Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence



Similar documents
OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

iphone in Business Mobile Device Management

ipad in Business Mobile Device Management

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Deploying iphone and ipad Mobile Device Management

Absolute Manage MDM. John Wu Systems Engineer

Ensuring the security of your mobile business intelligence

Copyright 2013, 3CX Ltd.

Mobile Device Management Version 8. Last updated:

ios Enterprise Deployment Overview

Preparing for GO!Enterprise MDM On-Demand Service

NHSmail mobile configuration guide Apple iphone

Deploying iphone and ipad Apple Configurator

Advanced Configuration Steps

When enterprise mobility strategies are discussed, security is usually one of the first topics

Cloud Services MDM. ios User Guide

Athena Mobile Device Management from Symantec

End User Devices Security Guidance: Apple ios 8

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

McAfee Enterprise Mobility Management

Symantec Mobile Management for Configuration Manager 7.2

MaaS360 Mobile Enterprise Gateway

MaaS360 On-Premises Cloud Extender

MaaS360 Mobile Enterprise Gateway

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Mobile Tablet Devices

Global Mobile Technologies Guide for Zenprise Enrollment for IOS devices (ipad, iphones)

ipad in Business Security

Enterprise Security with mobilecho

GO!Enterprise Mobile Device Management ios Release Notes

Deploying iphone and ipad Security Overview

Systems Manager Cloud Based Mobile Device Management

What We Do: Simplify Enterprise Mobility

iphone in Business Security Overview

Mobility Manager 9.5. Users Guide

Feature and Technical

Mobile Device Management for CFAES

Xperia TM. in Business. Enterprise Mobility Management. Read about how Xperia devices can be administered in a corporate IT environment.

MaaS360 Cloud Extender

Mobile Configuration Profiles for ios Devices Technical Note

Mobile Device Management and Security Glossary

Windows Phone 8.1 Mobile Device Management Overview

Ensuring the security of your mobile business intelligence

SysAid MDM User Guide for Android

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Introduction to AirWatch and Configurator

Feature List for Kaspersky Security for Mobile

QuickStart Guide for Mobile Device Management. Version 8.6

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

Mobile Iron User Guide

Sophos Mobile Control Installation guide. Product version: 3

Symantec Mobile Management 7.1

Quick Start Guide. Version R9. English

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

ONE Mail Direct for Mobile Devices

Corporate-level device management for BlackBerry, ios and Android

Symantec Mobile Management 7.1

Symantec Mobile Management 7.2

Symantec Mobile Management Suite

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

SysAid MDM User Guide for ios

Securing Office 365 with MobileIron

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

Deploying. Mac. Five best practices

Dell Mobile Management. Apple Device Enrollment Program

ios Education Deployment Overview

Sophos Mobile Control Startup guide. Product version: 3.5

Apple Deployment Programs Apple ID for Students: Parent Guide

MDM Mobile Device Management

QuickStart Guide for Mobile Device Management

How To Support Bring Your Own Device (Byod)

1. Introduction Activation of Mobile Device Management How Endpoint Protector MDM Works... 5

IBM Cognos Mobile Overview

Kaspersky Security for Mobile Administrator's Guide

Using MobileIron Sentry for Control and Visibility into ActiveSync Devices

An Overview of Samsung KNOX Active Directory and Group Policy Features

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

Cisco Mobile Collaboration Management Service

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown

Mobile Device Management Solution Hexnode MDM

Sophos Mobile Control as a Service Startup guide. Product version: 3.5

Managing enterprise in a mobile world

User Manual for Version Mobile Device Management (MDM) User Manual

Sophos Mobile Control Startup guide. Product version: 3

Server Installation ZENworks Mobile Management 2.7.x August 2013

ManageEngine Desktop Central. Mobile Device Management User Guide

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices

Symantec Mobile Management 7.2

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

GETS AIRWATCH MDM HANDBOOK

Kaseya 2. User Guide. Version 7.0. English

Apps. Devices. Users. Data. Deploying and managing applications across platforms is difficult.

