SlideShare a Scribd company logo
1 of 41
Download to read offline
BYOD- it's an Identity Thing
                                    BYOD
                                   Session #36
                        Thursday, November8, 2012
        It's an 'identity' thing
                                 1.45-2.45pm

                            Paul Madsen (@pmadsen)
                              Senior Technical Architect
                                    Ping Identity



MIS Training Institute                                     Session # - Slide 1
© COMPANY NAME
A little bit about me




MIS Training Institute                           Session # - Slide 2
© COMPANY NAME
BYOD

         WHAT'S THE BIG DEAL?


MIS Training Institute          Session # - Slide 3
© COMPANY NAME
MIS Training Institute   Session # - Slide 4
© COMPANY NAME
B              Y   O   D
          R B            Y   W   D
            R
          I              O   N   E
            O
          N U            U       V
          GG             R       I
            H                    C
            T                    E
MIS Training Institute
© COMPANY NAME
                                 S
                                 Session # - Slide 5
Context


                           COIT       BYOD

                         Social
                                                 will.i.am
                                                 keynoting
                                                 Cloudforce

                           App
                           stores     Personal
                                      Cloud

MIS Training Institute                                        Session # - Slide 6
© COMPANY NAME
[reputable analyst
                         firm] says [X%] of
                            Fortune 500 will
                          confront BYOD by
                                     [201Y]
MIS Training Institute                     Session # - Slide 7
© COMPANY NAME
So why
                 allow it?
MIS Training Institute       Session # - Slide 8
© COMPANY NAME
SHadow IT
                         HAPPENS
MIS Training Institute               Session # - Slide 9
© COMPANY NAME
Employee productivity as a function of time


                                                            Value prop

                                                  BYOD
       productivity




                                                                Traditional
                                                                9-5


                      Sun    Mon      Tue   Wed      Thur     Fri      Sat

MIS Training Institute                                                       Session # - Slide 10
© COMPANY NAME
Fundamental challenge


                                        A single
                                        device
                                        must
                                        support
                                        two
                                        'masters'
MIS Training Institute                           Session # - Slide 11
© COMPANY NAME
Err no….




MIS Training Institute              Session # - Slide 12
© COMPANY NAME
Choices
         Mobile Device Management (MDM) applies
          enterprise policy to the device as a whole
                 PIN, wipe, VPN etc
         Mobile Application Management (MAM)
          focuses on the business apps ON the
          device
                 App store, security added onto binaries
                  either through SDK or 'wrapping'
MIS Training Institute                               Session # - Slide 13
© COMPANY NAME
Granularity




MIS Training Institute                 Session # - Slide 14
© COMPANY NAME
BYOD Balancing Act

                                 Standards
             Security




                                         Productivity
             Privacy

MIS Training Institute                         Session # - Slide 15
© COMPANY NAME
Balancing Act




                         Productivity
MIS Training Institute                   Session # - Slide 16
© COMPANY NAME
MIS Training Institute   Session # - Slide 17
© COMPANY NAME
Productivity vs time
                                    ideal                  reality

                                               'Now what was my
                                               password again??'
       productivity




                                                                             'Whoa, I can still
                                                                             login!'
                          'Well I guess I can
                          play Angry Birds until
                          IT sets me up'



                      hired                                          fired
MIS Training Institute                              time                         Session # - Slide 18
© COMPANY NAME
GTD Requirements
       1.                Initial GTD - Quickly get new
                         employees up and running with
                         the applications their role
                         demands
       2.                Ongoing GTD - Provide
                         employees single sign on
                         experience in day to day work
       3.                Stop GTD - Reduce/remove
                         permissions when necessary
MIS Training Institute                                Session # - Slide 19
© COMPANY NAME
Balancing Act




                         Privacy
MIS Training Institute                   Session # - Slide 20
© COMPANY NAME
Privacy

                                     the right to be
                                        let alone—
                                          the most
                                       comprehen
                                           sive of
                                         rights and
                                          the right
          Louis Dembitz Brandeis
MIS Training Institute
© COMPANY NAME
                                            most  Session # - Slide 21
Privacy




