how to create and secure your mobile infrastructurevox.veritas.com/legacyfs/online/veritasdata/em...
TRANSCRIPT
How to Create and Secure Your Mobile Infrastructure Session EM B27
Mike Littleton John Engels Manager, EndPoint Infrastructure Principal Product Manager, Kelly Services Symantec Enterprise Mobility
SYMANTEC VISION 2012
Typical Mobile Needs
Presentation Identifier Goes Here 3
Enable email Access
Device inventory/
configuration
Provide network access
Asset data & ownership
Application delivery & updates
Enterprise doc/media distribution
Device security
Content wipe
Remote assistance
Web apps configuration
File sharing & productivity
SYMANTEC VISION 2012
Business Unit
App Developers
Support
Endpoint Mgmt/ Mobile
Security
Dividing Mobility
Presentation Identifier Goes Here 4
User
SYMANTEC VISION 2012
Enterprise Apps
What are your key applications?
Presentation Identifier Goes Here 5
Social Media Productivity apps
Web services Collaboration apps
SYMANTEC VISION 2012
Understanding Managed & Unmanaged Mobility
Customers need to provide a solution for both the managed and unmanaged use cases within the enterprise
Data separation solutions evolve through APIs
MDM enables device management &
compliance
MDM is a foundation for policy management
Corporate / Personal separation becomes a
non-issue
Applications must be protected individually
Data between applications must be
secure
Enterprise Use Cases
Managed
Unmanaged
Secure Apps & Data Manage The Device
Symantec Advances Enterprise Mobility Strategy
SYMANTEC VISION 2012
Who Owns Mobile Management?
Data separation solutions evolve through APIs
MDM enables device management &
compliance
MDM is a foundation for policy management
Managed
Manage The Device
Symantec Advances Enterprise Mobility Strategy
• Endpoint Management
• Telco/Mobility
• Endpoint Security
• Help Desk
SYMANTEC VISION 2012
Who Owns Unmanaged Mobility Use?
Corporate / Personal separation becomes a
non-issue
Applications must be protected individually
Data between applications must be
secure
Enterprise Use Cases
Unmanaged
Secure Apps & Data
Symantec Advances Enterprise Mobility Strategy
• Business Unit
• Application Developers
• Security Team
• Endpoint/Mobility Mgmt
• Help desk
SYMANTEC VISION 2012
Defining Enterprise Mobility Management 5 key areas of investment
Enterprise Mobility Management
Threat Protection
Expense Management
Device/User Management
Secure Container
Enterprise/Cloud
Integration
Advancing compliance automation
Secure collaboration
Best in class Mobile security
Enterprise app store & expense
control
DLP for Mobile; service brokering
identity
Managed Devices
Unmanaged Devices
Datacenter/Private-Cloud
Public Cloud Services
Security/protection agents
Security/protection agents
SYMANTEC O3
Symantec Confidential and Proprietary 9
Configuration, control and management of mobile devices
Corporate data separation and delivery of IT services
Core security functionality across platforms
Management and control of mobile expenses
Integration across the enterprise, including DLP, PKI, VIP & Cloud
Endpoint Management
Security,
Business Units
App Developers
Security Telecom
Endpoint Mgmt
Security,
Compliance
Endpoint Mgmt
SYMANTEC VISION 2012
Symantec Mobile Solutions
Control Point Management Portal SMP (Altiris) / SCCM
Agents Management,
Security & Identity
Symantec Confidential and Proprietary 10
SYMANTEC VISION 2012
Mobile Management
Comprehensive Enterprise Mobility Management - MDM
Enable
Activate enterprise access, apps and data easily and automatically > iOS, Win Mobile, BB, Symbian
Secure
Protect enterprise data and infrastructure from attack and theft > Prevent JB, ensure passcodes, …
Manage
Control inventory and configuration with massive scalability > Integrated via SMP / Altiris
Symantec Confidential and Proprietary 11
SYMANTEC VISION 2012
Tablet DLP Overview (January 2012)
12
Proxy
Symantec DLP Mobile Server
Tablet
Network Traffic • Email • Web • Top Apps
Corporate Network
Internet VPN at all
times
Direct access to Internet
Symantec Confidential - DLP for Tablets - Strategy, Roadmap & Delivery Update
Key Benefits • Reduce risk of data loss from iPads, assuming data WILL be on device • Supports consumerization - coverage for personal and corporate use cases • Lay groundwork for future tablet DLP solution enhancements
Mobile Management configuration and enforcement (7.1 SP1)
SYMANTEC VISION 2012
Defining Enterprise Mobility Management 5 key areas of investment
Enterprise Mobility Management
Threat Protection
Expense Management
Device/User Management
Secure Container
Enterprise/Cloud
Integration
Advancing compliance automation
Secure collaboration
Best in class Mobile security
Enterprise app store & expense
control
DLP for Mobile; service brokering
