Slide 1. Enterprise mobility is a top 1 or 2 initiative across virtually every industry, size of company, and around the world. The market has blown estimates and forecasts out of the water as companies seize the business opportunity mobile devices bring. Please indulge me for a few data points that hopefully illustrate this point. Forrester revised its estimate from earlier this year upward by nearly 70%, predicting this will be a $6.6B market by 2015. 59% - the number of organizations, according to Forrester, who are employing a “bring your own device” program at work. BYOD is the big driver that everyone talks about but beyond that, and where it starts to get interesting, is that businesses around the globe are pursuing mobile strategies to gain business advantage anddrive top line growth. 3x – In a recent report about Mobility and ERP, Aberdeen noted that best in class enterprises are 3 times more likely than other enterprises to have business process workflow tied to employees’ mobile devices. And finally, 17,000 – diving into one vertical alone, this is the number of healthcare applications in major app stores today. It’s an example of one industry putting its money where its mouth is and representative of the business opportunity in that vertical alone. ? $6.6M market Chart: Forrester’s new projection for the Mobile Management Services market, up 69% from the prior projection earlier this year59%: The percent of companies now supporting BYOD, per Forrester via GigaOM (http://gigaom.com/mobile/forrester-more-than-half-of-enterprises-support-consumer-phones/). This is here and now. Companies don’t have a choice.3x: The greater likelihood than all others of “best in class” enterprises, per Aberdeen’s framework, to have business process workflow tied to their mobile device, per Aberdeen report, “Mobility in ERP 2011”, May 2011. Mobility is also a business opportunity that executives recognize and want to seize on.17,000: Diving into one vertical, the number of healthcare applications in major app stores today. An example of the business opportunity in one vertical alone.
Slide 2. 2010. The problem we’re addressing is the mobile blindspot. Organizations have spent the last ten years or so – not to mention billions of dollars – securing the information in their businesses with technologies like firewalls and anti-malware…but then mobile devices come along and threaten all that because they’re coming into enterprise networks, IT can’t see them, can’t audit them, can’t control what they’re accessing, and can’t claw back sensitive data once it’s been downloaded onto a device.
Slide 3. Here’s a look into three specific use cases we address: 1. Dealing with users accessing important business apps and data over insecure networks; 2. Employees using non-compliant apps or apps that could put their business at risk, especially during the workday. Think about the trader whose investment bank was fined $6B for an insider tip that he sent via the Facebook IM function while on the trading floor during market hours; and 3. Employee access to sensitive business data with no ability for the enterprise to lock down that data.
Slide 7. We have two mobile device management offerings that address management and security of mobile devices across their lifecycle: ZenpriseMobileManager, our on-premise offering, and Zencloud, our cloud-based offering available as public, private, or hybrid cloud.
Need to make sure the layers are mapped to correct entiities, data is not a layerSlide 8. Our customers’ primary requirement – and the vision we’re delivering on – is what we’re calling real-time security at all layers of the mobile enterprise. Zenprise has unique differentiators at each of the mobile device, application, network, and data layer.
