Insight-eSeminar zum Thema BYOD, 2012-09-20 Bernhard Kammerstetter Client Technical Professional für IEM in ALPS (CH, FL und AT) Email: Bernhard_Kammerstetter@at.ibm.com Telefon: +43 1 21145 3392 Private Geräte im Unternehmen - ein großes Potential mit Risiken
Mobile Devices ein nicht aufzuhaltender Trend Mobile and Cloud - Top spending priorities 1 ein strategisches Thema für die IBM Dramatic Growth in Mobile Devices Mobile data traffic exceeded voice in 2010 2 Shipments of Smartphones exceeded total PC shipments for the first time in 2011 3 10 Billion mobile connected devices are expected to be in use by 2020 3 50% of web sales to be generated from social and mobile apps by 2015 4 1 2011 IBM Global CIO Study 2 Wireless Industry News, August 26, 2010 3 2011 Economist 4 Gartner October 19, 2011 ein großes Potential für unsere Partner
Mobile Devices The next step in the evolution of computing Mobile/Wireless/Cloud Web/Desktop Client/Server Host/Mainframe Treiber Förderung beivon unsern Mobile Kunden: Devices durch: deren das Management BYOD (Bring Your Own Device) Preis und Performance der Devices Challenges: Diversität der Endgeräte Consumer-Devices für s Business Security!!!
IBM is uniquely positioned to deliver end-to-end app and mobile device lifecycle management Client Initiatives Build mobile applications Connect to, and run backend systems in support of mobile IBM Sample Offerings Worklight (MEAP) Cast Iron IBM Rational Application Developer WebSphere Application Server Web 2.0 and Mobile Feature Pack IBM Websphere Portal Mobile Experiences IBM Lotus Domino XPages Green Hat (an IBM company) Manage mobile devices and applications Secure my mobile business IBM Endpoint Manager for Mobile Devices (MDM) IBM Rational AppScan IBM Security Access Manager IBM GBS - Security & Privacy practice Identity Manager Extend existing business capabilities to mobile devices Transform the business by creating new opportunities Rivermine Telecom Expense Management IBM Lotus Notes Traveler Unified Communications Services Mobile Application Platform Management IBM GTS Mobile Enterprise Services (MAPM) IBM GBS Strategy & Transformation and Mobile Solutions Practice Social Collaboration Software IBM WebSphere Commerce V7.0 Feature Pack 4 4
Benefits of an Endpoint Manager based Approach to Mobile Device Management Organizations would prefer to use the same tools across PCs, tablets and smartphones, because it's increasingly the same people who support those device types Gartner, PCCLM Magic Quadrant, January 2011 Although at some level mobile is unique, the devices are just another form of endpoints in your infrastructure. This means whichever technologies you procure should have a road map for integration into your broader endpoint protection strategy. Forrester, Market Overview: Mobile Security, Q4, 2011 Reduces Hardware & Administration Costs Single pane for mobile devices, laptops, desktops, and servers Single Endpoint Manager Server scales to 250,000+ devices Unified infrastructure/administration model reduces FTE requirements Fast Time-to-Value Enterprise-grade APIs enable integration with service desks, CMDBs, etc (Integrated Service Management) Cloud-based content delivery model allows for rapid updates with no software upgrade or installation required 5
PCs and mobile devices have many of the same management needs Traditional Endpoint Management Mobile Device Management OS provisioning Patching Power Mgmt Device inventory Security policy mgmt Application mgmt Device config (VPN/Email/Wifi) Encryption mgmt Roaming device support Integration with internal systems Scalable/Secure solution Easy-to-deploy Multiple OS support Consolidated infrastructure Device Wipe Location info Jailbreak/Root detection Enterprise App store Self-service portal 6
Mobile Devices Create New IT Challenges Mobile devices magnify existing challenges and also pose unique ones that significantly disrupt traditional management paradigms. Traditional Mgmt Model Enterprises provide all equipment Small set of supported platforms / models IT initiates and manages upgrades IT tightly controls apps and security New Device Mgmt Paradigm Employees bring personal devices (BYOD) Many different manufacturers / models OS/app upgrades managed by carriers, OEMs, users Users control their own devices Options for IT departments Don t allow mobile devices because they are too hard to manage Allow unmanaged and insecure mobile devices Invest in tools to secure and manage devices 7