                         Granularity of IT control


MIS Training Institute                               Session # - Slide 22
© COMPANY NAME
Partioning for privacy
    1.       Divide the phone in 'half' –
             one side for business
             applications & data, another
             for personal
    2.       IT's mandate is to manage
             & secure the apps & data on
             the business side
    3.       IT has no mandate
             (nor, hopefully, desire) to
             touch apps & data on the
             personal side


MIS Training Institute                            Session # - Slide 23
© COMPANY NAME
Balancing Act




                         Security
MIS Training Institute                   Session # - Slide 24
© COMPANY NAME
IT'S NOT ABOUT THE DEVICE
MIS Training Institute                               Session # - Slide 25
© COMPANY NAME
It's the data




MIS Training Institute                   Session # - Slide 26
© COMPANY NAME
Protecting the data
    1.       Ensure that user/app can access only appropriate
             data
                   Authorization based on role
    2.       Protect data in transit
                                                        IDM
                   SSL
    3.       Protect data on device
                   PIN, Encryption                     MAM
    4.       Remove access to data when appropriate
                                                           MDM
                   Wipe stored data (or keys)
                   Revoke access to fresh data

MIS Training Institute                                     Session # - Slide 27
© COMPANY NAME
MIM?

MIS Training Institute          Session # - Slide 28
© COMPANY NAME
MDM – No screen capture
MAM – No screen capture
 when in email app
MIM – No screen capture
 for this document

MIS Training Institute   Session # - Slide 29
© COMPANY NAME
Balancing Act




                         Standards
MIS Training Institute                   Session # - Slide 32
© COMPANY NAME
Why standards?
            Framework implies interplay between
                    Enterprise IdM
                    MAM architecture
                            MAM servers
                            MAM agent
                    Applications
                            On-prem
                            SaaS


MIS Training Institute                               Session # - Slide 33
© COMPANY NAME
Components
      Enterprise
                                                 SaaS    SaaS
                                                 1       2
                                     MAM




      Device
                                      MAM
                         Browser                SaaS1   SaaS2




MIS Training Institute                                     Session # - Slide 34
© COMPANY NAME
Standards
                 SCIM (System for Cross-Domain
                  Identity Management) to provision
                  identities as necessary to MAM and SaaS
                  providers
                 SAML (Security Assertion Markup
                  Language) to bridge enterprise identity
                  to MAM and SaaS providers
                 OAuth to authorize MAM agents, and
                  SaaS native apps

MIS Training Institute                             Session # - Slide 35
© COMPANY NAME
Components
      Enterprise
                            SCIM
                                                   SaaS    SaaS
                           SCIM                    1

                                SAMLMAM                       O
                           SCIM                    O          A
                            SAML
                                                   A          U
                         SAML              O       U          T
                                           A       T          H
                                           U       H
      Device
                                        MAMT
                           Browser         H      SaaS1   SaaS




MIS Training Institute                                       Session # - Slide 36
© COMPANY NAME
Bob 'pursuing other ventures'
      Enterprise            SCIM (delete)
                                                          SaaS    SaaS
                           SCIM (delete)                  1

                                            MAM
                           SCIM (delete)


                                             W
                                             I
                                             p
                                             e
      Device
                                            MAM
                           Browser                       SaaS1   SaaS
                                                 wipe
                                                  wipe

MIS Training Institute                                              Session # - Slide 37
© COMPANY NAME
Bob 'loses phone in cab'
      Enterprise          SCIM (status=0)
                                                   SaaS    SaaS
                         SCIM (status=0)           1

                                            MAM
                         SCIM (status=0)

                                             L
                                             O
                                             C
                                             K
                                             =
      Device
                                             Y
                                            MAM
                         Browser                  SaaS1   SaaS




MIS Training Institute                                       Session # - Slide 38
© COMPANY NAME
Application Provider
         Enterprise
                                          Application Provider

                                                   Application Provider




     Device
                                  Native app
                     Native app       Native
                         Authz            Native app
                                       app Native
                         agent                     Native app
                                               app     Native
                                                        app


MIS Training Institute                                                    Session # - Slide 41
© COMPANY NAME
Wrapping up
R    R
                                        E
                                            DE
                                        S   a S
                         Business       T   t T   Personal
                                            a
                            MAM
                                      App

                               App
                                        T
             Policy                     o
                                        k
             Apps                 T
                                  o     e
                                  k     n
                                  e     s             Identity
                                                       Identity
                         Corp Identity
                                  n                     Identity
                                  s
              Tokens




