How to Create and Secure Your Mobile Infrastructure. Session EM B27

(1)

How to Create and Secure Your

Mobile Infrastructure

Session EM B27

Mike Littleton

John Engels

Manager, EndPoint Infrastructure

Principal Product Manager,

Kelly Services

Symantec Enterprise Mobility

(2)

SYMANTEC VISION 2012

Typical Mobile Needs

Presentation Identifier Goes Here 3

Enable email

Access

Device

inventory/

configuration

Provide

network

access

Asset data &

ownership

Application

delivery &

updates

Enterprise

doc/media

distribution

Device

security

Content

wipe

Remote

assistance

Web apps

configuration

File sharing &

productivity

(3)

Business

Unit

App

Developers

Support

Endpoint

Mgmt/

Mobile

Security

Dividing Mobility

(4)

Enterprise

Apps

Email

What are your key applications?

Social Media

_{Productivity apps}

Web services

Collaboration

(5)

Understanding Managed & Unmanaged Mobility

Customers need to provide a solution for both the managed and unmanaged

use cases within the enterprise

Data separation solutions

evolve through APIs

MDM enables device

management &

compliance

MDM is a foundation for

policy management

Corporate / Personal

separation becomes a

non-issue

Applications must be

protected individually

Data between

applications must be

secure

Enterprise Use Cases

Managed

Unmanaged

Secure Apps & Data

Manage The Device

(6)

Who Owns Mobile Management?

Data separation solutions

evolve through APIs

MDM enables device

management &

compliance

MDM is a foundation for

policy management

Managed

Manage The Device

Symantec Advances Enterprise Mobility Strategy

• Endpoint Management

• Telco/Mobility

• Endpoint Security

• Help Desk

(7)

Who Owns Unmanaged Mobility Use?

Corporate / Personal

separation becomes a

non-issue

Applications must be

protected individually

Data between

applications must be

secure

Enterprise Use Cases

Unmanaged

Secure Apps & Data

Symantec Advances Enterprise Mobility Strategy

• Business Unit

• Application Developers

• Security Team

• Endpoint/Mobility Mgmt

• Help desk

(8)

Defining Enterprise Mobility Management

5 key areas of investment

Enterprise Mobility Management

Threat

Protection

Expense

Management

Device/User

Management

Secure

Container

Enterprise/Cloud

Integration

Advancing

compliance

automation

Secure

collaboration

Best in class

Mobile security

Enterprise app

store & expense

control

DLP for Mobile;

service brokering

identity

Managed Devices Unmanaged Devices Datacenter/Priva te-Cloud Public Cloud Services Security/protection agents Security/protection agents SYMANTEC O3

Symantec Confidential and Proprietary 9

Configuration,

control and

management of

mobile devices

Corporate data

separation and

delivery of IT

services

Core security

functionality

across platforms

Management

and control of

mobile expenses

Integration

across the

enterprise,

including DLP,

PKI, VIP & Cloud

Endpoint

Management

Security,

Business Units

App Developers

Security

Telecom

Endpoint Mgmt

Security,

Compliance

Endpoint Mgmt

(9)

Symantec Mobile Solutions

Control Point

Management Portal

SMP (Altiris) / SCCM

Agents

Management,

Security & Identity

(10)

Mobile Management

Comprehensive Enterprise Mobility Management - MDM

Enable

Activate enterprise

access, apps and data

easily and

automatically

> iOS, Win Mobile, BB, Symbian

Secure

Protect enterprise data

and infrastructure from

attack and theft

> Prevent JB, ensure passcodes, …

Manage

Control inventory and

configuration with

massive scalability

> Integrated via SMP / Altiris

(11)

Tablet DLP Overview (January 2012)

12

Proxy

Symantec DLP

Mobile Server

Tablet

Network Traffic • Email • Web • Top Apps

Corporate Network

Internet

VPN at all times

Direct access to

Internet

Symantec Confidential - DLP for Tablets - Strategy, Roadmap & Delivery Update

Key Benefits

• Reduce risk of data loss from iPads, assuming data WILL be on device

• Supports consumerization - coverage for personal and corporate use cases

• Lay groundwork for future tablet DLP solution enhancements

Mobile Management

configuration and

enforcement (7.1 SP1)

(12)

Defining Enterprise Mobility Management

5 key areas of investment

Enterprise Mobility Management

Threat

Protection

Expense

Management

Device/User

Management

Secure

Container

Enterprise/Cloud

Integration

Advancing

compliance

automation

Secure

collaboration

Best in class

Mobile security

Enterprise app

store & expense

control

DLP for Mobile;

service brokering

identity

In

ves

tmen

ts

Configuration,

control and

management of

mobile devices

Core security

functionality

across platforms

Management

and control of

mobile expenses

Integration

across the

enterprise,

including DLP,

PKI, VIP & Cloud

(13)

Understanding Managed & Unmanaged Mobility

Customers need to provide a solution for both the managed and unmanaged

use cases within the enterprise

Data separation solutions

evolve through APIs

MDM enables device

management &

compliance

MDM is a foundation for

policy management

Corporate / Personal

separation becomes a

non-issue

Applications must be

protected individually

Data between

applications must be

secure

Enterprise Use Cases

Managed

Unmanaged

Secure Apps & Data

Manage The Device

(14)

Nukona Mobile Application Management & Security

Comprehensive App Wrapping Tech

App Store

Repository for internal

and external mobile

applications

App Policy

Protect app against data loss

through encryption, removal

control and separation of

corporate data

Content Center

Protect and deploy

content across mobile

devices

Deployed SaaS or On Prem

(15)

How It Works:

Policy Management

Developer creates

.IPA or .APK file

with standard

libraries

_{Secure App Delivered}

To Users

16

Security or

Endpoint Team

Create

Security

Policies

(16)

Defining Enterprise Mobility Management

5 key areas of investment

Enterprise Mobility Management

Threat

Protection

Expense

Management

Device/User

Management

Secure

Container

Enterprise/Cloud

Integration

Advancing

compliance

automation

Secure

collaboration

Best in class

Mobile security

Enterprise app

store & expense

control

DLP for Mobile;

service brokering

identity

In

ves

tmen

ts

Configuration,

control and

management of

mobile devices

Corporate data

separation and

delivery of IT

services

Management

and control of

mobile expenses

Integration

across the

enterprise,

including DLP,

PKI, VIP & Cloud

(17)

Mobile Security for Android

Android Security Agent

• Add to existing stable of Windows Mobile

and Symbian device security

• Reputation based security

• Scheduled/Manual Anti-malware scanning

• App blacklist/whitelist enforcement

• Uninstall protection, resilience

• Basic locate/lock/passcode reset/wipe and

anti-theft features managed centrally

• Single console mgmt/licensing/reporting,

integrated with Mobile Management

Jun ‘12

Mobile Security for WP7/8 or iOS

(under consideration for 2013)

(18)

Defining Enterprise Mobility Management

5 key areas of investment

Enterprise Mobility Management

Threat

Protection

Expense/App

Management

Device/User

Management

Secure

Container

Enterprise/Cloud

Integration

Advancing

compliance

automation

Secure

collaboration

Best in class

Mobile security

Enterprise app

store & expense

control

DLP for Mobile;

service brokering

identity

In

ves

tmen

ts

Configuration,

control and

management of

mobile devices

Corporate data

separation and

delivery of IT

services

Core security

functionality

across platforms

Management

and control of

mobile expenses

(19)

Identity & Access Control Layer Cloud Information Security Layer Cloud Information Management Layer Control Security Compliance

O

₃

Privat e Cloud Private Cloud

Symantec O3: The New Cloud Control Point

Symantec Advances Enterprise Mobility Strategy20

Extend internal security policies to public and private

(20)

Mobile Device and Application

Management –

Kelly Services Customer Experience

(21)

About Kelly Services

Kelly Services, Inc. (NASDAQ:

KELYA

,

KELYB

) is a leader in providing

workforce solutions. Kelly

®

_{offers a comprehensive array of}

outsourcing and consulting services as well as world-class staffing

on a temporary, temporary-to-hire and direct-hire basis. Serving

clients around the globe, Kelly provides employment to more than

530,000 employees annually. Revenue in 2011 was $5.6 billion.