identity
Managed Devices
Unmanaged Devices
Datacenter/Private-Cloud
Public Cloud Services
Security/protection agents
Security/protection agents
SYMANTEC O3
Inve
stm
en
ts
Symantec Confidential and Proprietary 13
Configuration, control and management of mobile devices
Core security functionality across platforms
Management and control of mobile expenses
Integration across the enterprise, including DLP, PKI, VIP & Cloud
SYMANTEC VISION 2012
Understanding Managed & Unmanaged Mobility
Customers need to provide a solution for both the managed and unmanaged use cases within the enterprise
Data separation solutions evolve through APIs
MDM enables device management &
compliance
MDM is a foundation for policy management
Corporate / Personal separation becomes a
non-issue
Applications must be protected individually
Data between applications must be
secure
Enterprise Use Cases
Managed
Unmanaged
Secure Apps & Data Manage The Device
Symantec Advances Enterprise Mobility Strategy
SYMANTEC VISION 2012
Nukona Mobile Application Management & Security
Comprehensive App Wrapping Tech
App Store
Repository for internal and external mobile applications
App Policy
Protect app against data loss through encryption, removal control and separation of corporate data
Content Center
Protect and deploy content across mobile devices
Symantec Confidential and Proprietary 15
Deployed SaaS or On Prem
SYMANTEC VISION 2012
How It Works: Policy Management
Developer creates
.IPA or .APK file
with standard
libraries Secure App Delivered
To Users
16
Security or
Endpoint Team
Create
Security
Policies
SYMANTEC VISION 2012
Defining Enterprise Mobility Management 5 key areas of investment
Enterprise Mobility Management
Threat Protection
Expense Management
Device/User Management
Secure Container
Enterprise/Cloud
Integration
Advancing compliance automation
Secure collaboration
Best in class Mobile security
Enterprise app store & expense
control
DLP for Mobile; service brokering
identity
Managed Devices
Unmanaged Devices
Datacenter/Private-Cloud
Public Cloud Services
Security/protection agents
Security/protection agents
SYMANTEC O3
Inve
stm
en
ts
Symantec Confidential and Proprietary 17
Configuration, control and management of mobile devices
Corporate data separation and delivery of IT services
Management and control of mobile expenses
Integration across the enterprise, including DLP, PKI, VIP & Cloud
SYMANTEC VISION 2012
Mobile Security for Android
Android Security Agent
• Add to existing stable of Windows Mobile and Symbian device security
• Reputation based security
• Scheduled/Manual Anti-malware scanning
• App blacklist/whitelist enforcement
• Uninstall protection, resilience
• Basic locate/lock/passcode reset/wipe and anti-theft features managed centrally
• Single console mgmt/licensing/reporting, integrated with Mobile Management
Jun ‘12
Symantec Confidential and Proprietary 18
Mobile Security for WP7/8 or iOS
(under consideration for 2013)
SYMANTEC VISION 2012
Defining Enterprise Mobility Management 5 key areas of investment
Enterprise Mobility Management
Threat Protection
Expense/App Management
Device/User Management
Secure Container
Enterprise/Cloud
Integration
Advancing compliance automation
Secure collaboration
Best in class Mobile security
Enterprise app store & expense
control
DLP for Mobile; service brokering
identity
Managed Devices
Unmanaged Devices
Datacenter/Private-Cloud
Public Cloud Services
Security/protection agents
Security/protection agents
SYMANTEC O3
Inve
stm
en
ts
Symantec Confidential and Proprietary 19
Configuration, control and management of mobile devices
Corporate data separation and delivery of IT services
Core security functionality across platforms
Management and control of mobile expenses
SYMANTEC VISION 2012
Identity & Access Control Layer
Cloud Information Security Layer
Cloud Information Management Layer
Control
Security
Compliance
O3
Private Cloud
Private Cloud
Symantec O3: The New Cloud Control Point
Symantec Advances Enterprise Mobility Strategy20
Extend internal security policies to public and private cloud services accessed from mobile devices
SYMANTEC VISION 2012
Mobile Device and Application Management – Kelly Services Customer Experience
Presentation Identifier Goes Here 21
SYMANTEC VISION 2012
About Kelly Services
Kelly Services, Inc. (NASDAQ: KELYA, KELYB) is a leader in providing workforce solutions. Kelly® offers a comprehensive array of outsourcing and consulting services as well as world-class staffing on a temporary, temporary-to-hire and direct-hire basis. Serving clients around the globe, Kelly provides employment to more than 530,000 employees annually. Revenue in 2011 was $5.6 billion. Visit www.kellyservices.com and connect with us on Facebook, LinkedIn, & Twitter.