MIS Training Institute                                             Session # - Slide 43
© COMPANY NAME
Thank you
                         @paulmadsen
MIS Training Institute               Session # - Slide 44
© COMPANY NAME
Summary
1.       Divide device & leave employee personal
         data alone
2.       Provision apps via MAM based on employee
         identity & roles into employee 'side'
3.       Provision tokens to those apps via IdM based
         on employee identity & roles
4.       Apps use tokens on API calls to
         corresponding Cloud

MIS Training Institute                        Session # - Slide 45
© COMPANY NAME

More Related Content

What's hot

Dirk Krafzig S O A And Conveys Law
Dirk  Krafzig    S O A And  Conveys  LawDirk  Krafzig    S O A And  Conveys  Law
Dirk Krafzig S O A And Conveys LawSOA Symposium
 
Universal Understanding Brochure
Universal Understanding BrochureUniversal Understanding Brochure
Universal Understanding Brochureleahdisney
 
General management powerpoint presentation templates.
General management powerpoint presentation templates.General management powerpoint presentation templates.
General management powerpoint presentation templates.SlideTeam.net
 
General management powerpoint presentation slides.
General management powerpoint presentation slides.General management powerpoint presentation slides.
General management powerpoint presentation slides.SlideTeam.net
 
General management powerpoint ppt templates.
General management powerpoint ppt templates.General management powerpoint ppt templates.
General management powerpoint ppt templates.SlideTeam.net
 
117114+carencro internship+bro
117114+carencro internship+bro117114+carencro internship+bro
117114+carencro internship+broNAFCareerAcads
 
Replication for Business Continuity, Disaster Recovery and High Availability
Replication for Business Continuity, Disaster Recovery and High AvailabilityReplication for Business Continuity, Disaster Recovery and High Availability
Replication for Business Continuity, Disaster Recovery and High AvailabilityTony Pearson
 
Rawsthorne | Who is your PO
Rawsthorne | Who is your PORawsthorne | Who is your PO
Rawsthorne | Who is your PONikita Filippov
 
Managing softwaredebt agilepalooza-redmond-sept2010
Managing softwaredebt agilepalooza-redmond-sept2010Managing softwaredebt agilepalooza-redmond-sept2010
Managing softwaredebt agilepalooza-redmond-sept2010Chris Sterling
 
Enterprise 2.0 - Using Social Media to Address HR Priorities
Enterprise 2.0 - Using Social Media to Address HR PrioritiesEnterprise 2.0 - Using Social Media to Address HR Priorities
Enterprise 2.0 - Using Social Media to Address HR Prioritieswelshms
 

What's hot (11)

Dirk Krafzig S O A And Conveys Law
Dirk  Krafzig    S O A And  Conveys  LawDirk  Krafzig    S O A And  Conveys  Law
Dirk Krafzig S O A And Conveys Law
 
Universal Understanding Brochure
Universal Understanding BrochureUniversal Understanding Brochure
Universal Understanding Brochure
 
General management powerpoint presentation templates.
General management powerpoint presentation templates.General management powerpoint presentation templates.
General management powerpoint presentation templates.
 
General management powerpoint presentation slides.
General management powerpoint presentation slides.General management powerpoint presentation slides.
General management powerpoint presentation slides.
 
General management powerpoint ppt templates.
General management powerpoint ppt templates.General management powerpoint ppt templates.
General management powerpoint ppt templates.
 
117114+carencro internship+bro
117114+carencro internship+bro117114+carencro internship+bro
117114+carencro internship+bro
 
Replication for Business Continuity, Disaster Recovery and High Availability
Replication for Business Continuity, Disaster Recovery and High AvailabilityReplication for Business Continuity, Disaster Recovery and High Availability
Replication for Business Continuity, Disaster Recovery and High Availability
 
Rawsthorne | Who is your PO
Rawsthorne | Who is your PORawsthorne | Who is your PO
Rawsthorne | Who is your PO
 
KBACE iRecruitment Webinar
KBACE iRecruitment WebinarKBACE iRecruitment Webinar
KBACE iRecruitment Webinar
 
Managing softwaredebt agilepalooza-redmond-sept2010
Managing softwaredebt agilepalooza-redmond-sept2010Managing softwaredebt agilepalooza-redmond-sept2010
Managing softwaredebt agilepalooza-redmond-sept2010
 
