A Zenprise White Paper. The Shift to MDM 2.0

Similar documents
Mobile Data Leakage Prevention

Taking Your Enterprise Mobile: The Executive Checklist

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Enterprise- Grade MDM

What We Do: Simplify Enterprise Mobility

The Ten Must Haves for Secure Mobile Device Management

Enabling mobile workstyles with an end-to-end enterprise mobility management solution.

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Securing Office 365 with MobileIron

Enterprise mobility management: Embracing BYOD through secure app and data delivery

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

MobileIron. Hendrik Van De Velde Exclusive Mobile Eco-system

Welcome! Thank you! mobco about mobile samsung about devices mobileiron about mobile IT accellion on mobile documents hands-on devices and race karts

CA Enterprise Mobility Management MSO

An Intelligent Solution for the Mobile Enterprise

Securicom (MDM) Mobile Device Management

ForeScout MDM Enterprise

Windows Phone 8.1 in the Enterprise

BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size.

Mobile First Government

How To Write A Mobile Device Policy

The ForeScout Difference

Total Enterprise Mobility

Cisco Mobile Collaboration Management Service

Ensuring the security of your mobile business intelligence

BYOD & MOBILE SECURITY

The fastest, most secure path to mobile employee productivity

The 10 musthaves for secure. enterprise mobility

Kony Mobile Application Management (MAM)

RFI Template for Enterprise MDM Solutions

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

How To Protect Your Mobile Devices From Security Threats

Executive s Guide to Cloud Access Security Brokers

IT Enterprise Services

Today s Best Practices: How smart business is protecting enterprise data integrity and employee privacy on popular mobile devices. Your Device Here.

MobileIron for ios. Our Mobile IT Platform: Purpose-Built for Next Gen Mobility. MobileIron Platform: Accelerating ios Adoption in the Enterprise

AirWatch Solution Overview

PULSE SECURE FOR GOOGLE ANDROID

Secure Mobile Solutions

Best practices for mobile data protection

An Overview of Samsung KNOX Active Directory and Group Policy Features

BENEFITS OF MOBILE DEVICE MANAGEMENT

How To Support Bring Your Own Device (Byod)

Samsung Mobile Security

MAM - Mobile Application Management

IBM MobileFirst Managed Mobility

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

I D C V E N D O R S P O T L I G H T. T a m i n g t h e C onsumerization of IT w ith C l o u d - B a s e d M obile De vi c e M a n a g e ment

White paper. Four Best Practices for Secure Web Access

SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK

Mobile device and application management. Speaker Name Date

SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES

Mobilize SharePoint Securely: Top 5 Enterprise Requirements

Speeding Office 365 Implementation Using Identity-as-a-Service

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

Symantec Mobile Management Suite

Symantec Mobile Management 7.1

Feature List for Kaspersky Security for Mobile

Company Facts. 1,800 employees. 150 countries. 12,000 customers and growing. 17 languages. 11 global offices

The Maximum Security Marriage:

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Secure Data Sharing in the Enterprise

WHITE PAPER AUGUST 2014

An Overview of Samsung KNOX Active Directory-based Single Sign-On

BYOD: BRING YOUR OWN DEVICE.

W H I T E P A P E R E m b r a c i n g C o n s u m e r i z a t i o n w i t h C o n f i d e n c e

The Oracle Mobile Security Suite: Secure Adoption of BYOD

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

Kaseya White Paper. Managing the Complexity of Today s Hybrid IT Environments

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Where is your Corporate Data Going? 5 tips for selecting an enterprise-grade file sharing solution.

