Post on 20-May-2020
Enterprise Mobility Management (EMM)
La sfida del BYOD e l'evoluzione della Mobility
Leonardo Rava
Senior System Engineer Enterprise Security, Mobility and Management (ESMM)
Mobile: The New Normal
Sources: 1. Cisco VNI Global IP Traffic Forecast, 2012-2017 2. http://www.nielsen.com/us/en/insights/news/2012/state-of-the-appnation-a-year-of-change-and-growth-in-u-s-smartphones.html 3. Symantec, State of Mobility Survey
NUMBER OF DEVICES per person by 20171
NUMBER OF APPS on a end-user’s device on
average2
NATIVE APPS Percentage of time spent on native apps vs. web apps2
ENTERPRISE APPS Percentage of enterprises developing custom apps3
71% 81% 5 41
Blurring Between Work and Play
49% USE THEIR PERSONAL DEVICE FOR WORK AND PLAY
30% OF PARENTS LET THEIR KIDS PLAY, DOWNLOAD AND SHOP
ON THEIR WORK DEVICE
36% SAY THEIR COMPANY HAS NO POLICY ON USE OF
PERSONAL DEVICES FOR WORK
57% AREN’T AWARE THAT SECURITY SOLUTIONS FOR MOBILE DEVICES EXIST
Source: Norton survey 2013
What does Mobile Workforce Productivity mean to you?
4
Reconciling the conflicting requirements of user and admin
Users
• Choose my device(s) and use them for business and personal
• Gain access to email and network • Provision my own apps • Collaborate with others • Avoid calling help desk
“Help me maximize productivity on any device”
IT
• Configure and secure all endpoints accessing the corporate network
• Protect critical business data • Minimize risk of attack • Reduce cost of ownership
“Help me maximize user productivity and protection”
Symantec Mobility Partner Pack | Confidential: Do Not Distribute
New Platforms, New Devices
• Multiple platforms with disparate controls
• Protect corporate data while leaving personal data untouched
• Users want the latest technology and apps
Mobile Apps
• Data leaking to unauthorized, cloud-based apps
• Users adopting personal apps to improve productivity
• Exposure to malware and risky apps
• Data not being encrypted
The Enterprise Mobility Challenge
Android Challenges for the Enterprise
• Fragmentation creates support headaches
• Open source introduces more risk
5 5
Current BYOD approaches provide security at the expense of privacy: MDM too intrusive.
BYOD brings rampant use of insecure cloud services These commercial cloud storage and backup providers can present security risks to corporate data, since data is in the hands of a third party. Even when cloud repositories are encrypted, it's often that third party—not their customers—who hold the encryption keys.
Even IT professionals tasked with securing corporate data would be concerned about the privacy of their personal information if mobile device management (MDM) software were installed on smartphones or tablets they brought from home to use at work.
BYOD is here to stay, like it or not: Eighty-eight percent of respondents said their companies had some form of BYOD, whether sanctioned or not.
Why MDM alone is not enough
MDM being used to solve broader mobile challenges can bring unplanned challenges:
• Managing personal devices = more overhead
• Cannot take targeted remediation; whole device or nothing
• “All or nothing” policies (ex: block Airdrop & iCloud)
• User privacy doesn’t exist; IT can see everything on the device
• User experience is impacted
• No protection against malicious threats
8
Time
Cap
abili
ty
Mobile Device Management (MDM)
Mobile Application Management (MAM)
Mobile Information Management (MIM)
Security and management of corporate apps, data & content
App distribution and user access management
Corporate lock down, control, configure, encrypt, and enforce
policies on mobile devices
Symantec Enterprise Mobility
Evolution of Enterprise Mobility Management (EMM)
9
Symantec Mobility
On-Premise Public Cloud Private Cloud
Mobile Device Compliance
App Delivery & Protection
Productivity Apps Threat Protection
Symantec Mobility
Manage Apps (MAM) App & Content Distribution: centrally deploy and manage mobile apps and content to users by role App security & Compliance: enforces app level policies like authentication, single sign-on, encryption, and data sharing restrictions Secure Productivity Apps: provides secure email and secure browser with data leakage controls and an optimized user experience Content security: enforces content level security policy
Protect Against Threats Anti-malware Protection: scans and neutralizes malware and phishing sites App Advisor: identifies risky apps (apps that leak data, drain battery power or consume too much bandwidth) and allows users to remove them Compliance & Remediation: restrict email and app access based on device security posture
Manage Devices (MDM) Device Enrollment: provides visibility and control over all mobile device types Device Configuration: enables device access to corporate resources like email Device Security: protects corporate data with device passwords, remote lock and wipe Compliance & Remediation: restricts network access from jailbroken or rooted devices App & Content Distribution: centrally deploy and manage mobile apps and content to users by role Secure Exchange: secure and lock down your Exchange against unauthorized access
11
Manage mobile devices Simplified way to enable, configure, secure and manage mobile devices in across your enterprise from an user-friendly admin console
12
Symantec Enterprise Mobility Solution 13
Enable
• Enterprise Activation
• Internal AppStore
• Configuration Management
• Policy Management
• Selective Wipe
• Compliance Enforcement
• Certificate Management
Secure Manage
• Asset Reporting and Alerts
• Automated Workflow
• Enterprise Scalable
Enable and manage mobile devices
