SAAM2294BU Simplify Management and Security of Your Mobile ... › vmware › vmworldus17 › sess...
Transcript of SAAM2294BU Simplify Management and Security of Your Mobile ... › vmware › vmworldus17 › sess...
Vikas Jain, Product Management
Vinay Jain, Product Management
SAAM2294BU
#VMworld #SAAM2294BU
Simplify Management and Security of Your Mobile Apps with Workspace ONE
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
#SAAM2294BU CONFIDENTIAL 2
VMworld 2017 Content: Not fo
r publication or distri
bution
Session Agenda
➢ Managing Mobile Apps
➢ Securing Mobile Apps
➢ Building In-house Mobile Apps
➢ Q & A
3#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
You can’t transform
business without a
great user experience
You don’t need to
compromise security
to get there
VMware Workspace ONE Empowers the Digital Workspace your business needs
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
What do End Users Want?
5
Ability to make educated decisions on
feature vs. primary impact (choice)
Control over what access they give their
employer on their personal device
Access to apps that enable productivity
from anywhere
Transparency into the info being
collected on their personal device
VMworld 2017 Content: Not fo
r publication or distri
bution
App Lifecycle Management – an IT perspective
6
Procure or Provision
Assign
Secure
DistributeAccess
Monitor
Analyze
Upgrade or EOL
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Why is managing & securing apps complex?
7
Security vs. Experience
Use Cases
Platforms App Types
Core Services
Deployment Topology
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Multiple approaches to manage & secure apps
8
Device
Management
Secure
Productivity
Apps
SDK
Secure App
Access &
Catalog
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Unified Digital Workspace
9
Mobile apps
Web apps
On-premapps
Virtual apps
OR
In-house mobile apps
Public mobile apps
Unified Workspace
with entitled apps
Workspace ONE
VMworld 2017 Content: Not fo
r publication or distri
bution
Workspace ONE Apps Suite
10
Workspace ONE
Boxer Browser
Single access to your enterprise
apps
Elegant and intelligent mail
experience with enterprise grade
security
Seamless and secure access to corporate intranet
Content Locker
Secure and instant access to corporate content repositories
User Experience | Security | Privacy | Extensibility | Seamless Workflows
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
11
VMworld 2017 Content: Not fo
r publication or distri
bution
12
VMworld 2017 Content: Not fo
r publication or distri
bution
Securing Mobile Apps
VMworld 2017 Content: Not fo
r publication or distri
bution
15
AUTHENTICATION
MODULE
DEVICE
POSTURE
USER
AUTH
APP SERVICE
Workspace ONE
Managed Jail Broken
DEVICE COMPLIANCE
OS
3rd PartyMSA | Malware | Trust
LocationBlacklist
Apps
IDENTITY CONTEXT
Authentication
Provider
Network
Scope
Authentication
Strength
Session
Time
Per
Application
Remote Apps | Web Apps | Native Apps
VMworld 2017 Content: Not fo
r publication or distri
bution
Mobile SSO
Password-less login experience into a native mobile app (No SDK or app wrapping required)
16
Pre-requisite: Requires device enrollment into Workspace ONE
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Mobile Experience Without Workspace ONE
17#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
18
Mobile Experience With Workspace ONE
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Enabled Through One Touch SSO
Workspace™ ONE™One Touch SSO
TRUST Cloud
19
SaaS AppsTrust ID Key
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Conditional Access
20
IF THIS THEN THAT (IFTTT)Conditions Action
Enrolled Vs unenrolled device
Enrolled device becomes non-compliant
Device OS (iOS Vs Android Vs Win10)
Network location (corp network Vs public)
Group membership
Allow
Deny
Step-up with MFA
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
DEMO: Mobile SSO and
Conditional Access
21
VMworld 2017 Content: Not fo
r publication or distri
bution
22
VMworld 2017 Content: Not fo
r publication or distri
bution
Two Factor Authentication (2FA) For Your Apps
Condition
Workspace ONEApp name
Device OS
Network Location
Group membership
Any 3rd party MFA
Built-in MFA
#SAAM2294BU CONFIDENTIAL 23
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Verify Mobile-Push Strong Authentication
24
Built-into Workspace ONE for consumer simple, enterprise secure strong authentication