Enterprise 2.0 - Using Social Media to Address HR Priorities
Enterprise 2.0 - Using Social Media to Address HR PrioritiesEnterprise 2.0 - Using Social Media to Address HR Priorities
Enterprise 2.0 - Using Social Media to Address HR Priorities
 

Similar to Madsen byod-csa-02

Driving ROI and Adoption in Exceptional Social Experiences with Gamification
Driving ROI and Adoption in Exceptional Social Experiences with GamificationDriving ROI and Adoption in Exceptional Social Experiences with Gamification
Driving ROI and Adoption in Exceptional Social Experiences with GamificationPerficient, Inc.
 
Microsoft Power Point Myr Saa S & Cloud Computing Seminar Pwin
Microsoft Power Point   Myr Saa S & Cloud Computing Seminar   PwinMicrosoft Power Point   Myr Saa S & Cloud Computing Seminar   Pwin
Microsoft Power Point Myr Saa S & Cloud Computing Seminar Pwinguestaebb4a1
 
BYOD - it's an identity thing
BYOD - it's an identity thingBYOD - it's an identity thing
BYOD - it's an identity thingPaul Madsen
 
Solid works costing overview and details-10-13-2011a
Solid works costing overview and details-10-13-2011aSolid works costing overview and details-10-13-2011a
Solid works costing overview and details-10-13-2011aLutz Feldmann
 
Video for Internal Communications Inside the Global Enterprise
Video for Internal Communications Inside the Global EnterpriseVideo for Internal Communications Inside the Global Enterprise
Video for Internal Communications Inside the Global EnterpriseMediaPlatform
 
Office central presentation to customers v2r0
Office central presentation to customers v2r0Office central presentation to customers v2r0
Office central presentation to customers v2r0Authentic Venture Sdn Bhd
 
Services Resource Planning Market Review
Services Resource Planning Market ReviewServices Resource Planning Market Review
Services Resource Planning Market ReviewMichael Fauscette
 
Prolifics at IBM Lotusphere 2012
Prolifics at IBM Lotusphere 2012Prolifics at IBM Lotusphere 2012
Prolifics at IBM Lotusphere 2012Prolifics
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
Service Catalog & Request Fulfillment, the cornerstone of IT Service Management
Service Catalog & Request Fulfillment, the cornerstone of IT Service ManagementService Catalog & Request Fulfillment, the cornerstone of IT Service Management
Service Catalog & Request Fulfillment, the cornerstone of IT Service ManagementBMC Software
 
Utility AP - Best Practice, out of the box with Maximo Asset Management
Utility AP - Best Practice, out of the box with Maximo Asset ManagementUtility AP - Best Practice, out of the box with Maximo Asset Management
Utility AP - Best Practice, out of the box with Maximo Asset ManagementVincent Kwon
 
Why Strategic Experience Alignment Is An Imperative... For Your Employees
Why Strategic Experience Alignment Is An Imperative... For Your EmployeesWhy Strategic Experience Alignment Is An Imperative... For Your Employees
Why Strategic Experience Alignment Is An Imperative... For Your Employeesjmaclaren
 
Executing digital advertising with InDesign workflow engines
Executing digital advertising with InDesign workflow enginesExecuting digital advertising with InDesign workflow engines
Executing digital advertising with InDesign workflow enginesGlenn Bailey
 
NASSCOM GEPS BCP Webinar 2010_05_14
NASSCOM GEPS BCP Webinar 2010_05_14NASSCOM GEPS BCP Webinar 2010_05_14
NASSCOM GEPS BCP Webinar 2010_05_14vankito
 
Ibm software network2012 claudio cinquepalmi #ibmsocialbiz
Ibm software network2012 claudio cinquepalmi  #ibmsocialbiz Ibm software network2012 claudio cinquepalmi  #ibmsocialbiz
Ibm software network2012 claudio cinquepalmi #ibmsocialbiz Claudio Cinquepalmi
 
Warsaw Seminar Diem Ho 2
Warsaw Seminar Diem Ho 2Warsaw Seminar Diem Ho 2
Warsaw Seminar Diem Ho 2Youth Agora
 

Similar to Madsen byod-csa-02 (20)

