Enterprise Mobility Management (EMM)

La sfida del BYOD e l'evoluzione della Mobility

Leonardo Rava

Senior System Engineer Enterprise Security, Mobility and Management (ESMM)

Mobile: The New Normal

Sources: 1. Cisco VNI Global IP Traffic Forecast, 2012-2017 2. http://www.nielsen.com/us/en/insights/news/2012/state-of-the-appnation-a-year-of-change-and-growth-in-u-s-smartphones.html 3. Symantec, State of Mobility Survey

NUMBER OF DEVICES per person by 20171

NUMBER OF APPS on a end-user’s device on

average2

NATIVE APPS Percentage of time spent on native apps vs. web apps2

ENTERPRISE APPS Percentage of enterprises developing custom apps3

71% 81% 5 41

Blurring Between Work and Play

49% USE THEIR PERSONAL DEVICE FOR WORK AND PLAY

30% OF PARENTS LET THEIR KIDS PLAY, DOWNLOAD AND SHOP

ON THEIR WORK DEVICE

36% SAY THEIR COMPANY HAS NO POLICY ON USE OF

PERSONAL DEVICES FOR WORK

57% AREN’T AWARE THAT SECURITY SOLUTIONS FOR MOBILE DEVICES EXIST

Source: Norton survey 2013

What does Mobile Workforce Productivity mean to you?

4

Reconciling the conflicting requirements of user and admin

Users

• Choose my device(s) and use them for business and personal

• Gain access to email and network • Provision my own apps • Collaborate with others • Avoid calling help desk

“Help me maximize productivity on any device”

IT

• Configure and secure all endpoints accessing the corporate network

• Protect critical business data • Minimize risk of attack • Reduce cost of ownership

“Help me maximize user productivity and protection”

Symantec Mobility Partner Pack | Confidential: Do Not Distribute

New Platforms, New Devices

• Multiple platforms with disparate controls

• Protect corporate data while leaving personal data untouched

• Users want the latest technology and apps

Mobile Apps

• Data leaking to unauthorized, cloud-based apps

• Users adopting personal apps to improve productivity

• Exposure to malware and risky apps

• Data not being encrypted

The Enterprise Mobility Challenge

Android Challenges for the Enterprise

• Fragmentation creates support headaches

• Open source introduces more risk

5 5

Current BYOD approaches provide security at the expense of privacy: MDM too intrusive.

BYOD brings rampant use of insecure cloud services These commercial cloud storage and backup providers can present security risks to corporate data, since data is in the hands of a third party. Even when cloud repositories are encrypted, it's often that third party—not their customers—who hold the encryption keys.

Even IT professionals tasked with securing corporate data would be concerned about the privacy of their personal information if mobile device management (MDM) software were installed on smartphones or tablets they brought from home to use at work.

BYOD is here to stay, like it or not: Eighty-eight percent of respondents said their companies had some form of BYOD, whether sanctioned or not.

Why MDM alone is not enough

MDM being used to solve broader mobile challenges can bring unplanned challenges:

• Managing personal devices = more overhead

• Cannot take targeted remediation; whole device or nothing

• “All or nothing” policies (ex: block Airdrop & iCloud)

• User privacy doesn’t exist; IT can see everything on the device

• User experience is impacted

• No protection against malicious threats

8

Time

Cap

abili

ty

Mobile Device Management (MDM)

Mobile Application Management (MAM)

Mobile Information Management (MIM)

Security and management of corporate apps, data & content

App distribution and user access management

Corporate lock down, control, configure, encrypt, and enforce

policies on mobile devices

Symantec Enterprise Mobility

Evolution of Enterprise Mobility Management (EMM)

9

Symantec Mobility

On-Premise Public Cloud Private Cloud

Mobile Device Compliance

App Delivery & Protection

Productivity Apps Threat Protection

Symantec Mobility

Manage Apps (MAM) App & Content Distribution: centrally deploy and manage mobile apps and content to users by role App security & Compliance: enforces app level policies like authentication, single sign-on, encryption, and data sharing restrictions Secure Productivity Apps: provides secure email and secure browser with data leakage controls and an optimized user experience Content security: enforces content level security policy

Protect Against Threats Anti-malware Protection: scans and neutralizes malware and phishing sites App Advisor: identifies risky apps (apps that leak data, drain battery power or consume too much bandwidth) and allows users to remove them Compliance & Remediation: restrict email and app access based on device security posture

Manage Devices (MDM) Device Enrollment: provides visibility and control over all mobile device types Device Configuration: enables device access to corporate resources like email Device Security: protects corporate data with device passwords, remote lock and wipe Compliance & Remediation: restricts network access from jailbroken or rooted devices App & Content Distribution: centrally deploy and manage mobile apps and content to users by role Secure Exchange: secure and lock down your Exchange against unauthorized access

11

Manage mobile devices Simplified way to enable, configure, secure and manage mobile devices in across your enterprise from an user-friendly admin console

