BENEFITS OF MOBILE DEVICE MANAGEMENT White Paper 2013
SUMMARY OVERVIEW This white paper outlines the benefits of Mobile Device Management in different use cases. SyncShield is a Mobile Device Management (MDM) solution providing secure management of mobile devices OTA with hardly any end user interaction. As a concept, Mobile Device Management means securing, monitoring, managing and supporting mobile devices deployed across mobile operators, service providers and businesses. MDM functionality typically includes distribution of applications, data and configuration settings for all types of mobile devices, including Smartphones, tablet devices, mobile point of sale (POS) devices and other such mobile devices. SyncShield makes it possible to secure entire device fleet automatically. Distributing enterprise level applications and preparing necessary settings for devices can be done automatically. This ensures that corporate network connections and e-mail configurations are properly set and devices are immediately ready to use as the end user gets devices in their hand. SyncShield is device model agnostic, and as such supports multiple phone and tablet models making centralising the management of the entire mobile device fleet possible. This also reduces the load on IT support, as remote diagnostics and technical support are available. SyncShield helps organisations to apply a practical mobile strategy. By controlling and protecting the data and configuration settings for all mobile devices, SyncShield can greatly reduce support costs and business risks. With SyncShield, it is possible to optimise the functionality and security of the mobile device fleet while minimising support related costs and downtime. BENEFITS - Increase productivity and minimise costs - Protect mobile assets and save time - Create a complete service portfolio and increase customer loyalty - Allow users to choose the device that is most convenient for them to use and still secure valuable information The SyncShield client can be delivered completely over-the-air, hardly any substantial user intervention and reducing the challenges faced during the implementation process. Platform independence the Capricode philosophy By using SyncShield, all of the applications installed on the mobile fleet can be managed simultaneously, even if the phones do not have the same operating system. All applications and supported phones are managed over-the-air from a centralised web based management console. Currently SyncShield supports ios, Windows Phone 8, Samsung Android, HTC Android, Android, and Symbian operating systems. 2
BENEFITS FOR BUSINESSES OVERVIEW SyncShield provides increased productivity and cost savings for businesses by reducing the amount of manual labour required to manage mobile devices. With SyncShield, the valuable data on the mobile devices is also secured. The latest generations of smartphones and tablets further pave the way for the introduction of industry specific mobile business applications. The increasing capacity of the mobile devices makes it possible to have the productivity tools on the device itself. This extends the office to mobile devices making the device a part of the business process. Business applications are increasingly available on mobile devices. The extension of enterprise applications to mobile is perceived to tighten processes, increase responsiveness, and improve decision making. However, the possibility to have office documents on the device also increases security threats. Modern devices have strong built-in protection mechanisms (such as device memory encryption and containerized applications) but they have to be enabled in order to be useful. SyncShield ensures that all those security features are in commission. SyncShield from Capricode enables Mobile Device Management through one centralised location regardless of which operating system the mobile device has. Businesses are able to manage all of their mobile devices from one user interface. With SyncShield, it is possible to complete a comprehensive mobile service portfolio as SyncShield automates the deployment, configuration and removal of different mobile applications. This enables the roll-out of the corporate mobile policies and is the foundation of a sound mobile strategy. DEPLOYMENT SyncShield can be deployed using a variety of different models. Businesses are able to choose the model that suits their requirements best. The product can be handled in-house or acquired as a service. If the server installation is required to be in-house, located either in corporate premises or in corporate data centre, the maintenance can still be either inhouse or outsourced. Businesses are able to choose which option is the most convenient approach to arrange mobile device management. Different deployment options allow the business to define, how much personnel resources are reserved for mobile device management. Freedom to choose the best delivery model The competitive advantage of SyncShield is its unique, patented architecture. Because of SyncShields unique architecture, we are able to deliver one product in multiple different ways. 3
BENEFITS FOR USERS OVERVIEW Using SyncShield it is possible to raise the end-user support to a new level with more efficient fleet management accompanied with substantial savings in hands-on work and thus personnel costs. With Over-the-Air (OTA) remote support, the user is no longer dependent upon the location of the technical support. Mobile services are created invisibly from the endusers perspective and the enterprises are able to utilize the existing potential of true mobility, without the need for servicing the devices at a designated location from time to time. With OTA support, users themselves do not have to worry about managing the phone; IT department can provide everything to the phone remotely. Using SyncShield for mobile device management means no downtime and fast expert problem solving. SyncShield also supports Bring Your Own Device (BYOD) users are able to use their own, preferred devices in business use. If there are any changes, for example the user leaving, only the business specific content can be removed. The office environment converging to mobile can provide rich productivity solutions that can be used almost everywhere, but it is essential that the deployment and adoption of those solutions can be done without having to be technically savvy. The end-users expect to be able to operate their mobile as their mobile office without the pain of complex installations or configurations. With SyncShield, the deployment and upgrading of mobile applications does not require any actions from the end user. Also from the mobile device life cycle point of view, SyncShield supports the