Driving ROI and Adoption in Exceptional Social Experiences with Gamification
Driving ROI and Adoption in Exceptional Social Experiences with GamificationDriving ROI and Adoption in Exceptional Social Experiences with Gamification
Driving ROI and Adoption in Exceptional Social Experiences with Gamification
 
Microsoft Power Point Myr Saa S & Cloud Computing Seminar Pwin
Microsoft Power Point   Myr Saa S & Cloud Computing Seminar   PwinMicrosoft Power Point   Myr Saa S & Cloud Computing Seminar   Pwin
Microsoft Power Point Myr Saa S & Cloud Computing Seminar Pwin
 
BYOD - it's an identity thing
BYOD - it's an identity thingBYOD - it's an identity thing
BYOD - it's an identity thing
 
Solid works costing overview and details-10-13-2011a
Solid works costing overview and details-10-13-2011aSolid works costing overview and details-10-13-2011a
Solid works costing overview and details-10-13-2011a
 
Video for Internal Communications Inside the Global Enterprise
Video for Internal Communications Inside the Global EnterpriseVideo for Internal Communications Inside the Global Enterprise
Video for Internal Communications Inside the Global Enterprise
 
Business Process Management 1 Developing The Skillset
Business Process Management 1 Developing The SkillsetBusiness Process Management 1 Developing The Skillset
Business Process Management 1 Developing The Skillset
 
Office central presentation to customers v2r0
Office central presentation to customers v2r0Office central presentation to customers v2r0
Office central presentation to customers v2r0
 
Services Resource Planning Market Review
Services Resource Planning Market ReviewServices Resource Planning Market Review
Services Resource Planning Market Review
 
Arvind Brands and Retail- August 2012
Arvind Brands and Retail- August 2012Arvind Brands and Retail- August 2012
Arvind Brands and Retail- August 2012
 
Prolifics at IBM Lotusphere 2012
Prolifics at IBM Lotusphere 2012Prolifics at IBM Lotusphere 2012
Prolifics at IBM Lotusphere 2012
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
 
Service Catalog & Request Fulfillment, the cornerstone of IT Service Management
Service Catalog & Request Fulfillment, the cornerstone of IT Service ManagementService Catalog & Request Fulfillment, the cornerstone of IT Service Management
Service Catalog & Request Fulfillment, the cornerstone of IT Service Management
 
Utility AP - Best Practice, out of the box with Maximo Asset Management
Utility AP - Best Practice, out of the box with Maximo Asset ManagementUtility AP - Best Practice, out of the box with Maximo Asset Management
Utility AP - Best Practice, out of the box with Maximo Asset Management
 
Why Strategic Experience Alignment Is An Imperative... For Your Employees
Why Strategic Experience Alignment Is An Imperative... For Your EmployeesWhy Strategic Experience Alignment Is An Imperative... For Your Employees
Why Strategic Experience Alignment Is An Imperative... For Your Employees
 
Vidizmo intro
Vidizmo introVidizmo intro
Vidizmo intro
 
Maximizing Security Training ROI
Maximizing Security Training ROIMaximizing Security Training ROI
Maximizing Security Training ROI
 
Executing digital advertising with InDesign workflow engines
Executing digital advertising with InDesign workflow enginesExecuting digital advertising with InDesign workflow engines
Executing digital advertising with InDesign workflow engines
 
NASSCOM GEPS BCP Webinar 2010_05_14
NASSCOM GEPS BCP Webinar 2010_05_14NASSCOM GEPS BCP Webinar 2010_05_14
NASSCOM GEPS BCP Webinar 2010_05_14
 
Ibm software network2012 claudio cinquepalmi #ibmsocialbiz
Ibm software network2012 claudio cinquepalmi  #ibmsocialbiz Ibm software network2012 claudio cinquepalmi  #ibmsocialbiz
Ibm software network2012 claudio cinquepalmi #ibmsocialbiz
 
Warsaw Seminar Diem Ho 2
Warsaw Seminar Diem Ho 2Warsaw Seminar Diem Ho 2
Warsaw Seminar Diem Ho 2
 

More from Paul Madsen

Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoTPaul Madsen
 
Native application Single SignOn
Native application Single SignOnNative application Single SignOn
Native application Single SignOnPaul Madsen
 
A recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMA recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMPaul Madsen
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01Paul Madsen
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04Paul Madsen
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkPaul Madsen
 
Gluecon oauth-03
Gluecon oauth-03Gluecon oauth-03
Gluecon oauth-03Paul Madsen
 
Proxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAMLProxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAMLPaul Madsen
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01Paul Madsen
 

More from Paul Madsen (11)

Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
 
Native application Single SignOn
Native application Single SignOnNative application Single SignOn
Native application Single SignOn
 
A recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMA recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdM
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision Framework
 
Gluecon oauth-03
Gluecon oauth-03Gluecon oauth-03
Gluecon oauth-03
 
Proxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAMLProxying Assurance between OpenID & SAML
Proxying Assurance between OpenID & SAML
 
DIWD Concordia
DIWD ConcordiaDIWD Concordia
DIWD Concordia
 
Oauth 01
Oauth 01Oauth 01
Oauth 01
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01
 

Recently uploaded

KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 

Recently uploaded (20)

KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 

Madsen byod-csa-02

  • 1. BYOD- it's an Identity Thing BYOD Session #36 Thursday, November8, 2012 It's an 'identity' thing 1.45-2.45pm Paul Madsen (@pmadsen) Senior Technical Architect Ping Identity MIS Training Institute Session # - Slide 1 © COMPANY NAME
  • 2. A little bit about me MIS Training Institute Session # - Slide 2 © COMPANY NAME
  • 3. BYOD WHAT'S THE BIG DEAL? MIS Training Institute Session # - Slide 3 © COMPANY NAME
  • 4. MIS Training Institute Session # - Slide 4 © COMPANY NAME
  • 5. B Y O D R B Y W D R I O N E O N U U V GG R I H C T E MIS Training Institute © COMPANY NAME S Session # - Slide 5
  • 6. Context COIT BYOD Social will.i.am keynoting Cloudforce App stores Personal Cloud MIS Training Institute Session # - Slide 6 © COMPANY NAME
  • 7. [reputable analyst firm] says [X%] of Fortune 500 will confront BYOD by [201Y] MIS Training Institute Session # - Slide 7 © COMPANY NAME
  • 8. So why allow it? MIS Training Institute Session # - Slide 8 © COMPANY NAME
  • 9. SHadow IT HAPPENS MIS Training Institute Session # - Slide 9 © COMPANY NAME
  • 10. Employee productivity as a function of time Value prop BYOD productivity Traditional 9-5 Sun Mon Tue Wed Thur Fri Sat MIS Training Institute Session # - Slide 10 © COMPANY NAME
  • 11. Fundamental challenge A single device must support two 'masters' MIS Training Institute Session # - Slide 11 © COMPANY NAME
  • 12. Err no…. MIS Training Institute Session # - Slide 12 © COMPANY NAME
  • 13. Choices  Mobile Device Management (MDM) applies enterprise policy to the device as a whole  PIN, wipe, VPN etc  Mobile Application Management (MAM) focuses on the business apps ON the device  App store, security added onto binaries either through SDK or 'wrapping' MIS Training Institute Session # - Slide 13 © COMPANY NAME
  • 14. Granularity MIS Training Institute Session # - Slide 14 © COMPANY NAME
  • 15. BYOD Balancing Act Standards Security Productivity Privacy MIS Training Institute Session # - Slide 15 © COMPANY NAME
  • 16. Balancing Act Productivity MIS Training Institute Session # - Slide 16 © COMPANY NAME
  • 17. MIS Training Institute Session # - Slide 17 © COMPANY NAME
  • 18. Productivity vs time ideal reality 'Now what was my password again??' productivity 'Whoa, I can still login!' 'Well I guess I can play Angry Birds until IT sets me up' hired fired MIS Training Institute time Session # - Slide 18 © COMPANY NAME
  • 19. GTD Requirements 1. Initial GTD - Quickly get new employees up and running with the applications their role demands 2. Ongoing GTD - Provide employees single sign on experience in day to day work 3. Stop GTD - Reduce/remove permissions when necessary MIS Training Institute Session # - Slide 19 © COMPANY NAME
