Wso2 con byod-shan-ppt
-
Upload
wso2 -
Category
Technology
-
view
318 -
download
0
Transcript of Wso2 con byod-shan-ppt
![Page 1: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/1.jpg)
Embracing BYOD Trend Without Compromising Security, Employee Privacy, or the Mobile Experience!
Shanmugarajah (Shan) Director Architecture, Enterprise Mobility
WSO2 Inc.!
![Page 2: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/2.jpg)
Agenda • Work- New definition • Enterprise Mobility Challenges • Different Approaches to Data
Security • BYOD • WSO2 EMM • Summary
![Page 3: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/3.jpg)
16 years back
![Page 4: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/4.jpg)
Employees
Enterprise
Data
Device
Device
Work • Happens inside a place • Dependent on specific
Technology • Resources Within the premise Owned by
enterprise
![Page 5: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/5.jpg)
Now
Thanks to technology
![Page 6: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/6.jpg)
Enterprise
Data
Employees
Device
Data Work • Independent of place • Independent of Technology • Resources Within the premise and outside
Owned by enterprise and employees
![Page 7: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/7.jpg)
Enterprise Mobility ?
![Page 8: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/8.jpg)
• New trend towards a shift in work habits.
• Employees working out of the office with Mobile devices and cloud services to perform business tasks.
Enterprise Mobility
![Page 9: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/9.jpg)
Challenges
Allow Mobility in your organization ?
![Page 10: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/10.jpg)
Enterprise
Data
Employees
Device
COPE
BYOD
Public Store
![Page 11: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/11.jpg)
• Data Security • Remote Device Management • Enterprise Store • Enterprise Application Development
& Management
Challenges
![Page 12: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/12.jpg)
Data Security How the data can be compromised ? Device being lost or stolen Malicious App stealing the data Data Leak
What is the data ? • Email message or the
attachment • Documents like
pdf,word,excel,ppt,text • Browser accessing HTML
pages,cookies • Contact,Calendar,Notes • Application with Database
Why the data is sensitive ? • It can be highly confidential like quotation value, salary details
• It can have a high impact if it goes to the wrong person
Who can compromise ? External Internal
![Page 13: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/13.jpg)
Enterprise needs some kind of Tool to solve the
enterprise Mobility challenge!EMM
![Page 14: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/14.jpg)
Data Security - Approach 1
Mobile Device Management
![Page 15: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/15.jpg)
• Enforce password policy on the device
• Encrypt data when locked (AES 256 FIPS 140-2)
• Enterprise Data WIPE & Device WIPE
• iCloud Backup Disable
How MDM can solve this challenge ?
• If the password is compromised • Malware or malicious app stealing
data
• MDM has very little control over data sharing and DLP
Data Security - Approach 1 - MDM
Drawbacks
![Page 16: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/16.jpg)
Vendor Apps
Enterprise Apps
Apps from Public Store
Apps in the Device Challenge
1.Need to separate enterprise apps and data 2.Able to Control it 3.Limit interaction with personal apps and data.
![Page 17: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/17.jpg)
Data Security - Approach 2 - Separate Apps and Data
Within Device
Away from Device
![Page 18: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/18.jpg)
Away from Device • Desktop Virtualization or VDI technology (Citrix XenDesktop,VMWare Horizon View, Dell vWorkspace, Remote Desktop Microsoft.
• Web Apps
Within Device • Virtualized OS’s on the mobile device (Hypervisor 1 and 2)
Data Security - Approach 2 - Separate Apps and Data
![Page 19: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/19.jpg)
11
Dual persona, two separate and independent end user environments in a single device.
Mobile Virtualization Virtualized OS’s on mobile (Hypervisor 1 and 2)
BlackBerry Balance Samsung KNOX
![Page 20: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/20.jpg)
Other Dual Persona’s
Blackberry Z10
Samsung Note 3
KNOX Container
![Page 21: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/21.jpg)
Not all the devices support dual persona iOS does not support or Apple will not allow to modify the OS • Desktop virtualization • Web apps • Mobile virtualization Each one of those options has
its flaws.
![Page 22: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/22.jpg)
MAM gets you a step closer to managing what you care about MAM brings the perimeter closer to the corporate resources
Data Security - Approach 3
Mobile App Management
• MAM gets you a step closer to managing what you care about
• MAM brings the perimeter closer to the corporate resources
![Page 23: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/23.jpg)
Mobile App Management (MAM) 1. MAM (Controlling App behavior) 1a. SDK Approach 1b. App wrapping 2. OS MAM - iOS MAM through MDM 3. App Store and Managing apps with MDM
![Page 24: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/24.jpg)
Data security features 1. Encrypt the data at transmit use app VPN tunnel
or app tunnel 2. Encrypt the data at rest & decrypt only when
viewing 3. Two factor authentication 4. Data Loss prevention (Disable Cut,Copy and
Paste) 5. Data at rest should be controlled (Delete) 6. Policy based Data control , where policy can be
pushed and updated
Additional Features 1. Enterprise Apps in the mobile should be able to
use SSO 2. Data can be shared between application 3. DLP (cut,copy,paste) should be enabled
between enterprise applications
MAM controlling apps behavior
Additional Features 1. Enterprise Apps in the mobile should be able to use
SSO 2. Data can be shared between application 3. DLP (cut,copy,paste) should be enabled between
enterprise applications
![Page 25: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/25.jpg)
8
MAM SDK Approach SDK contains all the necessary API to implement the MAM features Provides enterprise-grade security with user authentication, single sign on, copy/paste prevention, data encryption, app-level policies, compliance monitoring and management.
