IBM MaaS360 Massively Reimagines Enterprise Mobility Management
Vertical Mobility Deployments - MaaS360 and Samsung Fitting Every Business Need
-
Upload
maas360-by-fiberlink -
Category
Documents
-
view
658 -
download
3
description
Transcript of Vertical Mobility Deployments - MaaS360 and Samsung Fitting Every Business Need
Vertical Mobility Deployments – MaaS360 and Samsung Fitting Every Business Need
#MaaS360Knox
Introductions
Olli Linainmaa Director of Strategic Alliances
Samsung
2
Matt Horany Regional Director - Strategic Technical Account Management
Samsung
Andrew Clarke EMM Advocate IBM MaaS360
#MaaS360Knox
Agenda
• Market trends • Vertical deployments on
Samsung devices • MaaS360 by Fiberlink, an
IBM company • Demo • Q&A
3
#MaaS360Knox
Poll Question
4
What is your top enterprise mobility initiative at this time?
a) Embracing BYOD
b) Migrating from legacy devices to multi-OS
c) Deploying public and enterprise apps
d) Providing access to work content
e) Protecting sensitive corporate data
#MaaS360Knox
Market Trends
5
#MaaS360Knox
Protect sensitive corporate data
Deploy public and enterprise apps
Provide access to work content
Top Enterprise Mobility Initiatives
6
Embrace Bring Your Own Device (BYOD)
Migrate from Legacy Devices to multi-OS
#MaaS360Knox
Embrace The New Normal
7
EMM is becoming THE IT platform
Go beyond enabling these new devices Mobile utilization of corporate network/resources Separation of corporate & personal apps/data App management & security (and app dev assist) Identity, context and more sophisticated policy
#MaaS360Knox
Enterprise Mobility Success Factors
8
Support device diversity
Separate work from personal
Simple onboarding & familiar user
experience
Multi-OS management and
security
Data containerization & privacy settings
OTA deployment & native app-like UX
#MaaS360Knox
Samsung Devices for Vertical Use Knox™ Matt Horany and Olli Linnainmaa
9
#MaaS360Knox
Employee CIO
I like the device to have high security
I want complete control of the devices for a
certain purpose
I want the device to be intuitive for work tasks
I also want to use the same device for my personal life
The Conflicting Needs of Work and Play
10
The Conflicting Requirements of Compliancy vs Usability
#MaaS360Knox
Line of Business Use for Devices
Two scenarios for Line of Business use
Corporate owned device locked for a specific purpose Does only the functions defined by the administrator
COPE device to act as a line of business enabler, and also as the personal device of the user Device has a container portion for work related tasks
#MaaS360Knox
Business
ONE DEVICE
Read personal email Personal contacts and calendar Surf the web Personal photos Access to other desirable features
Secure email and web Secure contacts and calendar Secure data at rest Purpose driven applications Access to company network through VPN Management framework Remote wipe and anti-theft
Personal
Samsung KnoxTM – Corporately Owned Personally Enabled – (COPE)
13
KNOX – The Comprehensive Secure Enterprise Mobility Platform for Android
Defense Grade, HW- supported OS Security
Platform*
KNOX Workspace
Security Enhancements for Android
TIMA
Secure Boot/Trusted Boot
ARM TrustZone Hardware
KNOX Framework
*New features will be available when the manufacture release (MR) is available.
Complete device Manageability & Control, through
530+ MDM Policies*
Workspace Container secures & isolates
Enterprise data & apps*
14
Only Knox secures every layer of the Android stack, from HW up to the application layer, with defense grade security.
KNOX Container
Security Enhancements
TIMA
Secure Boot/Trusted Boot
KNOX Framework
ARM TrustZone Hardware
Application Layer
Android Framework
Android OS
Linux Kernel
Boot Loader
Hardware
Standard Android
Application Layer
Android Framework
Android OS
Linux Kernel
Boot Loader
Hardware
Standard Android
15
Samsung KNOX Secures the Device By Linking Security to the Hardware Layer
ARM TrustZone Hardware
If values match, device continues to boot
Secure & Trusted Boot
KNOX Container
Security Enhancements
TIMA
Secure Boot/Trusted Boot
KNOX Framework
ARM TrustZone Hardware
Application Layer
Android Framework
Android OS
Linux Kernel
16
Samsung KNOX Secures the Device By Linking Security to the Hardware Layer
ARM TrustZone Hardware
TrustZone Integrity Measurement Architecture (TIMA)
TIMA
TIMA continuously monitors Linux Kernel
during runtime; If values match
device software loads
KNOX Container
Security Enhancements
TIMA
Secure Boot/Trusted Boot
KNOX Framework
ARM TrustZone Hardware
Application Layer
Android Framework
Android OS
17
Samsung KNOX Secures the Device By Linking Security to the Hardware Layer
Security-Enhanced (SE) for Android OS Apply mandatory access control (MAC); Properly isolate apps and
data in different domains
Support more than 520+ IT policies Policies to comply with the US DoD Mobile OS Security Requirements
Guide (MOS SRG) Container management VPN and Wi-Fi provisioning Management via ActiveDirectory 1,030+ MDM APIs
Per-app VPN: IT admins can force all data traffic for an individual application through a VPN connection FIPS 140-2 certified with NSA Suite B Algorithms, RSA Token and CAC (Common
Access Card) support Existing Best-In-Class SSL and IPsec based VPN support
KNOX Container
Security Enhancements
TIMA
Secure Boot/Trusted Boot
KNOX Framework
ARM TrustZone Hardware
Application Layer
18
DISA MOS SRG Compliance
FIPS 140-2 Certification
Common Criteria
Certification
CESG End User Devices Security Guidance
KNOX Secure Platform | Defense Grade Security
19
KNOX – The Comprehensive Secure Enterprise Mobility Platform for Android
Defense Grade, HW- supported OS Security
Platform*
KNOX Workspace
Security Enhancements for Android
TIMA
Secure Boot/Trusted Boot
ARM TrustZone Hardware
KNOX Framework
*New features will be available when the manufacture release (MR) is available.
