An Introduction to MobileIron - Eltel Networks
An Introduction to MobileIron - Eltel Networks
An Introduction to MobileIron - Eltel Networks
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Smart About Smart Devices:<br />
<strong>An</strong> <strong>Introduction</strong> <strong>to</strong> <strong>MobileIron</strong>
Agenda: Smartphones in the enterprise<br />
r<br />
What are the core challenges?<br />
How does <strong>MobileIron</strong> address them?<br />
How does <strong>MobileIron</strong> work? (demo)<br />
Q&A / next steps<br />
<strong>MobileIron</strong> 2 -<br />
9/21/2012<br />
2
The mobile evolution continues<br />
2007 Today 2013<br />
• Touch wins<br />
• Consumer wins<br />
• Global IT will have<br />
<strong>to</strong> support 3-5 OS<br />
3
Today, the definition of “MDM” is expanding<br />
MDM evaluation criteria (1)<br />
Multi-OS (3+ OS, native support, common policy)<br />
Viability and track record<br />
Role-based controls<br />
Administration<br />
Configuration management<br />
Security policy<br />
Privacy policy<br />
Enterprise integration<br />
Business app s<strong>to</strong>re<br />
Compliance audit<br />
Certificates for application and network access<br />
Policy exceptions<br />
Jailbreak / root detection<br />
Scalability<br />
MDM server security<br />
iOS MDM API access<br />
Selective wipe of corporate data<br />
Reflects evolution from:<br />
Basic management<br />
• Inven<strong>to</strong>ry tracking<br />
• Security for lost devices (lock,<br />
wipe, password, encryption)<br />
• Basic configuration<br />
(1) Vendor Evaluation Criteria from “Mobile Device Management 2010: A Crowd of Vendors Pursue Consumer Devices in the<br />
Enterprise” Gartner, Inc. (Dec 17, 2010)<br />
To<br />
Mobile as strategic IT service<br />
• Multi-OS<br />
• Employee ownership<br />
• Security for compromised<br />
devices<br />
• Apps and data explosion<br />
4
Enterprises requirements are maturing …<br />
In the<br />
face of:<br />
Security Lost device<br />
Employee<br />
Ownership<br />
IT Efficiency<br />
Apps<br />
Phase 1:<br />
Secure<br />
User choice and rapid<br />
fragmentation<br />
Liability Data boundary Privacy<br />
Single view<br />
across OS<br />
Compromised<br />
device<br />
Helpdesk cost<br />
containment<br />
Access<br />
control<br />
Phase 2:<br />
Au<strong>to</strong>mate<br />
Escalating complexity but<br />
limited IT resource<br />
Top of mind<br />
User selfservice<br />
Identity<br />
Rogue app<br />
protection<br />
Events and<br />
actions<br />
Discovery &<br />
distribution<br />
Phase 3:<br />
Innovate<br />
Business demand and<br />
shift in delivery platform<br />
Variable risk<br />
<strong>to</strong>lerance<br />
Line-ofbusiness<br />
enablement<br />
Q4 2009 Q4 2010 Today<br />
Q4 2011<br />
Timeline<br />
5
But many core mobile policies are ill-defined<br />
User adoption<br />
� Device choice and ownership – litmus test for acceptance<br />
� Investment and priority of user experience<br />
� Social contract between end-user and IT –<br />
who leads, who follows?<br />
Security and privacy<br />
� Trust model (user, data, device)<br />
� Liability in mixed ownership environments<br />
� Location/activity moni<strong>to</strong>ring – what? when? by whom?<br />
� Variance by region, function, ownership<br />
Application governance<br />
� Role of the center vs. line-of-business<br />
� Funding and development<br />
� Rogue application control<br />
� Support and end-of-life<br />
6
Posture determines risk and consequence (example)<br />
Risk-based security<br />
Posture check Risk<br />
Consequence<br />
Out-of-policy app<br />
Excess usage<br />
Unsupported HW<br />
Obsolete policy<br />
Compromised OS<br />
Encryption disabled<br />
Low<br />
Medium<br />
High<br />
Minor<br />
(alert)<br />
Moderate<br />
(block access)<br />
Major<br />
(destroy data)<br />
7
First role: Source of truth for mobile security<br />
