Enterprises these days usually provide employees with devices (company owned personally enabled – COPE) or allow employees to use their own devices (bring your own device – BYOD). What many people don’t realize is that enterprise mobility goes beyond developing a few mobile apps, allowing access to emails through mobile devices and browsing web apps on mobile devices.
Every organization needs to have a clear strategy when allowing mobility in their enterprise. First and foremost, you need to create a policy around device usage in your organization. A well constructed policy helps in keeping your enterprise information safe and secure. This policy should include
Which device platforms can be used (iOS, Android, etc.)
Which versions can be used
Whether rooted or jailbroken devices can be used
Whether to allow BYOD or COPE (or both)
Whether to allow access to company resources based on connectivity, location and time
Once the policy is created, you need to identify the tools that will help you enforce it. In this session Ruwan and Dilshan will share their expert advice on how to follow a winning path to achieve enterprise mobility.
2. Agenda
• Enterprise Mobile Device Management Overview
• Key Challenges Faced by Organizations
• Need for Mobile Device Management
• EMM Architecture and Features
• CDMF Architecture and Features
• Demo
• Platform Features
3. Enterprise Few Years Back
Employees
Enterprise
Data
Device
Work
• Carried out inside a place
• Dependent on specific technology
• Resources
Within the premise
Owned by enterprise
Device
6. Challenge - Data Security
How data can be compromised ?
Device being lost or stolen
Malicious applications stealing data
Data leaks
What is data ?
Email message or the attachments
Documents like pdf, word, excel,
ppt, text files
Browser accessing HTML pages
with cookies
Contacts, calendars and notes
Application with databases
Why data is sensitive ?
It can be highly confidential
like quotation value, salary
details etc.
It can have a high impact if it
goes to the wrong person
Who can compromise ?
External
Internal
7. Challenge - Monitor Devices
• What to monitor (location, root check, malicious
apps, bandwidth usage etc.)?
• To what extent?
• A threat to employee privacy?
9. Challenge - Legacy Back End System Integrations
• Legacy backends are not mobile friendly.
• Adheres to older protocols and standards.
• Only compatible with older mobile technologies.
Eg: MIDlets.
13. Data Security - Device Level
Data Security
Enforce Password Policy
Encrypt Device Data
Remote Device Management
Monitor Device (location, battery)
Configure device(Email, VPN)
Control Device (Enable/Disable
Camera)
Update OS, Install & Uninstall App
14. Data Security - Application Level
MAM gets you a step closer to managing what you care about
MAM brings the perimeter closer to the corporate resources
Data is protected
Application can be controlled
remotely
15. MAM Controls Application Behavior
• Encrypt the data at transmit. Eg: Uses app VPN
tunnel or app tunnel.
• Encrypt the data at storing & decrypt only when
viewing.
• Two factor authentication.
• Data Loss Prevention - DLP (disable cut, copy and
paste).
• Policy based data control, where policy can be
pushed and updated.
16. Solution - Enterprise Application Development &
Management
Data
COPE BYOD
1
3
2
4
Data Security
Remote Device Management
Enterprise Store
17. Decision for CIOs or IT Managers
Allow mobility in my business?
Allow employees to use their device ?
Allow business partners, distributors to
use their device ?
Allow them access corporate resources?
To what extent?
19. Drafting a BYOD Policy
• What devices are permitted?
• Supported features and boundaries for device
types.
• Ownership and permissions to applications and
data.
• Policy violation criteria and actions.
• Employee exit strategy.
• Prompt for approval.
32. Mobile Device Management Features
• Self-service device enrollment and management
with end-user EMM Console for iOS, Android and
Windows devices.
• Integrates to enterprise identity systems for
device ownership: LDAP, Microsoft AD
• Policy-driven device and profile management for
security, data, and device features (Camera,
Password Policy)
• Deploy policies over-the-air (OTA).
33. Mobile Device Management Features
• Compliance monitoring for applied policies on
devices.
• Role-based access control (RBAC) for device
management.
• Securely wipe enterprise configurations from
Enterprise wipe.
• Track locations of enrolled devices.
• Retrieve device information.
34. Mobile Device Management Features
• Facilitate device-owner operations such as
registering and unregistering devices, installing,
rating, sorting mobile apps, etc.
35. Mobile App Management
• Supports App management.
• App approval process through a lifecycle.
• Provision and deprovisioning apps to enrolled
devices.
• Provision apps to enrolled devices based on
roles.
• Provision apps to multiple enrolled devices per
user.
36. Mobile App Management
• Retrieve list of apps.
• Install new apps and update existing apps on iOS
devices via REST APIs, enabling automation of
application installation/updates for third party
systems/vendors.
• Install Web Clips on devices.
• Enterprise App Store.
• Discover mobile apps through an Enterprise App
Store.
37. Mobile App Management
• Self-provisioning of mobile apps to devices.
• Rating and Sorting Applications.
38. Device and Data Security
• Multi-tenancy to ensure data isolation across all
tenants.
• Enforce built-in security features of passcode and
encryption.
• Encryption of data storage.
• Device lock and reset.
• Managed APIs to perform administrative functions.
• Ring and GPS to locate device remotely if lost/stolen.
43. Enroll Email
Dear Dilshan,
You have been registered to WSO2 MDM with following credentials.
Domain:
Username: dilshan
Password: LbmS82
Below is the link to enroll.
https://192.168.1.5:9443/emm-web-agent/enrollment
Best Regards,
WSO2 MDM Team.
http://www.wso2.com
45. iOS Features
• Self-service device enrollment and management with
end-user EMM Console via iOS Agent or Web interface
for versions up to iOS 9 SDK.
• Facilitate remote notifications via Apple Push
Notification Service (APNS).
• Support for iOS 9.
• Device Tracking.
• Configuring cellular network settings.
• Device profile management.
46. iOS Features
• Retrieving device info.
• Device lock
• Restricting device operations.
• Automatic WiFi configuration.
• Set up AirPlay
• Set up restrictions
• Enterprise WIPE
• Set up APN
47. iOS Features
• Setup LDAP.
• Setup email accounts.
• Set up CalDav
• Calendar subscription
• Passcode policy
• Clear passcode
• App installation and update
• Retrieve app list
48. iOS Features
• Web clip installation
• Supports App management
• Setup email accounts
49. Android Features
• Self-service device enrollment and management with
end-user EMM Console via Android Agent (Android
4.0.3 Ice Cream Sandwich MR1 up to 5.0 Lollipop).
• Supports App management.
• App policy compliance monitoring.
• Device location tracking.
• Retrieving device info.
• Changing lock code.
50. Android Features
• Restricting Camera.
• OTA WiFi configuration.
• Enterprise WIPE.
• Configuring encryption settings.
• Passcode policy configuration and clear passcode policy.
• Device master reset
• Mute device
• Ring device
51. Android Features
• Send messages to the device.
• Install/uninstall store and enterprise
applications.
• Retrieve apps installed on the device.
• Install web clips on the device.
• Support GCM/LOCAL connectivity modes.
52. Windows Features
• Self-service device enrollment and management with
end-user EMM Console via Workplace (Windows 8.1).
• Passcode policy
• Restriction on camera.
• Encryption settings
• Retrieve device info.
• Device Lock and Lock Reset
• Ring device
• Data Wipe