SYMANTEC VISION 2012
Count the ways…
• Packaged Nike ® tennis shoes
• Assembled treadmills
• Scored standardized student assessments
• Handled eBay ®customer services calls
• Assisted in creating a vaccine to combat biological agent anthrax
• Upgraded Colleague infusion pumps used in hospitals
• Made Tombstone or Kraft ® pizza
• Assisted with R&D for new contact lenses
Kelly employees have:
Presentation Identifier Goes Here 23
SYMANTEC VISION 2012
Kelly Services Spans the Globe
EMEA APAC AMERICAS
Belgium Canada
United States
Mexico
Puerto Rico
Denmark
France
Germany
Hungary
Ireland
Italy
Luxembourg
Netherlands
Norway
Poland
Russia
Sweden
Switzerland
United Kingdom
Australia
China
Hong Kong
India
Indonesia
Malaysia
New Zealand
Philippines
South Korea
Singapore
Thailand
Portugal
12,000 computers globally, 1600 active EAS users
SYMANTEC VISION 2012
Thoughts on Mobility
• Attended Mobility conference in Chicago involving 20 of the Fortune 500
– Less than half (8) use an MDM tool
– None are in the cloud completely
– MDM is used for device wipe, inventory, provisioning, alerts on jailbroken devices and app deployments
– Little differentiation with iOS management
– None of the companies integrate data coming from MDM with asset or systems management tools
– All would switch their MDM tool if they could
– All 20 companies agreed that, at the moment, interface and cost are the primary determining factors when choosing an MDM tool
Presentation Identifier Goes Here 25
SYMANTEC VISION 2012
Everyone has lots to do…
• Windows 7 migration
• Altiris 7.1 migration
• BPOS to O365 migration
• Cloud file storage and sharing
• Introduction of Macs to the Enterprise
• Split-tunnel
• BYOD
• VDI
• Mobile device provisioning
• Ivy Bridge qualification
• Daily maintenance of current platforms
And we’re going to do MDM…
Presentation Identifier Goes Here 26
SYMANTEC VISION 2012
What Kelly was looking for
• Needed to meet a basic set of requirements
– iOS configuration support
– Expand on EAS security policies
– Selective wipe capabilities
– Deploys apps and content
– Detects jailbroken devices
– Integration with AD
– Integrates with our asset and systems management tools
• Relatively low cost
• Relatively easy to use
• Choose a vendor who would be around for awhile
• Decided on Symantec Mobile Management (SMM)
Presentation Identifier Goes Here 27
SYMANTEC VISION 2012
Why SMM?
• SMM has comprehensive MDM capabilities, including policy enforcement, inventory, jailbreak detection, selective wipe and content deployment
• SMM leverages the Symantec Management Console
• SMM is tightly integrated with other Symantec products we use; ITMS and Workflow
• Symantec’s mobile security products, such as authentication and data security solutions, complement SMM well
• Our research shows that SMM is cost competitive
• Use what we know!
Presentation Identifier Goes Here 28
SYMANTEC VISION 2012
Symantec Management Console Integration
Presentation Identifier Goes Here 29
SYMANTEC VISION 2012
Symantec Management Console Integration
Presentation Identifier Goes Here 30
SYMANTEC VISION 2012
Demonstration
Presentation Identifier Goes Here 31
SYMANTEC VISION 2012
What’s to Come
• Review current EAS policies and determine if we should strengthen them with SMM
• Migration to O365 will allow us to provision mobile device access to corporate email with SMM. Since you can provision email with SMM, a selective wipe will remove it
• Looking forward to new releases of SMM that will add additional iOS and Android capabilities
• Determine how Nukona acquisition compliments SMM
• Deploy Kelly branded SMM agent and Kelly Sales App later this year to mobile salesforce
Presentation Identifier Goes Here 40
SYMANTEC VISION 2012
Kelly Enterprise App Store on personal iPhone
Presentation Identifier Goes Here 41
SYMANTEC VISION 2012
Enterprise App Store
Presentation Identifier Goes Here 42
SYMANTEC VISION 2012
App Authorization Controls
Presentation Identifier Goes Here 43
Summary
Symantec Confidential and Proprietary 44 Presentation Identifier Goes Here
SYMANTEC VISION 2012
Bringing Management, Security & Identify Together in a Post-PC Era
Combining MDM, mobile app management and identity allows Symantec to offer a comprehensive enterprise mobility solution
Device Protection App/Data Protection
• Mobile Management: Centralized Console for MDM
• SCCM: MDM for Microsoft System Center
• Mobile Security: App insight for Android
• Trad. Security: SEP, DLP, Backup etc
• App Center: Centralized policy and security wrapping for Apple, Android, BB and WP7/8
• Zones: Secure data sharing and collaboration
• O3: Federated Identity
Identity
• O3: Federated Identity
• mpki: certificate integration and deployment
Enterprise Mobility Management
Thank you!
Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
John Engels
Principal Product Manager
46 Symantec Confidential and Proprietary