embracing secure, scalable byod with sencha and centrify
DESCRIPTION
Scalable enterprise mobility solutions: How to give your employees tools they need without sacrificing user experience and security. Consumerization of IT and BYOD are here – and it’s a GOOD thing. Today's dynamic workplaces and hyper-competitive markets drive demand for more mobile productivity solutions. Nearly 70% of enterprise employees report making better decisions, being more productive and happier if they are allowed to use mobile devices and cloud-based tools. Yet, IT organizations often resist these trends because of cost and risk associated with multi-platform, multi-device ecosystem having access to corporate data and resources. In this webinar, product experts from Sencha and Centrify will help your organization embrace BYOD and SaaS in a cost-effective, scalable way. Sencha Space is an advanced platform for securely deploying mobile apps and delivering a consistent, elegant, mobile user experience to end-users. Users can launch any mobile web app, or HTML5 app in a secure, managed environment. Combining Space with secure, Active Directory- or Cloud-Based Identity and Access Management (IAM) from Centrify gives IT visibility and control over mobile platforms and SaaS / in-house apps while improving user experience and reducing security risk.TRANSCRIPT
Embracing secure, scalable BYOD with Sencha and Centrify
Presented by:
2
Contents
- Technology Trends and Challenges
- App Development and Data
Security
- Managing Identity Sprawl
- Integration
Technology Trends And Challenges
3
4
Technology TrendsShaping the Evolution of Enterprise Mobility
Consumerization of IT
Rapid Adoption of Mobile
Enterprise Cloud Goes Mainstream
Accelerating workforce virtualization
• Personal devices becoming pervasive in the enterprise
• Organizations must address challenges around BYOD
• Opportunity for productivity gains and cost savings
• Mobile device sales surpass PC sales• Mobility comes with heightened security
risks• Driving a shift to mobile-first development• Cloud services gain acceptance for use in
production• Cloud providers adapt offerings for the
enterprise • Cloud IT investment poised for explosive
growth• Collaboration with non-employees is the new
normal• Managing access and data security is a
major challenge• Organizational boundaries increasingly
dynamic
5
Brave new world… but
IT management is losing control and visibility with increased:• Reliance on user-managed passwords• Adoption of SaaS and mobile apps• Proliferation of remote and untrusted devices
IT needs a new model… that secures all devices……solves the password problem…… and regains access control and visibility
Users have lots more choicesand use many more apps
Users, apps and devices are no longer “behind the firewall”
Mobile is the new, preferred way to access apps
• End-users have too many passwords
• Passwords are inherently weak
• Many SaaS apps have a rich mobile client
• Users have increasing numbers of devices accessing those apps
6
A few facts…
• 75% of security breaches involve compromised credentials• 71% targeted user devices• 58% perpetrated by insiders (takes 32 months to detect)• 13% leveraged misuse of privilege• Average cost $188 per record
CIO: Testifying Before the Senate
1 2 3 456.9557.9558.9559.9560.9561.9562.9563.9564.9565.95
Months After Breach
$ pe
r sha
re
$5.37 Billion in shareholder value lost
Breach disclosed in media
7
What IT cares about
1. Enable employee productivity
2. Ensure compliance requirements are addressed
3. Efficient management
1. Optimize efficiency of their developer teams
2. Deliver apps that meet business and end-user requirements
3. Maximize the useful lifetime of the app
What App Dev Managers care about
Aligning Objectives
App Development And Data Security
8
The cost of mobility can erode its ROI
Inefficient mobility and security wastes resources
Write Code
Test Publish to app market
Deploy
Update
$ $ $ $ $
Each part of the app development process incurs expenses…
Write Code
TestPublish to AppStore Deplo
yUpdate
$ $ $ $ $
Write Code
Test Publish to app market
Deploy
Update
$ $ $ $ $…which multiply with each new supported mobile OS/device platform
Management
SecurityAnd these processes and apps need to be managed and secure to limit risk
Challenges
The security landscape has raised the stakes
Security is increasingly challenging
Targeted attacks Spear phishing and social engineering Mobile malware Advanced Persistent Threats Rising cost of data breaches
How do you manage the tradeoffs between Operational flexibility Security Cost and complexity End-user experience
$
End-to-End Data Security
• Data security means protecting confidentiality and integrity of data• Management and enforcement across three modes of data use
1. At-rest – When data is stored on a device
2. In-motion – When data is traversing the network
3. In-use – When a user interacts with the data through an app on a device
• Ensuring data security as data moves across the range of untrustworthy networks and devices is not trivial
Overview
12
Managing Identity Sprawl
12
13
From: The Rise of Data-Driven Security, EMA Research Report, 2012© 2012 Enterprise Management Associates, Inc.
