Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2013 International Business Machines Corporation 1 Running a successful BYOD Initiative Albee Jhoney Hari H Krishna.

Similar presentations


Presentation on theme: "© 2013 International Business Machines Corporation 1 Running a successful BYOD Initiative Albee Jhoney Hari H Krishna."— Presentation transcript:

1 © 2013 International Business Machines Corporation 1 Running a successful BYOD Initiative Albee Jhoney Hari H Krishna

2 © 2013 International Business Machines Corporation 2 Life was so much easier when everyone simply had a Blackberry Android and iOS accounted for 79% of all smartphone shipments Many employees want to use their devices to access work information Mobile devices offer significant advantages for companies ‘Halo effect’ of Apple Mac’s Before companies can realise the benefits of mobile devices, they need to be able to manage the associated risks Share of global Q smartphone sales to end users, by OS Source: Gartner 2012; does not include media tablets

3 © 2013 International Business Machines Corporation 3 IT manages risks by maintaining control points

4 © 2013 International Business Machines Corporation 4 With BYOD, IT loses control

5 © 2013 International Business Machines Corporation 5 PCs and mobile devices have many of the same management needs  Device inventory  Security policy mgmt  Application mgmt  Device config (VPN/ /Wifi)  Encryption mgmt  Roaming device support  Integration with internal systems  Scalable/Secure solution  Easy-to-deploy  Multiple OS support  Consolidated infrastructure  Device Wipe  Location info  Jailbreak/Root detection  Enterprise App store  Self-service portal  OS provisioning  Patching  Power Mgmt Traditional Endpoint ManagementMobile Device Management “Organizations…would prefer to use the same tools across PCs, tablets and smartphones, because it's increasingly the same people who support those device types” – Gartner, PCCLM Magic Quadrant, January 2011

6 © 2013 International Business Machines Corporation 6  Potential unauthorized access (lost, stolen)  Disabled encryption  Insecure devices connecting to network  Corporate data leakage 6 Mail / Calendar / Contacts Access (VPN / WiFi) Apps (app store) Enterprise Apps iCloud iCloud Sync iTunes Sync Encryption not enforced End User VPN / WiFi Corporate Network Access Managing Mobile Devices – The Problem

7 © 2013 International Business Machines Corporation 7 iCloud iCloud Sync iTunes Sync End User VPN / WiFi Corporate Network Access Personal Mail / Calendar Personal Apps Corporate Profile Enterprise Mail / Calendar Enterprise Access (VPN/WiFi) Enterprise Apps (App store or Custom) Secured by BigFix policy Encryption Enabled  Enforce password policies  Enable device encryption  Force encrypted backup  Disable iCloud sync  Access to corporate , apps, VPN, WiFi contingent on policy compliance!  Selectively wipe corporate data if employee leaves company  Fully wipe if lost or stolen Managing Mobile Devices – The Solution

8 © 2013 International Business Machines Corporation 8 430,000 IBM employees in over 120 countries. Deployment to over 750,000 endpoints A 78 per cent decrease in endpoint security issues IBM is also in the process of deploying Mobile Device Management solution across its entire mobile workforce of over 120,000 staff BYOD with 200,000+ smartphones projected Terabytes of WAN traffic per month IBM understands the demands of managing a global heterogeneous IT infrastructure with BYOD

9 © 2013 International Business Machines Corporation 9 Providing enterprise-wide visibility (eg. device details, apps installed, device location) Ensuring data security and compliance Device configuration Support devices on the Apple iOS, Google Android, Microsoft Windows Phone, Blackberry, Nokia Symbian Address business and technology issues of security, complexity and bring your own device (BYOD) in mobile environments Manage enterprise and personal data separately with capabilities such as selective wipe Leverage a single infrastructure to manage all enterprise devices—smartphones, tablets, desktops, laptops and servers Benefits:Services: Apple iOS Google Android “IBM's MDM capability is very complementary to that of PCs, and it is one of the few vendors in this Magic Quadrant that can support PCs and mobile devices” Gartner, MQ for Mobile Device Management Software, 2012 Mobile Device Management Windows Phone Blackberry Nokia Symbian Windows Mobile