Bell Mobile Device Management (MDM)

Embracing Complete BYOD Security with MDM and NAC

Citrix Enterprise Mobility Management Solutions

WHITE PAPER Secure Enterprise Data in a BYOD World IDC OPINION IN THIS WHITE PAPER. Sponsored by: Excitor. Jason Andersson January 2013

Transcription:

A Zenprise White Paper The Shift to MDM 2.0 Eight steps for getting ahead of the app tsunami, keeping business data from going viral, and putting mobile to work

Table of contents BYOD is here to stay... 1 The conversation is changing... 1 Eight steps: The MDM 2.0 checklist... 2 MDM 2.0 is already here... 2 Capabilities for putting mobile to work... 3 Zenprise puts mobile to work... 8 About Zenprise... 8

BYOD is here to stay The next phase of enterprise mobility is here. The Consumerization of IT and bring your own device (BYOD) phenomena that took information technology departments by storm over the past two years now seem to be better understood and planned for. According to research performed by the Center for Telecom Environment Management Standards, 78 percent of organizations allow employee-owned mobile devices in the business environment. 1 Organizations around the world, of every size and across virtually every industry, are embracing enterprise mobility. Most are allowing some or all of their users to bring their own devices to the workplace and access the corporate network, email, and increasingly, business apps. The conversation is changing Today, the conversation is changing. What started out as a discussion about how we protect corporate data and networks in the face of BYOD has turned into a dialogue about how we make mobile our strategic advantage. Now that mobile devices are maturing, have more enterprise security features, and are more prevalent in the workplace, it s easier to imagine the many ways those devices can help achieve business objectives that grow the top line or make us more competitive. According to Aberdeen, best in class organizations are three times as likely as all others to tie business process to users mobile devices. 2 Rather than thinking about mobility as a security liability, organizations are beginning to think about it as a strategic initiative. Whereas the goal over the last couple of years has been to say yes to mobile, today s goal is put mobile to work. We call this the shift from mobile device management (MDM) 1.0 to MDM 2.0. While MDM 1.0 can be described as managing the mobile device, MDM 2.0 addresses the next generation of enterprise mobility: managing what s on the device. More specifically, it is the capabilities that enable organizations to manage and secure mobile apps and protect mobile enterprise data. We believe there is a right way to adopt MDM 2.0, and that is for organizations to adopt the capabilities in a way that harmonizes enterprise IT needs with the end-user experience. This white paper is meant to lay out an explanation for what we mean by MDM 2.0, best practices for how organizations can put mobile to work, and set the stage for our strategic direction. While Zenprise offers some of the MDM 2.0 functionality laid out in this paper, many of the capabilities make up our near-term roadmap. The conversation shift to MDM 2.0 Consumerization of IT Enterprization of apps MDM 1.0 Allows me to secure my mobile enterprise Lets me tap into my mobile potential MDM 2.0 Addresses mobility as a liability Leverages mobility as a strategic initiative Say Yes to Mobile Put Mobile to Work 1 http://www.marketwatch.com/story/ctemsr-research-78-of-enterprises-allow-bring-your-own-device-byod-2012-07-24?siteid=nbkh Mobility in ERP 2011, Aberdeen, May 2011 2 http://www.zenprise.com/mdm-cloud-report-q2-2012 WHITE PAPER The Shift to MDM 2.0 1