12

Symantec Enterprise Mobility Solution 13

Enable

• Enterprise Activation

• Internal AppStore

• Configuration Management

• Policy Management

• Selective Wipe

• Compliance Enforcement

• Certificate Management

Secure Manage

• Asset Reporting and Alerts

• Automated Workflow

• Enterprise Scalable

Enable and manage mobile devices

Enterprise App Store Help your workforce find the apps, either custom-developed or commercially off-the-shelf, that helps them become more efficient

14

Build your own Enterprise App Store

Enterprise app store

End-user

15

Public apps

Web apps

Corporate apps

Public apps

Web apps

Documents

Secured and Containerized

Safely Extends Enterprise Resources to Mobile Apps

- Improves employee productivity - Secures app data in transit - Separates corporate data traffic from personal data traffic

Traffic from Business apps is rerouted to secure tunnel

Access to Corporate Network from specific corporate apps only

Traffic from personal apps untouched

Personal traffic does not traverse corporate network

16

Solve ‘Bring your own device’ (BYOD) Clear Separation of Corporate & Personal Data Allow Personal Devices • Access to corporate information, securely

• Auto-configuration of settings like Wi-Fi, VPN

• Lock and wipe specific corporate data only

Privacy – Addressed • No device level controls

• No monitoring of device apps or data

• Focus on corp data and apps

Corporate apps

Per-app policies

Pinpoint revocation

Personal apps

Personal data

17

Corporate Email Control which mobile devices access email, prevent data loss, encrypt sensitive data and enforce advanced compliance policies

18

Prevent unauthorized access to Exchange

19

Network Security

Secure Access to Exchange ActiveSync

No firewall holes, no direct access

Access Control

Policies for users, devices and apps

Independent of mail network infrastructure

Compliance

Terminates non-compliant devices outside LAN

Inline and out-of-band communications

Why do we need a separate Secure Email App?

20

Native Email on Mobile Devices has Limitations

• Personal and corporate data are not separated

• Copy-Paste is not restricted. Attachments can be stored in any app

• Needs Device/MDM controls (Passcode/wipe, Email forwards, Siri, iCloud)

Android in the Enterprise

• No standard email app across the different Android platforms

Embrace BYOD

• Addresses data loss concerns without managing the whole device.

• Dedicated corporate email client fit for BYOD environments

• Scalable and streamlined

Embrace Android in the Enterprise

21

Mobile Security Threats Big Numbers

51,084 threats identified during the first half of 2013

21 million devices infected during the first half of 2013.

43% of malware discovered in 2013 falls into the broad category of Potentially Unwanted Programs (root exploits, spyware, pervasive adware and Trojans surveillance hacks).

Source: Symantec Threat Intelligence Brief: AUGUST 2013

Protect against malicious threats

Confidently embrace Android in the enterprise

…provides

advanced, proactive protection

against apps with risks.

Important Most Important

Malware Protection

Anti-Phishing

Call & SMS Blocking

SMS

Mobile Risks

• Samsung Galaxy S5 fingerprint scanner can be tricked Samsung's newly released Galaxy S5 phone sports a fingerprint scanner embedded in the home button that works well but unfortunately, like iPhone 5S' TouchID before it, can be tricked with a mould of the user's fingerprint.

• What are the most significant mobile security challenges for enterprise security professionals? You can’t secure what you can’t see. Thanks to mobile, a lot of corporate data is now outside the four walls of the company.

• Some think using a VPN solves most problems, would you agree? Instead of focusing on securing the device, we now have to look at which data needs to be protected while also considering user experience and user productivity.

Financial services cyber trends for 2015 If 2014 was the “year of the breach,” what cybersecurity threats await us in 2015?

1. There will be a shift towards active cyber risk mitigation and monitoring with third parties, versus the current “self-certification” process that is proving less reliable. 2. The rise of the “fusion center.” Firms are building cyber “fusion centers” that better integrate the many different teams to boost intelligence, speed response, reduce costs and leverage scarce talent. 3. Information protected at the database and data element level. The use of tokenization, chip cards and other solutions will increasingly render stolen data useless to hackers. 4. Rise in alternative payment systems creates exposure. Use of underlying technologies like Bluetooth or NFC creates opportunities for cyber attacks and breaches. 5. Cyber crime analysis evolves away from brute force to big data.

6. Hacktivism spreads to the Middle East. Regional threat actors have adopted local grievances and formed hacktivist collectives similar to or associated with Anonymous. 7. “Western” cyber problems are coming to a developing nation near you. Economic prosperity and light-speed growth in mobile banking in some countries have bypassed regional and local financial organizations’ ability to manage threats. 8. War gaming drives incident response preparation. 9. Everything firms know about privacy has changed. The next generation of privacy is focused on the halo of information around individuals – the transactional, behavioral and navigation information generated as individuals move and interact through the online and physical world. 10. Cyber insurance usage grows while coverage and ability to successfully make claims shrinks. The insurance industry is in a race to actuarially quantify new cyber risks and to carve out coverage of large, uncertain future risks.

25

Financial services cyber trends for 2015 If 2014 was the “year of the breach,” what cybersecurity threats await us in 2015?

4. Rise in alternative payment systems creates exposure. Use of underlying technologies like Bluetooth or NFC creates opportunities for cyber attacks and breaches.