Sophos Mobile Control SaaS startup guide. Product version: 6

CA Mobile Device Management 2014 Q1 Getting Started

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Transcription:

Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence White Paper

Vodafone Global Enterprise 3 The Apple iphone has become a catalyst for changing the way both users and organisations think about their phones. Users want iphones because of the exceptional experience they provide and because they support business applications. These applications include email, but also broad business applications like Salesforce.com and even niche business applications like medical imaging viewers. Enterprises need an iphone strategy While enterprise IT s reaction may be to say no, saying no is not an option. Invariably, an executive will demand an iphone or the groundswell from users will become too loud to ignore. Enterprise IT departments need to think now about strategies to support iphone deployments locally and worldwide and adopt the tools necessary to support their deployment strategy. Enterprise IT administrators need to pay particular attention to walking the fine line between providing end-users the tools to take full advantage of the richness of the iphone experience, and having processes in place to keep corporate data as secure as possible. Some organisations just focus on items such as corporate email, calendar, and contacts but need to ask: How does the solution protect all of our corporate data? What about users of Safari (the Apple web browser) or other applications? How am I protecting my laptops today? Would I just protect email when securing my laptops? To make iphone deployments successful, enterprise IT should: 1. Connect enrolled iphones securely to enterprise resources, including email, Wi-Fi and VPN 2. Provide access to recommended enterprise applications 3. Enforce enterprise security policies to protect corporate data 4. Maintain a detailed, central inventory 5. Provide access control over iphones connecting through 6. Secure lost, stolen, or retired iphones through full and selective wipe 7. Bring iphones under IT management 8. Option to administer centrally for consistent multi-country deployments Let s examine each of these areas and how Vodafone s Device Manager for iphone can help. 1. Connect enrolled iphones securely to enterprise resources, including email, Wi-Fi and VPN Once a device is enrolled, it is important to make the device useful by allowing it to connect to enterprise resources such as email, Wi-Fi, and VPN. These configurations should be: Generated dynamically, meaning that a user s credentials should be prepopulated and the right resource (e.g., server name, VPN concentrator) targeted to the right employee. Handled over-the-air, to eliminate the need for enterprise IT to physically configure each iphone (a time-consuming task even for small deployments). Transmitted in a secure format, such that when configurations are pushed over-the-air, the information within them (server names, account names, etc.) cannot be intercepted by hackers. Vodafone Global Enterprise Device Manager makes it easy to provision end-users for enterprise resources, including email, Wi-Fi, and VPN. It dynamically generates configurations for iphones based on the settings defined by an enterprise IT administrator. Administrators are able to tie settings to LDAP groups to meet the varying requirements within the organisation. All configuration profiles generated for an iphone are delivered over-the-air using a protocol called SCEP (Simple Certificate Enrolment Protocol). Use of the SCEP protocol not only allows distribution of configurations without the need for IT to physically touch a device, but it also ensures that the configurations themselves are encrypted such that sensitive information, like server addresses and account names, are not exposed during the distribution process. The certificates used to sign and encrypt configuration profiles can also be used for authentication to back-end resources, including Exchange, Wi-Fi and VPN. Finally, because Vodafone Device Manager signs all configuration profiles, any backups made with itunes will automatically be encrypted and password protected.

Vodafone Global Enterprise 5 2. Provide access to recommended enterprise applications While email, Wi-Fi, and VPN are important resources to provision to a user s phone, they are not the only elements an IT department should be concerned with. iphones are essentially mini computers and have been designed to power rich applications, including business-oriented applications like Salesforce.com and CRM. Organisations face two main challenges in handling applications within their enterprise: Communicating which of the 250,000+ applications on the Apple App Store are supported by the enterprise and making them easily accessible. For instance, many organisations would provide support for applications like the popular CRM tool, Salesforce.com or news tools like Reuters, while they would not provide support for iphone games. Understanding how they will handle reimbursement of paid applications. Many applications, including popular ones like QuickOffice, cost money, and IT will need to determine how to pay for those applications. Vodafone Device Manager Application Distribution for iphone The Vodafone Device Manager platform helps enterprises communicate to end users which App Store applications are supported by IT, assists with the application reimbursement process, and makes it easy to provide direct access to web-based applications. Through the Device Manager application, enterprise IT administrators can link to applications from the App Store and create a recommended applications list, which can be custom-tailored to an individual or group of users. When a user clicks on a recommended application, they see a description of the application and the option to download it from the App Store. Employees can participate in giving IT visibility into their application usage by marking these recommendations as applications they use. Updates to the recommended applications list can be made over-the-air to reflect changes in recommendations and in policies. For example, using the recommended applications list, IT can ensure that an executive travelling to China is equipped with the right language translation tool or currency converter just before their trip. Managing payment for applications is also an important issue. Most organisations prefer to tie itunes accounts to personal credit cards or corporate cards that are personally liable, and then reimburse employees for use of sanctioned applications. To support this, the recommended applications list can be targeted to individual users or groups, enabling IT to communicate which applications will be reimbursed by either the corporate IT or finance departments. Employees automatically know what is supported and what is not from within their own iphone; regular auditing against these lists can help track down sources of abuse. Device Manager administrators can also give users easy access to web-based applications by configuring Web Clips. A Web Clip places a direct link to a website within the user s iphone home screen. This allows an end-user to launch a web application as they would any other application. 3. Enforce enterprise security policies to protect corporate data Most companies, when protecting laptops, protect those devices by ensuring the device has a strong power-on password and that the device has full disk encryption. The reason why organisations use these methods is because they know corporate data is within multiple applications on the laptop, not just email. iphones fit into the same model, there are many business-oriented applications (Salesforce.com, WebEx, and Oracle Business Applications, among others) and each of these applications may have corporate data. Thus, the entire device must be secured. To secure the iphone, Vodafone Device Manager delivers configurations securely, and these configurations apply to the entire device. We can: Define the complexity of a power-on password (password type, number of characters, number of special characters required, etc) Define the number of failed attempts a user can make before the device wipes itself. Each configuration delivered is digitally signed to prevent tampering; a user cannot delete or overwrite the security policy applied because of this signature. While email is not the sole repository for corporate data, ensuring that the email system is secured is still critically important. To accomplish this, Vodafone Device Manager places access controls into the email environment. These controls ensure that if a user does not periodically launch the Vodafone Device Manager client, the user will automatically be disconnected from email. Specifically, the Vodafone Device Manager can: Provide visibility of all devices connecting to Prevent unregistered / unmanaged devices from connecting to Prevent devices that have not connected to Vodafone Device Manager/ launched the Device Manager application in a specified period of time from connecting to Prevent devices that have not received the latest policy within a specified period of time from connecting to Detect and report what OS an iphone is running; if the iphone is not running a minimum iphone OS, then the phone can automatically be disconnected from Detect the platform type of a device and if the platform does not support full disk encryption (eg iphone 3GS) then disconnect it from Detect if a iphone has been modified through multiple signature-based methods; if the iphone is modified, optionally disconnect it from. How often these assessments take place (eg once a day, once a week, etc) is administratively definable.