Visit

www.kellyservices.com

and connect with us

(22)

Count the ways…

• Packaged Nike ® tennis shoes

• Assembled treadmills

• Scored standardized student

assessments

• Handled eBay ®customer

services calls

• Assisted in creating a vaccine

to combat biological agent

anthrax

• Upgraded Colleague infusion

pumps used in hospitals

• Made Tombstone or Kraft ®

pizza

• Assisted with R&D for new

contact lenses

Kelly employees have:

(23)

Kelly Services Spans the Globe

EMEA

APAC

AMERICAS

Belgium Canada United States Mexico Puerto Rico Denmark France Germany Hungary Ireland Italy Luxembourg Netherlands Norway Poland Russia Sweden Switzerland United Kingdom Australia China Hong Kong India Indonesia Malaysia New Zealand Philippines South Korea Singapore Thailand Portugal

(24)

Thoughts on Mobility

• Attended Mobility conference in Chicago involving 20 of the

Fortune 500

– Less than half (8) use an MDM tool

– None are in the cloud completely

– MDM is used for device wipe, inventory, provisioning, alerts on jailbroken

devices and app deployments

– Little differentiation with iOS management

– None of the companies integrate data coming from MDM with asset or

systems management tools

– All would switch their MDM tool if they could

– All 20 companies agreed that, at the moment, interface and cost are the

primary determining factors when choosing an MDM tool

(25)

Everyone has lots to do…

• Windows 7 migration

• Altiris 7.1 migration

• BPOS to O365 migration

• Cloud file storage and

sharing

• Introduction of Macs to

the Enterprise

• Split-tunnel

• BYOD

• VDI

• Mobile device provisioning

• Ivy Bridge qualification

• Daily maintenance of current

platforms

And we’re going to do MDM…

(26)

What Kelly was looking for

• Needed to meet a basic set of requirements

– iOS configuration support

– Expand on EAS security policies

– Selective wipe capabilities

– Deploys apps and content

– Detects jailbroken devices

– Integration with AD

– Integrates with our asset and systems management tools

• Relatively low cost

• Relatively easy to use

• Choose a vendor who would be around for awhile

• Decided on Symantec Mobile Management (SMM)

(27)

Why SMM?

• SMM has comprehensive MDM capabilities, including policy

enforcement, inventory, jailbreak detection, selective wipe and

content deployment

• SMM leverages the Symantec Management Console

• SMM is tightly integrated with other Symantec products we use;

ITMS and Workflow

• Symantec’s mobile security products, such as authentication

and data security solutions, complement SMM well

• Our research shows that SMM is cost competitive

• Use what we know!

(28)

Symantec Management Console Integration

(29)

Symantec Management Console Integration

(30)

Demonstration

(31)

What’s to Come

• Review current EAS policies and determine if we should

strengthen them with SMM

• Migration to O365 will allow us to provision mobile device

access to corporate email with SMM. Since you can provision

email with SMM, a selective wipe will remove it

• Looking forward to new releases of SMM that will add

additional iOS and Android capabilities

• Determine how Nukona acquisition compliments SMM

• Deploy Kelly branded SMM agent and Kelly Sales App later this

year to mobile salesforce

(32)

Kelly Enterprise App Store on personal iPhone

(33)

Enterprise App Store

(34)

App Authorization Controls

(35)

Summary

(36)

Bringing Management, Security & Identify Together in a Post-PC Era

Combining MDM, mobile app management and identity allows Symantec to

offer a comprehensive enterprise mobility solution

Device Protection

App/Data Protection

• Mobile Management:

Centralized Console for MDM

• SCCM:

MDM for Microsoft

System Center

• Mobile Security:

App insight for

Android

• Trad. Security:

SEP, DLP, Backup

etc

• App Center:

Centralized policy

and security wrapping for Apple,

Android, BB and WP7/8

• Zones:

Secure data sharing and

collaboration

• O3:

Federated Identity

Identity

• O3:

Federated Identity

• mpki:

certificate

integration and

deployment

(37)

Thank you!

the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

John Engels

Principal Product Manager

46