5<br />
ecosystem<br />
Posture detection for<br />
access control<br />
1<br />
2<br />
Data protection<br />
• Archiving connec<strong>to</strong>r<br />
• Data loss prevention connec<strong>to</strong>r<br />
(future)<br />
4<br />
Baseline security<br />
• Lock/wipe/password policy<br />
• Feature lockdown<br />
• Encryption moni<strong>to</strong>r<br />
• Secure connectivity<br />
• [<strong>An</strong>ti-malware]<br />
Posture<br />
• Hardware, firmware versioning<br />
• OS integrity, data security<br />
• Application presence and permissions<br />
• Policy status<br />
3<br />
Enterprise data boundary<br />
• Privacy controls (what IT sees)<br />
• Selective actions (what IT does)<br />
• Identity (user, device) for apps<br />
Traditional MDM<br />
New MDM<br />
Access control & remediation<br />
• Notifications<br />
• Email and app access control<br />
• Data destruction<br />
• Au<strong>to</strong>mated workflow<br />
Agnostic <strong>to</strong>:<br />
<strong>An</strong>ti-malware / AV<br />
VPN<br />
Encryption<br />
Data loss prevention<br />
eDiscovery<br />
8
Control access: Authorize iPhones for corporate usage<br />
�<br />
�<br />
�<br />
�<br />
�<br />
iPhone in<br />
Compliance?<br />
YES<br />
Request Allowed<br />
User Request Attempts Denied, <strong>to</strong> Access Device Corporate not in<br />
Allowed List E-mail for ActiveSync<br />
ActiveSync<br />
E-mail<br />
9
Flexible deployment options<br />
• Employee<br />
BYOD<br />
• Corporate<br />
• IT<br />
• Partner<br />
• End user<br />
Procur<br />
e<br />
device<br />
Install<br />
apps<br />
Install<br />
client<br />
Registe<br />
r device<br />
• iOS &<br />
<strong>An</strong>droid<br />
• IT<br />
• Partner<br />
• End user<br />
10
<strong>MobileIron</strong> provides the enterprise back-end for iOS<br />
Back-end management platform<br />
Device-side<br />
APIs and<br />
services<br />
iOS 3<br />
iOS 4<br />
Access control<br />
Notifications<br />
Int’l roaming detection<br />
Service quality (user-driven)<br />
In-house app mgmt<br />
Installed app inven<strong>to</strong>ry<br />
Recommendations<br />
Enterprise data boundary<br />
Certificate delivery<br />
Inven<strong>to</strong>ry and detection<br />
Zero-<strong>to</strong>uch enforcement<br />
Profile delivery<br />
Profile creation<br />
Cost and<br />
quality<br />
Application<br />
lifecycle<br />
Advanced<br />
security<br />
Policy and<br />
settings<br />
11
<strong>MobileIron</strong>: Next-generation mobile management<br />
Data-centric platform purpose-built for multi-OS<br />
Enterprise<br />
services<br />
Virtual data<br />
architecture<br />
Focus on<br />
mobile data<br />
Unique architecture enables new enterprise services<br />
Secure and manage mobile<br />
devices, data, apps<br />
Work Personal<br />
360<br />
View of Mobile Data<br />
Reduce wireless bills<br />
Deliver services that<br />
matter <strong>to</strong> end-users<br />
Five sets of data<br />
Context (location/quality)<br />
Usage and Activity<br />
Content<br />
Applications<br />
Device<br />
<strong>MobileIron</strong> - Confidential 12
Two approaches <strong>to</strong> iPhone management<br />
Email / PIM<br />
Browser<br />
Platform<br />
WiFi / VPN<br />
App1<br />
Secure<br />
Configure<br />
Moni<strong>to</strong>r<br />
App2<br />
…<br />
Smartphone viewed by enterprise as<br />
• Computing platform<br />
• Extensible<br />
• Multi-purpose<br />
Preserves experience<br />
Supports expansion of iPhone value<br />
Email / PIM<br />
Walled garden<br />
Browser<br />
WiFi / VPN<br />
App1<br />
App2<br />
Secure<br />
Configure<br />
Moni<strong>to</strong>r<br />
…<br />
Smartphone viewed by enterprise as<br />
• Point device<br />
• Static<br />
• Single-purpose<br />
Limits experience<br />
Closed and unsustainable<br />
13
Two approaches <strong>to</strong> iPhone management<br />
Email / PIM<br />
Browser<br />
