1. security in a hybrid mam & Mdm world
Carlos Montero-Luque, SVP Engineering
Tuesday, July 31, 12
2. mobility management
• “It’s appropriate to manage the device if you own that
device... If the corporation owns the device, it should
manage that device. When is it valid to manage the
application? Always”
• Alan Murray, SVP Products, Apperian
• “IT should not manage what it does not own”
• Gartner
Tuesday, July 31, 12
3. enterprise mobility management
• Enterprise Mobility Management has become a core policy
for CIO’s
• Mobile BYOD is no longer a trend, but a way of life for most
organizations
• The economics of BYOD, if done properly, are favorable
for organizations that manage and embrace it
Tuesday, July 31, 12
4. mobility and It
• The life of the IT manager has not changed, it simply got
more complicated
• Issues that were relegated to management behind a firewall
are now extended by two major IT trends:
• Cloud computing
• Mobile computing
• Security, compliance, governance, remediation, those issues
are as important as ever
Tuesday, July 31, 12
5. The dilemma for it
• IT has two key responsibilities:
• Provide expected and certifiable security, protection,
compliance
• Provide applications and content required by users
Tuesday, July 31, 12
6. extending to mobility
• The issues that are relevant in “traditional” client platforms
are just as important in mobility:
• Acquiring and deploying applications and content
• Delivering content to users, securely
• Enabling access to internal and external required
content
• Managing infrastructure
Tuesday, July 31, 12
7. CONSTRAINTS
• IT needs to deal with these new requirements:
• Cost-effectively
• From multiple form-factors
• Securely and by policy
• With appropriate management
• Dealing with a new IT experience
• In BYOD environments
Tuesday, July 31, 12
8. Enterprise mobility management and
security
• Security is a core requirement
• Mobile Application Management provides key elements for security
in enterprise mobile environments
• The draft of NIST Special Publication 800-124 defines security
objectives:
• Confidentiality of data
• Integrity of data
• Availability of resources
Tuesday, July 31, 12
9. apperian and enterprise mobile
security
• The Apperian AppBus architecture describes a holistic view
for securing enterprise assets in a mobile environment
• Securing access to the mobile environment,
applications, and content via Mobile Application
Management
• Ensuring the integrity of content and applications
• If needed, securing devices via Mobile Device
Management or native device security tools
Tuesday, July 31, 12
11. nist guidelines to improve mobile
security
• Develop models for system threats to devices and corporate
assets accessed through them
• Identification, likelihood, impact, analysis, controls
Tuesday, July 31, 12
12. required security services
• General policy
• Data Communication and storage - Apperian EASE
• User and device authentication - Apperian EASE
• Applications - Apperian EASE
Tuesday, July 31, 12
13. apperian EASE capabilities
MAM#Lifecycle#
Source Prepare protect manage publish
✓ Inspect apps for non-conformance & malware
✓ Apply set of policies to an App file with no coding
✓ Securely install Apps over-air to multiple devices to scale
✓ Provide private app catalog to deliver custom apps
✓ Create analytics on app usage by user/app/group
Tuesday, July 31, 12
14. mobile device security policy
• Which mobile devices can access enterprise resources
• Which resources are accessible
• Device provisioning
• Administering management software
• Consistency with non-mobile environments
Tuesday, July 31, 12
15. operational aspects in a mobile
environment
• Implementation and testing of a solution prototype
• Securing devices to allow resource access
• Maintaining the mobile environment security
Tuesday, July 31, 12
16. SUMMARy
• Enterprise Mobility Management is a core policy and needs to be
a core capability for a growing number of CIOs
• Security in a mobile environment has a number of layers to it,
sometimes applying to devices, but always applying to corporate
assets, including user access, applications, and content
• Standardizing the security in an enterprise mobile environment
uses a number of processes, tools, and techniques. MAM provides
a comprehensive set of tools to secure corporate assets. MDM can
complement those tools by managing device security, if needed
Tuesday, July 31, 12