Key Benefits
Simple consumer-like
registration and useNo more instructions, codes or
copying and pasting for high
compliance strong authentication
Reduce strong
authentication costs Reducing or eliminating
traditional tokens
Leverage the
smartphone Nearly every employee
already owns as a physical,
second factor of
authentication
Reduced security riskOf replay, keylogger, and man-
in-the-middle attacks by
authenticating users outside of
the application
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
DEMO: 2FA For Apps
25
VMworld 2017 Content: Not fo
r publication or distri
bution
26
VMworld 2017 Content: Not fo
r publication or distri
bution
Derived Credentials (PIV-D Manager) Support
Derived Credential:
A client certificate generated on the mobile device (or issued) after an end user has proven their identity by using their existing smart card
27
HSPD-12 and DoD Directive 8100.2
mandate that smart cards be used for all
physical, logical, and network access
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
28
Protect Against Mobile Threats Through Partner Integrations
Conditional
Access
Policy
Mark DeviceNon-Compliant
MTD solutions
VMworld 2017 Content: Not fo
r publication or distri
bution
Automated Compliance and Remediation
Set Rules
Define Actions
Perform Escalations
#SAAM2294BU CONFIDENTIAL 29
VMworld 2017 Content: Not fo
r publication or distri
bution
Building Mobile Apps
VMworld 2017 Content: Not fo
r publication or distri
bution
Workspace ONE Platform Services
31
Leverage Foundational Services To Develop Apps Quickly
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
32
App Development Tools
Use Native Dev Platforms
Or Hybrid Dev Platforms (Xamarin, Cordova, SAP Fiori)
Software Development
Kit (SDK)
Provides a sub-set of SDK functionality to already
developed apps
Application Wrapping
EMM standard for enterprise apps to interpret configurations
and policies
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
#SAAM2294BU CONFIDENTIAL
Security and DLP Policies
• Authentication Type
• Single Sign On
• Integrated Authentication
• Offline Access
• Compromised Protection
• App Tunneling
• Content Filtering
• Geofencing
• Network Access Control
• Copy / Paste
• Open-in App
• Screen Capture
• Watermark
• Data Backup
• Location Services
• Camera
• Printing
• Bluetooth
SDK Features
33
VMworld 2017 Content: Not fo
r publication or distri
bution
App Tunneling And VMware NSX For SDK Apps
34
Device Level VPN
Full Network Access
App Level VPN
Select Network Access
App Level VPN
Full Network Access
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Workspace ONE
SDK
(Swift, Java,
Xamarin, Cordova)BUILD
Developer builds application
INTEGRATE
Developer integrates AirWatch
SDK into app
aCONFIGURE
Admin configures policies in
AirWatch Console
aDEPLOY
Admin configures policies in
AirWatch Console
SDK Lifecycle
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Code Samples
Initialize SDK
36
import AWSDK
class AppDelegate: UIResponder, UIApplicationDelegate, AWSDKDelegate {
...
}
func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions:
[NSObject: AnyObject]?) -> Bool
{
// Override point for customization after application launch.
let awc = AWController.clientInstance()
awc.delegate = self
// Your application's scheme name
awc.callbackScheme = "myCallBackSchemeName"
awc.start()
return true
}
VMworld 2017 Content: Not fo
r publication or distri
bution
Code Samples
Check for compromised status
37
let deviceInfoController = DeviceInformationController.sharedController()
let compromisedStatus = deviceInfoController.isCurrentDeviceCompromised()
if compromisedStatus == true {
AWLogInfo(”Device is jailbroken!”)
}
Wipe data
func wipe() {
AWLogDebug(”Wipe application specific data")
}
Go offline
func stopNetworkActivity(networkActivityStatus: AWNetworkActivityStatus) {
…
}
VMworld 2017 Content: Not fo
r publication or distri
bution
DEMO: Building App With SDK
38
VMworld 2017 Content: Not fo
r publication or distri
bution
39
VMworld 2017 Content: Not fo
r publication or distri
bution
Key Takeaways
40
Workspace ONE provides a platform for your app lifecycle management and security
You can manage and secure ANY type of mobile app using Workspace ONE
You can develop in-house mobile apps using Workspace ONE SDK and APIs
#SAAM2294BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution