how to create and secure your mobile infrastructurevox.veritas.com/legacyfs/online/veritasdata/em...

How to Create and Secure Your Mobile Infrastructure Session EM B27

Mike Littleton John Engels Manager, EndPoint Infrastructure Principal Product Manager, Kelly Services Symantec Enterprise Mobility

SYMANTEC VISION 2012

Typical Mobile Needs

Presentation Identifier Goes Here 3

Enable email Access

Device inventory/

configuration

Provide network access

Asset data & ownership

Application delivery & updates

Enterprise doc/media distribution

Device security

Content wipe

Remote assistance

Web apps configuration

File sharing & productivity


Business Unit

App Developers

Support

Endpoint Mgmt/ Mobile

Security

Dividing Mobility


User


Enterprise Apps

Email

What are your key applications?


Social Media Productivity apps

Web services Collaboration apps


Understanding Managed & Unmanaged Mobility

Customers need to provide a solution for both the managed and unmanaged use cases within the enterprise

Data separation solutions evolve through APIs

MDM enables device management &

compliance

MDM is a foundation for policy management

Corporate / Personal separation becomes a

non-issue

Applications must be protected individually

Data between applications must be

secure

Enterprise Use Cases

Managed

Unmanaged

Secure Apps & Data Manage The Device

Symantec Advances Enterprise Mobility Strategy


Who Owns Mobile Management?



compliance


Managed

Manage The Device


• Endpoint Management

• Telco/Mobility

• Endpoint Security

• Help Desk


Who Owns Unmanaged Mobility Use?


non-issue



secure


Unmanaged

Secure Apps & Data


• Business Unit

• Application Developers

• Security Team

• Endpoint/Mobility Mgmt

• Help desk


Defining Enterprise Mobility Management 5 key areas of investment

Enterprise Mobility Management

Threat Protection

Expense Management

Device/User Management

Secure Container

Enterprise/Cloud

Integration

Advancing compliance automation

Secure collaboration

Best in class Mobile security

Enterprise app store & expense

control

DLP for Mobile; service brokering

identity

Managed Devices

Unmanaged Devices

Datacenter/Private-Cloud

Public Cloud Services

Security/protection agents


SYMANTEC O3

Symantec Confidential and Proprietary 9

Configuration, control and management of mobile devices

Corporate data separation and delivery of IT services

Core security functionality across platforms

Management and control of mobile expenses

Integration across the enterprise, including DLP, PKI, VIP & Cloud

Endpoint Management

Security,

Business Units

App Developers

Security Telecom

Endpoint Mgmt

Security,

Compliance

Endpoint Mgmt


Symantec Mobile Solutions

Control Point Management Portal SMP (Altiris) / SCCM

Agents Management,

Security & Identity



Mobile Management

Comprehensive Enterprise Mobility Management - MDM

Enable

Activate enterprise access, apps and data easily and automatically > iOS, Win Mobile, BB, Symbian

Secure

Protect enterprise data and infrastructure from attack and theft > Prevent JB, ensure passcodes, …

Manage

Control inventory and configuration with massive scalability > Integrated via SMP / Altiris



Tablet DLP Overview (January 2012)

12

Proxy

Symantec DLP Mobile Server

Tablet

Network Traffic • Email • Web • Top Apps

Corporate Network

Internet VPN at all

times

Direct access to Internet

Symantec Confidential - DLP for Tablets - Strategy, Roadmap & Delivery Update

Key Benefits • Reduce risk of data loss from iPads, assuming data WILL be on device • Supports consumerization - coverage for personal and corporate use cases • Lay groundwork for future tablet DLP solution enhancements

Mobile Management configuration and enforcement (7.1 SP1)




Threat Protection

Expense Management


Secure Container

Enterprise/Cloud

Integration





control


identity

Managed Devices

Unmanaged Devices





SYMANTEC O3

Inve

stm

en

ts







Understanding Managed & Unmanaged Mobility

Customers need to provide a solution for both the managed and unmanaged use cases within the enterprise



compliance



non-issue



secure


Managed

Unmanaged

Secure Apps & Data Manage The Device



Nukona Mobile Application Management & Security

Comprehensive App Wrapping Tech

App Store

Repository for internal and external mobile applications

App Policy

Protect app against data loss through encryption, removal control and separation of corporate data

Content Center

Protect and deploy content across mobile devices


Deployed SaaS or On Prem


How It Works: Policy Management

Developer creates

.IPA or .APK file

with standard

libraries Secure App Delivered

To Users

16

Security or

Endpoint Team

Create

Security

Policies




Threat Protection

Expense Management


Secure Container

Enterprise/Cloud

Integration





control


identity

Managed Devices

Unmanaged Devices





SYMANTEC O3

Inve

stm

en

ts







Mobile Security for Android

Android Security Agent

• Add to existing stable of Windows Mobile and Symbian device security

• Reputation based security

• Scheduled/Manual Anti-malware scanning

• App blacklist/whitelist enforcement

• Uninstall protection, resilience

• Basic locate/lock/passcode reset/wipe and anti-theft features managed centrally

• Single console mgmt/licensing/reporting, integrated with Mobile Management

Jun ‘12


Mobile Security for WP7/8 or iOS

(under consideration for 2013)




