Managing enterprise email in a mobile world

Similar documents
Securing mobile apps in the Enterprise

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Symantec Mobile Management for Configuration Manager 7.2

Symantec Mobile Management 7.2

Symantec Mobile Management 7.2

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Athena Mobile Device Management from Symantec

AnceroAir Mobile Device Management (MDM) Service Guide

Introduction to Mobile Management (MEM)

How to configure your mobile devices post migrating to Microsoft Office 365

Frequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy

The ForeScout Difference

Symantec Mobile Management Suite

ipad in Business Mobile Device Management

Deploying iphone and ipad Mobile Device Management

Microsoft Enterprise Mobility Suite

iphone in Business Mobile Device Management

Securing Office 365 with MobileIron

BlackBerry Universal Device Service. Demo Access. AUTHOR: System4u

ForeScout MDM Enterprise

MDM Mobile Device Management

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

McAfee Enterprise Mobility Management

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

GETS AIRWATCH MDM HANDBOOK

Preparing for GO!Enterprise MDM On-Demand Service

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Cisco Mobile Collaboration Management Service

Mobile Device Management for CFAES

Advanced Configuration Steps

Mobile Device Management and Security Glossary

Enterprise Mobility Suite Overview. Joe Kuster Catapult Systems

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Systems Manager Cloud Based Mobile Device Management

Mobile Iron User Guide

Cloud Services MDM. Control Panel Provisioning Guide

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

Cortado Corporate Server

BES10 Cloud architecture and data flows

iphone in Business How-To Setup Guide for Users

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

Server Installation ZENworks Mobile Management 2.7.x August 2013

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.

Faculty & Staff: Office 365 Migration

Rocket Mail Smartphone Configuration Guide. Version 2.0

Sophos Mobile Control Startup guide. Product version: 3

Secure, Centralized, Simple

Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence

AirWatch for Android Devices

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Sophos Mobile Control Technical guide

Compliance Rule Sets in MaaS360

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

STRONGER AUTHENTICATION for CA SiteMinder

NHSmail and mobile devices overview

ONE Mail Direct for Mobile Devices

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

IBM Endpoint Manager for Mobile Devices

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

AirWatch for ios Devices

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

Systems Manager Cloud-Based Enterprise Mobility Management

Sophos Mobile Control

Symantec Mobile Management 7.1

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

Feature List for Kaspersky Security for Mobile

Symantec Mobile Management 7.1

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Sophos Mobile Control Installation guide. Product version: 3.5

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Sophos Mobile Control Startup guide. Product version: 3.5

Exchange 2010 ActiveSync: Connection

Mobile device and application management. Speaker Name Date

Microsoft Outlook Phone Set Up

Mobile Device Management (MDM) Policies

CHAPTER 1 Exploring Mobile Devices with IMail 1

AirWatch Enterprise Mobility Management. AirWatch Enterprise Mobility Management

iphone in Business How-To Setup Guide for Users

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Total Enterprise Mobility

Workplace-as-a-Service BYOD Management

Technical Whitepaper. Secure Docs

Sophos Mobile Control Installation guide. Product version: 3

MelbourneOnline Hosted Exchange Setup

Kony Mobile Application Management (MAM)

IT Resource Management vs. User Empowerment

Server Release Notes ZENworks Mobile Management 2.6.x January 2013

Mobility Manager 9.5. Users Guide

Introduction to the Windows Phone 8 Guide

MaaSter Microsoft Ecosystem Management with MaaS360. Chuck Brown Jimmy Tsang

MDM: Enabling Productivity in the world of mobility. Sudhakar S Peddibhotla Director of Engineering, Good Technology

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices

Okta Mobility Management

Cloud Services MDM. Management Admin Guide

Android App User Guide

Transcription:

