Vertical Mobility Deployments – MaaS360 and Samsung Fitting Every Business Need

#MaaS360Knox

Introductions

Olli Linainmaa Director of Strategic Alliances

Samsung

2

Matt Horany Regional Director - Strategic Technical Account Management

Samsung

Andrew Clarke EMM Advocate IBM MaaS360

#MaaS360Knox

Agenda

• Market trends • Vertical deployments on

Samsung devices • MaaS360 by Fiberlink, an

IBM company • Demo • Q&A

3

#MaaS360Knox

Poll Question

4

What is your top enterprise mobility initiative at this time?

a) Embracing BYOD

b) Migrating from legacy devices to multi-OS

c) Deploying public and enterprise apps

d) Providing access to work content

e) Protecting sensitive corporate data

#MaaS360Knox

Market Trends

5

#MaaS360Knox

Protect sensitive corporate data

Deploy public and enterprise apps

Provide access to work content

Top Enterprise Mobility Initiatives

6

Embrace Bring Your Own Device (BYOD)

Migrate from Legacy Devices to multi-OS

#MaaS360Knox

Embrace The New Normal

7

EMM is becoming THE IT platform

Go beyond enabling these new devices Mobile utilization of corporate network/resources Separation of corporate & personal apps/data App management & security (and app dev assist) Identity, context and more sophisticated policy

#MaaS360Knox

Enterprise Mobility Success Factors

8

Support device diversity

Separate work from personal

Simple onboarding & familiar user

experience

Multi-OS management and

security

Data containerization & privacy settings

OTA deployment & native app-like UX

#MaaS360Knox

Samsung Devices for Vertical Use Knox™ Matt Horany and Olli Linnainmaa

9

#MaaS360Knox

Employee CIO

I like the device to have high security

I want complete control of the devices for a

certain purpose

I want the device to be intuitive for work tasks

I also want to use the same device for my personal life

The Conflicting Needs of Work and Play

10

The Conflicting Requirements of Compliancy vs Usability

#MaaS360Knox

Line of Business Use for Devices

Two scenarios for Line of Business use

Corporate owned device locked for a specific purpose Does only the functions defined by the administrator

COPE device to act as a line of business enabler, and also as the personal device of the user Device has a container portion for work related tasks

#MaaS360Knox

Business

ONE DEVICE

Read personal email Personal contacts and calendar Surf the web Personal photos Access to other desirable features

Secure email and web Secure contacts and calendar Secure data at rest Purpose driven applications Access to company network through VPN Management framework Remote wipe and anti-theft

Personal

Samsung KnoxTM – Corporately Owned Personally Enabled – (COPE)

13

KNOX – The Comprehensive Secure Enterprise Mobility Platform for Android

Defense Grade, HW- supported OS Security

Platform*

KNOX Workspace

Security Enhancements for Android

TIMA

Secure Boot/Trusted Boot

ARM TrustZone Hardware

KNOX Framework

*New features will be available when the manufacture release (MR) is available.

Complete device Manageability & Control, through

530+ MDM Policies*

Workspace Container secures & isolates

Enterprise data & apps*

14

Only Knox secures every layer of the Android stack, from HW up to the application layer, with defense grade security.

KNOX Container

Security Enhancements

TIMA

Secure Boot/Trusted Boot

KNOX Framework

ARM TrustZone Hardware

Application Layer

Android Framework

Android OS

Linux Kernel

Boot Loader

Hardware

Standard Android

Application Layer

Android Framework

Android OS

Linux Kernel

Boot Loader

Hardware

Standard Android

15

Samsung KNOX Secures the Device By Linking Security to the Hardware Layer

ARM TrustZone Hardware

If values match, device continues to boot

Secure & Trusted Boot

KNOX Container

Security Enhancements

TIMA

Secure Boot/Trusted Boot

KNOX Framework

ARM TrustZone Hardware

Application Layer

Android Framework

Android OS

Linux Kernel

16

Samsung KNOX Secures the Device By Linking Security to the Hardware Layer

ARM TrustZone Hardware

TrustZone Integrity Measurement Architecture (TIMA)

TIMA

TIMA continuously monitors Linux Kernel

during runtime; If values match

device software loads

KNOX Container

Security Enhancements

TIMA

Secure Boot/Trusted Boot

KNOX Framework

ARM TrustZone Hardware

Application Layer

Android Framework

Android OS

17

Samsung KNOX Secures the Device By Linking Security to the Hardware Layer

Security-Enhanced (SE) for Android OS Apply mandatory access control (MAC); Properly isolate apps and

data in different domains

Support more than 520+ IT policies Policies to comply with the US DoD Mobile OS Security Requirements

Guide (MOS SRG) Container management VPN and Wi-Fi provisioning Management via ActiveDirectory 1,030+ MDM APIs

Per-app VPN: IT admins can force all data traffic for an individual application through a VPN connection FIPS 140-2 certified with NSA Suite B Algorithms, RSA Token and CAC (Common

Access Card) support Existing Best-In-Class SSL and IPsec based VPN support

KNOX Container

Security Enhancements

TIMA

Secure Boot/Trusted Boot

KNOX Framework

ARM TrustZone Hardware

Application Layer

18

DISA MOS SRG Compliance

FIPS 140-2 Certification

Common Criteria

Certification

CESG End User Devices Security Guidance

KNOX Secure Platform | Defense Grade Security

19

KNOX – The Comprehensive Secure Enterprise Mobility Platform for Android

Defense Grade, HW- supported OS Security

Platform*

KNOX Workspace

Security Enhancements for Android

TIMA

Secure Boot/Trusted Boot

ARM TrustZone Hardware

KNOX Framework

*New features will be available when the manufacture release (MR) is available.