Eight Steps: The MDM 2.0 Checklist For those CliffsNotes readers among you, below is a summary checklist of the best practices for putting mobile to work. Targeted to the IT and business professionals who are responsible for their organization s mobility initiatives, this checklist outlines eight practices for securing mobile content and deploying business-ready mobile apps. We expand upon each of these items in the sections ahead. checklist Question Practice Are you concerned about sensitive business data leaking from users mobile devices? Deploy a secure content container for mobile devices Do you need to secure access from users mobile devices to content repositories? Secure connectivity between the secure container and the content repository with an encrypted tunnel Do you need to control content at a granular level to prevent its leakage or inadvertent misuse? Set content-aware, role-based policies for mobile user permissions (synch, email, open in another app, etc.); also, version-control and time-expire content Do you need to protect email attachments without disrupting users email experience? Encrypt email attachments so that they re encrypted on mobile devices and can only be unencrypted when opened in the container Do you have policies about assets remaining onpremise or do you have concerns about data on mobile devices leaving the premises without your knowledge? Establish automated compliance policies, e.g., wipe content on perimeter breach, on corporate devices that must stay on-premise Do you need to secure access from users mobile devices to your corporate intranet and web portals without offering full-bore VPN access? Secure connectivity between the secure container and your corporate intranet or web portal Do you need to extend your content control policies to the content on your corporate intranet or web portal? Extend content-aware, role-based mobile policies to intranet or web portal content Do you want to let your mobile users make use of the apps they like and that make them more productive, while securing and managing those apps in an enterprise-appropriate way? Safeguard data and ensure performance and reliability by building or injecting foundational security and configuration services, including a secure content container, into the apps MDM 2.0 is already here The concept of putting mobile to work is not new, and the business case for MDM 2.0 is here today. What has changed, however, is that the paradigm of expensive, purpose-built mobile terminals with fixed clients and complicated and costly ERP integrations has given way to a less expensive, more flexible approach that provides a rich toolset to develop mobile business apps, as well as a platform for distributing, managing, and securing them in an enterprise-friendly way. A national chain of restaurants is using Apple ipads across North America to check-in guests, let customers know when their tables are ready, and help dining staff optimize seating allocation. This leads to more table turns every day in every restaurant, increases asset utilization (square footage, tables), and delivers hard ROI. The restaurant chain also uses those ipads to WHITE PAPER The Shift to MDM 2.0 2

secure communications between restaurant managers via an enterprise social networking app, deliver training content to employees across restaurants, and distribute recipes to kitchen staff. We may not think about a recipe as intellectual property, but it s gold to this restaurant chain, and they need to make sure that those recipes don t get out of the company s control so they keep careful track of those devices and set policies to alert management and take automated data security actions when users take them off-premises. An international airfreight logistics company is arming its flight crews around the world with Samsung Galaxy Tabs. From its headquarters in North America, the company is able to manage its global flight crew schedule, wake up crewmembers wherever they are in the world, and ensure compliance by making sure that crews are where they need to be at exactly the right time for the company s complex and interdependent logistics business to work. The company has strict mobile and app availability requirements because each flight is not only subject to FAA and other regulations, but because they are beholden to contractual partner service-level agreements that carry fines for non-compliance. The apps they roll out on the devices are mission critical, and they are deploying them on mobile. A luxury resort hotel is changing the way it does business with mobile. Among a host of ipad initiatives around the hotel, its valets are equipped with Apple ipods to help them optimize the valet process and improve the customer experience. When customers leave the hotel, the valet at the kiosk in front of the hotel uses an ipod with a barcode scanner attached, scans the customer s ticket, and uses a third-party app to locate the car and alert the closest valet to bring it. The hotel has reported a reduction in customer wait times from 20 minutes during peak hours to just a few minutes. The thing that s common across these examples is that mobile is changing the way organizations are doing business, they very often involve the roll-out and management of important or even mission-critical mobile apps, and in most cases they produce a step-wise improvement in a business process that leads to real ROI. Capabilities for putting mobile to work We ve introduced the notion of MDM 1.0 and MDM 2.0 above in terms of what the conversation looks like and what companies are starting to achieve with mobile, but let s take a step back and put it in terms of enterprise mobility requirements and capabilities. MDM 1.0, which remains the primary driver for enterprise mobility projects today, is about managing a diverse array of mobile devices across their lifecycle. Organizations addressing BYOD initiatives need to manage devices from preenrollment through device retirement, and do so in a way that s secure and compliant. This involves configuring devices and defining policies; provisioning devices by letting users self-service enroll and delivering apps to the devices over-the-air; protecting devices by configuring device, app, network, and data security and locking or wiping devices when lost or stolen; performing remote support for users; monitoring and reporting on device status, mobile service, mobile infrastructure, and compliance; and decommissioning and retiring devices upon user departure from the organization. MDM 1.0 capabilities: Device lifecycle management CONFIGURE PROVISION SECURE SUPPORT MONITOR DECOMMISSION Configure devices and set policies Provision devices, apps, policies; enable users to self-service enroll Secure devices, apps, network, and data Provide helpdesk support and proactively troubleshoot Monitor and report on device, service, compliance Decommissioning devices upon departure MDM 1.0 addresses device management, including supporting all of the stages and processes throughout the device lifecycle such as device configuration, provisioning, and decommissioning. WHITE PAPER The Shift to MDM 2.0 3