10 © 2013 International Business Machines Corporation 10 Implement BYOD With Confidence App container. Deploy, manage, configure, and remove Enterproid Divide containers to separate personal and work environments on iOS and Android devices PIM container. Separate personal and corporate and prevent sensitive data from being copied into other apps with NitroDesk TouchDown integration Dual-persona OS. Manage BlackBerry 10 devices, which provide a native user experience to personal and work personas Extend BYOD to laptops. Unified device management approach brings together containers, smartphones, tablets, laptops, desktops, and servers under one infrastructure How do I deal with the business mandate that employees be allowed to "Bring Your Own Device"? Manage and secure only the apps and data inside the enterprise container, leaving users free to control the personal side of their device with Enterproid Divide.

11 © 2013 International Business Machines Corporation 11 Handle Multi-Platform Complexities With Ease Device management via Android agent, iOS APIs, Lotus Traveler, Microsoft Exchange, and Office 365 Complete device hardware and software inventory in near real-time Web reports provide at-a-glance mobile device deployment overviews Pass mobile device data to network management, service desk, asset management, and security and compliance systems Multi-tenancy support for service providers and organizations that need to completely separate different parts of the organization How do I manage an ever-expanding list of OS and hardware platforms when the user controls what apps are loaded and the carrier controls when the OS is updated? Better plan internal mobile projects with easy access to near-real time data about your mobile environment.

12 © 2013 International Business Machines Corporation 12 Secure Sensitive Data, Regardless of the Device Unified compliance reporting across all devices, including CIS Benchmarks Configure security settings such as password policy, encryption, WiFi, iCloud sync Full wipe, remote lock, map device location, and clear passcode options if device is lost or stolen Blacklist apps and automate alerts, policy response Detect jailbroken / rooted devices to notify users, disable access Integrate with mobile VPN and access management tools to ensure only compliant devices are authorized How do I ensure the security of mobile devices as they access more and more sensitive systems? Multiple user communication and alert methods, including Google Cloud Messaging (GCM), enables users to be part of the security solution.

13 © 2013 International Business Machines Corporation 13 Minimize Administration Costs Multiple authenticated device enrollment options, including LDAP/AD integration Employee self-service portal to enable employees to protect personal and enterprise data Enterprise app store directs employees to approved apps, includes support for Apple’s Volume Purchase Program (Apple VPP) Integration with IBM Worklight for 1- click transfer of internally-developed mobile apps from dev to production A ‘single device view’ enables IT personnel to easily view device details and take required action How do I cost-effectively manage the sheer volume of these tiny devices with average replacement rates of months? A flexible enrollment process enables organizations to include a EULA and to collect critical device and employee data via customizable questions

14 © 2013 International Business Machines Corporation 14 IBM Endpoint Manager Endpoints Common management agent Unified management console Common infrastructure Single server IBM Endpoint Manager Patch Management Lifecycle Management Software Use Analysis Power Management Mobile Devices Security and Compliance Core Protection Desktop / laptop / server endpoint MobilePurpose specific Systems Management Security Management Server Automation Continuously monitors the health and security of all enterprise endpoint in real-time via a single, policy-driven agent

15 © 2013 International Business Machines Corporation 15 IBM Endpoint Manager for Mobile Devices Functionality Overview Category Platform Support Management Actions Application Management Policy and Security Management Location Services Enterprise Access Management Endpoint Manager Capabilities Selective/full wipe, deny access, remote lock, user notification, clear passcode Application inventory, enterprise app store, iOS WebClips, whitelisting/blacklisting Configuration of , VPN, Wi-Fi, Authenticated Enrollment, Self Service Portal Track devices and locate on map Expense Management Enable/disable voice and data roaming Cloud Device Management Office 365 support Apple iOS, Google Android, Windows Phone, Blackberry, Symbian, Windows Mobile Password policies, Samsung SAFE, device encryption, jailbreak/root detection Containerisation Nitrodesk Touchdown (Android), Enterproid Divide, Red Bend