Vodafone Global Enterprise 7 4. Is phone in compliance YES 3. User Enrolls iphone Sentry 5. Vodafone Updates Allowed Devices List for 1. User attempts to access corporate email 2. Request denied, Device not in Allowed List for Email 6.User attempts to access corporate email 7. Request allowed 4. Maintain a detailed, central inventory Once users begin enrolling on the system, it is important to know what iphones exist, who they are associated with, and whether they are owned by the user or the enterprise. Additional useful information available includes phone number, serial number, etc. As they look to keep an accurate device inventory, IT must decide: How to record and track inventory information How to keep up with the ever-increasing number of devices in the organisation How to ensure that the information is kept up to date over time. Further, visibility into the environment is also crucial to the success of any iphone deployment. Device Visibility Features The Device Manager platform can easily provide visibility into the managed devices connecting into the organisation, including iphones, by means of the Device Manager client. The Device Manager client gathers detailed information about an individual device and reports it back to the Device Manager platform. In the case of the iphone, reported data includes device ID, platform type (eg iphone, 3G, 3GS, 4), and OS type (eg iphone OS 3.0, 3.1 or ios 4). This information can be used to answer simple questions like How many devices are in my organisation? and What is the breakdown of iphones versus other devices? The information can also be used to help manage policies, such as mandating that iphone operating systems be kept up to date. Vodafone s Device Manager also provides visibility of enterprise devices connecting into the environment. The Vodafone Device Manager Sentry acts as a gateway, only allowing authorised devices to connect to. The Sentry functionality allows organisations to understand what devices have connected to corporate email, possibly bypassing security policies such as mandates that devices be registered with a device management system. The Sentry acts as an proxy. Device clients connect to the Sentry, which relays email traffic to the server. This method will work for: On-premise solutions, such as Microsoft Exchange, Lotus Notes and Novell GroupWise Cloud-based email environments, such as Gmail and Microsoft Hosted Exchange Services, where functions such as direct query of the mail server and remote wipe may not be readily available. 5. Provide access control over iphones connecting through We believe that customers should experience the best email experience. To do this, customers should leverage the iphone s native email client, with email delivered in real time to the device as emails are received. With becoming a de facto standard for push email and PIM (Personal Information Manager) and with an increasing number of devices that support, IT must prioritise native security and management instead of investing in email point-products. Vodafone Device Manager Management Capabilities The Sentry changes the email model from one where any device can connect, to one where enterprise IT can manage the influx of devices entering the network. With the Sentry, enterprises can ensure that only registered devices are allowed to connect to corporate email. This means that organisations are able to properly provision, secure, and manage a device before the device begins downloading corporate email. The Device Manager platform can also set policies to limit the number of devices connecting to. This helps to prevent numerous devices from accessing corporate email simultaneously and limits exposure to risk for the organisation. Vodafone Device Manager Security Features for iphone Once devices are provisioned, it is important to determine if they meet the correct requirements to connect to corporate email. The platform can detect whether iphones have been modified. Modified iphones should be disconnected from enterprise email in order to protect corporate data. Upon detecting a modified iphone, the Device Manager platform can notify administrators to take action, and also disconnect the phone from corporate email. This method helps to ensure that phones that pose a high security risk don t connect to the organisation. Organisations should also ensure that their user base runs the latest iphone OS software. Apple continually releases updates to the iphone that enhance both the user experience as well as the security of the device. Through the Device Manager platform, IT administrators can detect if users have not upgraded their iphone, and then prompt those users to upgrade. Administrators can also use the Sentry to require that users run the latest iphone OS software from Apple before connecting to corporate resources. Finally, the Device Manager platform can use its inventory capabilities to set policies that require that only specific iphone models to be able to connect to corporate email. This access control functionality helps enterprise IT enforce policies that mandate full device encryption to protect all corporate data on the device, including email, application data, and any corporate information that exists in the browser cache. Furthermore, the use of signed configuration profiles distributed by the device management platform enforces the requirement that all itunes backups be password protected and encrypted.