Managing Mobile Devices The Problem Security & Management Challenges Potential unauthorized access (lost, stolen) End User Disabled encryption Insecure devices connecting to network Corporate data leakage Mail / Calendar / Contacts Access (VPN / WiFi) Apps (app store) Enterprise Apps Encryption not enforced VPN / WiFi Corporate Network Access icloud itunes Sync icloud Sync 8
Managing Mobile Devices The Solution Endpoint Manager for Mobile Devices Enable password policies Enable device encryption Force encrypted backup Disable icloud sync Access to corporate email, apps, VPN, WiFi contingent on policy compliance! Selectively wipe corporate data if employee leaves company Fully wipe if lost or stolen End User Personal Mail / Calendar Personal Apps Corporate Profile Enterprise Mail / Calendar Enterprise Access (VPN/WiFi) Enterprise Apps (App store or Custom) Encryption Enabled VPN / WiFi itunes Sync Secured by BigFix policy icloud icloud Sync Corporate Network Access 9
How does IEM manage mobile devices? Agent-based Management Complete set of management functionality Supported OSes Android Native BigFix Agent (95%+ shared code) Apple ios Apple MDM APIs Windows Mobile, Windows CE Email-based management through Exchange (ActiveSync) and Lotus Traveler (IBMSync) Minimal management functionality (security policies + wipe) Supported OSes ios Android Windows Phone Symbian 10
Multitenant-capabilities (Mandantenfähigkeit) 1) users of the TEM-console have different authorities 2) they only see content which is assigned the custom-sites for which they are granted Custom Site für z.b. Kunde X PW-Policy Baselines Tasks Groups Analyses 3) Only have access to devices which are assinged to their customsites 11
IBM Endpoint Manager, built on BigFix technology Tivoli Endpoint Manager IT Operations Solutions Tivoli Endpoint Manager for Lifecycle Management Tivoli Endpoint Manager for Mobile Device Management Tivoli Endpoint Manager for Patch Management Tivoli Endpoint Manager for Power Management Tivoli Endpoint Manager for Software Use Analysis Unifying IT operations and security Tivoli Endpoint Manager IT Security Solutions Tivoli Endpoint Manager for Security and Compliance Tivoli Endpoint Manager for Core Protection Data Protection Add-On Tivoli Endpoint Manager for Mobile Device Management Tivoli Endpoint Manager for Patch Management 12
Functionality Overview Category Platform Support Endpoint Manager Capabilities Apple ios, Google Android, Nokia Symbian, Windows Phone, Windows Mobile Management Actions Selective/full wipe, deny email access, remote lock, user notification, clear passcode Application Management Application inventory, enterprise app store, ios WebClips, whitelisting/blacklisting Policy and Security Management Password policies, device encryption, jailbreak/root detection, disable icloud Location Services Enterprise Access Management Expense Management Track devices and locate on map Configuration of Email, VPN, Wi-Fi, Authenticated Enrollment, Self Service Portal Enable/disable voice and data roaming Cloud Email Device Management Office 365 support Containerisation Nitrodesk Touchdown for Android
Konsole mit Dashboards für Agent-basiertes Management oder Apple ios 4 und 5 Android 2.x und 3.x Windows Mobile 5.x und 6.x Geräte die an eines der folgenden Email-Systeme angeschlossen sind: MS Exchange 2007 und 2010 via ActivSync IBM Lotus Traveler 8.5.x via IBM Sync 14
Management von ios-devices 15
Management von Android-devices 16
A unified report of password policies across all mobile OS makes it easy for administrators to identify non-compliant devices 18
ios Enrollment 19
App Management 20
ios Jailbreak Notification 21
A user-friendly ios Profile Configuration Wizard exposes all of the configuration of Passcode-Policies 22
A user-friendly ios Profile Configuration Wizard exposes all of the configuration restrictions 23
View installed apps on Android and ios devices 24
Self Service Portal for the User of the Phone / Tablet
View details about the phone, profiles, apps and security and submit and review actions
Executive Summary Android and ios devices have quickly penetrated the enterprise, bringing productivity gains, along with increased risk and cost IBM Endpoint Manager for Mobile Devices delivers strong MDM capabilities in an infrastructure that enables unified management of all enterprise devices desktops, laptops, servers, smartphones, and tablets IBM is uniquely positioned to deliver end-to-end app and mobile device lifecycle management with Mobile Enterprise Application Platform (MEAP), Mobile Device Management (MDM), and Telecom Expense Management capabilities 27