The document discusses embracing BYOD trends in enterprises while maintaining security, privacy and user experience. It outlines challenges like data security and different approaches like mobile device management (MDM), mobile application management (MAM) and separating enterprise and personal data. WSO2 Enterprise Mobility Manager is introduced as a solution that provides MDM, an enterprise app store, and mobile application management features to address BYOD challenges.
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Embracing BYOD Trend Without Compromising Security, Privacy or Experience
1. Embracing BYOD Trend Without
Compromising Security, Employee
Privacy, or the Mobile Experience!
Shanmugarajah (Shan)
Director Architecture, Enterprise Mobility
WSO2 Inc.!
2. Agen
da
• Work- New definition
• Enterprise Mobility Challenges
• Different Approaches to Data
Security
• BYOD
• WSO2 EMM
• Summary
4. Employ
ees
Enterp
rise
Da
ta
Devi
ce
Devi
ce
Wo
rk
• Happens inside a place
• Dependent on specific
Technology
• Resources
Within the premise
Owned by
enterprise
6. Enterp
rise
Data
Employ
Devi
ce
Data
Wo
rk
• Independent of place
• Independent of Technology
• Resources
Within the premise and
outside
Owned by enterprise
and employees
8. • New trend towards a shift in
work habits.
• Employees working out of
the office with Mobile
devices and cloud services
to perform business tasks.
Enterprise
Mobility
11. • Data Security
• Remote Device Management
• Enterprise Store
• Enterprise Application Development
& Management
Challenges
12. Data Security
How the data can be
compromised ?
Device being lost or
stolen
Malicious App stealing
the data
Data Leak
What is the data ?
• Email message or the
attachment
• Documents like
pdf,word,excel,ppt,text
• Browser accessing HTML
pages,cookies
• Contact,Calendar,Notes
• Application with Database
Why the data is sensitive ?
• It can be highly confidential
like quotation value, salary
details
• It can have a high impact if it
Who can
compromise ?
External
Internal
15. • Enforce password policy on the
device
• Encrypt data when locked (AES
256 FIPS 140-2)
• Enterprise Data WIPE & Device
WIPE
• iCloud Backup Disable
How MDM can solve this
challenge ?
• If the password is compromised
• Malware or malicious app stealing
data
Data Security - Approach 1
- MDM
Drawba
cks
16. Vendor
Apps
Enterprise
Apps
Apps from Public
Store
Apps in the
Device
Challenge
1.Need to separate
enterprise apps and
data
2.Able to Control it
3.Limit interaction with
personal apps and data.
17. Data Security - Approach 2 -
Separate Apps and Data
Within
Device
Away from
Device
18. Away from Device
• Desktop Virtualization or VDI technology (Citrix
XenDesktop,VMWare Horizon View, Dell
vWorkspace, Remote Desktop Microsoft.
• Web Apps
Within Device
• Virtualized OS’s on the mobile device
Data Security - Approach 2 -
Separate Apps and Data
19. Dual persona, two separate and independent end user
environments in a single device.
Mobile Virtualization
Virtualized OS’s on mobile
(Hypervisor 1 and 2)
BlackBerry
Balance
Samsung
KNOX
21. Not all the devices support dual persona
iOS does not support or Apple will not
allow to modify the OS
• Desktop virtualization
• Web apps
• Mobile virtualization
Each one of those options has
its flaws.
22. Data Security -
Approach 3
Mobile App
Management
• MAM gets you a step closer
to managing what you care
about
• MAM brings the perimeter
closer to the corporate
resources
23. Mobile App
Management (MAM)
1. MAM (Controlling App behavior)
1a. SDK Approach
1b. App wrapping
2. OS MAM - iOS MAM through MDM
3. App Store and Managing apps with MDM
24. Data security
features
1. Encrypt the data at transmit use app VPN tunnel
or app tunnel
2. Encrypt the data at rest & decrypt only when
viewing
3. Two factor authentication
4. Data Loss prevention (Disable Cut,Copy and
Paste)
5. Data at rest should be controlled (Delete)
6. Policy based Data control , where policy can be
pushed and updated
MAM controlling apps
behavior
Additional Features
1. Enterprise Apps in the mobile should be able to use
SSO
2. Data can be shared between application
25. MAM SDK
Approach
SDK contains all the necessary API to implement
the MAM features
Provides enterprise-grade security with user
authentication, single sign on, copy/paste
prevention, data encryption, app-level policies,
compliance monitoring and management.
26. MAM - App
Wrapping
App
Wrapper
Tool
• For apps already built
• Need unsigned app binary.
• Not to apps from public app stores.
• Can do basics of encryption, authentication, or
app-level VPNs.
• Can intercept, block, or spoof API calls made
27. MAM Solution (Controlling app behavior)
• Works across all versions of Android and iOS
• Native apps provide a superior user
experience.
Remote desktops, web apps, and virtualized
mobile devices each have their place in the
EMM world, but MAM has distinct advantages.
Data Security - Best
Approach
28. • Remote Device Management
(MDM)
• Enterprise Store
• Enterprise Application Development
& Management
(MEAP, mBaas)
Other Challenges in
Enterprise
30. User-Experience and
Privacy in BYOD!
More than one Enterprise Apps
Every app needs login
Desktop apps have SSO
Why not give the same experience
Native App!
Monitor the personal data like contact
info, app info
User-
Experience
Priva
cy
39. Store
Supports multiple platforms
User subscription
Advanced search options
App sorting
Support for existing user stores (Widgets,
Gadgets, Books, Magazines , APIs).
Single-Sign on
45. Summ
ary
• Different approaches to BYOD problem
• Based on your requirement
Can be MAM , or it can be hybrid
(MDM & MAM)
• End-user experience and their privacy is
important
46. Consumerization is a two-way
street.
You need to make sure your
users understand the need to
keep resources safe, but you
also need to make corporate
resources accessible.!
IT
Consumeriz
ation