16 © 2013 International Business Machines Corporation 16 Single Server & Console Highly secure, highly scalable Aggregates data, analyzes & reports Pushes out pre-defined/custom policies Cloud-based Content Delivery Highly extensible Automatic, on-demand functionality Single Intelligent Agent Performs multiple functions Continuous self-assessment & policy enforcement Minimal system impact (< 2% CPU) Lightweight, Robust Infrastructure Use existing systems as Relays Built-in redundancy Support/secure roaming endpoints How it Works Remote Offices Manage roaming devices Identify unmanaged assets

17 © 2013 International Business Machines Corporation 17 Authenticated Enrollment and Self Service portal A flexible enrollment process can include an EULA and collect critical device and employee data via customisable questions

18 © 2013 International Business Machines Corporation 18 Authenticated Enrollment and Self Service portal

19 © 2013 International Business Machines Corporation 19 Complete device hardware and software inventory

20 © 2013 International Business Machines Corporation 20 Last known location of the device

21 © 2013 International Business Machines Corporation 21 Create your own Enterprise AppStore 21

22 © 2013 International Business Machines Corporation 22 Secure the device A unified report of password policies across all mobile OS’ makes it easy for administrators to identify non-compliant devices

23 © 2013 International Business Machines Corporation 23 Secure the device

24 © 2013 International Business Machines Corporation 24 Endpoint Manager for Mobile Devices, Part of IBM MobileFirst AnalyticsSecurityManagement IBM & Partner Applications Application Platform and Data Services BankingInsurance Transport TelecomGovernment Industry Solutions HealthcareRetail Automotive Application & Data Platform Strategy & Design Services Development & Integration Services Cloud & Managed Services Devices Network Servers

25 © 2013 International Business Machines Corporation 25 Stanford University uses IBM Endpoint to support it’s large BYOD environment of over 45,000 endpoints Stanford University Palo Alto, California Population: 30,000 45,000+ End Points The solution Opt-in Power Management Security Patching (Windows / Mac) Inventory Anti Malware Application Updates Software deployment Laptop Recovery PGP Whole Disk Encryption Benefits Rapid Operating System Patching and Compliance (across Windows and OS X) Accurate IT asset inventory Power Savings: Pacific Gas & Electric Rebate ~$70,000 May 2009 https://itservices.stanford.edu/service/bigfix

26 © 2013 International Business Machines Corporation 26  Consolidate management of endpoints – PCs, laptops, mobile devices  HIPAA compliance  Minimize on-going operational costs  Minimize device replacement costs Customer Needs Key Features & Outcomes Large Healthcare Provider  This regional healthcare provider uses IBM Endpoint Manager for its unified approach to endpoint management  1 employee is able to manage and secure 30,000 PCs + 4,000 mobile devices Extending the reach of healthcare This innovative healthcare provider in the southeastern United States is piloting a program to improve patient outcomes by providing secure healthcare support remotely through mobile devices, such as: Home Health Care: iPads provided to Home Healthcare diabetes patients to enable direct input of diagnostic data; Face time sessions with home health nurses reduce the need for on-site visits, which improves nurse utilization while reducing costs Education: iPod Touches with pre-loaded educational apps provided to parents of babies in Neonatal Intensive Care Unit (NICU)

27 © 2013 International Business Machines Corporation 27 Providing enterprise-wide visibility (eg. device details, apps installed, device location) Ensuring data security and compliance Device configuration Support devices on the Apple iOS, Google Android, Microsoft Windows Phone, Blackberry, Nokia Symbian Address business and technology issues of security, complexity and bring your own device (BYOD) in mobile environments Manage enterprise and personal data separately with capabilities such as selective wipe Leverage a single infrastructure to manage all enterprise devices—smartphones, tablets, desktops, laptops and servers Benefits:Services: Apple iOS Google Android “IBM's MDM capability is very complementary to that of PCs, and it is one of the few vendors in this Magic Quadrant that can support PCs and mobile devices” Gartner, MQ for Mobile Device Management Software, 2012 Mobile Device Management Nokia Symbian Windows Phone Blackberry Windows Mobile