Platform<br />
WiFi / VPN<br />
App1<br />
Secure<br />
Configure<br />
Moni<strong>to</strong>r<br />
App2<br />
…<br />
Smartphone viewed by enterprise as<br />
• Computing platform<br />
• Extensible<br />
• Multi-purpose<br />
Preserves experience<br />
Supports expansion of iPhone value<br />
Email / PIM<br />
Walled garden<br />
Browser<br />
WiFi / VPN<br />
App1<br />
App2<br />
Secure<br />
Configure<br />
Moni<strong>to</strong>r<br />
…<br />
Smartphone viewed by enterprise as<br />
• Point device<br />
• Static<br />
• Single-purpose<br />
Limits experience<br />
Closed and unsustainable<br />
14
<strong>MobileIron</strong>: Company Overview<br />
Bob Tinker<br />
CEO<br />
Suresh Batchu,<br />
VP Engineering<br />
John Donnelly,<br />
VP, Sales<br />
Experienced team<br />
Mike McCarron<br />
Sr Dir, Cus<strong>to</strong>mer Success<br />
Jeff Ratzlaff,<br />
Sr Dir, Bus Development<br />
Ojas Rege<br />
VP Products & Marketing<br />
Cisco, Airespace, Vertical <strong>Networks</strong><br />
Bus Dev, Sales, Product Mgmt<br />
Nortel /Alteon<br />
Engineering – Security/Data Center<br />
Symantec, Vontu, Kana, Parametric<br />
Sales – Enterprise SW and Security<br />
Symantec, Vontu, Kana<br />
Nokia Enterprise<br />
BD, Channels, and Marketing<br />
Yahoo Mobile, AvantGo/Sybase, ORCL<br />
Product Management, Marketing<br />
Tier 1 inves<strong>to</strong>rs<br />
Founded 2007<br />
(Ser D $57M raised)<br />
Early recognition<br />
15
<strong>MobileIron</strong> Architecture – Standalone Sentry
<strong>MobileIron</strong> Connected Cloud (Hosted)<br />
9/21/20<br />
17
<strong>MobileIron</strong> Hosted Eval<br />
9/21/20<br />
18
<strong>MobileIron</strong> Architecture – Standalone Sentry w/ ISA<br />
9/21/20<br />
19
Stage one: Make the phone Enterprise-ready<br />
OTA install:<br />
Cellular or WiFi<br />
Smartphone<br />
Is Enterprise Ready<br />
Policies<br />
Applied<br />
� Encryption /<br />
password<br />
� Lockdown<br />
� Access control<br />
� Privacy<br />
� VPN, WiFi, etc.<br />
MAI<br />
MP@W<br />
Apps Installed<br />
and Config’d<br />
�� Price Exchange Lists<br />
�� Presentations<br />
Internal LOB<br />
apps<br />
� Brochures<br />
� External<br />
� Media files<br />
approved apps<br />
Enterprise<br />
Content<br />
Delivered<br />
� Price lists<br />
� Presentations<br />
� Brochures<br />
� Media files<br />
Mobile Activity Intelligence Activated<br />
MyPhone@Work Activated<br />
20
Full smartphone and data lifecycle with <strong>MobileIron</strong><br />
Provisioning<br />
Over-the-Air (OTA)<br />
Self Service<br />
Compliance<br />
Audit/ Logging SMS archiving e-discovery Regula<strong>to</strong>ry<br />
Asset Management<br />
Multi-OS Inven<strong>to</strong>ry<br />
System Details<br />
Operational Status<br />
Connection Status<br />
Security and Policy<br />
Connection & Config<br />
Encryption<br />
Cert distribution<br />
<strong>An</strong>ti-virus and DLP*<br />
Lost Phone<br />
Lock and Wipe<br />
Location Tracking<br />
Selective Wipe<br />
Content Visibility<br />
Applications<br />
Push and Publish<br />
Enterprise App S<strong>to</strong>re<br />
Internal and 3 rd Party<br />
Recommendations*<br />
Content/Files<br />
Push and Publish<br />
Inven<strong>to</strong>ry<br />
Mobile Access <strong>to</strong> PC*<br />
Search and Share*<br />
Help Desk<br />
Activity<br />
Usage Patterns<br />
Service Quality<br />
Location<br />
Enterprise Sociograph<br />
Event / Threshold Alerts<br />
Privacy Settings<br />
Across …<br />
Voice, SMS, Data<br />
Apps*, Files*, Web*<br />
Employee- & Companyowned<br />
Remote Access Recovery/Res<strong>to</strong>re Trouble Spot Detection Broadcast SMS Safety<br />
End of Life<br />
Selective Wipe<br />
Data Migration<br />
* = future<br />
releases of<br />
<strong>MobileIron</strong><br />
21
Thank you<br />
www.scanarmor.dk<br />
www.mobileiron.com/info or<br />
info@mobileiron.com<br />
22