Technical Brief Managing enterprise email in a mobile world Going beyond ActiveSync to address enterprise mobile mail security and management challenges with Kony EMM ActiveSync for Enterprise ActiveSync is a mobile data synchronization protocol developed by Microsoft. It is included in MS Exchange, as well as alternate email systems such as Notes and GroupWise through add-on tools. It synchronizes data with mobile devices by maintaining a push delivery system for the email, contacts, calendar, notes, and task data the user sees in their Outlook (or equivalent) mail client. While ActiveSync handles the data traffic itself (and secures the data in transit), most enterprises struggle with lack of management. For example, even something as basic as getting a list of all devices that are receiving enterprise data using ActiveSync is not an included function. Just as importantly, there is no simple system for effectively assessing the risk of a given mobile device and automatically allowing or denying it access to the mail environment. Automating ActiveSync security is usually the starting goal that leads an enterprise to evaluate a mobile device management solution. This process typically entails finding solutions for four distinct areas around mobile email.

1. Defining mobile compliance Before you can start enforcing rules, you have to define what the rules are. Defining the rules means having a guide to what can be controlled, and having a system to create the rules you want. MS Exchange allows for some extremely limited basic security, such as requiring a passcode before a device connects. The problem is that an app can fool the Exchange server about whether the passcode actually exists, as well as the limited choice of controls. Kony has a solution to this problem. An administrator with a Kony EMM implementation has a comprehensive suite of tools to help them define their choices of what they want to require about a device before it can touch enterprise data. The Kony rules wizards provide support for multiple platforms, recognizing that different platforms have different risks and capabilities for control. Example 1 Example 2 Page 2

2. Enforcing a mobile compliance policy A mobile compliance policy isn t useful unless it can be effectively enforced. Kony EMM allows an admin a wide range of choices on how to enforce policy. When the Kony EMM system determines that a device is out of compliance, actions that can be automatically taken are: Alert the admin Alert the user Block email access to the specific device Wipe all enterprise data from the device Wipe only enterprise app data from the device Complete wipe of the device back to factory new condition Actions can be linked. For example, say an admin has forbidden Angry Birds to be installed on a user s device. The user didn t have Angry Birds when they enrolled, but they have installed it now. An admin could have the user notified first that they have a forbidden app with instructions to remove it or an enterprise wipe will happen in five minutes time. If the user does not remove the app in the time specified, the device has all its enterprise data automatically removed, with an email alert sent to the admin. Any combination of linked actions is possible, allowing for a robust customizable enforcement model. 3. Automating compliance policy enforcement for ActiveSync Without Kony EMM, ActiveSync is an on or off solution. An admin can either keep it globally on for all users, off for all users, or manually enable it user by user. This does not allow for a scalable and effective secure environment that protects corporate data. Kony EMM is integrated directly with ActiveSync Powershell commands. This removes the administrative burden of maintaining ActiveSync on or off settings by admins, and instead leverages the Kony EMM solution to automate the process. Without having to add any new appliance or software to the mail path (or make any changes to the mail environment), the Kony server prevents all unauthorized devices from communicating with ActiveSync. The Powershell integration allows the Kony server to directly toggle those ActiveSync on/off switches automatically, user by user, device by device, based on compliance with the designated mobile policy. For example, a device that has not enrolled to Kony EMM has not been validated as compliant, so ActiveSync for that device remains off at the server level. Users first must enroll to the Kony EMM server, which checks for device compliance (not jailbroken, etc.) before telling the Exchange server to allow communication with that specific device. Mail access can be automatically blocked to a specific device if that device falls out of compliance at any time. Access is automatically restored once it is no longer out of compliance. Page 3