28 © 2013 International Business Machines Corporation 28 ibm.com

29 © 2013 International Business Machines Corporation 29 Legal Disclaimer © IBM Corporation 2012 All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete: Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete: All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBM Lotus® Sametime® Unyte™). Subsequent references can drop “IBM” but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server). Please refer to for guidance on which trademarks require the ® or ™ symbol. Do not use abbreviations for IBM product names in your presentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included in your presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.http://www.ibm.com/legal/copytrade.shtml If you reference Adobe® in the text, please mark the first use and include the following; otherwise delete: Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. If you reference Java™ in the text, please mark the first use and include the following; otherwise delete: Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. If you reference Microsoft® and/or Windows® in the text, please mark the first use and include the following, as applicable; otherwise delete: Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. If you reference Intel® and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete: Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. If you reference UNIX® in the text, please mark the first use and include the following; otherwise delete: UNIX is a registered trademark of The Open Group in the United States and other countries. If you reference Linux® in your presentation, please mark the first use and include the following; otherwise delete: Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, Zeta Bank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustration purposes only.

30 © 2013 International Business Machines Corporation 30 Backup

31 © 2013 International Business Machines Corporation 31 Management by Fully-Managed Devices IEM Server DB ActiveSync Agent Comms / Management APIs Consolidated Reports / Management TEM Relay Mgmt Extender for iOS TEM Relay Mgmt Extender for iOS Lotus Traveler / Exchange Server ActiveSync Apple Push Notification Servers Google Cloud Messaging (optional) IBM Endpoint Manager for Mobile Devices Architecture

32 © 2013 International Business Machines Corporation 32 IBM Endpoint Manager for Mobile Devices Integration with Enterproid’s Divide container technologies for iOS and Android Web-based administration console for performing basic device management tasks with role-based access control Integration with BlackBerry Enterprise Server for integrated support of BlackBerry v4 – v7 devices Enhanced security with support for FIPS encryption and bi-directional encryption of communications with Android agent Additional Samsung SAFE APIs for expanded management and security of SAFE devices SmartCloud Notes & Notes Traveler 9.0 support, including cloud and high- availability versions IBM Endpoint Manager’s cloud-based content delivery system enables customers to benefit from frequent feature enhancements without the difficulty of performing upgrades

33 © 2013 International Business Machines Corporation 33 Jailbreak / Root Detection – Warn Users, Notify Administrators, Take Action

34 © 2013 International Business Machines Corporation 34 IBM announced same-day support for Apple iOS6 New MDM features in iOS6 Ability to set a device-level proxy (only works in "Supervise mode") Single-app mode. Ability to set a "Locked App" like a "Kiosk Mode" Some new restrictions like the ability to disable Game Centre Configure a profile to automatically be removed at a specified date Disable recent contacts from syncing for a given account Disable passbook while device is locked Disable shared photo streams

35 © 2013 International Business Machines Corporation 35 Fast and cost-effective development, integration and management of rich, cross-platform mobile applications Client Challenge Key Capabilities Using standards-based technologies and tools and delivering an enterprise-grade services layer that meets the needs of mobile employees and customers Mobile optimised middleware Open approach to 3rd-party integration Mix native and HTML Strong authentication framework Encrypted offline availability Enterprise back-end connectivity Unified push notifications Data collection for analytics Direct updates and remote disablement Packaged runtime skins Delivering for multiple mobile platforms IBM Worklight Encrypted cache on-device A mechanism for storing sensitive data on the client side Encrypted - like a security deposit box


Download ppt "© 2013 International Business Machines Corporation 1 Running a successful BYOD Initiative Albee Jhoney Hari H Krishna."

Similar presentations


Ads by Google