transition from one device to another, ensuring that all relevant data is moved. Many industries are dependent upon the mobile phone, viewing it as the necessary tool in the business process toolbox. Endusers will not tolerate complexities which will introduce additional uncertainty into the communication process; in fact, they expect seamless use of services without constant user interaction. The increasing selection of business and security applications with the multitude of settings to be maintained within the handset, creates the demand for an easy-to-use enterprise solution for device management. It is essential, that the delivery, configuration and maintenance of the business applications can be done over-the-air without end-user interaction thus saving time and money by removing the need to physically take the mobile device for the IT staff to be installed. Simplicity for the end-users Taking a new device into use usually requires lot of manual labor because applications have to be installed and configured before the device can communicate with corporate networks and be a productive tool. SyncShield offers an easier way for end-users; simply install the SyncShield client and automatically receive the required applications and settings instead of fighting with configurations. 4
BENEFITS FOR SERVICE PROVIDERS OVERVIEW In the modern business environment enterprises are concentrating on their core competences while having most of the supporting functions, such as IT, outsourced. As a versatile MDM system, SyncShield is a suitable solution for all type of service providers. SyncShield is a forefront solution containing all of the Mobile Device Management features with cross-platform support covering almost all the smartphone handsets currently available in the market. By offering the right tools for the IT service providers, SyncShield enables companies to increase the productivity by having their mobile fleet managed efficiently and securely. SyncShield provides increased recurring revenue and customer loyalty for the service providers. SyncShield is actually the final building block providing a tool for easier management and completing the service portfolio of the service provider. SERVICE OPTIONS For service providers Capricode offers various choices to tailor SyncShield into their overall service offering. Service providers can offer MDM services from The Capricode Cloud. When using The Capricode Cloud service providers do not have any infrastructure concerns. In addition the SaaS model and Inhouse offering are both convenient and possible choices for the service providers who feel that those service models are more suitable for their customer base or business model. In the case of in-house installation, service provider can provide installation and support services with required training for both server maintenance and SyncShield usage. The Service provider can offer SyncShield as a Hosted solution (ASP), which means that the service provider provides the customer only SyncShield server and the customer is then responsible for the device management actions. Another alternative is to provide the device management as a managed service (MSP). In this case the service provider offers device management as a complete service for the customer. This means that the service provider not only host the SyncShield server, but also executes the device management operations on behalf of the customer. Whatever service model is chosen, service providers have the authority to choose who manages the devices. It can be done by the service provider or by end-customers IT personnel. A hybrid solution is also possible. This provides flexibility for the overall offering of services and widens the potential end-customer fleet. SYNCSHIELD PARTNERSHIP PROGRAM Capricode supports its partners with an extensive partnership program. As our partner you will have access to a fully functioning channel with a software vendor. You are able to establish truly working MDM solution with very low initial investments. Capricode offers extensive presales, sales support and after sales services for partners, so with SyncShield it is possible to answer to the demands of the market. 5
KEY FEATURES OVERVIEW The key features of SyncShield are available for every supported platform. SyncShield provides over-the-air provisioning of settings and configuration of services for new devices, users or subscribers when new services are ordered or required. APPLICATION DISTRIBUTION SyncShield enables complete application management (MAM). Applications can be distributed directly to the devices or via application catalogues. Many applications are useful as tools but finding secure and beneficial applications among the huge quantity of applications can be difficult. Targeted application catalogues for specified groups can be delivered conveniently by using SyncShield. Users are able to choose and install recommended applications by themselves. By using the application blacklist and whitelist features the company can ensure that employees won t harm their security by installing malicious software. POLICY MANAGEMENT SyncShield enables companies to enforce policies automatically on all devices. Using policies, administrators can create predefined sets of configurations, applications and settings for new or existing devices. The devices start obeying the policies assigned to them immediately and will report violations that occur on devices for whatever reason. Devices can be easily divided into groups and different policies can be assigned to those groups. INVENTORY MANAGEMENT Using the asset management features of SyncShield, it is possible to monitor the status and availability of the device fleet as well as listing existing settings, memory statuses and other file management operations. Data can be synchronized with different directories such as Active Directory, OpenLDAP and Exchange. SECURITY MANAGEMENT SyncShield secures devices by enabling the built-in security features such as device encryption and securely running applications. In case of a lost or stolen device it can be either locked or wiped depending on the situation. In addition SyncShield makes it possible to pre-define anti-theft policies such as device wipe when the SIM card has been removed from the device. SyncShield fully supports corporate data wipe which is important feature for companies supporting BYOD. It is essential to ensure that only properly secured devices are able to connect into corporate networks. Necessary certificates and settings such as VPN settings, WiFi settings or e-mail settings can be pushed to a device to ensure that devices are fully protected and ready for use as a productive tool. 6