Before we detail the capabilities that help organizations put mobile to work, let s talk about some of the underlying tenets of MDM 2.0. Our view is that managing apps and data on mobile is best achieved through harmony between enterprise IT requirements and end-user needs. MDM 2.0 represents the unification of openness, end-user satisfaction, and corporate data protection. Openness. MDM 2.0 needs to be open. Enterprise users should have the freedom to download and use the apps they know and find easy to use, and access the content they need to do their jobs. End-user satisfaction. In mobile, the end user is king. MDM 2.0 should not hinder the native app experience or introduce unnecessary steps into the way users work. Corporate data protection. Rather than altering the device or app to achieve security, MDM 2.0 should focus on protecting the corporate data that traverses those apps and devices. There are four primary sets of capabilities that make up MDM 2.0: 1. Device management (which is MDM 1.0 and is an essential part of 2.0) 2. Content security and collaboration 3. Web and intranet security 4. Business-ready apps Below we highlight each of the MDM 2.0 capabilities. MDM 2.0 capabilities Product Vision and Strategy Business-Ready Custom Apps Available Today CORE MDM MDM 2.0 Business Ready 3rd-Party Apps Web and Intranet Security Content Security and Collaboration Device Lifecycle Managment APPS & DATA DEVICE MDM 2.0 goes beyond device management and includes content security and collaboration, web and intranet security, and business-ready mobile apps. Content security and collaboration. Content security and collaboration is about making enterprise content available to mobile users when and where they need it. It s about giving users a good experience and letting them access content in its native format. It s also about setting policies defining what users are and aren t allowed to do with the content so that organizations can keep control over their sensitive data and prevent it from leaking outside of the company. When it comes to mobile content, the challenge we hear about most often is that organizations want to give users access to data so they can collaborate and work more efficiently, but they are concerned about data leakage. Whereas the MDM 1.0 conversation centers around being able to lock and wipe devices when they re lost or stolen to protect corporate data, the big WHITE PAPER The Shift to MDM 2.0 4

threat now is about uncontrolled data sharing through an endless tapestry of file synchronization technologies like Evernote and Dropbox. In the Zenprise Mobile Device Management Cloud Report for Q2 2012, 3 Evernote and Dropbox were the fourth and sixth most prevalent apps in customers enterprise app catalogs, yet both made customers app blacklists. This speaks to their simultaneous business usefulness and riskiness. File synchronization technologies are especially concerning because of the multiplier effect: files that are saved outside of the corporate network aren t just shared with one device, but with all of the devices that are connected in a viral manner via the file-sharing service. The most common ways business content gets on mobile devices in the first place is via email attachments, mobile access to content repositories or intranets, and file synchronization technology, so any solution to the problem should start by addressing those distribution mechanisms. Use case: ACME Corporation has rolled out ipads to its senior leadership, Directors and above. Those users regularly send non-public financial, business strategy, and competitive documents via email, and need to access them on their ipads. They also access those documents from their enterprise content repository, Microsoft SharePoint, from their ipads. Those users also have file sharing and synchronization applications such as Evernote downloaded onto their devices, and use them regularly to be more productive on-the-go. ACME s risk and compliance office is concerned about those documents being removed from email or SharePoint and leaked outside of the company via the file sharing apps. One way to address data leakage in this scenario is by providing a secure content container on mobile devices that serves as a secure alternative (or is tied directly see business-ready apps) to a file sharing app. For content that is sent as an email attachment, organizations should be able to encrypt the attachment in transit to a mobile device and specify that it can only be opened in the content container or in a protected app. For content in an enterprise content repository, organizations should be able to require that content only be accessed in the container. In both cases, the data in the content container should be encrypted at rest and the connection between the content container and the backend repository should be secured with an app-specific VPN (without having to deploy full-bore VPN). The administrator should be able to set role-based, contentaware policies that dictate what users can and can t do with the content: synch to the device, print, email, email link, copy/ paste, check in/check out, or open in another app. When content owners make revisions, those revisions should automatically synchronize the content containers on mobile devices for version control (so when the corporate pitch changes, for example, all users automatically have the latest on their tablets), and administrators should be able to time-expire content to reduce errors from users having outdated or inaccurate information. Finally, administrators should be able to set automated compliance around that content that kicks in when certain events occur. That includes wiping the content when the device has become jailbroken or the user has exceeded a certain number of login attempts. It also includes issuing a warning or wiping content when a corporate device has left a geo-fence, or a defined geographic perimeter. Imagine that in the restaurant case above, management wants to make sure that the recipes that are being distributed to kitchen staff around the country stay on restaurant premises at all times (this is their intellectual property, after all). The administrator can establish a geo-fence around the restaurant and specify a policy that any devices that leave that perimeter will be wiped clean of those recipes. 3 http://www.zenprise.com/mdm-cloud-report-q2-2012 WHITE PAPER The Shift to MDM 2.0 5

Basic reference architecture for secure content and collaboration corporate Top Secret Sales Data Top Secret Sales Data Can be opened in secure container or business-ready app personal Not sensitive Not sensitive Can be opened in any app Secure content and collaboration checklist 1. Deploy a secure content container for mobile devices 2. Secure the connection between the container and the content repository with an app-specific VPN 3. Set content-aware, role-based policies for mobile user permissions (synch, email, open in another app, etc.); also, version-control and time-expire content 4. Encrypt email attachments so that they re encrypted on mobile devices and can only be unencrypted when opened in the container 5. Establish automated compliance policies (e.g., wipe content on perimeter breach) on corporate devices that must stay on-premise Web and intranet security. In the problem described above, we identify corporate intranets or web portals as mechanisms for mobile users to access potentially sensitive business data. Use case: ACME Corporation has offered mobile access to its intranet to mobile users. Some of that content is confidential (e.g., a price list) and some isn t (e.g., a piece of sales collateral). The organization would like to be able to set content-based permissions for its mobile users. As in the secure content and collaboration section above, when it comes to mobile web and intranet access, organizations should be able to deploy the same content container on devices, and have web and intranet content be downloadable into that container. They should be able to set the same user policies on that content, as well as version-control and time-expire the content. Also, as above, organizations need to secure the connection between mobile devices and web and intranet content with an encrypted tunnel, but do so without offering their users full-bore VPN access. One way to accomplish these is with a corporate browser that offers granular, mobile access to web-based resources and integrates to the secure content container on the device. This way, organizations can secure and enable access to corporate web and intranet content that users need from their mobile devices. At the same time, they can differentiate between the content that s being accessed and set usage policies based on the level of content sensitivity. WHITE PAPER The Shift to MDM 2.0 6

