information  

WSO2 EMM Screens  

•  Supports multiple platforms •  Android

•  Native, Hybrid Application (.apk) • Web Application •  Market Place Application (Google Play) [Free]

•  iOS (iPhone, iPad) •  Native, Hybrid Application (.ipa) - Need to have enterprise developer account • Web Application •  Apple Store Application [Free] •  VPP Application (Next Release)  

Publisher    

WSO2 EMM – Publisher  

Store    Supports multiple platforms User subscription Advanced search options App sorting Support for existing user stores (Widgets, Gadgets, Books, Magazines , APIs). Single-Sign on  

WSO2 EMM – Store  

Application Management Console  

• Mobile app policy enforcement • Compliance monitoring • Bulk app push • User App Management •  Tracking app Installation  

WSO2 EMM – App Management  

Enterprise  

Data  

COPE   BYOD  

Public Store  

Mobile Project Management  

Unified Store Backend API, mBaaS API  

Development IDE  

MDM  MEAP  

Big Picture  

Roadmap  • App Containerization (SDK Approach) • Samsung KNOX Integration • Dynamic Policy • mBaaS • MEAP  

Summary  

• Different approaches to BYOD problem • Based on your requirement Can be MAM , or it can be hybrid (MDM & MAM) • End-user experience and their privacy is important  

Consumerization is a two-way street. You need to make sure your users understand the need to keep resources safe, but you also need to make corporate resources accessible.!

IT Consumerization  

Q/A  

Thank you