SYNCSHIELD SECURITY SECURITY OVERVIEW SyncShield utilizes layered security approach, which includes the following security features: - SSL communication encryption - Java session handling - 2-way SyncML authentication - Unique SyncML client credentials - SyncML nonce checking - Expiration time for client installations - Data encryption on disk - Device data encryption - Feature restrictions - Web-console audit logging - Unique device specific certificates - Certificate secured MDM profiles - Two-tier authentication to web console WEB CONSOLE SECURITY In addition to the normal convention of using username and password combination, an SMS message can be sent containing a secondary disposable password that must be entered in order to login. The connection from the user s browser to the SyncShield web console is also forced to use SSL security. CLIENT SECURITY achieve high security deployment. All communication between the SyncShield client and server is SSL secured. SyncShield offers the possibility to lock devices to a specific SyncShield server, preventing SyncShield client transfers to other SyncShield instances unintentionally. SERVER SECURITY Data and personal backups fetched from the mobile devices are encrypted in storage and are not accessible by anyone. Also all of the content uploaded onto the SyncShield server from the administration web console can be encrypted including applications, data files, certificates and templates. All passwords entered in the web console are encrypted in the database; such as login credentials, Wi-Fi shared keys etc. SyncShield supports all the latest Java and OpenSSL versions to achieve the highest protection level available together with Linux modules known of high security offering and reliability. New releases are published regularly to allow the latest security updates to be included in the SyncShield architecture. Various mechanisms are used to secure data in the mobile device. Device data encryption can be enforced for devices using SyncShield. Also client installations can be forced to expire, if they are not deployed within a defined timeframe. Client applications are either signed by 3 rd party authorities, by Capricode or they are enrolled using the built-in SCEP server together with SyncML authentication and nonce-checking to 7
TECHNOLOGY OVERVIEW SyncShield Mobile Device Management (MDM) is based on the Open Mobile Alliance (OMA) standards supporting all major mobile operating system platforms (e.g. Android, ios, Windows Phone 8, Symbian, etc). The unique engine in SyncShield can manage tasks for any communication protocol in use whether it is SyncML or proprietary MDMinterfaces offered by the mobile operating system of the device. The protocols can be extended by management objects, which provide application and product specific extensions without additional implementation work in the task engine itself making SyncShield very flexible. Due to the patented client server architecture, SyncShield is robust and highly scalable. SyncShield provides a web services API to enable easy integration to different business applications. With the SyncShield software development kit, SyncShield can be modified to better meet the needs of the customers. The required components on the mobile device can be implemented very quickly, as device specific modifications represent only a small subset of the solution as a whole. The initial release of SyncShield dates back to 2003 and it has been designed from a SaaS point of view from the beginning. Over the years SyncShield has established an impressive reliability record. With over 21 patents, the architecture gives strong protection against competition. SYMBIAN MOBILE DEVICE FLEET WINDOWS MOBILE DEVICE FLEET MANAGEMENT USER SYNCSHIELD ANDROID MOBILE DEVICE & TABLET FLEET iphone & ipad FLEET 8
MARKET OVERVIEW Mobile devices have become a very important part of our life professionally and personally. Where ever we go we have our mobile devices with us. In our professional life mobile devices offer us improved mobility, productivity and geographical independence. However, great possibilities bring massive challenges. As the smartphone and tablet market grows opportunities and challenges increase. SyncShield offers a solution for those challenges making it easy to utilize the full potential of mobile devices. In 2012 over 712 million smartphones were sold worldwide which is 44.1% more than was sold in 2011. Although the growth of the smartphone market was quite exceptional during 2012, Q42012 was a time for new releases and especially high growth in smartphone sales. During Q42012 over 90% of smartphones sold were either Android or ios based devices. To make these devices productive tools for professionals they need to be configured and prepared properly. The new trends such as BYOD (Bring-Your- Own-Device) and CYOD (Choose-Your-Own- Device) are causing new challenges and opportunities for companies. Consumerization and prosumeration are new trends that will effect to companies in the post-pc era. foundation on which a comprehensive mobile policy can be built. Most of the adopting companies that had previously standardised a mobile device platform now need to prepare to support multiple operating systems. It is also noteworthy, that often businesses don t even have dedicated people responsible for managing mobile devices. Although many companies may have device management responsibilities, usually only PCs are covered, not mobile devices. Given the fact, that mobile devices are increasingly becoming an integral part of business use, this is very likely to change. The MDM market is quickly evolving, as the requirements and definitions are changing rapidly. As the mobile market is still growing the importance of managing mobile devices will rise exponentially. Due to the unique architecture of SyncShield, Capricode is able to meet the new market requirements quickly and cost efficiently. As the usage of mobile devices as an integral part of every day business activities increases, new requirements for Mobile Device Management arise. The benefits of using SyncShield will be assured. The new generation of employees are used to a new type of freedom that was not an option before the revolution of mobile devices. BYOD comes with challenges such as security issues and access right issues but these obstacles can be avoided by creating a purpose built mobile policy. After all BYOD is only beneficial for those companies which have created a mobile strategy which can handle this phenomena. SyncShield is the 9
For more information about SyncShield, or other Mobile Device Management related issues, please contact us. Capricode Ltd. Yrttipellontie 10 FI-90230 OULU FINLAND Tel. +358 40 3012 300 www.capricode.com YOUR PARTNER IN MOBILE DEVICE MANAGEMENT