![Page 26: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/26.jpg)
MAM - App Wrapping App
Wrapper Tool
• For apps already built • Need unsigned app binary. • Not to apps from public app stores. • Can do basics of encryption, authentication, or
app-level VPNs. • Can intercept, block, or spoof API calls made • Can change the app icon
![Page 27: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/27.jpg)
MAM Solution (Controlling app behavior) • Works across all versions of Android and iOS • Native apps provide a superior user experience.
Remote desktops, web apps, and virtualized mobile devices each have their place in the EMM world, but MAM has distinct advantages.
Data Security - Best Approach
![Page 28: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/28.jpg)
• Remote Device Management (MDM)
• Enterprise Store • Enterprise Application Development
& Management (MEAP, mBaas)
Other Challenges in Enterprise
![Page 29: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/29.jpg)
Embracing BYOD in Enterprise - Benefits!
• Cost • Device
Maintenance • Improved
Productivity!
![Page 30: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/30.jpg)
User-Experience and Privacy in BYOD!
More than one Enterprise Apps Every app needs login Desktop apps have SSO Why not give the same experience Native App!
Monitor the personal data like contact info, app info Location info of the user
User- Experience
Privacy
![Page 31: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/31.jpg)
WSO2 Enterprise Mobility Manager
WSO2 EMM!
![Page 32: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/32.jpg)
WSO2 EMM Features
• MDM • Enterprise Store with
Publisher • Mobile App Management
![Page 33: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/33.jpg)
Mobile Device Management • Employee / Corporate Owned • Supports Android, iOS • Identity integration • Policy Management • Containerization (Email) • Self Service Provisioning • Role Based Permission • End-User MDM Console • Enterprise Wipe • Reports & Analytics
![Page 34: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/34.jpg)
Configuration
Android Features • Device Lock • User password protected WIPE • Clear Password • Send Message • Wi-Fi • Camera • Encrypt Storage • Mute • Password Policy • Change Lock Code • App Blacklisting
• Location • Battery Information • Memory Information • Operator Information • Root Detection • Application Information
Information
![Page 35: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/35.jpg)
iOS Features
• Device Lock • Clear Passcode • Wi-Fi • Camera • VPN • APN • Email • Calendar • LDAP • Black - Listing Apps • Enterprise WIPE • Password Policy
• Battery Information • Memory Information • Application Information
Configuration Information
![Page 36: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/36.jpg)
WSO2 EMM Screens
![Page 37: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/37.jpg)
• Supports multiple platforms • Android
• Native, Hybrid Application (.apk) • Web Application • Market Place Application (Google Play) [Free]
• iOS (iPhone, iPad) • Native, Hybrid Application (.ipa) - Need to have enterprise developer account • Web Application • Apple Store Application [Free] • VPP Application (Next Release)
Publisher
![Page 38: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/38.jpg)
WSO2 EMM – Publisher
![Page 39: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/39.jpg)
Store Supports multiple platforms User subscription Advanced search options App sorting Support for existing user stores (Widgets, Gadgets, Books, Magazines , APIs). Single-Sign on
![Page 40: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/40.jpg)
WSO2 EMM – Store
![Page 41: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/41.jpg)
Application Management Console
• Mobile app policy enforcement
• Compliance monitoring
• Bulk app push • User App
Management • Tracking app
Installation
![Page 42: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/42.jpg)
WSO2 EMM – App Management
![Page 43: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/43.jpg)
Enterprise
Data
COPE
BYOD
Public Store
Mobile Project Management
Unified Store Backend API, mBaaS API
Development IDE
MDM MEAP
Big Picture
![Page 44: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/44.jpg)
Roadmap • App Containerization (SDK Approach) • Samsung KNOX Integration • Dynamic Policy • mBaaS • MEAP
![Page 45: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/45.jpg)
Summary
• Different approaches to BYOD problem • Based on your requirement Can be MAM , or it can be hybrid (MDM & MAM)
• End-user experience and their privacy is important
![Page 46: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/46.jpg)
Consumerization is a two-way street. You need to make sure your users understand the need to keep resources safe, but you also need to make corporate resources accessible.!
IT Consumerization
![Page 47: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/47.jpg)
Q/A
![Page 48: Wso2 con byod-shan-ppt](https://reader035.fdocuments.net/reader035/viewer/2022062320/5590ed3b1a28ab20748b46aa/html5/thumbnails/48.jpg)
Thank you