There is no need to require users to manually request access to enroll in Kony EMM. With real-time Active Directory integration, an admin can assign all or specific AD groups as allowed for EMM enrollment. For example, an admin needs to make mail access available for all users, as long as the device itself meets security guidelines. Adding the default AD group of authenticated users would allow all users to enroll using their username and password. With instructions for enrollment on the new hire portal, there would be no need for an individual user to have to open a help desk ticket or contact the admin to get mail access (or WiFi network profiles, VPN profiles, apps, etc.) Another common example is an enterprise that requires supervisor approval before connecting a device to the corporate mail server and/or network. A simple online form requesting access could be set up where the action on supervisor approval would add the user account to a specified group within AD and trigger an email with enrollment instructions. Because that specified group was already designated as allowed for EMM enrollment, no help desk or admin involvement is needed for the user to obtain the desired access on their device. One key point to remember is that the enterprise gains this automated mail security without adding additional risk. Because Kony does not place a critical component in the mail path, a Kony EMM server outage would not result in a mail outage for existing users. New users would not be able to connect to mail during the outage, which is exactly the desired model. If the device cannot be evaluated for compliance with the mobile policy, it cannot connect to the corporate network. 4. Native mobile mail apps Mobile devices today all come with a native app for email, contacts, and calendar that includes support for ActiveSync. Some native apps even have controllable security built in that an EMM solution can leverage. ios devices from Apple and Android devices from Samsung especially are recognized as leading the industry with enterprise-enabled native mail apps that allow admins to control things such as disabling silent mail forwarding. Sometimes the built-in security meets the needs of the enterprise, but that s not always the case; maybe you have standardized on devices besides ios and Samsung s Android. The Kony EMM solution meets these needs by integrating with TouchDown, the industry-leading third party mail, contacts, calendar, notes, and task app from Nitrodesk. Some use cases where even the best native apps are not sufficient: Separate encryption is desired at the mail app level so that even if a device is compromised via jailbreak or root, the enterprise data is still secure behind its own encryption. A passcode is desired at the app level, not just at the device level. Many users like to be able to unlock their device and share it with colleagues, friends, children, friendly dogs, etc. You might want to let friends look Page 4

something up on the web using your phone, but do you want them to be able to accidently read or send email from your corporate account? Some security departments require the ability to prevent a user from storing an email attachment in a non-sanctioned app or local storage area. Usage controls such as restricting time of day and/or locations that the mail app can be used. Kony EMM makes these compliance definitions possible with the addition of TouchDown, whereas native mail apps cannot be secured or controlled in this fashion. Disabling copy/paste within the email app, as well as stopping a user from sneaking a copy by taking a screenshot. Kony EMM is a uniquely intelligent EMM solution that allows for context-aware control such as only disabling screenshots when the mail app is open, but allowing them in other areas of the device. One key risk that needs to be managed in the enterprise is enforcing these mail app requirements across so many supported platforms. With Kony EMM, an admin has flexibility; for example, requiring TouchDown for Android while blocking the native mail app from connecting to the corporate mail server, while allowing the native mail app on an ios device. You can get even more detailed down to the vendor level by allowing the Samsung email app, but blocking the HTC or Motorola (or any other vendor) native app and requiring TouchDown on those devices. This document may contain information proprietary to Kony, Inc., is bound by the Kony license and other agreements, and may not be used except in the context of understanding the use and methods of Kony software without prior, express written permission. All terms, trademarks, or service marks mentioned have been capitalized and are considered to be registered trademarks of their respective holders. This document is intended for informational purposes only; it is an overview of a Kony product direction but shall not to be construed as a specification, contract or commitment to build or deliver any new or modified code, services or functionality. The features expressed in this document are subject to change or cancelation at any time and should not be considered in purchasing decisions for Kony products and services. The development, testing, release and availability of Kony products and services are the proprietary decisions, and at the sole discretion, of Kony, Inc. Page 5

About Kony, Inc. Kony is the fastest growing cloud-based mobile application development platform (MADP) in the industry with over 600 live multi-channel apps, serving over 20 million end users across 45 countries, and generating over 1 billion sessions. The Kony Experience Platform is an integrated software development lifecycle (SDLC) platform to define, design, develop, test, deploy, and manage multi-channel applications from a single code base. With Kony, you can deliver stunning user-first experiences, get to market faster, and lower your application TCO. Kony also offers a suite of more than 33 ready-to-run B2E and B2C apps that enable customers to quickly extend their business. For more information, please visit www.kony.com and connect with Kony on Twitter, Facebook, and LinkedIn. 2013 Kony Solutions, Inc. All rights reserved.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information