enterprisebyoxbestprac2ces and)pi4alls:)any)app,)any ......angry birds twitter !! app store safari...

Enterprise  BYO-­‐X  Best  Prac2ces  and  Pi4alls:  Any  App,  Any  Device,  

Any  Data,  Anywhere  

Doug Lane Director of Product Marketing

AppSense

Doug Lane - AppSense April 25, 2013

Enterprise BYO-X Best Practices & Pitfalls: Any App, Any Device, Any Data, Anywhere

3

What you should walk away with (or I’ve failed)

§  The *REAL* BYOD “problem” (hint: it’s not about the device)

§  Why current solutions are NOT solutions at all

§  Key Enterprise Mobility Mgmt (EMM) lessons learned (the hard way)

§  3 Phases to EMM success

§  What to look for in an EMM solution

Mobility

Simultaneously the best & scariest thing to happen to Enterprise IT

You already know you have a problem…

…but do you know just how big it really is?

9

Step back to realize the complexity…

Explosion of Apps

Corporate Data Security and Compliance

Multiple Platforms

10

It’s Not Just BYOD

It’s Actually BYO-X

11

BYO-X

Devices Apps

APP

APP

G APP APP

Data

=

12

The BYOX balancing act…

End Users

§  Apps they want...

§  On the devices they choose…

§  With access to the data they need Enterprise IT

§  Security

§  Compliance

§  Control

13

No Good Solution Options for IT

1st Gen Solutions Were Developed Pre-app

and Tablet Explosion

“No single vendor offers a comprehensive product for management of apps, svcs, policy, devices and security… move towards app-level management is key…”

15

Files Pro

iChat

Weather

Path

Settings

Notes

Facebook

Twitter Angry Birds

   App Store

iPod Safari Photos

   Calendar

   Office 2 HD

Current Solutions – Just Say “No”

Lockout User Apps Lockdown User Devices

YouTube

Weather

DataNow

Path

Settings

Notes

Facebook

Twitter

Dolphin

Box.net

   Office 2 HD

Yammer

Mail Photos

   App Store

Siri

iTunes Safari

Camera

iCloud

Dolphin Yammer

Mail

Box.net Quick Office

§  Architected for Expense and Inventory Management

§  Coarse Device Level Controls Only

§  No Personal/Work Isolation or Data Encryption

§  Proprietary Apps Only

§  No 3rd Party App Support w/o SDK

§  Severely Degraded User Experience

MDM Containers/SDKs

16

➔  No App Security

➔  No Data Encryption

➔  No Privacy

Strong OTA Device Mgmt & Configuration

MDM –

MDM +

Mobile Device Mgmt MobileIron, Zenprise, Airwatch…

Proprietary Containers Good Technologies, Enterproid…

MDM PROPRIETARY CONTAINERS/SDKS

➔  Horrible User Experience

➔  Limited/Proprietary Apps

➔  No MDM

Proprietary App & Data Security

Container –

Container +

17

➔  No App Security

➔  No Data Encryption

➔  No Privacy

Strong OTA Device Mgmt & Configuration

MDM –

MDM +

Mobile Device Mgmt MobileIron, Zenprise, Airwatch…

Proprietary Containers Good Technologies, Enterproid…

MDM PROPRIETARY CONTAINERS/SDKS

➔  Horrible User Experience

➔  Limited/Proprietary Apps

➔  No MDM

Proprietary App & Data Security

Container –

Container +

+ OPTIMAL  NATIVE  APP/DEVICE  EXPERIENCE  + REAL  DATA  ENCRYPTION  + REAL  PRIVACY  + STRATEGIC  APP/DEVICE/DATA  SOLUTION  

FULL  APP  &  DATA  SECURITY  

STRONG  OTA  DEVICE  MGMT  &  CONFIGURATION  

EMM  

18

Delivering Value Demands an EMM Strategy, NOT just BYOD

MAM MDM Data SPOG

Data

Devices

Apps

102

103

Bus

ines

s Va

lue

Building a Strategic IT Platform

101

19

Enterprise IT

The New World of Agile IT – Just Say “Yes”