Enterprise App Store Help your workforce find the apps, either custom-developed or commercially off-the-shelf, that helps them become more efficient
14
Build your own Enterprise App Store
Enterprise app store
End-user
15
Public apps
Web apps
Corporate apps
Public apps
Web apps
Documents
Secured and Containerized
Safely Extends Enterprise Resources to Mobile Apps
- Improves employee productivity - Secures app data in transit - Separates corporate data traffic from personal data traffic
Traffic from Business apps is rerouted to secure tunnel
Access to Corporate Network from specific corporate apps only
Traffic from personal apps untouched
Personal traffic does not traverse corporate network
16
Solve ‘Bring your own device’ (BYOD) Clear Separation of Corporate & Personal Data Allow Personal Devices • Access to corporate information, securely
• Auto-configuration of settings like Wi-Fi, VPN
• Lock and wipe specific corporate data only
Privacy – Addressed • No device level controls
• No monitoring of device apps or data
• Focus on corp data and apps
Corporate apps
Per-app policies
Pinpoint revocation
Personal apps
Personal data
17
Corporate Email Control which mobile devices access email, prevent data loss, encrypt sensitive data and enforce advanced compliance policies
18
Prevent unauthorized access to Exchange
19
Network Security
Secure Access to Exchange ActiveSync
No firewall holes, no direct access
Access Control
Policies for users, devices and apps
Independent of mail network infrastructure
Compliance
Terminates non-compliant devices outside LAN
Inline and out-of-band communications
Why do we need a separate Secure Email App?
20
Native Email on Mobile Devices has Limitations
• Personal and corporate data are not separated
• Copy-Paste is not restricted. Attachments can be stored in any app
• Needs Device/MDM controls (Passcode/wipe, Email forwards, Siri, iCloud)
Android in the Enterprise
• No standard email app across the different Android platforms
Embrace BYOD
• Addresses data loss concerns without managing the whole device.
• Dedicated corporate email client fit for BYOD environments
• Scalable and streamlined
Embrace Android in the Enterprise
21
Mobile Security Threats Big Numbers
51,084 threats identified during the first half of 2013
21 million devices infected during the first half of 2013.
43% of malware discovered in 2013 falls into the broad category of Potentially Unwanted Programs (root exploits, spyware, pervasive adware and Trojans surveillance hacks).
Source: Symantec Threat Intelligence Brief: AUGUST 2013
Protect against malicious threats
Confidently embrace Android in the enterprise
…provides
advanced, proactive protection
against apps with risks.
Important Most Important
Malware Protection
Anti-Phishing
Call & SMS Blocking
SMS
Mobile Risks
• Samsung Galaxy S5 fingerprint scanner can be tricked Samsung's newly released Galaxy S5 phone sports a fingerprint scanner embedded in the home button that works well but unfortunately, like iPhone 5S' TouchID before it, can be tricked with a mould of the user's fingerprint.
• What are the most significant mobile security challenges for enterprise security professionals? You can’t secure what you can’t see. Thanks to mobile, a lot of corporate data is now outside the four walls of the company.
• Some think using a VPN solves most problems, would you agree? Instead of focusing on securing the device, we now have to look at which data needs to be protected while also considering user experience and user productivity.
Financial services cyber trends for 2015 If 2014 was the “year of the breach,” what cybersecurity threats await us in 2015?
1. There will be a shift towards active cyber risk mitigation and monitoring with third parties, versus the current “self-certification” process that is proving less reliable. 2. The rise of the “fusion center.” Firms are building cyber “fusion centers” that better integrate the many different teams to boost intelligence, speed response, reduce costs and leverage scarce talent. 3. Information protected at the database and data element level. The use of tokenization, chip cards and other solutions will increasingly render stolen data useless to hackers. 4. Rise in alternative payment systems creates exposure. Use of underlying technologies like Bluetooth or NFC creates opportunities for cyber attacks and breaches. 5. Cyber crime analysis evolves away from brute force to big data.
6. Hacktivism spreads to the Middle East. Regional threat actors have adopted local grievances and formed hacktivist collectives similar to or associated with Anonymous. 7. “Western” cyber problems are coming to a developing nation near you. Economic prosperity and light-speed growth in mobile banking in some countries have bypassed regional and local financial organizations’ ability to manage threats. 8. War gaming drives incident response preparation. 9. Everything firms know about privacy has changed. The next generation of privacy is focused on the halo of information around individuals – the transactional, behavioral and navigation information generated as individuals move and interact through the online and physical world. 10. Cyber insurance usage grows while coverage and ability to successfully make claims shrinks. The insurance industry is in a race to actuarially quantify new cyber risks and to carve out coverage of large, uncertain future risks.
25
Financial services cyber trends for 2015 If 2014 was the “year of the breach,” what cybersecurity threats await us in 2015?
4. Rise in alternative payment systems creates exposure. Use of underlying technologies like Bluetooth or NFC creates opportunities for cyber attacks and breaches.