Slide 3. First, tackling the device. At the device we offer table stakes functionality like lock and wipe, selective wipe, configuration, device inventory, continuous compliance, integration with enterprise resources like AD, PKI, WiFi, VPN, etc…as well as the broadest and deepest device support in the market. But beyond these minimum requirements, and where we’re unique, is we also bring dynamic, context-aware policies based on role, device type, location, time of day, and whether the device is company-issued or personally-owned. An example is the ability to limit the camera function for government employees with a certain clearance level who are working in a certain location, or as is the use case here, in blocking a specific application, in this case, Facebook, for traders during market hours. We call this Dynamic Defense, it’s one of our key features, and it’s unique to usFlexibility in the policy
Slide 4. Next, the app layer. At the app layer it’s about enabling secure access to applications, granular app features, BL, WL, enterprise app store, app inventory, the ability to do a number of things including not just block the device from entering the network, but also shutting an app down…A lot of the leading MDM providers offer these features. But where we’re unique is that Zenprise provides something we call Mobile App Tunnels, which are like VPNs, dedicated encrypted connections between a user and an app regardless of VPN connectivity. So it can work if the device is connected via VPN or not. The value of this is it solves the all-or-nothing issue that we see with VPNs – where a user who has VPN access for one app can fairly easily access any corporate app to which he has desktop access but may or may not have permission on a mobile device. App tunnels put the control and governance into the hands of IT, so they can granularly offer secure app access by role on a per app basis. It also solves the app segregation issue. You don’t want to be exposing your sensitive business apps to the rest of the apps on a device, especially a personally-owned device. This protects the rest of your corporate network if something bad like malware infects one device. Finally, a non-security benefit of app tunnels is that they maintain state in the case of spotty networks or dead zones. So if I’m on one network and need to change, I don’t need to start a new session; the solution will maintain state and then resume the connection when I have better network connectivity. Nobody else does this; it’s unique to Zenprise.
Slide 5. Next, the network layer. The network layer is where our Secure Mobile Gateway does heavy lifting enforcing policies such as blocking of blacklisted apps and proxying ActiveSync traffic. What’s unique to us, though, is it’s where administrators have visibility into devices and user behavior, such as whether mobile users are accessing secure content on their mobile devices. It lets our customers protect the corporate network from mobile and insider threats and provides log intelligence to SIEM tools for correlation, alerting, reporting, and forensics. In fact, we were just recognized as the top new security vendor at the HP Protect show for our solution, and our Mobile Security Intelligence had a lot to do with it. It is unique to Zenprise – nobody else provides this.SIEM app; SplunkOnly integration with Splunk
Slide 6. Finally, the data layer. This is our new Enterprise Mobile DLP solution. It’s the first in the industry to address sensitive data at the data layer. Mobile data leakage has been an issue for years, but the industry has tried to solve it by securing proxies for the data – like securing the device (which is necessary but doesn’t go far enough), or like building coarse-grained email sandboxes, which are cumbersome and don’t really protect data because users can bypass them. What we’ve built is a secure document container that uses mobile-to-enterprise connectivity and lets users do secure document synchronization, but lets the enterprise govern the data through context- and content-aware policies, and integrates with Microsoft Sharepoint.
. Another differentiator is that Zenprise is enterprise-grade, meeting the requirements of large enterprises or enterprises that have high availability service levels. We have proven ourselves in multi-tens of thousands of device production deployments in the Fortune 100. We have high availability throughout – at the web, app, and data tiers, and in the case of our cloud offering, at the datacenter level. We feature active-to-active clustering so that failover and failback are seamless events for your users. In fact, we’re so committed to our highly-available architecture that we’re offering a 100% uptime guarantee as part of our Zencloud PREMIUM offering
This is one of the reasons Gartner has recognized us as #1 in their Critical Capabilities report.
Slide 9. How does it work? A core capability of mobile device management is support for the entire device lifecycle. Zenprise supports the device from cradle to grave in a seamless way. This includes: 1. Configuring devices by type, role, or group; setting up access to corporate resources such as VPN and Wi-Fi; setting security policies such as passcode enforcement, restricting access to content and resources, application blacklisting and whitelisting, and specifying application packages for users; 2. Provisioning devices by enabling fast and simple user self-service enrollment, and delivering configurations, policies, packages, and files in a secure, automated way over-the-air; 3. Providing remote support and helpdesk functions, such as remote lock, wipe, selective-wipe, and locate, or troubleshooting service or access problems. Also, enabling some basic user self-service support; 4. Monitoring and reporting on devices, device details, compliance, and user behavior; and 5. Decommissioning devices upon employee departure. Since we have visibility into which devices are company-issued vs. user-owned, we can enable your customer to choose different decommissioning techniques (e.g., full wipe vs. selective wipe) for each type of device.