The Impact of Fragmented Identity
• The ideal can be hard to achieve when identity is scattered among• Applications• Systems• Endpoints• Mobile devices• Third party apps• Networks• On premises• SaaS, Cloud• Etc. …
Poor integration among security tools
Too difficult to distinguish which security actions or policies are working and which are ineffective or unnecessary
Most significant frustrations with IT security technologies? Top 2 responses:
14
Multiple identities + Password Sprawl
Create risk• Multiple logins for users• Multiple identity infrastructures for IT to manage
In-house Apps
and
100’s
more….Laptops
Smartphones and Tablets
ID
ID
ID
ID
ID
ID
ID
ID
ID
ID
15
Federated IdentityWhere users have one login ID and password And IT has one Federated Identity Infrastructure to manage
End Users
Laptops
Smartphones and Tablets
ID
16
Strengthen Security with Federated Identity
• Federated Identity ensures that users only need to use their AD userid/password– Only one password to
remember
– Password is protected by the Enterprise in AD
• AD-based federation provides several advantages for IT– Leverages existing account and
password policies – simplifying management
– Ensures that IT controls access eliminating risk of orphaned accounts
FederationTrust
Cloud Proxy Server
IDP as a Service
Firewall
ID
ID
Integrated Solution
Easily Manage Apps, Data, And Users
17
Sencha Space
Benefits Streamline app development
process –Eliminate PhoneGap/Cordova
Deliver HTML5 apps directly to end-users through a managed, secure runtime platform
Easily mobilize existing web and HTML5 apps
Helps protect your apps and data by Managing user access
Remotely wiping your data from devices as needed
Keeping your business data separate from other data on the device
Leverage developer APIs for a rich application experience
Sencha Space
• Management OvervieManagement Console• Provides centralized management of the user, data, and application lifecycles
• Allows administrators to enforce policy consistently
• Set minimum PIN length
• Specify group membership
• Provision apps to groups
• Configure advanced user authentication
• Enable SSL VPN connectivity
• Facilitates reporting and auditing with detailed usage analytics
Space Management
Centralized Admin Console
Policy Engine
Identity and Access
App Delivery
Data Security
Network Security
•Supports iOS and Android (Win Phone 8 and Blackberry in beta)
•Segregates business and personal data
•Secures business data with strong encryption and digital signatures
•Enforces policies downloaded from the console
•Facilitates secure, managed use of HTML5 apps
•Provides developer API to OS/Device features for rich, modern, mobile user experience
Mobile Client Application
Sencha SpaceClient Overview
Sencha SpaceSecurity •Data Encryption – All data is
stored encrypted in Space to protect the confidentiality of sensitive, proprietary information
•Network Security – All data transmitted between the Space client app and management server is SSL-encrypted
•VPN Support – Integration with Cisco and Juniper clientless SSL VPN for secure connectivity between the Space client app and back-end data center assets
•Authentication – Single sign-on support using widely accepted SAML open standard
Security
Key Benefits• Reduce the risk of data breach
• Grant access to applications and data based only on business need
• Deploy applications securely to anyone on any device
Sencha Space
Overview of Capabilities and Benefits
Component Capabilities BenefitsSecurity • Secure data in-motion and at-rest
• Manage user access entitlements• Manage risk• Facilitate compliance
Policy Engine • Set and enforce consistent usage and security policies
• Deploy applications instantly• Block users/devices instantly
• Improve operational efficiency
• Manage mobility risk
Analytics • Monitor activity at the user and device level• Track application activity
• Facilitate audit and reporting
• Enhance operational visibility
Developer API • Provide consistent API access to native device/OS capabilities
• Provide developer access to Space platform capabilities
• Help reduce the cost of cross-platform development
23
Centrify Cloud Services
= Unified Identity Services
+
Centrify Cloud Services
Centrify Software
• Authentication / Single Sign-On (SSO)• Auditing and reporting• Self-service portal• Mobile application management• Encryption of data-in-motion
• Policy Enforcement• Authorization and role-based access
control• Mobile Zero Sign-on (ZSO)• Mobile device management• etc.
