ibm smarter business 2012 - byod: "so what?" – enabling mobile and mixed endpoints for...
DESCRIPTION
Wouldn't it be nice to say "yes" when the employees wish to access company information using their iPads or other devices they bring? To attract and retain top talent, we need to be open to new working practices, and deal with the challenges that brings. With the User and Network Carrier being in control of that device, we need new ways to manage the risk. For example, how can you prevent business critical information being stolen from a lost smartphone? How do you enforce mobile security standards ? Distribute recommended mobile applications? Keith Poyser joined IBM with the BigFix acquisition, and in this presentation he will be outlining how IBM has been able to help different type of companies solving BYOD and other endpoint management issues using BigFix, now known as IBM Endpoint Manager," from datacenter, to desktop, to device." Talare: Keith Poyser, IBM Europe Sales Leader, Mobility and Endpoint Management Besök http://smarterbusiness.se för mer information.TRANSCRIPT
“BYOD – So What ?”UNIFIED Device Management across your environment: From Server to Smartphone.
Keith Poyser.
Director: IBM Mobility and End Point.
UKI, SPGI, NORDICS,BENELUX.
IBM.
Critical systems are globally distributed and in constant flux
Visibility is key in a constantly changing, distributed world
Find all assets on your network – NOW!
Deploy a software application worldwide in
days.
Patch hundreds of thousands of workstations, laptops and
servers in minutes.
Continuously enforce security configuration baselines, even
on mobile and off-network devices.
Patch anywhere, anytime over any network.
Find, Manage and Secure your BYOD and Smart Devices
End Point Manager: The Power of One
3
What Does End Point Manager Do?
• Gives IT the visibility, speed, adaptability,
control, and precision to do more with less• Packaged Specific Solution Areas:
– Systems Lifecycle Management– Core Protection & DLP & DC– Security & Compliance Management– Patch Management (s/alone)– Power Management (s/alone)– Mobile Device Management– Software Use Analysis
• As well as solving unforeseen problems such as…
RESULTS IN MINUTES:
• Automatically target machines for migration that are hardware-ready
• Precisely manage battery/hw replacements
• Reduce software spend based on accurate usage patterns
4
RESULTS IN MINUTES:
• How many machines are hardware-compatible with Win7?
• Which laptops are affected by a manufacturer’s battery recall?
• What software are we paying for vs. what we’re using? What is installed on employee Mobile Devices ?
Single Server & Console• Highly secure, highly scalable• Aggregates data, analyzes & reports• Pushes out pre-defined/custom policies
Cloud-based Content Delivery• Highly extensible• Automatic, on-demand
functionality
Single Intelligent Agent• Performs multiple functions• Continuous self-assessment & policy
enforcement• Minimal system impact (< 2% CPU)
Lightweight, Robust Infrastructure• Use existing systems as Relays• Built-in redundancy • Support/secure roaming endpoints
End Point Manager : Secret Sauce….
5
Tivoli Endpoint Manager, built on BigFix technology: Converged Capability.
Unifying IT operations and
security Tivoli Endpoint Manager for Security and Compliance
Tivoli Endpoint Manager
IT Security Solutions
Tivoli Endpoint Manager for Patch Management
Tivoli Endpoint Manager
IT Operations Solutions
Tivoli Endpoint Manager for Lifecycle Management
Tivoli Endpoint Manager for Power Management
Tivoli Endpoint Manager for Core Protection
Tivoli Endpoint Manager for Software Use Analysis
Tivoli Endpoint Manager for Patch Management
Tivoli Endpoint Manager for Mobile Device Management
Tivoli Endpoint Manager for Mobile Device Management
61%of CIOs put mobile as priority
increased productivity with mobile apps45%
10 Billiondevices by 2020
BYOD and Mobile is a mandatory transformation
Device inventory
Security policy mgmt
Application mgmt
Device config (VPN/Email/Wifi)
Encryption mgmt
Roaming device support
Integration with internal systems
Scalable/Secure solution
Easy-to-deploy
Multiple OS support
Consolidated infrastructure
Device Wipe
Location info
Jailbreak/Root detection
Enterprise App store
Self-service portal
OS provisioning
Patching
Power Mgmt
Anti-Virus Mgmt
Traditional Endpoint Management Mobile Device Management
Benefits of an Endpoint Manager based Approach to Mobile Device Management
9
“Organizations…would prefer to use the same tools across PCs, tablets and smartphones, because it's increasingly the same people who support those device types”
– Gartner, PCCLM Magic Quadrant, January 2011 Although at some level mobile is unique, the devices are just another form of endpoints in your
infrastructure. This means whichever technologies you procure should have a road map for integration into your broader endpoint protection strategy.
– Forrester, Market Overview: Mobile Security, Q4, 2011
Reduces Hardware & Administration Costs
• “Single pane” for mobile devices, laptops, desktops, and servers
• Single Endpoint Manager Server scales to 250,000+ devices
• Unified infrastructure/administration model reduces FTE requirements
Fast Time-to-Value
• Enterprise-grade APIs enable integration with service desks, CMDBs, etc (Integrated Service Management)
• Cloud-based content delivery model allows for rapid updates with no software upgrade or installation required
Mobile OS vendors move very quickly
Google and Apple have released major Android and iOS versions 6x and 3x faster, respectively, than Microsoft has released major Windows PC versions
Microsoft Windows Apple iOS Google Android
Release Year 1985 2007 2008
# of Versions 11* 6** 10***
Versions per Year 0.4 1.2 2.5
OS “velocity” vs. Microsoft - 3x 6.3x
* Microsoft Windows 1.0, 2.0, 3.0, 95, 98, 2000, ME, XP, Vista, 7, 8; excludes server platforms** Apple iOS 1, 2, 3, 4, 5, 6*** Google Android 1.0, 1.1, Cupcake, Donut, Éclair, Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean
How quickly does your management vendor support new OS versions?
