SAMSUNG. CLOUD. MANAGEMENT. SECURITY

WHY AND WHAT

MICHAILAS TRAUBAS SAMSUNG ELECTRONICS BALTICS

B2B SOLUTIONS PRE-SALES

AGENDA

• MOBILITY IN EUROPE

• THE PLAN FOR 2014

• MOBILITY IN THE BALTICS

• HOW DO WE WORK AND HOW DO WE LIVE?

• SECURITY AND MOBILITY IN THE CLOUD – SAMSUNG SOLUTIONS

ENTERPRISE MOBILITY IN EUROPE – 2013/14

ENTERPRISE MOBILITY – WHAT IT IS?

ENTERPRISE MOBILITY TODAY

• A set of solutions, enabling mobile technologies in the organizations

Mobile device

Horizontal enablers:

Email Web

security

Vertical solutions

MOBILE DEVICES IN EUROPEAN ORGANIZATIONS

0,0

20,0

40,0

60,0

80,0

100,0

120,0

2012 2013 2014 2015 2016Millions Smartphones Featurephones Tablets

Source: Canalys European BYOD Market Landscape Analysis (April 2013)

IT MANAGERS ABOUT MOBILITY REQUIREMENTS

E-MAIL

CALENDAR AND CONTACTS

VPN ACCESS IMPROVED DATA SECURITY

FASTER ACCESS TO CONTENT

MORE STABLE ACCESS TO CONTENT

WORKFLOW OPTIMIZATION

MUST HAVE WISH LIST

Source: KAE Enterprise Mobility ITDMs Research (April 2013)

VOICE AND TEXT

ENTERPRISE MOBILITY 2014: TRANSITION FROM REQUIREMENTS TO SOLUTIONS

33% 33% 34% 35% 36% 36% 36% 37% 37% 40% 40% 41%

51%

MOBILE APPLICATIONS

IAM SOLUTIONS

VIRTUAL NETWORKS AND …

NETWORK BASED SECURITY

NETWORK MANAGEMENT AND …

CUSTOM APPLICATION …

BACKUP FOR VIRTUAL SERVERS

MOBILITY

BI/BA/DATA WAREHOUSING

SMARTPHONES

DR/BC

TABLET PCS

SERVER VIRTUALIZATION • 36% OF THE COMPANIES PLANNED MOBILITY BROAD INITIATIVES

• MORE THAN 25% OF RESPONDENTS WERE DOING MOBILE ENDPOINT SECURITY, MOBILE DEVICE MANAGEMENT, MOBILE SECURITY PROJECTS

• MOBILITY-RELATED PROJECTS

MADE 4 OUT OF 14 HIGHEST PROFILE PROJECTS PLANNED

2014 Priorities Europe. TechTarget/Computer Weekly, 2014

THE BALTIC OUTLOOK

SAMSUNG LIVING BUSINESS

• RESEARCH COMPLETED IN AUGUST 2014

• TARGET GROUP:

• EMPLOYED PEOPLE IN THE AGE FROM 18 TO 65

• INTERNET USERS

ESTONIA: 545 RESPONDENTS

LATVIA: 559 RESPONDENTS

LITHUANIA: 565 RESPONDENTS

WORK WITHIN PRIVATE LIFE

EE

LV

LT

66%

78%

77%

WORK/LIFE BLEND

58% 48% 43% 47%

TRAVELING TO/FROM WORK

ON HOLIDAYS (FOR EXAMPLE,

CHRISTMAS, EASTER)

IN THE SUPERMARKET

SPENDING TIME WITH

FRIENDS

45%

ON A TRIP

HIGHER POSITION = MORE WORK

84% 60%

MANAGERS SPECIALISTS WORKERS

53%

91% 76% 71%

91% 76% 67%

EE

LV

LT

PERSONAL TASKS DURING WORK TIME

EE

LV

LT

88%

86%

86%

INTERNET BANKING

NEWSREADING

NEWS

PERSONAL E-MAILS/

MESSAGES

SMARTPHONE IS THE WORK/LIFE BLENDER

78%

ORGANIZATIONS ARE EMBRACING NEW TECHNOLOGIES SLOWER THAN CONSUMERS

EE

LV

LT

41%

31%

32%

ORGANIZATIONS SEEM NOT TO BE READY FOR PERSONAL DEVICES

62% 38%

Don’t know or there is no security policy

Know security policy

SECURITY OFTEN UNDERSTOOD AS RESTRICIONS

EST LV LT

20% 30% 30%

PERCEIVED SECURITY

62% 61% 42%

SMARTPHONE PC TABLET

MOST COMPANY DATA IS JUST A PASSWORD AWAY

********* 44%

SINGLE DEVICE || MULTIPLE USERS

42% somebody else uses devices, which I

also use for work

EVERY 10TH EMPLOYEE IS A ‘HIRED HACKER ’

