© 2013 IBM Corporation

Securing the Mobile Enterprise Jude Lancaster

Product Manager

Endpoint Manager for Mobile Devices

1

1

IBM Endpoint Manager Mobile Device management

2

2

IBM Endpoint Manager Architecture

TEM Server

DB

Console / Web Reports Relay(s)

Android devices* Apple iOS devices*

Apple Push

Notification

Servers

http / 52311

http / 52311 Management

Extender

Servers, desktops, laptops*

Relay

http / 52311

TCP port 2195 to

gateway.push.apple.com

TCP port 5223 to

*.push.apple.com

* Managing devices that are not connected to the internal network requires opening the management port to the

Internet (HTTP 52311 for Laptops and Android or HTTPS 443 for Apple iOS devices)

BigFix Server

Blackberry*

BES

https / 443

3

3

• Securely enable and accelerate

BYOD mobility

• Mobilize every employee with secure

connectivity to apps and services

• Scale without limits, without

infrastructure costs

Next generation mobility Mobile meets Cloud

Company

Confidential ©

2013 Enterproid

4

DIVIDE OVERVIEW

Company

Confidential ©

2013 Enterproid

Dual Persona

• Native user experience

• Secure work container

for iOS & Android

• Extensible to VPN & UC

Business Applications

• Common apps for all

employees

• Third-party apps by

employee group

• External file storage option

Cloud Management

• IT control of the container

• User self-service

• MDM APIs

4

5

5

Ibm endpoint manager + divide Complete MDM BYOD Solution

Dual Persona

Leverages the sophisticated policies and

features of IBM MDM and Endpoint

Management

Management of Divide as a “virtual device”

including safe, secure distribution and

management of apps

+ +

Immediate solution for BYOD challenges

and security concerns for Mobility OS’s

Seamless delivery: same Divide App,

binding to IBM MDM at time of enrollment

Business Apps IBM Endpoint Manager

6

Architected for reliability

6

No Enterprise Data traverses the Divide Cloud

Management

Traffic

Control

Data

Customer Email Server

What is stored in the Divide cloud?

Device Inventory

Email addresses

Policy settings

DIVIDE MANAGER Customer Site

DIVIDE Smart Devices

IBM Endpoint Manager

Company

Confidential ©

2013 Enterproid

7

DUAL PERSONA IS FOUNDATIONAL Separate and Secure Dual Personas

• Data security

• Enterprise apps and services

• Easy to manage and control

• Native user experience

• Choice of device, services

• Freedom and privacy

7

8

“ Lorem ipsum

dolor sit amet,

consectetuer

adipiscing elit.

Integer

pharetra, felis id

volutpatadipisci

ng quam lectus

id ipsum....” 8

2 U.K.-based

analyst firm Gfk

“When asked why users

are loyal to their

smartphones, 72%

cited ease of use and

the ability to quickly

navigate their phone's

menu.”2

What users want Choice of native user experience

PERSONAL WORKSPACE ENTER

PASSCODE

Tap Divide app icon

Double tap Home button to access Divide

9

9

• Professional-grade email, contacts, calendar and browser

• Data-at-rest is protected with AES 256 bit encryption

• Data-in-motion leverages existing VPN investments

• Secure cloud based file storage (optional)

• Separate voice and messaging (including future 2-number UC)

• Internally developed apps uploaded and assigned via policy – in minutes and with no developer modifications

• Divide App security automatically provides data-at-rest AES-256 bit encryption

• Divide Extensions provide extraordinary integration with 3rd party Apps and Cloud services

GEARED FOR INNOVATION Leveraging the App Ecosystem

STANDARD DIVIDE APPS THIRD PARTY APPS

10

10

What it organizations need for byod

Divide Container Security

Data Protection

• Device PIN/passcode

• Passcode history and complexity

• Passcode failure actions

• FIPS 140-2 validated encryption

• Full and selective device wipe

• Wipe on SIM removal/rooted

• VPN support

• S/MIME support

OTA Self-Service Provisioning

• ActiveSync email

• VPN configuration

Container Controls

• Whitelisting – application push

• Blacklisting

• Location based services

• Data leakage prevention

• URL blocking

Compliance Management and Reporting

• Device hardware

• Operating system

• Policy compliance

• Compromised device status

• Voice, Data, and SMS usage reporting

11

Extensible for the future

11 Company

Confidential ©

2013 Enterproid

12

Securing next generation mobility

IBM Endpoint Manager with Divide delivers a comprehensive platform for mobility

12

Unified tracking and

management of

everything a mobile

user needs including

employee owned

devices and

corporate provided

smartphones,

tablets and laptops

A “single pane-of-

glass” to provision

and manage mobile

devices, laptops and

the Divide

workspace in the

easiest way

possible.

Directly connects

the Divide

workspace with IT

apps and services

via the corporate

VPN for complete IT

control.

The Divide

workspace provides

a native user

experience that

users expect and

love and is

extensible to IT

voice and data

services.

Security &

Compliance

Inventory

Tracking Device

Management

Secure & Reliable

Access Management

User

Experience

A fully integrated

next generation

solution for

mobility that

delivers simplicity

and scale

Limited to mobile

devices with

separate facilities to

track corporate and

employee owned

devices with manual

consolidation of data

A “swivel-chair”

approach with

separate consoles to

manage mobile

devices and the

Good email sandbox

breeds operational

complexity and

requires additional

admin training.

No VPN integration

for personal devices

with all data

traversing the Good

NOC and on-

premise servers,

creating issues of

reliability and scale.

The Good sandbox

delivers a

proprietary “one size

fits all’ user

experience that

users reject and is

email-centric.

An inherently

siloed

approach to

mobility that

inflates costs

and complexity

A single policy

management and

compliance platform

eliminates security

gaps and simplifies

policy administration

and enforcement

Separate facilities

for policy

management and

compliance creates

operational

overhead and error

opportunities

13

The right solution for byod?

13

A first generation

solution purpose-built for email sync

A next generation

solution purpose-built

for BYOD

Device Management

X

✔ Manages the

Divide workspace

and integrates with IBM Endpoint

Manager for device MDM

Does not integrate with

deployed MDM

solutions

Secure “Workspace”

✔

X

Provides a secure

workspace that preserves the native iOS and Android

user experience

Provides an email sandbox

with a proprietary

user interface

Secure VPN

✔

X

Provides VPN connectivity between the workspace

and corporate apps

No VPN integration -

all data traverses the

Good NOC

App Choice

✔

X

App wrapper technology enables the use of any third party

app within the workspace

Third-party

apps must be modified and recompiled using the

Good SDK ($)

Avg TCO/ User

$$$$

$$$$

$

14

Questions