Basic reference architecture for web and intranet security Corporate intranet Corporate browser App-specific VPN Not sensitive Top Secret Sales Data DLP policies govern what users can do with each Web and intranet security checklist 6. Secure the connection between the container and your corporate intranet or web portal with a corporate browser and an app-specific VPN 7. Set content-aware, role-based mobile policies to intranet or web portal content Business-ready apps. In each of the examples above, we talk about protecting content in a secure container on the mobile device. But in the spirit of openness, mobile users need to be able to use the apps they know and love apps that make them more productive in their jobs. If only enterprises could let users work in those apps while also protecting sensitive enterprise data. Use case: ACME Corporation has a robust bring your own device program. They monitor what apps users are downloading and are disconcerted to find that file sharing apps are among the most popular. Given that users can access sensitive business data from their mobile devices, the consequences associated with data leakage are significant. However, the organization also recognizes that the file sharing apps are important to business users. Rather than blacklist the apps, they d rather find a way to secure the sensitive data. In order to protect data across mobile apps, organizations should have a set of business-ready apps ones that have security already built-in. That includes an app-specific secure container, user authentication and single sign-on, secure network connectivity with an app-specific-vpn encryption of data-at-rest. These capabilities should be present whether the app is custom-developed or provided by an app vendor. Once an organization has identified which apps are business-ready, it can specify in which apps content (whether an email attachment, file in a content repository, or data originating from an app) can be accessed. Beyond security, business-ready apps should have other foundational services: fault tolerance to ensure application performance and reliability; the ability to inject configuration and storage policies; and single sign-on for user efficiency and experience. In short, business-ready apps should enable users to interact with content in the same way they do today, but while also giving enterprise IT the tools to protect data and ensure that the apps are appropriate for enterprise use. One way to achieve this is through the development of an application virtualization layer. This layer separates mobile apps from foundational services. Similar to a services bus, it brokers the interactions between the services and the ecosystem of participating apps. This allows, for example, a shared token across all apps for single sign-on, or a set of storage policies to be used across apps. WHITE PAPER The Shift to MDM 2.0 7

With business-ready apps working together with secure content, organizations needn t be concerned about file sharing apps on mobile devices. They can encrypt the mobile content they care about, specify in which apps it can be accessed, and set policies for handling that content across that ecosystem of apps. And by making the most important apps businessready, they can also inject the key performance and reliability features that make those apps ready for prime-time in business-critical or even mission-critical mobile environments. Basic reference architecture for business-ready apps and app virtualization layer Top Secret Sales Data Top Secret Sales Data #!$8)*%3 RT $#@-0 Fault Monitoring Mobile App Virtualization Layer Identity Management Businessready apps Network Storage Policy Foundational app services Mobile App Virtualization Layer Business-ready apps checklist 8. Safeguard data and ensure performance and reliability by building or injecting foundational security and configuration services, including a secure content container, into the apps Zenprise Puts Mobile to Work With recognition as a leader and innovator by leading analyst firms and a long list of enterprise mobility firsts such as Mobile Data Leakage Prevention, Mobile App Tunnels, and Mobile SIEM integration, Zenprise focuses on innovations that help our customers put mobile to work. With already a robust industry-leading offering that secures and manages mobile devices, apps, and data, we are building the next-generation of MDM, consisting of secure content in email and on the web and business-ready apps. And we are doing this while remaining fully committed to our MDM 2.0 tenets: openness, end-user satisfaction, and corporate data protection. About Zenprise Headquartered in Silicon Valley, Zenprise provides the most innovative and secure mobile device management solution, backed by the best customer service in the industry. Unlike most vendors offering device management software, we are focused on next generation MDM. This means making mobile apps business-ready and keeping mobile content secure, while harmonizing enterprise IT needs and the user experience. So, whether you are supporting bring your own device, deploying mobile apps to your service fleet, or distributing sensitive documents to your board of directors, Zenprise makes it easy for you to put mobile to work. Zenprise s extensive list of global customers and partners spans a cross-section of countries and vertical industries including: aerospace and defense, financial services, healthcare, oil and gas, legal, telecommunications, retail, entertainment, and federal, state, and local governments. For more information about Zenprise, please visit z or follow us on the Zenprise blog (http://www.zenprise.com/blog), Facebook (http://www.facebook.com/zenprise), and Twitter (@Zenprise_Inc). 09/12. WP-51-1 WHITE PAPER The Shift to MDM 2.0 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information