10% 17% 17%

EST LV LT

KEY FINDINGS

MOBILE WORK – THE NEW REALITY

~70% OF RESPONDENTS CAN USE THEIR PRIVATE DEVICES FOR WORK

BYOD HAS COME TO BALTIC STATES

MOBILE WORK – THE NEW REALITY

~70% OF RESPONDENTS WORK DURING THEIR PERSONAL TIME EVERYDAY THE HIGHER THE POSITION AND SALARY – THE MORE WE WORK

USUALLY THIS IS PROFILE OF THE EMPLOYEE, WORKING WITH SENSITIVE AND CONFIDENTIAL DATA – OUR RISK EXPOSURE GROUP

MOBILE WORK – THE NEW REALITY

45% OF RESPONDENTS STATE, THAT THEY ARE SHARING THEIR DEVICES, USED FOR WORK

ARE WE SECURED FROM UNSANCTIONED DATA ACCESS?

SECURITY BASICS

• 62% OF EMPLOYEES DON’T KNOW THE SECURITY POLICY OR THERE IS NO SECURITY POLICY AT ALL

• AND HOW MANY % ARE COMPLYING WITH THE SECURITY POLICY?

MAJOR THREAT VECTORS

• STOLEN, LOST OR REPLACED DEVICE

• DE FACTO REMOTE DATA STORAGE

• FREE APPLICATIONS AND “INTERESTING” WEB PAGES

• MALWARE ON THE DEVICE

• UNSANCTIONED ACCESS

• UNCONTROLLED NETWORK ACCESS

SAMSUNG SOLUTIONS FOR ENTERPRISE MOBILITY

2013

2014

MOBILE DEVICE MANAGEMENT

• KNOX EMM – SAMSUNG ENTERPRISE MOBILITY MANAGEMENT SOLUTION

• USER, DEVICE AND APPLICATION MANAGEMENT

• INTEGRATION WITH ACTIVEDIRECTORY -> BY UTILIZING AD MANAGEMENT TOOLS

• ANDROID AND iOS DEVICES SUPPORTED

DEVICE MANAGEMENT IN THE CLOUD

KNOX EMM CLOUD PROXY

SERVER

FIR

EW

AL

L

ADMIN PORTAL USER

PORTAL

SAMSUNG KNOX EMM KEY USE CASES

• Provision

• Monitor

• Manage

• Secure

[1] DEVICE ASSIGNMENT AND INVENTORY

• ASSIGN DEVICE TO THE USER

• COLLECT DEVICE INVENTORY DATA AND STATUS INFORMATION

• BYTES SENT/RECEIVED

• CREATE WIFI PROFILES

[2] ENFORCE SECURITY “BASICS”