Complete device Manageability & Control, through
530+ MDM Policies*
Workspace Container secures & isolates
Enterprise data & apps*
20
Device Management: KNOX supports over 530 MDM policies for enterprises to manage & control employee devices
IT Admin
Find Lock Device Wipe Lost
Device Wipe Container Lock Container
MDM Console (Cloud)
MDM agent deployed OTA and installed on phone
Knox container can be installed & managed via MDM console.
Device & Container
#MaaS360Knox
Locked Down Phone as a City Worker Device • How to define the user experience and enable your business functions?
•Lock phone down for purpose (Report Graffiti) •Application Restrictions (access to only a predefined
list of Apps) •App Security (Knox security platform) •Work with the city mapping solution •Access to a back end database •Accessories: protective case •Time to Market •Cost Sensitive
Design Factors/Requirements
More Information: http://technical.ly/philly/2014/08/11/philly-anti-graffiti-mobile-app-data/
#MaaS360Knox
MaaS360 Overview
22
#MaaS360Knox
Poll Question
23
Select the option that best describes your organization’s mobility strategy:
a) We currently support BYOD
b) We currently have a mixed environment of BYOD and COPE
c) We are evaluating our BYOD program right now
d) We are not currently supporting BYOD
#MaaS360Knox
MaaS360 Provides Comprehensive EMM
24
User Content & Collaboration
Secure Mobile Containers
Comprehensive Mobile Management
Seamless Enterprise Access
#MaaS360Knox
MaaS360 for Android
Gain Mobile Insight – Hardware information – Network information – Security & compliance – Location details
Set Security Policies – Enforce passcode requirements, device encryption – Distribute Wi-Fi, VPN & email profiles – Restrict device features – Restrict network features – Restrict native apps – Restrict location detection with GPS or
wireless networks/Google’s location service – Single and Multi-app Kiosk modes
25
Manage Mobile Apps – Blacklist, whitelist or require apps – Distribute private enterprise apps – Publish updates to apps – Delete an apps & its data on-demand – Automatically remove corporate apps if user deletes
MDM profile
#MaaS360Knox
MaaS360 for Android – Samsung SAFE™ A SAFE device delivers security & management capabilities above & beyond standard Android features
Additional Security Policies – Firmware Upgrades – Granular Bluetooth controls – Browser controls – Restrict device, security, network features – … and more
Additional Configuration Settings – Email & Wi-Fi Network Configuration – Whitelist and Blacklist SSID's – Configuration of native email client – Certificate Authentication – Internal & External Encryption
26
Advanced SAFE Features – Pure HTML5 Remote Control console – Advanced Single and Multi-app Kiosk support
Additional App Management – Silently Install & Delete Apps – Automatic malware removal
#MaaS360Knox
MaaS360 supports Samsung KNOX, which is a comprehensive mobile solution for work & play, utilizing a separate container to manage & secure business data – Comprehensive management of apps, content &
devices for the KNOX platform – Complete containerization of personal &
work data on devices – Over-the-air (OTA) configuration & management of KNOX container level security
policies – Enhanced email & browser configuration – Remote lock, unlock & selective wipe of
KNOX container data
MaaS360 for Android – Samsung KNOX™
27
#MaaS360Knox
Maas360 Current Samsung Initiatives • Samsung product support and deployments
– We have 3,000+ customers actively leveraging Samsung specific features – Samsung devices make up 63% of all Android devices under management – Samsung Gear support being prototyped
• Knox 1.0 GTM
– Product launched – In pilot phase at customers – Enabling sales globally in 2Q, 2014
• Knox 2.0 Product Development
– Expanding our Knox capabilities to include 2.0 policies – Exploring with Samsung a shift to using the new “universal mobile client” (UMC)
28
#MaaS360Knox
MaaS360 Demo
29
#MaaS360Knox
Poll Question
30
Would you like to hear from us?
a) Yes, please have Samsung reach out
b) Yes, please have MaaS360 reach out
c) Yes, please have both Samsung and MaaS360 reach out
d) No, not at this time
#MaaS360Knox
For more information
• Forum – announcements, discussions and questions
• Blog • Webinars • Resources • Social media
Request a Samsung Knox Trial: [email protected] Visit the MaaSters Center to discuss IT in the cloud: MaaS360.com/maasters