Managing and Securing the Mobile Device Invasion 2012 IBM Corporation
Please Note: IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. 2
Google, Apple, and corporate employees are the big winners; Nokia, RIM, and IT departments are facing challenges Share of global Q4 2011 smartphone sales to end users, by OS Android and ios accounted for 75% of all smartphone shipments Consumer-oriented devices from Apple and Google have quickly penetrated the enterprise, but remain largely unmanaged Source: Gartner 2012; does not include media tablets 3
Mobile Devices Create New IT Challenges Mobile devices magnify existing challenges and also pose unique ones that significantly disrupt traditional management paradigms. Traditional Mgmt Model Enterprises provide all equipment Small set of supported platforms / models IT initiates and manages upgrades IT tightly controls apps and security New Device Mgmt Paradigm Employees bring personal devices (BYOD) Many different manufacturers / models OS/app upgrades managed by carriers, OEMs, users Users control their own devices Options for IT departments Don t allow mobile devices because they are too hard to manage Allow unmanaged and insecure mobile devices Invest in tools to secure and manage devices 4
Managing Mobile Devices The Problem End User Mail / Calendar / Contacts Access (VPN / WiFi) Apps (app store) Enterprise Apps Encryption not enforced VPN / WiFi Corporate Network Access Security/Mgmt Problems Potential Unauthorized Access (lost, stolen) Insecure devices connecting to network Lack of encryption Corporate data leakage icloud itunes Sync icloud Sync 5
Managing Mobile Devices The Solution End User Personal Mail / Calendar Personal Apps Corporate Profile Enterprise Mail / Calendar Enterprise Access (VPN/WiFi) Enterprise Apps (App store or Custom) Encryption Enabled VPN / WiFi itunes Sync Secured by BigFix policy icloud icloud Sync Corporate Network Access Endpoint Manager for Mobile Devices Enable PW Policies Enable Device Encryption Force encrypted backup Disable Sync Corporate Access, email access, and App access contingent on Policy Compliance! Wipe if lost / stolen Wipe corporate data if employee leaves company (selective wipe) 6
PCs and mobile devices have many of the same management needs Traditional Endpoint Management Mobile Device Management OS provisioning Patching Power Mgmt Anti-Virus Mgmt Device inventory Security policy mgmt Application mgmt Device config (VPN/Email/Wifi) Encryption mgmt Roaming device support Integration with internal systems Scalable/Secure solution Easy-to-deploy Multiple OS support Consolidated infrastructure Device Wipe Location info Jailbreak/Root detection Enterprise App store Self-service 7
IBM Endpoint Manager delivers a unified systems and security management solution for all enterprise devices Windows & Mac Desktops/Laptops Unix / Linux Servers Supporting more devices Android / ios / Symbian / Windows Phone devices Windows Mobile / Kiosks / POS devices and more capabilities. Device Inventory Endpoint Protection S/W Use Analysis Patch Mgmt Power Mgmt Security Config Mgmt Mobile Device Mgmt Configuration Mgmt Remote Control OS Deployment 8
Functionality Overview Category Platform Support Management Actions Application Management Policy & Security Management Location Services IBM Endpoint Manager Capabilities Apple ios, Google Android, Nokia Symbian, Windows Phone, Windows Mobile Selective wipe, full wipe, deny email access, remote lock, user notification Application inventory, enterprise app store, Volume Purchase Program (VPP), whitelisting, blacklisting Password policies, device encryption, jailbreak & root detection Track devices and locate on map Enterprise Access Management Configuration of Email, VPN, Wi-fi 9
How does Endpoint Manager manage mobile devices? Advanced management on ios through Apple s MDM APIs* Advanced management on Android through a BigFix agent 10 Email-based management through Lotus Traveler (IBMSync) ios Android Windows Mobile Symbian Windows Phone (currently in beta) * Refer to Apple s MDM documentation to learn what functionality MDM vendors can take advantage of: http://images.apple.com/iphone/business/docs/ios_mdm.pdf
Endpoint Manager for Mobile Devices Dashboard 11
A Single Device View enables administrators and helpdesk personnel to easily view device details and take required action 12
A unified report of password policies across all mobile OS makes it easy for administrators to identify non-compliant devices 13
An on-device app can be used to distribute enterprise apps and detect whether an ios or Android device is jailbroken or rooted 14
App Management 15
ios Jailbreak Notification 16
Configure and deploy Lotus Traveler policies directly from the Endpoint Manager Console 17
A user-friendly ios Profile Configuration Wizard exposes all of the configuration capabilities in Apple s MDM APIs 18
Deny Email Access by Policy 19
View installed apps on Android and ios devices 20
IBM Endpoint Manager for Mobile Devices Architecture TEM Server Apple Push Notification Servers Console / Web Reports DB http / 52311 Relay(s) http / 52311 http / 52311 Management Extender for (Exchange or Lotus) https Mgmt Extender for ios Apple Push Notification http / 52311 Email Server (Exchange/Lotus) Apple MDM Interaction Desktops / Laptops Servers ActiveSyn c / IBM Sync Androi d ActiveSyn c Phones / Tablets w/ema il Apple Full Agents Full Agents Android TEM App Apple TEM App 21
Acknowledgements, Disclaimers and Trademarks Copyright IBM Corporation 2012. All rights reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this publication to IBM products, programs or services do not imply that they will be made available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth, savings or other results. All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Information concerning non-ibm products and services was obtained from a supplier of those products and services. IBM has not tested these products or services and cannot confirm the accuracy of performance, compatibility, or any other claims related to non-ibm products and services. Questions on the capabilities of non-ibm products and services should be addressed to the supplier of those products and services. All customer examples cited or described are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer and will vary depending on individual customer configurations and conditions. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Prices are suggested U.S. list prices and are subject to change without notice. Starting price may not include a hard drive, operating system or other features. Contact your IBM representative or Business Partner for the most current pricing in your geography. IBM, the IBM logo, ibm.com, and other IBM products and services are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( or ), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at ibm.com/legal/copytrade.shtml 22