Centrify Cloud Service
Centrify for
iOS
Centrify for Android
Centrify Cloud Proxy Server
Centrify DirectManage Framework
DirectManage ADUC
Extension
DirectManage GroupPolicy
Extension
Microsoft Certificate Authority
Firewall
Centrify for Mac
Active Directory-based Security Infrastructure
Centrify Cloud
Manager
Centrify for SaaS
Centrify Cloud Services
24
25
Centrify Cloud Proxy Server
Centrify Cloud Service
Centrify for SaaS
Centrify Cloud
Manager
Firewall
Centrify for SaaS
• One click SaaS SSO leveraging Active Directory credentials
• SSO Integration with SaaS via SAML, HTTP, proprietary API, OAuth, Open ID connect
• User self-service for mobile devices (e.g. location, wipe, lock)
• User self-service for AD account (e.g. edit attributes, reset password)
• Common administration tools for mobile and SaaS applications
SaaS Apps
SaaS and Mobile App CatalogYou Are Here
ISV Onboard
Centrify Cloud Services
Microsoft Certificate Authority
Active Directory-based Security Infrastructure
26
Centrify Cloud Proxy Server
Centrify Cloud Service
Microsoft Certificate Authority
Centrify Cloud
Manager
Firewall
SaaS Apps
MobileApp
Centrify for iOS and Android
Active Directory-based Security Infrastructure
Centrify for Mobile Applications
• Device is authenticated and joined to Active Directory
• Enables silent authentication aka Zero Sign-On (ZSO) for mobile apps via simple integration withCentrify Mobile Authentication SDK
• Mobile apps interacts with Centrify cloud services for authn and authz
• Mobile app can also access information about user attributes in AD
• App settings can be centrally managed based on AD Group Policy
• Remote wipe of Mobile App & Data
• Common administration tools for mobile and SaaS applications
SaaS and Mobile App CatalogYou Are Here
ISV Onboard
Centrify Cloud Services
27
Centrify Simplifies SaaS/Mobile Federated Auth
Integrate Mobile App Authentication provides true enterprise Zero Sign-On
• Mobile app authenticates and registers AD as it’s identity provider
• Mobile app can access information about user attributes in AD
• Mobile app gains SSO to backend services
Cloud Proxy Server
IDP as a Service
Firewall
Mobile OS
Mobile App
Mobile Auth
SDKMDM
Step 2One time user authentication
& device registration
Step 1Web Application Registration
Step 4Token basedAuthentication
Step 3Token Generation
Hosted Application
ID
28
Extend Identity Services to Mobile Platforms
Mobilize app and service access– Enable mobile access to Enterprise services and
applications– Design mobile interfaces to seamlessly integrate with the
Enterprise services
Containerization to separate work from personal– Protect work applications and data from data leakage– Provide the laptop experience on mobile, unlock and
access all business apps
Centralize mobile and application administration– Enabling IT to manage security policies for Mobile,
Workstations and Servers– Unifying app management into one interface for Mobile,
Web and SaaS Apps– Leveraging automated lifecycle management through AD
Integrated Solution
How Sencha And Centrify Technology Can Help
29
30
Cloud Proxy Server
Firewall
Hosted Application aka Sencha Space Cloud Service
Step 1Web Application Registration
Step 3Token basedAuthentication
Step 2Token Generation
ID
Centrify IDP as a
Service
Centrify + Sencha for Cloud SaaS Apps
Mobile OS
Sencha Space App
Auth Client
Integrated Solution
Demo Of SAAS Application
31
32
Cloud Proxy Server
Firewall
Internal Application
Step 3Token based
Authentication
Step 2Token Generation
ID
Centrify + Sencha for Internal SaaS Apps
Step 1Web Application
Registration
Mobile OS
Sencha Space App
Auth Client
Centrify IDP as a
Service
Integrated Solution
Demo Of Internal Application
33
34
Resources
Centrify• Centrify IDaaS, MDM and MAM:
https://www.centrify.com/cloud/cloud-service-registration.asp
• Centrify Developers: http://developers.centrify.com
• Questions: [email protected]
• Twitter: @centrify, @annamsr
Sencha• Sencha Space
http://www.sencha.com/space
• Get started with a free trial in less than 5 minutes!
https://manage.space.sencha.com
• Questions:
• Twitter: @sencha, @nharlow