Slide 10. How does configuration and provisioning work? Once Zenprise is installed, deployment of configurations and policies is simple and efficient. It’s a question of walking through an easy-to-understand, yet fully-featured set of configuration screens. Set configuration parameters, policies, and specify application packages.
Slide 11. Let users self-service enroll in minutes with this easy four step process, including starting enrollment, entering in their credentials, installing their certificate and profile, and downloading enterprise-recommended applications and files. The result will be a customized mobile device appropriate for the user’s role and device.
Slide 12. What does it look like behind the scenes? Zenprise uses a highly available, redundant, scale-out architecture that has allowed us to support some of the world’s largest mobile device deployments, but do so in a way that employs security best practices.
Slide 12. What does it look like behind the scenes? Zenprise uses a highly available, redundant, scale-out architecture that has allowed us to support some of the world’s largest mobile device deployments, but do so in a way that employs security best practices.
Slide 14. The solution is available as on-premise or as a public or hybrid cloud offering. Our cloud offering features a 100% uptime service level agreement.
Slide 14. Don’t just take our word for it. Talk to our customers, like this aerospace company and one of the biggest companies in the world. They needed a solution that was scalable enough to meet their needs, as well as could support all the different device types they were rolling out. But even more importantly, and really the tipping point for their decision to go with Zenprise over MobileIron, was they needed a highly available solution, so when they did something in their Exchange environment, their mobile users didn’t experience downtime, or when there was a failure, the failover and failback process were seamless. An added benefit for them was visibility on carrier expenses, and the ability to use that intelligence to make decisions.
Slide 15. Same with this global telecommunications company. They chose us over MobileIron, AirWatch, BoxTone, and Good to secure and manage tens of thousands of their devices because of our simple, well-supported integration and configuration as well as strong match with their requirements. We were able to help them reduce device-enablement service requests by 30%.
Slide 18: As you position Zenprise with your prospects and customers, if you remember these five points, you’ll be set. 1. Zenprise is the ONLY MDM vendor to protect across all layers of the mobile enterprise – the mobile device, app, network, and data; 2. Our offering was architected with security in mind from the get-go. Versus top competitors in the field, who may expose data in the DMZ or have insecure connections to sensitive business data, Zenprise protects your data and is the chosen vendor of some of the most security conscious enterprises and government organizations today; 3. We are the most scalable solution in the market, proven in many production deployments in the tens of thousands of devices; 4. With the highest availability, with full redundancy at all tiers and active-active clustering meaning that technology failures needn’t mean downtime for users or insecurity for your enterprise. We’re so confident in the availability of our offering that we’re the only vendor to offer 100% uptime guarantee in our cloud offering; and 5. Industry analyst Gartner has recognized us as #1 in their recent critical capabilities report.
All the IPC communicaiton require the same permission. Starting Activities, starting or connecting to Services, accessing ContentProviders, sending and receiving broadcast Intents, and invoking Binder interfaces can all require the same permission. Therefore users don’t need to understand more than “My new contact manager needs to read contacts : e.g. for READ_CONTACTS application.
Adding category to intent restricts to what it can do. Future categories could (for example) indicate an Intent was from a remote machine or un-trusted source but because this category won’t match the IntentFilters we put on our applications today, the system won’t deliver them to our programs. android:permission attribute in an <activity> declaration will prevent programs lacking the specified permission from directly starting that ActivityWhen defining Activities, those defined without an intent-filter or an android:exported attribute are not Developers need to be careful not just when implementing Activities but when starting them too. Avoid putting data into Intents used to start Activities that would be of interest to an attacker. A password, sensitive Binder or message contents would be prime examples of data not to include
because Activities can ask the user before acting. However, it is easier to secure sending a broadcast than starting an Activity because broadcasts can assert a manifest permission the receiver must have.
because Activities can ask the user before acting. However, it is easier to secure sending a broadcast than starting an Activity because broadcasts can assert a manifest permission the receiver must have.