Scalable enterprise mobility solutions: How to give your employees tools they need without sacrificing user experience and security.
Consumerization of IT and BYOD are here – and it’s a GOOD thing. Today's dynamic workplaces and hyper-competitive markets drive demand for more mobile productivity solutions. Nearly 70% of enterprise employees report making better decisions, being more productive and happier if they are allowed to use mobile devices and cloud-based tools. Yet, IT organizations often resist these trends because of cost and risk associated with multi-platform, multi-device ecosystem having access to corporate data and resources.
In this webinar, product experts from Sencha and Centrify will help your organization embrace BYOD and SaaS in a cost-effective, scalable way. Sencha Space is an advanced platform for securely deploying mobile apps and delivering a consistent, elegant, mobile user experience to end-users. Users can launch any mobile web app, or HTML5 app in a secure, managed environment. Combining Space with secure, Active Directory- or Cloud-Based Identity and Access Management (IAM) from Centrify gives IT visibility and control over mobile platforms and SaaS / in-house apps while improving user experience and reducing security risk.
4. Technology Trends
Shaping the Evolution of Enterprise Mobility
Consumerization of IT
Rapid Adoption of Mobile
Enterprise Cloud Goes
Mainstream
Accelerating workforce
virtualization
• Personal devices becoming pervasive in the
enterprise
• Organizations must address challenges around
BYOD
• Opportunity for productivity gains and cost savings
• Mobile device sales surpass PC sales
• Mobility comes with heightened security risks
• Driving a shift to mobile-first development
• Cloud services gain acceptance for use in
production
• Cloud providers adapt offerings for the enterprise
• Cloud IT investment poised for explosive growth
• Collaboration with non-employees is the new
normal
• Managing access and data security is a major
challenge
• Organizational boundaries increasingly dynamic
4
5. Brave new world… but
IT management is losing control and visibility
with increased:
• Reliance on user-managed passwords
• Adoption of SaaS and mobile apps
• Proliferation of remote and untrusted devices
IT needs a new model
… that secures all devices…
…solves the password problem…
… and regains access control and
visibility
Users have lots more choices
and use many more apps
Users, apps and devices are
no longer “behind the firewall”
Mobile is the new, preferred way
to access apps
• End-users have too many
passwords
• Passwords are inherently
weak
• Many SaaS apps have a rich
mobile client
• Users have increasing
numbers of devices
accessing those apps
5
6. A few facts…
• 75% of security breaches involve compromised credentials
• 71% targeted user devices
• 58% perpetrated by insiders (takes 32 months to detect)
• 13% leveraged misuse of privilege
• Average cost $188 per record
CIO: Testifying Before
the Senate
56.95
57.95
58.95
59.95
60.95
61.95
62.95
63.95
64.95
65.95
0 1 2 3
$pershare
Months After Breach
$5.37 Billion in
shareholder value
lost
Breach disclosed
in media
6
7. What IT cares about
1. Enable employee
productivity
2. Ensure compliance
requirements are
addressed
3. Efficient management
7
1. Optimize efficiency of their
developer teams
2. Deliver apps that meet
business and end-user
requirements
3. Maximize the useful
lifetime of the app
What App Dev
Managers care about
Aligning Objectives
9. The cost of mobility can erode its ROI
Inefficient mobility
and security wastes resources
Write Code Test Publish to
app market
Deploy Update
$ $ $ $ $
Each part of the app
development process
incurs expenses…
Write Code Test
Publish to
AppStore
Deploy Update
$ $ $ $ $
Write Code Test Publish to
app market
Deploy Update
$ $ $ $ $
…which multiply with
each new supported
mobile OS/device
platform
Management Security
And these processes and apps
need to be managed and
secure to limit risk
10. Challenges
The security landscape has raised the stakes
Security is increasingly challenging
Targeted attacks
Spear phishing and social engineering
Mobile malware
Advanced Persistent Threats
Rising cost of data breaches
How do you manage the tradeoffs between
Operational flexibility
Security
Cost and complexity
End-user experience
$
11. End-to-End Data Security
• Data security means protecting confidentiality and integrity of data