  • 20. Balancing Act Privacy MIS Training Institute Session # - Slide 20 © COMPANY NAME
  • 21. Privacy the right to be let alone— the most comprehen sive of rights and the right Louis Dembitz Brandeis MIS Training Institute © COMPANY NAME most Session # - Slide 21
  • 22. Privacy Granularity of IT control MIS Training Institute Session # - Slide 22 © COMPANY NAME
  • 23. Partioning for privacy 1. Divide the phone in 'half' – one side for business applications & data, another for personal 2. IT's mandate is to manage & secure the apps & data on the business side 3. IT has no mandate (nor, hopefully, desire) to touch apps & data on the personal side MIS Training Institute Session # - Slide 23 © COMPANY NAME
  • 24. Balancing Act Security MIS Training Institute Session # - Slide 24 © COMPANY NAME
  • 25. IT'S NOT ABOUT THE DEVICE MIS Training Institute Session # - Slide 25 © COMPANY NAME
  • 26. It's the data MIS Training Institute Session # - Slide 26 © COMPANY NAME
  • 27. Protecting the data 1. Ensure that user/app can access only appropriate data  Authorization based on role 2. Protect data in transit IDM  SSL 3. Protect data on device  PIN, Encryption MAM 4. Remove access to data when appropriate MDM  Wipe stored data (or keys)  Revoke access to fresh data MIS Training Institute Session # - Slide 27 © COMPANY NAME
  • 28. MIM? MIS Training Institute Session # - Slide 28 © COMPANY NAME
  • 29. MDM – No screen capture MAM – No screen capture when in email app MIM – No screen capture for this document MIS Training Institute Session # - Slide 29 © COMPANY NAME
  • 30. Balancing Act Standards MIS Training Institute Session # - Slide 32 © COMPANY NAME
  • 31. Why standards?  Framework implies interplay between  Enterprise IdM  MAM architecture  MAM servers  MAM agent  Applications  On-prem  SaaS MIS Training Institute Session # - Slide 33 © COMPANY NAME
  • 32. Components Enterprise SaaS SaaS 1 2 MAM Device MAM Browser SaaS1 SaaS2 MIS Training Institute Session # - Slide 34 © COMPANY NAME
  • 33. Standards  SCIM (System for Cross-Domain Identity Management) to provision identities as necessary to MAM and SaaS providers  SAML (Security Assertion Markup Language) to bridge enterprise identity to MAM and SaaS providers  OAuth to authorize MAM agents, and SaaS native apps MIS Training Institute Session # - Slide 35 © COMPANY NAME
  • 34. Components Enterprise SCIM SaaS SaaS SCIM 1 SAMLMAM O SCIM O A SAML A U SAML O U T A T H U H Device MAMT Browser H SaaS1 SaaS MIS Training Institute Session # - Slide 36 © COMPANY NAME
  • 35. Bob 'pursuing other ventures' Enterprise SCIM (delete) SaaS SaaS SCIM (delete) 1 MAM SCIM (delete) W I p e Device MAM Browser SaaS1 SaaS wipe wipe MIS Training Institute Session # - Slide 37 © COMPANY NAME
  • 36. Bob 'loses phone in cab' Enterprise SCIM (status=0) SaaS SaaS SCIM (status=0) 1 MAM SCIM (status=0) L O C K = Device Y MAM Browser SaaS1 SaaS MIS Training Institute Session # - Slide 38 © COMPANY NAME
  • 37. Application Provider Enterprise Application Provider Application Provider Device Native app Native app Native Authz Native app app Native agent Native app app Native app MIS Training Institute Session # - Slide 41 © COMPANY NAME
  • 39. R R E DE S a S Business T t T Personal a MAM App App T Policy o k Apps T o e k n e s Identity Identity Corp Identity n Identity s Tokens MIS Training Institute Session # - Slide 43 © COMPANY NAME
  • 40. Thank you @paulmadsen MIS Training Institute Session # - Slide 44 © COMPANY NAME
  • 41. Summary 1. Divide device & leave employee personal data alone 2. Provision apps via MAM based on employee identity & roles into employee 'side' 3. Provision tokens to those apps via IdM based on employee identity & roles 4. Apps use tokens on API calls to corresponding Cloud MIS Training Institute Session # - Slide 45 © COMPANY NAME

Editor's Notes

  1. Managing the device is misguided – CISO do not loose sleep over the loss of devices, but rather ……
  2. Managing the device is misguided – CISO do not loose sleep over the loss of devices, but rather ……