• REQUIRE USING SCREEN PASSWORD OF CERTAIN COMPLEXITY

• RESET PASSWORD OR FORCE PASSWORD CHANGE

• TURN ON DEVICE ENCRYPTION

• LOCK DEVICES AND WIPE DEVICE DATA FROM ADMIN CONSOLE

*********

[3] APPLICATION MANAGEMENT

• CENTRALIZED APP DISTRIBUTION IN ANDROID AND IOS

• REMOTE DEPLOYMENT OF APPLICATIONS TO SELECTED USERS AND USER GROUPS

• AUTOMATICALLY UPDATE APPS

[4*] SECURE NETWORK AND DATA

• CREATE WIFI PROFILES

• MANAGE WIFI SETTINGS

• CREATE VPN PROFILES

• MANAGE VPN SETTINGS

[5*] MANAGE MOBILE WORKPLACE

• APPLICATION MANAGEMENT

• FIREWALL MANAGEMENT

• ENCRYPT MICROSD

• CONFIGURE MICROSOFT EXCHANGE AND IMAP/POP EMAIL PROFILES

[6*] DEVICE SETUP

• CONFIGURE DEVICE SETTINGS REMOTELY, FOCUS ON SECURITY

• PREVENT 3RD PARTY APP INSTALLATION

• STOP WIFI TETHERING

• DISABLE USB STORAGE AND MICROSD

• DISABLE FACTORY RESET

• PREVENT CHANGING SETTINGS

• SET ROAMING RULES

• MANAGE BLUETOOTH

[7*] DEDICATED DEVICES

• KIOSK-MODE DEVICES = SINGLE-PURPOSE DEVICES

DATA SECURITY

DATA SECURITY

• KNOX WORKSPACE – CORPORATE DATA SECURITY SOLUTION

• YOUR SOLUTION FOR PRIVATE DEVICE USAGE AND DEVICE SHARING CHALLENGES

THE MOST SECURE SOLUTION FOR ANDROID DISA MOS SRG

Compliance

FIPS 140-2 Certification

Common Criteria Certification

CESG End User Devices

Security Guidance

DISA MOS SRG Compliance

CESG End User Devices Security Guidance

Australian Signals Directorate

KNOX WORKSPACE – WHAT IS IT?

PRIVATE ENVIRONMENT

CORPORATE ENVIRONMENT

3 KEY FEATURES

• SECURE PLATFORM

• APPLICATION SECURITY

• MOBILE DEVICE MANAGEMENT

SECURE PLATFORM

ARM TrustZone Hardware

Trusted Boot / Secure Boot

TIMA

SE for Android

SE for Android Management Service

KNOXTM Android Framework

KNOXTM Workspace

PLATFORM SECURITY: ARM TRUSTZONE®

• KNOX USES ARM TRUSTZONE® HARDWARE THAT ENABLES HARDWARE ENFORCED ISOLATION.

• ARM CORTEX-A PROCESSOR LINEUP REQUIRED

PLATFORM SECURITY: TRUSTED BOOT

PLATFORM SECURITY: SE FOR ANDROID

• SE FOR ANDROID CAN ISOLATE ATTACKS, HOWEVER, IT RELIES ON THE OS KERNEL INTEGRITY

TIMA REAL-TIME KERNEL PROTECTION

• INTERCEPTS CRITICAL EVENTS HAPPENING INSIDE THE KERNEL, WHICH ARE INSPECTED IN TRUSTZONE.

PLATFORM SECURITY: TIMA REAL-TIME PROTECTION

PLATFORM SECURITY: TIMA PERIODIC PROTECTION

KEY FEATURES OF KNOX WORKSPACE

PRIVATE ENVIRONMENT

CORPORATE ENVIRONMENT

DATA PROTECTION

PRIVATE ENVIRONMENT

CORPORATE ENVIRONMENT

• AUTOENFORCED DATA ENCRYPTION

• AREA INACCESSIBLE BY THE ROOT

SAME BUT DIFFERENT APPS

ASMENINĖ ERDVĖ

• ISOLATED APPS WITHIN CONTAINER

• MANAGED USAGE OF CUSTOM APPS, GOOGLE PLAY AND APPS FROM PRIVATE ENVIRONMENT

CONTROLLED DATA EXCHANGE

ASMENINĖ ERDVĖ

• DATA EXCHANGE BETWEEN PRIVATE AND CORPORATE ENVIRONMENT FULLY MANAGED BY ADMINISTRATOR

RESTRICTED WORKING ENVIRONMENT

ASMENINĖ ERDVĖ

• APPLICATION RULES

• FIREWALL

• SETTINGS MANAGEMENT

• MAIL ACCOUNT RESTRICTIONS

SECURING DATA IN-TRANSIT: VPN

• GRANULAR VPN CONTROL

• DEVICE-LEVEL VPN

• CONTAINER-LEVEL VPN SETTINGS

• PER-APPLICATION VPN INSIDE CONTAINER

MANAGEMENT VIA MDM

KNOX WORKSPACE AVAILABILITY

S5, S5 MINI S4, S4 MINI NOTE 4, NOTE 3, NOTE 3 NEO GALAXY ACE 4

TAB S TAB 4 TAB 4 ACTIVE NOTE 10.1 2014 EDITION TAB PRO NOTE PRO

DEVICE FOR LIVING BUSINESS

SHOCK RESISTANCE

IP67 WATER AND DUST

RESISTANCE

LONG BATTERY

LIFE

+ 60°C - 20°C

WORK IN COLD AND HEAT

DISPLAY FOR BUSINESS

NEEDS

SECURITY SIZE AND

WEIGHT

NFC AND

BARCODE

PEN SPECIAL 3RD YEAR

WARRANTY

BY