• Management and enforcement across three modes of data use
1. At-rest – When data is stored on a device
2. In-motion – When data is traversing the network
3. In-use – When a user interacts with the data through an app on a
device
• Ensuring data security as data moves across the range of
untrustworthy networks and devices is not trivial
Overview
14. Multiple identities + Password Sprawl
Create risk
• Multiple logins for users
• Multiple identity infrastructures for IT to manage
In-
house
Apps
and
100’s
more….Laptops
Smartphones and Tablets
ID
ID
ID
ID
ID
ID
ID
ID
ID
ID
14
15. Federated Identity
Where users have one login ID and password
And IT has one Federated Identity Infrastructure to manage
End Users
Laptops
Smartphones and Tablets
ID
15
16. Strengthen Security with Federated Identity
• Federated Identity ensures
that users only need to use
their AD userid/password
– Only one password to
remember
– Password is protected by the
Enterprise in AD
• AD-based federation provides
several advantages for IT
– Leverages existing account
and password policies –
simplifying management
– Ensures that IT controls
access
eliminating risk of orphaned
accounts
Federation
Trust
Cloud
Proxy Server
IDP as a Service
Firewall
ID
ID
16
18. Sencha Space
Benefits
Streamline app development
process –Eliminate
PhoneGap/Cordova
Deliver HTML5 apps directly to
end-users through a
managed, secure runtime
platform
Easily mobilize existing web and HTML5 apps
Helps protect your apps and data by
Managing user access
Remotely wiping your data from devices as
needed
Keeping your business data separate from
other data on the device
Leverage developer APIs for a rich
application experience
19. Sencha Space
• Management Overvie Management Console
• Provides centralized management of the
user, data, and application lifecycles
• Allows administrators to enforce policy
consistently
• Set minimum PIN length
• Specify group membership
• Provision apps to groups
• Configure advanced user authentication
• Enable SSL VPN connectivity
• Facilitates reporting and auditing with detailed
usage analytics
Space Management
Centralized Admin Console
Policy Engine
Identity and
Access
App Delivery
Data Security
Network
Security
20. •Supports iOS and Android (Win Phone 8
and Blackberry in beta)
•Segregates business and personal data
•Secures business data with strong
encryption and digital signatures
•Enforces policies downloaded from the
console
•Facilitates secure, managed use of
HTML5 apps
•Provides developer API to OS/Device
features for rich, modern, mobile user
experience
Mobile Client Application
Sencha Space
Client Overview
21. Sencha Space
Security
•Data Encryption – All data is stored
encrypted in Space to protect the
confidentiality of sensitive, proprietary
information
•Network Security – All data transmitted
between the Space client app and
management server is SSL-encrypted
•VPN Support – Integration with Cisco
and Juniper clientless SSL VPN for
secure connectivity between the Space
client app and back-end data center
assets
•Authentication – Single sign-on
support using widely accepted SAML
open standard
Security
Key Benefits
• Reduce the risk of
data breach
• Grant access to
applications and data
based only on
business need
• Deploy applications
securely to anyone on
any device
22. Sencha Space
Overview of Capabilities and Benefits
Component Capabilities Benefits
Security • Secure data in-motion and at-rest
• Manage user access entitlements
• Manage risk
• Facilitate compliance
Policy Engine • Set and enforce consistent usage and security
policies
• Deploy applications instantly
• Block users/devices instantly
• Improve operational
efficiency
• Manage mobility risk
Analytics • Monitor activity at the user and device level
• Track application activity
• Facilitate audit and reporting
• Enhance operational visibility
Developer API • Provide consistent API access to native device/OS
capabilities
• Provide developer access to Space platform
capabilities
• Help reduce the cost of
cross-platform development
23. Centrify Cloud Services
= Unified Identity Services
+
Centrify Cloud Services
Centrify Software
• Authentication / Single Sign-On (SSO)
• Auditing and reporting
• Self-service portal
• Mobile application management
• Encryption of data-in-motion
• Policy Enforcement
• Authorization and role-based access control
• Mobile Zero Sign-on (ZSO)
• Mobile device management
• etc.