End Users

§  BYO-X

§  Rich Enterprise App Market

§  Self-Service Apps & Data

§  Strongest BYO-X Security

§  Fine-Grain App and Data Controls

§  No App/OS Customizations

20

That sometimes means knowing what NOT to do

21

The EMM Commandments – Thou Shalt NOT…

§  …think BYO-X can be driven or controlled by the Enterprise

§  …restrict app choice or force use of substandard apps

§  …assume because it works on desktops it will work on mobile

§  …think all mobile devices, platforms and OS’s are created equal

§  …believe users aren’t smart enough to go around IT

22

Key EMM Lessons Learned (to always keep in mind…)

§  Liberate users, don’t lock them down

§  Mobility is Darwinism at its best (and worst)

§  Native experience wins

§  Apply controls only where they are needed

§  One size does not fit all

§  Keep up or fall perilously behind

23

24

3 Phases to Achieving EMM Success

Value MDM

§  Basic, Coarse Device Ctls §  Remote Device Configs

APP

APP

G APP

APP

MAM

§  Fine-Grain App & Security Ctls (incl. Email) §  Rich, Multi-Sourced Apps §  Fully Native App Experience

Mobile File Access & Sharing

§  Single-Pane-of-Glass Access §  Simple File Sharing §  End-to-End Security Encryption

25

Key EMM Solution Requirements

Mobile Device Management

§  Do NOT Turn Devices into Bricks

§  Apply Device Controls ONLY

When & Where Needed

§  Preserve Native Features

§  Enable 1-Click Configs for Everything

26

Hyper-Targeted Controls

NOT This

– Device

Do This…

– Application

27

Key EMM Solution Requirements

Mobile App Management §  Fine-Grain App Security and Controls

– Deep, Meaningful & Targeted

§  Real-Time Policy Enforcement

§  Seamless End-User App Delivery

§  Fully Native App Experience

§  No App/OS Customizations or

Coding to an SDK or API

APP

APP

G APP

APP

28

Mobile OS

Preserve Users Native Experience

Personal Apps

Applications perform normally in their native OS environment. Personal apps can not access business apps.

Business Apps

Fully native apps. No App/OS customizations required. Fin Mktg Sales HR

Biz apps are isolated from personal apps. Enforce app policies and data encryption.

Fully Native Experience

29

Mobile OS (iOS/Android)

Layered App and Data Policies/Controls

Data R/W, App, System/OS

Calls

Personal

Device Security

Data Encryption/Isolation

Authentication

Policy Enforcement

Business

Fin Mktg Sales HR

30

Key EMM Solution Requirements

Secure Email

§  One-Size Does NOT Fit All

§  Provide Multiple Options –

Native Email Clients & 3rd Party

§  Match Users’ Security Posture with

the Right Email Client

31

Status Quo BYOD

Key EMM Solution Requirements

Restrict Corp Email Access

Remote Corp Email Wipe

Email Body & Attachment Encryption

Secure Attachment Launching

URL Re-Direct to Secure Browser

Real-Time Policy Enforcement and DLP

Restrict Offline Email & Attachment Access

Next Gen EMM

Secure Email

32

Key EMM Solution Requirements

Mobile File Access & Sharing

§  Simple, secure access to all data

§  End-to-End encryption

§  Centralized policy & compliance ctrl

§  Aggregate data from multiple sources

33

Key EMM Solution Requirements

Mobile File Access & Sharing

Solve your Dropbox Problem without adding another Box

§  NO new storage

§  NO costly data migrations

§  Beware of wolves in sheep’s clothing

34

H:\   S:\   F:\   SharePoint   SharePoint   FTP   WebDav   Cloud  Storage  

Simplified File Access & Sharing

35

Enable Instant End-User and IT Value

§  Self Service

§  C2B Apps

§  B2B Apps

§  Simple, Secure Data Access

§  IT – Instant Biz Enablement

§  App Pubs – Zero SDK

§  Data – Follow Me Experience

§  Multi-Platform

§  Policy/Compliance Enforcement

§  Data Encryption/Isolation

§  Offline Use

§  Secure Email

VP  HR  

VP  MKT  

VP  Sales  

VP  FIN  

App Ecosystem

APP

APP

G APP APP EMM Solution

36

Follow-me Mobile Enterprise

End User Choice Centralized Admin

Apps

Data

Policies

Profiles

EMM

Doug Lane - AppSense April 25, 2013

Enterprise BYO-X Best Practices & Pitfalls: Any App, Any Device, Any Data, Anywhere

Ajay Arora

CTO – Mobile December 2012