7. “Western” cyber problems are coming to a developing nation near you. Economic prosperity and light-speed growth in mobile banking in some countries have bypassed regional and local financial organizations’ ability to manage threats. 9. Everything firms know about privacy has changed. The next generation of privacy is focused on the halo of information around individuals – the transactional, behavioral and navigation information generated as individuals move and interact through the online and physical world.
26
IL GARANTE PER LA PROTEZIONE DEI DATI PERSONALI 12 novembre 2014
Nel caso di utilizzo di sistemi di firma grafometrica nello scenario mobile
o BYOD (Bring Your Own Device), sono adottati idonei sistemi di gestione
delle applicazioni o dei dispositivi mobili, con il ricorso a strumenti MDM
(Mobile Device Management) o MAM (Mobile Application
Management) o altri equivalenti al fine di isolare l'area di memoria
dedicata all'applicazione biometrica, ridurre i rischi di installazione
abusiva di software anche nel caso di modifica della configurazione dei
dispositivi e contrastare l'azione di eventuali agenti malevoli (malware).
27
Almost 1 in 10 Android apps are now malware
1. The number of Android viruses continues to rise 2. Payment-based viruses are becoming more
prevalent 3. Asia ranks highest for infection rates, followed by
in France and Russia 4. Android operating systems matter 5. Attacks targeting Wi-Fi networks have
proliferated around the world
The major mobile security events from the past six months include: 1. April: The OpenSSL Heartbleed vulnerability can result in leaked account names, passwords, credit card numbers and other private info. 2. May: The eBay leak was one of the hottest pieces of security news in the last six months. Official data showed that 145+ million users were affected. 3. May: Express SMS frauds attacked Android users in Taiwan.
Mobile Risks
Appthority has released a survey that found 95% of the top 200 free iOS and Android apps exhibit at least one risky behavior:
• 70% allow location tracking
• 69% allow access to social networks
• 56% identify users
• 53% are integrated with ad networks
• 51% allow in-app purchasing
• 31% enable address books and contact lists to be read.
Copyright © 2014 Symantec Corporation
Symantec Solution: Achieving your mobility objectives
Overview: Regional airline with over 7,000 employees, corporate owned devices. 1000s of flights per day.
CASE STUDY: Secure Content Distribution
• Eliminate 40 pound pilot flight bag manuals
• Securely distribute flight manuals electronically
• Enable corporate employees with secure e-mail
• Plans mobile application management
Goal
• App Center based Electronic Flight Bag solution: Securely distribute content to thousands of iPads.
• Health benefit for pilots (save back pain)
• Eliminated $110,000/year on paper shipping costs
• Protect Android Option: Calculated future $2M savings of capital spend if they adopt Android tablets. Symantec provides complete protection for Android app protection and threat prevention.
Solution
CASE STUDY:
Secure Content Distribution http://www.symantec.com/content/en/us/enterprise/customer_successes/b-airforce-CS-en-us.pdf
Before Mobility
Monthly Flight Info Updates
327 Regional Airports
120+ lbs./flight
Hundreds of flights/day
Mobilize Business
$110,000/Year Shipping cost
40 lbs/pilot
$0 shipping/Year 1 2lb iPad/pilot (save the back)
Electronic Flight Bag App Delivered to Tablets
6 lbs./flight
Hundreds of flights/day
• Integrated MDM and MAM for multiple uses
• Symantec Secure E-mail
Comprehensive Solution for Diverse Use Cases
• Protect 3rd party mobile apps and data
• New partners added weekly
One of the Largest Partner App Ecosystems
• Per user pricing is more predictable
• Single provider for all security needs
Economical Mobility Solution
Why Symantec Mobility
Mobilize Business
Mobilize Information
Mobilize People
Company-owned Personally-owned
Man
age
d
Un
man
age
d
BYOD
Apps. Data
Device. Apps. Data Device. Apps. Data Dev
ice
ce
ntr
ic
Ap
p c
en
tric
Symantec Can Help at Every Stage
34
Time
Cap
abili
ty
Mobile Device Management (MDM)
Mobile Application Management (MAM)
Mobile Information Management (MIM)
Security and management of corporate apps, data & content
App distribution and user access management
Corporate lock down, control, configure, encrypt, and enforce
policies on mobile devices
Symantec Enterprise Mobility
What’s the Next Step in Your Mobility Journey?
35
5 key things to consider when developing an enterprise mobility management strategy
• 1. Define company-specific mobility best practices and policies
• 2. Support employees on multiple endpoints
• 3. Maximize security
• 4. Empower employees with self-service
• 5. Create a fully unified EMM solution
“BYOD is one of the most important directions in enterprise IT, with
enormous potential benefits in productivity and cost savings…
…but BYOD isn’t just about securing or even managing mobile devices.
There are major requirements in consciousness, policy definition and enforcement,
and end-to-end solutions that include not just devices, but the enterprise
data they increasingly contain.”
Leonardo Rava Senior System Engineer - Enterprise Security, Mobility and Management (ESMM)
Leonardo_rava@symantec.com
Thank You
Appendix
Thank you!
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
50