Mobile devices magnify existing challenges and also pose unique ones that significantly disrupt traditional management paradigms
Traditional Mgmt Model New Device Mgmt Paradigm
Enterprises provide all equipment Employees bring personal devices (BYOD)
Small set of supported platforms / models Many different manufacturers / models
IT initiates and manages upgrades OS/app upgrades managed by carriers, OEMs, users
IT tightly controls apps and security Users control their own devices
Options for IT departments Don’t allow mobile devices because they are too hard to manage Allow unmanaged and insecure mobile devices Invest in tools to secure and manage devices
Management capabilities vary greatly by mobile operating system, but one thing is consistent – the user is king
Management Function
Supported by Apple?
NotesSupported by
Google?Notes
Selectively Wipe Mail / Calendar / Contacts
Standard part of Apple’s MDM interface
Android doesn’t have a native email client that supports selective wipe, so integration with 3rd-party email clients (e.g., Lotus Traveler or NitroDesk TouchDown) is necessary
Forcibly Install Apps
iOS doesn’t currently support forcible app install without user permission, so enterprise app store approach is needed.
“Vanilla” Android doesn’t currently support forcible app install without user permission, so enterprise app store approach is needed.
Forcibly Uninstall Apps
With iOS 5, apps (both public and private) provisioned via the enterprise app store can be uninstalled remotely without user intervention
“Vanilla” Android doesn’t currently support forcible app uninstall without user permission.
Remote ControlApps are sandboxed – there is no ability for an app to gain visibility/control over the entire device
“Vanilla” Android doesn’t currently support remote control
Apple enables remote management of its capabilities via one set of remote APIs for all MDM vendors, while Google allows on-device, agent-based management
Sample of Apple Capabilities
Hardware
OS
Personal Domain Enterprise Domain
OSHypervisor
No Data Separation
Hardware
Operating System
Enterprise & Personal AppsNativeApps
HardwareOperating System
Personal Apps Enterprise AppsNative Data Separation Based on platform-specific APIs
from OS vendors or from OEMs (Samsung, Lenovo, etc)
Preserves native user experience
Virtualization Hypervisor layer allows separate
OSes Currently possible on Android
Enterprise Data
Personal Data
1
2
3
Hardware
3rd-Party Separation 3rd-party app acts as container and
replicates native OS functionality such as email, calendar, contacts
Some apps live in container Disrupts native user experience
Apps Container
Operating System
Data Separation
IBM’s Approach to Managing BYOD
• Deploy a secure technology framework: “Shark Cage”!
• Leverage the SAME Technology Framework as Desktop Management
• Develop a strong usage policy
• Educate employees – Digital IBMer Education– Business Conduct Guidelines
• Support personally-owned devices through social software
3Q 2010 Normalized ITMS infections (similar results through Q4/2010)
Normalized: ITMS detected malware per country divided by number of employees per country
IBM CIO Office pilot
Tivoli Endpoint Manager in IBM Globally on Desktops
BAU BigFix
Patch availability typically 3-14+ days Patch availability within 24 hours
92% compliance within 5 days (ACPM only) 98% within 24 hours
EZUpdate sometimes misses application of patches on required machines
Detected about 35% of participants missing at least one previous patch
Compliance model, completely reliant on user 90% of Windows requirements can be automatically remediated
Exceptions at machine level Exceptions at setting level
IBM Pilot Desktops Production results
Customer Needs Key Features & Outcomes
IBM Office of the CIO then includes Mobile…
Support BYOD for a variety of mobile platforms securely for a highly mobile population
Scale to hundreds of thousands of devices
120,000 mobile devices, 80,000 personally owned, supported in months
Integrated Lotus Traveler, IBM Connections, IBM Sametime, and IBM Endpoint Manager
Extending Corporate Access“IBM's BYOD program “really is about supporting employees in the way they want to work. They will find the most appropriate tool to get their job done. I want to make sure I can enable them to do that, but in a way that safeguards the integrity of our business.”
Jeanette Horan, IBM CIO
Tivoli Endpoint Manager: Lifecycle, Security and ComplianceFrom Datacentre to Desktop to Device. See More, Secure More; We Guarantee it….
Discover 10% - 30% more assets than previously reported
Achieve 95%+ first-pass success rates within hours of policy or patch deployment
Library of 5,000+ compliance settings, including support for FDCC SCAP, DISA STIG
Automatically and continuously enforce policy at the end point
• Patch Management• Security Config Mgmt• Vulnerability Mgmt• Asset Mgmt• Network Self-
Quarantine• Multi-Vendor Endpoint
Protection Mgmt• Anti-Malware & Web
Reputation Service, D.C and DLP.
• Software Distribution• O.S Distribution• Mobile Device
Management
Thank You !
Keith Poyser.
Director: IBM Mobility and End Point.
UKI, SPGI, NORDICS,BENELUX.
IBM.
+447711 773878 / [email protected]