23
24. Centrify Cloud Service
Centrify for
iOS
Centrify for
Android
Centrify Cloud
Proxy Server
Centrify DirectManage Framework
DirectManage
ADUC Extension
DirectManage
Group
Policy Extension
Microsoft
Certificate
Authority
Firewall
Centrify for
Mac
Active Directory-based Security Infrastructure
Centrify Cloud
Manager
Centrify for
SaaS
Centrify Cloud Services
24
25. Centrify Cloud
Proxy Server
Centrify Cloud Service
Centrify for
SaaS
Centrify Cloud
Manager
Firewall
Centrify for SaaS
• One click SaaS SSO
leveraging Active Directory
credentials
• SSO Integration with SaaS
via
SAML, HTTP, proprietary
API, OAuth, Open ID
connect
• User self-service for mobile
devices (e.g.
location, wipe, lock)
• User self-service for AD
account
(e.g. edit attributes, reset
password)
• Common administration
tools for mobile and SaaS
applications
SaaS Apps
SaaS and Mobile
App Catalog
You Are Here
ISV Onboard
Centrify Cloud Services
Microsoft
Certificate
Authority
Active Directory-based Security Infrastructure
25
26. Centrify Cloud
Proxy Server
Centrify Cloud Service
Microsoft
Certificate
Authority
Centrify Cloud
Manager
Firewall
SaaS Apps
Mobile
App
Centrify for
iOS and
Android
Active Directory-based Security Infrastructure
Centrify for Mobile Applications
• Device is authenticated and joined to
Active Directory
• Enables silent authentication aka
Zero Sign-On (ZSO) for mobile apps
via simple integration with
Centrify Mobile Authentication SDK
• Mobile apps interacts with Centrify
cloud services for authn and authz
• Mobile app can also access
information about user attributes in
AD
• App settings can be centrally
managed based on AD Group Policy
• Remote wipe of Mobile App & Data
• Common administration tools for
mobile and SaaS applications
SaaS and Mobile
App Catalog
You Are Here
ISV Onboard
Centrify Cloud Services
26
27. Centrify Simplifies SaaS/Mobile Federated Auth
Integrate Mobile App
Authentication
provides true
enterprise Zero Sign-
On
• Mobile app
authenticates and
registers AD as it’s
identity provider
• Mobile app can
access information
about user attributes
in AD
• Mobile app gains SSO
to backend services
Cloud
Proxy Server
IDP as a Service
Firewall
Mobile OS
Mobile App
Mobile Auth
SDKMDM
Step 2
One time user authentication
& device registration
Step 1
Web
Application
Registration
Step 4
Token based
Authentication
Step 3
Token Generation
Hosted
Application
ID
27
28. Extend Identity Services to Mobile Platforms
Mobilize app and service access
– Enable mobile access to Enterprise services and applications
– Design mobile interfaces to seamlessly integrate with the
Enterprise services
Containerization to separate work from personal
– Protect work applications and data from data leakage
– Provide the laptop experience on mobile, unlock and access
all business apps
Centralize mobile and application administration
– Enabling IT to manage security policies for
Mobile, Workstations and Servers
– Unifying app management into one interface for Mobile, Web
and SaaS Apps
– Leveraging automated lifecycle management through AD
28
30. Cloud
Proxy Server
Firewall
Hosted Application aka
Sencha Space Cloud Service
Step 1
Web
Application
Registration
Step 3
Token based
Authentication
Step 2
Token Generation
ID
Centrify IDP as a
Service
Centrify + Sencha for Cloud SaaS Apps
Mobile OS
Sencha Space App
Auth
Client
30
32. Cloud
Proxy Server
Firewall
Internal Application
Step 3
Token based
Authentication
Step 2
Token Generation
ID
Centrify + Sencha for Internal SaaS Apps
Step 1
Web Application
Registration
Mobile OS
Sencha Space App
Auth
Client
Centrify IDP as a Service
32