Vodafone Global Enterprise 9 Summary 6. Secure lost, stolen, or retired iphones through full and selective wipe A user may misplace or lose their phone, so protection of data is vital. In other cases, an employee may leave the company with a personal iphone that had been connected to the corporate network. With the multitude of situations that IT may have to contend with, it is important for IT to have the right tools to remove confidential information from a device for a given situation. Securing Lost, Stolen, or Retired iphones If a device is lost or stolen, it is important to be able to wipe the device of all corporate information and restore it to factory defaults. The Device Manager platform can easily identify an individual iphone and push a remote wipe command to the phone. This command causes the device to remove all information and essentially returns the device to the state it came in when it left the factory. This approach to wiping corporate information is critically important; as mentioned earlier, corporate data can exist in many places throughout the phone. While many use cases are served by fully wiping an iphone, Vodafone recognises that a one-size-fits-all may not exist. In some cases, for instance when an employee leaves the company, the IT department may want to focus on removing email from the device instead of wiping out personal information, like music or pictures of the employee s family. mailbox on an iphone can be reset and this causes all of the email to be removed from the device. After this command is issued, the phone is blocked from accessing the server to ensure that email cannot be downloaded again to the device. This allows IT to begin drawing an enterprise data boundary between corporate and personal information on the phone. 7. Bring iphones under IT management There are generally two approaches when it comes to connecting smartphones to enterprise management systems and our solution supports both. IT should act as the gatekeeper for smartphones connecting to the enterprise by enrolling devices for users. End-users should enrol their devices themselves via a simple process, to help unburden the IT staff. With Vodafone Device Manager for iphone, administrators define by group or individual user what rights should be assigned, including the ability to enrol phones. Vodafone recognises that not all users will provision themselves or that IT may want to control the process. Therefore, the Vodafone Device Manager Admin Portal enables IT to enrol phones on behalf of end users, either individually or by importing information for multiple users and phones. Regardless of the method used, both enrolment and provisioning is handled over-the-air, eliminating the requirement for IT to physically touch each device. 8. Option to administer centrally for consistent multi-country deployments Many large enterprises operate with regional if not globally centralised IT functions. It is important to be able to apply and enforce policies and applications recommendations regardless of country boundary. This reduces the cost of management and delivers consistency of policy to different user groups. Vodafone Device Manager for iphone can be deployed either hosted within your premises or within the cloud. It operates independent of the country of iphone use and can even deliver control to devices outside the extensive Vodafone network. This allows offering consistency, lower operations resource and centralised reporting capability. Organisations across virtually every industry have found iphones gaining traction among their employees. While iphones have certainly served as the catalyst for broadening the set of supported mobile devices in the enterprise, users will quickly bring in other platforms. Whatever strategy your enterprise adopts, all existing smartphone platforms should be manageable. Without automated tools, any smartphone deployment, including iphones, will become difficult to support. Vodafone Global Enterprise provides the broadest set of best-of-breed tools for organisations to deploy iphones with confidence across the globe and independent of the current carrier or provider.

www.vodafone.com/globalenterprise 00000/09/10 Vodafone Group 2010. This document is issued by Vodafone in confidence and is not to be reproduced in whole or in part without the prior written permission of Vodafone. Vodafone and the Vodafone logos are trademarks of the Vodafone Group. Other product and company names mentioned herein may be the trademarks of their respective owners. The information contained in this publication is correct at time of going to print. Such information may be subject to change, and services may be modified supplemented or withdrawn by Vodafone without prior notice. All services are subject to terms and conditions, copies of which may be obtained on request.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information