Threat Protection

Expense/App Management


Secure Container

Enterprise/Cloud

Integration





control


identity

Managed Devices

Unmanaged Devices





SYMANTEC O3

Inve

stm

en

ts







Identity & Access Control Layer

Cloud Information Security Layer

Cloud Information Management Layer

Control

Security

Compliance

O3

Private Cloud

Private Cloud

Symantec O3: The New Cloud Control Point

Symantec Advances Enterprise Mobility Strategy20

Extend internal security policies to public and private cloud services accessed from mobile devices


Mobile Device and Application Management – Kelly Services Customer Experience



About Kelly Services

Kelly Services, Inc. (NASDAQ: KELYA, KELYB) is a leader in providing workforce solutions. Kelly® offers a comprehensive array of outsourcing and consulting services as well as world-class staffing on a temporary, temporary-to-hire and direct-hire basis. Serving clients around the globe, Kelly provides employment to more than 530,000 employees annually. Revenue in 2011 was $5.6 billion. Visit www.kellyservices.com and connect with us on Facebook, LinkedIn, & Twitter.


Count the ways…

• Packaged Nike ® tennis shoes

• Assembled treadmills

• Scored standardized student assessments

• Handled eBay ®customer services calls

• Assisted in creating a vaccine to combat biological agent anthrax

• Upgraded Colleague infusion pumps used in hospitals

• Made Tombstone or Kraft ® pizza

• Assisted with R&D for new contact lenses

Kelly employees have:



Kelly Services Spans the Globe

EMEA APAC AMERICAS

Belgium Canada

United States

Mexico

Puerto Rico

Denmark

France

Germany

Hungary

Ireland

Italy

Luxembourg

Netherlands

Norway

Poland

Russia

Sweden

Switzerland

United Kingdom

Australia

China

Hong Kong

India

Indonesia

Malaysia

New Zealand

Philippines

South Korea

Singapore

Thailand

Portugal

12,000 computers globally, 1600 active EAS users


Thoughts on Mobility

• Attended Mobility conference in Chicago involving 20 of the Fortune 500

– Less than half (8) use an MDM tool

– None are in the cloud completely

– MDM is used for device wipe, inventory, provisioning, alerts on jailbroken devices and app deployments

– Little differentiation with iOS management

– None of the companies integrate data coming from MDM with asset or systems management tools

– All would switch their MDM tool if they could

– All 20 companies agreed that, at the moment, interface and cost are the primary determining factors when choosing an MDM tool



Everyone has lots to do…

• Windows 7 migration

• Altiris 7.1 migration

• BPOS to O365 migration

• Cloud file storage and sharing

• Introduction of Macs to the Enterprise

• Split-tunnel

• BYOD

• VDI

• Mobile device provisioning

• Ivy Bridge qualification

• Daily maintenance of current platforms

And we’re going to do MDM…



What Kelly was looking for

• Needed to meet a basic set of requirements

– iOS configuration support

– Expand on EAS security policies

– Selective wipe capabilities

– Deploys apps and content

– Detects jailbroken devices

– Integration with AD

– Integrates with our asset and systems management tools

• Relatively low cost

• Relatively easy to use

• Choose a vendor who would be around for awhile

• Decided on Symantec Mobile Management (SMM)



Why SMM?

• SMM has comprehensive MDM capabilities, including policy enforcement, inventory, jailbreak detection, selective wipe and content deployment

• SMM leverages the Symantec Management Console

• SMM is tightly integrated with other Symantec products we use; ITMS and Workflow

• Symantec’s mobile security products, such as authentication and data security solutions, complement SMM well

• Our research shows that SMM is cost competitive

• Use what we know!



Symantec Management Console Integration



Demonstration



What’s to Come

• Review current EAS policies and determine if we should strengthen them with SMM

• Migration to O365 will allow us to provision mobile device access to corporate email with SMM. Since you can provision email with SMM, a selective wipe will remove it

• Looking forward to new releases of SMM that will add additional iOS and Android capabilities

• Determine how Nukona acquisition compliments SMM

• Deploy Kelly branded SMM agent and Kelly Sales App later this year to mobile salesforce



Kelly Enterprise App Store on personal iPhone



Enterprise App Store



App Authorization Controls


Summary

Symantec Confidential and Proprietary 44 Presentation Identifier Goes Here


Bringing Management, Security & Identify Together in a Post-PC Era

Combining MDM, mobile app management and identity allows Symantec to offer a comprehensive enterprise mobility solution

Device Protection App/Data Protection

• Mobile Management: Centralized Console for MDM

• SCCM: MDM for Microsoft System Center

• Mobile Security: App insight for Android

• Trad. Security: SEP, DLP, Backup etc

• App Center: Centralized policy and security wrapping for Apple, Android, BB and WP7/8

• Zones: Secure data sharing and collaboration

• O3: Federated Identity

Identity

• O3: Federated Identity

• mpki: certificate integration and deployment


Thank you!

Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

John Engels

Principal Product Manager

46 Symantec Confidential and Proprietary

how to create and secure your mobile infrastructurevox.veritas.com/legacyfs/online/veritasdata/em...

Documents