Enabling a Mobile Enterprise Mark Holobach Senior Systems Engineer Citrix Mobility
Enabling a Mobile Enterprise Your Technical Blueprint To Getting Started Mark Holobach Citrix Systems
How Mobile Feels Today
User Needs Want access to all apps and data from any of their devices
Enterprise Mobility in Numbers BYO Devices Multiple Locations App Proliferation Unmanaged Data 3 Devices 65% Employees 200+ Apps 80%+ Fortune 500 Average per Employee Work in multiple locations Average Citrix customer portfolio Use unmanaged cloud storage Source: Citrix and leading analysts
50% work from home 43% work from client sites 40% work while traveling 32% work at public sites Forrsights Networks And Telecommunica7ons Survey
By 2015: Mobile app development projects will outnumber na7ve PC projects by a ra7o of 4- to- 1 Gartner Mobile 13% Mobil e 5% SaaS 16% Win 40% SaaS 25% Win 38% Other 39% Other 24% 2011 2015 IDC
Need to Balance End Users and IT Freedom Compliance
Need to Balance End Users and IT Mail, Browser, Docs Manage Devices Freedom Any App, Any Device Log In Once Compliance Secure Apps Control Network Access
Consumerization in the mobile world BYO Devices MDM Manage BYO Manage Devices Manage Email MAM Corporate Devices 2000 2012
Mobile Solutions Considerations Enterprise grade MDM Mail Options Secure Browser Secure Data Delivery Options Secure 3 rd Party and House apps Unified App Store Federated identity & SSO Scenario-based access controls
4 Stages to Mobility Project MDM 1.0 Manage the Devices Mail Options What levels of security do I need? Enable Apps and Data Manage the risk of data loss. Extra Features Simplify the user experience, enhance security.
MDM 1.0 - Mobile Device Lifecycle Management
Mail Delivery Options and Limitations Configuration of Native Mail and 3rd party mail apps, i.e. Touchdown for Android ios and Samsung provide a partitioned mail app. A mail client is required for other Android Devices, i.e. Touchdown, Citrix, Good. No ability to password protect mail, control attachments or any DLP control. Native Mail / Touchdown + Email Attachment Encryption as an Option Encrypt attachments to ios or Android devices. Key resides on the device so the attachment may only be viewed on that device. Attachment may be opened in DLP controlled apps. Secure Mail Client Considerations Separate, secured, encrypted mail client for ios and Android. Adds the ability to set a password on the mail client and enforce DLP controls. Integrated with secure apps & data.
Secure Content Deliver Options None No control Secure Ecosystem Secured Apps Email Web Browser Wrapped Apps Secure Data Container SharePoint ShareFile Other File Sources Receiver No data on device, full access to apps and data.
User and Security Enhancements Enable Single Sign On One complaint from users is that there are multiple passwords for mobile apps that don t use their domain credentials. i.e. Salesforce Automated Actions One consideration that administrators and security professionals have is monitoring what a user does on their device. Did they install a Blacklisted app? Did they Jailbreak/root the device? Did they remove the MDM app? Delivering Apps Administrators need to be able to deliver required and optional apps to any device. With the proliferation of devices, the apps are no longer limited to ios and Android store apps. The list now includes Windows, SaaS and Web. Scenario Based Access Control Some data an organization may only want to make available based on location. That may be achieved using Scenario Bases Access Controls. For example, only allow access to shipbuilding docs when on a secure network.
So how does Citrix Solve the Problem
Sandboxed Mail, Docs, and Browser Mail Docs Browser combined with a great user experience.
Data protection settings that allow IT to take a granular, yet measured approach Disable Camera Disable Open-In Disable icloud use Disable Copy/Paste Disable sending SMS Disable printing Disable sending email Restrict outbound URL Encrypt app and data
Me@Work mobile app family @WorkWeb Secure Browsing @WorkMail Email, calendar & contacts ShareFile Follow- me Data GoToMeeting Integrated Collabora7on Podio Social Team Collabora7on
@WorkMail @WorkWeb Mail, calendar, contacts Enterprise class security Beau7ful na7ve experience Full inter- app integra7on MDX- secured Secure browser Internal web app access Full inter- app integra7on Consumer experience MDX- secured
@WorkMail Secure Exchange connec7vity No new messaging infrastructure Connected/ disconnected access @WorkWeb Any intranet site access Na7ve browser experience
MDX Policy Allow Camera InterApp Sharing icloud Backup Enable DLP Disable printing Require Authentication Trusted Network Only Restrict outbound URL Offline lease period 24 h
MDX Policy Secure app containers Micro VPN Lock and wipe Inter-app controls Allow Camera InterApp Sharing icloud Backup Enable DLP Conditional access policies Disable printing Require Authentication Trusted Network Only Restrict outbound URL Offline lease period 24 h
Use Cases Restaurant Chain > Red Robin Oil Production and Exploration > Marathon Oil Large Air Freight Logistics Company International Bank > Rabobank
Citrix The Most Complete Mobile Portfolio Any app, any device, anywhere Mobile ROI Mobile Device Management Sandboxed Mail and Web Mobile App Security Secure Mobile Data Sharing Mobile Network Control SSO and Identity Management Desktop and App Virtualization Collaboration