Smart Devices @ Givaudan From BYOD experience to new mobile opportunities
2 Givaudan
What s going on? Consumerization of IT Personal device proliferation Personal cloud services proliferation Millenials generation Access personal applications @work Access corporate applications @home Anywhere Anytime from Any Device Who decides user or corporate IT? Devices Applications Security 3
Drivers For Change Smartphones landscape in the US Multi-devices trend + smart devices proliferation Demands of company provided/supported tablets Upcoming mobile applications 4
Now what? A short terms solution to our problems sort of 5
BYOD Challenges How to provide platform independent services? How to avoid interfering with personal apps and data? How to secure corporate data? Can we secure the full device? Can we wipe the device? Do we support personal devices?.. 6
Mobile Devices Situation 18 months ago 950 Blackberry smartphones Services: Email, calendar, contacts Chat Intranet Company provided Full end-user support Standard corporate service: BlackBerry 2011 - First experiment of BYOD service 380 users (volunteers) Email, calendar, contacts on iphone and ipad only Bring Your Own device (employee liable) User self support (+ forum) 7
Approach MDM platform implementation To support various devices Addition of Android to the BYOD service Follow quick market evolution Be ready for mobile app deployment Build foundation for an evolutive mobile services platform Find the right trade-off between security and user-experience In parallel, enhance mobile service with new features (Chat, VPN ) Provide courtesy wireless to corporate users for internet access only (reduce personal costs while in the office) MDM selection MobileIron Identified differentiators with competitors: Integration with device operating system (no sandbox approach) App deployment capabilities (Internal app store) Integrator in Switzerland (Nomasys) 8
Security Data device encryption embedded in the profile (ios) ActiveSync outgoing flow only Access to email/calendar/contacts windows credentials into device client Attachments no limitations Lock-code mandatory embedded into device profile loaded Internal approval process to access the service VPN required to access internal resources Only http and https Device identified through a certificate from PKI infrastructure Courtesy network filters through MAC@ for access Same web traffic filtering rules as corporate Wipe is authorised 9
High-Level Timeline BYOD ios only BYOD service based on MDM (ios +Android) Company provided multi-device catalogue MDM solution selection PoC Pilot Phase Service go- Live Satisfaction survey Corporate service preparation Corporate service deployment Multi-device corporate service Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 2011 2012 2013 today 10
Our BYOD Service Today Based on MobileIron solution 1600 active devices Voluntary enrolment ios & Android only Email, Calendar, Contacts + Chat VPN for ios (via MobileIron PKI device certificate) Security rules Mandatory screen-lock pin code Jailbroken/rooted devices not allowed Remote wipe in case of loss User self support (+ forum, getting started videos) Users must comply read and accept 11
Our BYOD Service Today Infrastructure and Security In-house managed redundant MDM platform infrastructure Employees BYOD internet access, but no access to internal resources End-User security rules same as corporate for web access Content and virus filtering Juniper VPN for ios (device certificate access control) Transparent launch No user authentication Corporate security rules VPN provides http/https limited access to resources 12
Satisfaction Survey August 2012 Participation: around 250 users (40% of the user population at that time) General satisfaction rate: All devices iphone/ipad users Android users 93% 96% 78% 13
What s next 2013: Multi-device corporate catalogue (but keep it simple) Including corporate tablets (ios only) Mobile apps in-house development Deployment via MobileIron app store Apps@Work Open network to more resources Allow devices into corporate network? Keep controlled access through VPN? 14
Open Questions Blackberry future Windows phone 8 success Any other mobile OS out there? Android as a secure business platform? BYOD with financial compensation to replace corporate smartphones? How to deal with the forthcoming general unavailability of feature phones Outsourced MDM solution? Increased attacks on mobile devices -> higher corporate and data leak risks? 15
16 Q&A