Embracing BYOD Trend Without Compromising Security, Employee Privacy, or the Mobile Experience

Shanmugarajah (Shan)Director Architecture, Enterprise Mobility

WSO2 Inc.

Agenda• Work- New definition• Enterprise Mobility Challenges• Different Approaches to Data

Security• BYOD• WSO2 EMM• Summary

16 years back

Employees

Enterprise

Data

Device

Device

Work• Happens inside a place•Dependent on specific Technology• Resources Within the premise

Owned by enterprise

Now

Thanks to technology

Enterprise

Data

Employees

Device

Data Work• Independent of place• Independent of Technology•Resources Within the premise and outside

Owned by enterprise and employees

Enterprise Mobility ?

• New trend towards a shift in work habits.

• Employees working out of the office with Mobile devices and cloud services to perform business tasks.

Enterprise Mobility

Challenges

Allow Mobility in your organization ?

Enterprise

Data

Employees

Device

COPE

BYOD

Public Store

• Data Security • Remote Device Management • Enterprise Store• Enterprise Application

Development & Management

Challenges

Data Security How the data can be

compromised ?Device being lost or stolenMalicious App stealing the dataData Leak

What is the data ?•Email message or the attachment

•Documents like pdf,word,excel,ppt,text

•Browser accessing HTML pages,cookies

•Contact,Calendar,Notes•Application with Database

Why the data is sensitive ?

•It can be highly confidential like quotation value, salary details

•It can have a high impact if it goes to the wrong person

Who can compromise ?ExternalInternal

Enterprise needs some kind of Tool to solve the

enterprise Mobility challenge

EMM

Data Security - Approach 1

Mobile Device Management

• Enforce password policy on the device

• Encrypt data when locked (AES 256 FIPS 140-2)

• Enterprise Data WIPE & Device WIPE

• iCloud Backup Disable

How MDM can solve this challenge ?

• If the password is compromised• Malware or malicious app

stealing data

• MDM has very little control over data sharing and DLP

Data Security - Approach 1 - MDM

Drawbacks

Vendor Apps

Enterprise Apps

Apps from Public Store

Apps in the Device Challenge

1.Need to separate enterprise apps and data 2.Able to Control it3.Limit interaction with personal apps and data.

Data Security - Approach 2 - Separate Apps and DataWithin

Device

Away from Device

Away from Device•Desktop Virtualization or VDI technology (Citrix XenDesktop,VMWare Horizon View, Dell vWorkspace, Remote Desktop Microsoft.

•Web Apps

Within Device• Virtualized OS’s on the mobile device (Hypervisor 1 and 2)

Data Security - Approach 2 - Separate Apps and Data

Dual persona, two separate and independent end user environments in a single device.

Mobile VirtualizationVirtualized OS’s on mobile (Hypervisor 1 and 2)

BlackBerry BalanceSamsung KNOX

Other Dual Persona’s Blackber

ry Z10Samsung Note 3

KNOX Container

Not all the devices support dual persona iOS does not support or Apple will not allow to modify the OS • Desktop virtualization• Web apps• Mobile virtualizationEach one of those options

has its flaws.

Data Security - Approach 3Mobile App

Management• MAM gets you a step

closer to managing what you care about

• MAM brings the perimeter closer to the corporate resources

Mobile App Management (MAM)1. MAM (Controlling App behavior) 1a. SDK Approach 1b. App wrapping2. OS MAM - iOS MAM through MDM3. App Store and Managing apps with MDM

Data security features1.Encrypt the data at transmit use app VPN

tunnel or app tunnel2.Encrypt the data at rest & decrypt only when

viewing 3.Two factor authentication 4.Data Loss prevention (Disable Cut,Copy and

Paste)5.Data at rest should be controlled (Delete)6.Policy based Data control , where policy can

be pushed and updated

MAM controlling apps behavior

Additional Features1.Enterprise Apps in the mobile should be able

to use SSO2.Data can be shared between application 3.DLP (cut,copy,paste) should be enabled

between enterprise applications

MAM SDK ApproachSDK contains all the necessary API to implement the MAM featuresProvides enterprise-grade security with user authentication, single sign on, copy/paste prevention, data encryption, app-level policies, compliance monitoring and management.

MAM - App Wrapping App

Wrapper Tool

• For apps already built• Need unsigned app binary.• Not to apps from public app stores.• Can do basics of encryption,

authentication, or app-level VPNs.• Can intercept, block, or spoof API calls

made• Can change the app icon

MAM Solution (Controlling app behavior)•Works across all versions of Android and iOS

•Native apps provide a superior user experience.

Remote desktops, web apps, and virtualized mobile devices each have their place in the EMM world, but MAM has distinct advantages.

Data Security - Best Approach

• Remote Device Management (MDM)

• Enterprise Store • Enterprise Application

Development & Management(MEAP, mBaas)

Other Challenges in Enterprise

Embracing BYOD in Enterprise - Benefits• Cost • Device Maintenance• Improved Productivity

User-Experience and Privacy in BYOD

More than one Enterprise Apps Every app needs login Desktop apps have SSO Why not give the same experienceNative App

Monitor the personal data like contact info, app info Location info of the user

User- Experience

Privacy

WSO2 Enterprise Mobility Manager

WSO2 EMM

WSO2 EMM Features• MDM• Enterprise Store with

Publisher• Mobile App

Management

Mobile Device Management• Employee / Corporate Owned• Supports Android, iOS• Identity integration • Policy Management• Containerization (Email)• Self Service Provisioning• Role Based Permission• End-User MDM Console • Enterprise Wipe• Reports & Analytics

Configuration

Android Features•Device Lock•User password protected WIPE•Clear Password•Send Message•Wi-Fi•Camera•Encrypt Storage•Mute•Password Policy•Change Lock Code•App Blacklisting

•Location•Battery Information•Memory Information•Operator Information•Root Detection•Application Information

Information

iOS Features•Device Lock•Clear Passcode•Wi-Fi•Camera•VPN•APN•Email•Calendar•LDAP•Black - Listing Apps•Enterprise WIPE•Password Policy

•Battery Information•Memory Information•Application Information

ConfigurationInformation

WSO2 EMM Screens

• Supports multiple platforms• Android

• Native, Hybrid Application (.apk)• Web Application• Market Place Application (Google Play) [Free]

• iOS (iPhone, iPad)• Native, Hybrid Application (.ipa) - Need to have enterprise developer account• Web Application• Apple Store Application [Free]• VPP Application (Next Release)

Publisher

WSO2 EMM – Publisher

Store Supports multiple platformsUser subscriptionAdvanced search optionsApp sortingSupport for existing user stores (Widgets, Gadgets, Books, Magazines , APIs).Single-Sign on

WSO2 EMM – Store

Application Management Console• Mobile app policy

enforcement• Compliance

monitoring• Bulk app push• User App

Management• Tracking app

Installation

WSO2 EMM – App Management

Enterprise

Data

COPE

BYOD

Public Store

Mobile Project ManagementMobile Project Management

Unified StoreBackend API, mBaaS API

Unified StoreBackend API, mBaaS API

Development IDEDevelopment IDE

MDM MDM

MEAP

Big Picture

Roadmap•App Containerization (SDK Approach)•Samsung KNOX Integration •Dynamic Policy •mBaaS•MEAP

Summary•Different approaches to BYOD problem•Based on your requirement Can be MAM , or it can be hybrid (MDM & MAM)

•End-user experience and their privacy is important

Consumerization is a two-way street. You need to make sure your users understand the need to keep resources safe, but you also need to make corporate resources accessible.

IT Consumerization

Q/A

Thank you