7. “Western” cyber problems are coming to a developing nation near you. Economic prosperity and light-speed growth in mobile banking in some countries have bypassed regional and local financial organizations’ ability to manage threats. 9. Everything firms know about privacy has changed. The next generation of privacy is focused on the halo of information around individuals – the transactional, behavioral and navigation information generated as individuals move and interact through the online and physical world.

26

IL GARANTE PER LA PROTEZIONE DEI DATI PERSONALI 12 novembre 2014

Nel caso di utilizzo di sistemi di firma grafometrica nello scenario mobile

o BYOD (Bring Your Own Device), sono adottati idonei sistemi di gestione

delle applicazioni o dei dispositivi mobili, con il ricorso a strumenti MDM

(Mobile Device Management) o MAM (Mobile Application

Management) o altri equivalenti al fine di isolare l'area di memoria

dedicata all'applicazione biometrica, ridurre i rischi di installazione

abusiva di software anche nel caso di modifica della configurazione dei

dispositivi e contrastare l'azione di eventuali agenti malevoli (malware).

27

Almost 1 in 10 Android apps are now malware

1. The number of Android viruses continues to rise 2. Payment-based viruses are becoming more

prevalent 3. Asia ranks highest for infection rates, followed by

in France and Russia 4. Android operating systems matter 5. Attacks targeting Wi-Fi networks have

proliferated around the world

The major mobile security events from the past six months include: 1. April: The OpenSSL Heartbleed vulnerability can result in leaked account names, passwords, credit card numbers and other private info. 2. May: The eBay leak was one of the hottest pieces of security news in the last six months. Official data showed that 145+ million users were affected. 3. May: Express SMS frauds attacked Android users in Taiwan.

Mobile Risks

Appthority has released a survey that found 95% of the top 200 free iOS and Android apps exhibit at least one risky behavior:

• 70% allow location tracking

• 69% allow access to social networks

• 56% identify users

• 53% are integrated with ad networks

• 51% allow in-app purchasing

• 31% enable address books and contact lists to be read.

Copyright © 2014 Symantec Corporation

Symantec Solution: Achieving your mobility objectives

Overview: Regional airline with over 7,000 employees, corporate owned devices. 1000s of flights per day.

CASE STUDY: Secure Content Distribution

• Eliminate 40 pound pilot flight bag manuals

• Securely distribute flight manuals electronically

• Enable corporate employees with secure e-mail

• Plans mobile application management

Goal

• App Center based Electronic Flight Bag solution: Securely distribute content to thousands of iPads.

• Health benefit for pilots (save back pain)

• Eliminated $110,000/year on paper shipping costs

• Protect Android Option: Calculated future $2M savings of capital spend if they adopt Android tablets. Symantec provides complete protection for Android app protection and threat prevention.

Solution

CASE STUDY:

Secure Content Distribution http://www.symantec.com/content/en/us/enterprise/customer_successes/b-airforce-CS-en-us.pdf

Before Mobility

Monthly Flight Info Updates

327 Regional Airports

120+ lbs./flight

Hundreds of flights/day

Mobilize Business

$110,000/Year Shipping cost

40 lbs/pilot

$0 shipping/Year 1 2lb iPad/pilot (save the back)

Electronic Flight Bag App Delivered to Tablets

6 lbs./flight

Hundreds of flights/day

• Integrated MDM and MAM for multiple uses

• Symantec Secure E-mail

Comprehensive Solution for Diverse Use Cases

• Protect 3rd party mobile apps and data

• New partners added weekly

One of the Largest Partner App Ecosystems

• Per user pricing is more predictable

• Single provider for all security needs

Economical Mobility Solution

Why Symantec Mobility

Mobilize Business

Mobilize Information

Mobilize People

Company-owned Personally-owned

Man

age

d

Un

man

age

d

BYOD

Apps. Data

Device. Apps. Data Device. Apps. Data Dev

ice

ce

ntr

ic

Ap

p c

en

tric

Symantec Can Help at Every Stage

34

Time

Cap

abili

ty

Mobile Device Management (MDM)

Mobile Application Management (MAM)

Mobile Information Management (MIM)

Security and management of corporate apps, data & content

App distribution and user access management

Corporate lock down, control, configure, encrypt, and enforce

policies on mobile devices

Symantec Enterprise Mobility

What’s the Next Step in Your Mobility Journey?

35

5 key things to consider when developing an enterprise mobility management strategy

• 1. Define company-specific mobility best practices and policies

• 2. Support employees on multiple endpoints

• 3. Maximize security

• 4. Empower employees with self-service

• 5. Create a fully unified EMM solution

“BYOD is one of the most important directions in enterprise IT, with

enormous potential benefits in productivity and cost savings…

…but BYOD isn’t just about securing or even managing mobile devices.

There are major requirements in consciousness, policy definition and enforcement,

and end-to-end solutions that include not just devices, but the enterprise

data they increasingly contain.”

Leonardo Rava Senior System Engineer - Enterprise Security, Mobility and Management (ESMM)

Leonardo_rava@symantec.com

Thank You

Appendix

Thank you!

Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

50