Complete device Manageability & Control, through

530+ MDM Policies*

Workspace Container secures & isolates

Enterprise data & apps*

20

Device Management: KNOX supports over 530 MDM policies for enterprises to manage & control employee devices

IT Admin

Find Lock Device Wipe Lost

Device Wipe Container Lock Container

MDM Console (Cloud)

MDM agent deployed OTA and installed on phone

Knox container can be installed & managed via MDM console.

Device & Container

#MaaS360Knox

Locked Down Phone as a City Worker Device • How to define the user experience and enable your business functions?

•Lock phone down for purpose (Report Graffiti) •Application Restrictions (access to only a predefined

list of Apps) •App Security (Knox security platform) •Work with the city mapping solution •Access to a back end database •Accessories: protective case •Time to Market •Cost Sensitive

Design Factors/Requirements

More Information: http://technical.ly/philly/2014/08/11/philly-anti-graffiti-mobile-app-data/

#MaaS360Knox

MaaS360 Overview

22

#MaaS360Knox

Poll Question

23

Select the option that best describes your organization’s mobility strategy:

a) We currently support BYOD

b) We currently have a mixed environment of BYOD and COPE

c) We are evaluating our BYOD program right now

d) We are not currently supporting BYOD

#MaaS360Knox

MaaS360 Provides Comprehensive EMM

24

User Content & Collaboration

Secure Mobile Containers

Comprehensive Mobile Management

Seamless Enterprise Access

#MaaS360Knox

MaaS360 for Android

Gain Mobile Insight – Hardware information – Network information – Security & compliance – Location details

Set Security Policies – Enforce passcode requirements, device encryption – Distribute Wi-Fi, VPN & email profiles – Restrict device features – Restrict network features – Restrict native apps – Restrict location detection with GPS or

wireless networks/Google’s location service – Single and Multi-app Kiosk modes

25

Manage Mobile Apps – Blacklist, whitelist or require apps – Distribute private enterprise apps – Publish updates to apps – Delete an apps & its data on-demand – Automatically remove corporate apps if user deletes

MDM profile

#MaaS360Knox

MaaS360 for Android – Samsung SAFE™ A SAFE device delivers security & management capabilities above & beyond standard Android features

Additional Security Policies – Firmware Upgrades – Granular Bluetooth controls – Browser controls – Restrict device, security, network features – … and more

Additional Configuration Settings – Email & Wi-Fi Network Configuration – Whitelist and Blacklist SSID's – Configuration of native email client – Certificate Authentication – Internal & External Encryption

26

Advanced SAFE Features – Pure HTML5 Remote Control console – Advanced Single and Multi-app Kiosk support

Additional App Management – Silently Install & Delete Apps – Automatic malware removal

#MaaS360Knox

MaaS360 supports Samsung KNOX, which is a comprehensive mobile solution for work & play, utilizing a separate container to manage & secure business data – Comprehensive management of apps, content &

devices for the KNOX platform – Complete containerization of personal &

work data on devices – Over-the-air (OTA) configuration & management of KNOX container level security

policies – Enhanced email & browser configuration – Remote lock, unlock & selective wipe of

KNOX container data

MaaS360 for Android – Samsung KNOX™

27

#MaaS360Knox

Maas360 Current Samsung Initiatives • Samsung product support and deployments

– We have 3,000+ customers actively leveraging Samsung specific features – Samsung devices make up 63% of all Android devices under management – Samsung Gear support being prototyped

• Knox 1.0 GTM

– Product launched – In pilot phase at customers – Enabling sales globally in 2Q, 2014

• Knox 2.0 Product Development

– Expanding our Knox capabilities to include 2.0 policies – Exploring with Samsung a shift to using the new “universal mobile client” (UMC)

28

#MaaS360Knox

MaaS360 Demo

29

#MaaS360Knox

Poll Question

30

Would you like to hear from us?

a) Yes, please have Samsung reach out

b) Yes, please have MaaS360 reach out

c) Yes, please have both Samsung and MaaS360 reach out

d) No, not at this time

#MaaS360Knox

For more information

• Forum – announcements, discussions and questions

• Blog • Webinars • Resources • Social media

Request a Samsung Knox Trial: knoxtrial@sta.samsung.com Visit the MaaSters Center to discuss IT in the cloud: MaaS360.com/maasters