Empowering BYOD and Mobile Security in the Enterprise Jeff Baum, APAC Managing Director
Growth of Mobile Mobile worker population will reach 1.3 Billion in 2015 Source: IDC Worldwide Mobile Worker Population 2011-2015 Forecast Tablets are forecasted to reach 665 Million in 2016 Source: Gartner Forecast: Media Tablets by Operating System, Worldwide 2010-2016, 1Q112 Update Smartphones forecasted to reach 1.279 Billion in 2016 Source: Gartner Forecast: Mobile Devices by Operating System, Worldwide, 2009-2016, 1Q12 Update 67% of people reported they use a personal device at work
Mobile Device Ownership for the Enterprise Dedicated Device Bring Your Own Device (BYOD) Shared Device Kiosk Device Laptop / Desktop Printers, M2M, etc.
What exactly is BYOD? According to top analysts, Bring-Your-Own-Device (BYOD) is an alternative strategy allowing employees, business partners and other users to utilize a personally selected and purchased client device to execute enterprise applications and access data.
Challenges with BYOD IT Departments are faced with several challenges that come with managing a variety of employee-owned devices and operating systems: Network access Network security Data loss prevention (DLP) Lost and stolen devices Supporting new and unknown equipment Privacy of employees data Added costs in supporting a variety of personal devices 5
Considerations for BYOD Device Choice Support multiple platforms and device types Centralize asset tracking and management Business Risks Enforce Terms of Use agreement acceptance Specify info collected and actions IT is allowed Device Management Simplify self-service enrollment for end users Manage approval work flows for enrollment requests Automate user authentication and device provisioning Configure settings and policies based on ownership Self-service support without IT involvement Integration into existing corporate user portals Employee Privacy Isolate personal and corporate data on device Set privacy settings to prevent viewing of personal data Enterprise Security Secure access to enterprise services, apps and content Disable access / remove data for non-compliant devices 6
Enable Device Choice Multi-platform support for latest makes, models, OEMs of smartphones, tablets, laptops o Apple o Symbian o Android o Windows Mobile o BlackBerry o Windows Phone o Mac OS X Limit device platforms, model, OS and number of devices per user with device white/blacklist Set limitations on the maximum number of devices allowed per user Prevent jailbroken devices from enrolling 7
Enable Self-service Management Enroll additional devices Perform remote commands o Device query o Send message o Clear passcode o Wipe device Download optional profiles View device information: o Compliance audit o Installed profiles and apps o GPS location Request applications Get technical support 8
Flexible Deployment Options Native Approach Integrate with MDM No MDM Enabled via AirWatch Workspace Multiple Options Example: Corp App Only User Example: Corp BYOD 9
BYOD Lifecycle Self-service Corporate Resources Self-service Enrollment Self-service Enterprise Management Policy Definition BYOD and Enterprise Mobility Self-service Retirement 10
Phase 1: Policy Definition Set policies and configure profiles specific to employee-owned devices Set device privacy policies based on device ownership type Secure data and devices with encryption and passcode policies Automate actions and escalation processes for non-compliant or jailbroken devices Set enrollment message templates different device ownership types Customize corporate-owned, employee-owned and shared device (C/E/S) messages Set expected friendly name for devices prior to end user enrollment Profile Examples Passcodes Encryption Restrictions Email VPN Wi-Fi Deploy Profiles Multi-group Geo-fence Time-based 11
Phase 2: Enrollment Create custom enrollment messages using set templates Allow employees to enroll their personal devices into AirWatch with Agent or web-based enrollment Require end user to agree to custom Terms of Use for employee-owned devices Authenticate users via AD/LDAP integration o o o Auto-group users to specific organization group(s) and roles Quarantine non-compliant devices Automatically block non-authorized end users Add prompts for end users during enrollment (optional) Customize support number, email and landing page for end users with employee-owned devices 12
Protect Employee Privacy Ensure privacy of personal data Set privacy policies that do not collect personal data Set custom policies for employeeowned devices Define granular privacy policies GPS location User info o o o Name Phone number Email account Public apps Telecom data o o o Calls Messages Data usage 13
Phase 3: Access to Corporate Resources Ensure authorized and compliant devices have secure access to enterprise resources and accounts Distribute information and resources based on ownership Set BYOD policies and push profiles specific to employee-owned devices Recommend apps for and push apps to employee-owned devices Configure custom access to corporate content for employee-owned devices Disable download of sensitive apps and content on personal devices 14
Mobile Ecosystem Directory Services Content Filtering Corporate Networks Certificates and PKI Content Repositories Email Infrastructure Malware Anti-Virus SIEM 15
BYOD Management Mobile Device Management (MDM) Mobile Email Management (MEM) Enhanced Security and Compliance Mobile Content Management (MCM) Mobile Application Management (MAM) Mobile Browsing Management (MBM) 16
Apps Growing Focus to Manage 17 17 Copyright 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential.
Phase 4: Enterprise Management View device ownership at corporate level from a central, web-based console Designate administrators and customize privileges and access levels Configure policies, settings, certificates and access to enterprise accounts over-the-air Define compliance policies with automated actions for non-compliant devices Prevent unauthorized device use by enforcing policies and restrictions Locate and remotely wipe lost or stolen devices 18
Automated Compliance Track and view real-time device information via interactive dashboards Audit devices for compliance with corporate policies, settings, apps and more Automate governance monitoring and actions o o Send alerts to end users and administrators Remove profiles and access automatically 19
Phase 5: Retirement Remove access to corporate Email, Wi-Fi and VPN when end user un-enrolls or leaves the company Remove internal apps from devices upon end user departure Remove access to content upon end user departure Remove all corporate content and resources with enterprise wipe Perform enterprise wipe without affecting personal content on device 20
Deployment Models 70% Customers 30% Customers Multiple world-class data centers Industry-standard best practices High availability and redundancy Standard SLA greater than 99.9% Physical and virtual environments Internal, highly available architecture Turnkey AirWatch appliance available Full control over software upgrades 21 21 Copyright 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential.
BYOD Video 22
About AirWatch 1,500 employees 150 countries 16 languages 9000 8000 7000 6000 5000 4000 3000 2000 1000 0 Q1 2012 Q2 2012 Q3 2012 8,500 customers and growing Q4 2012 Q1 2013 Q2 2013 Today 9 global offices Our Mission: Simplify Enterprise Mobility TM 23
Company Differentiators Recognized as the world s leader in enterprise mobility Trusted by thousands of global, security-focused organizations Expertise in building and scaling enterprise solutions More than twice the size of any other EMM company Over 450 people and 30% of revenue dedicated to R&D Worldwide offices and localized sales and support teams Fast growing global customer base across all verticals Worldwide in-house professional services organization Global relationships with leading channel partners 24
Questions?