Powerful Google developer tools for immediate impact! (2023-24 C)
WSO2Con Asia 2014 - Embracing BYOD Trend Without Compromising Security, Employee Privacy, or the Mobile Experience
1. Embracing BYOD Trend Without
Compromising Security, Employee
Privacy, or the Mobile Experience
Shanmugarajah (Shan)
Director Architecture, Enterprise Mobility
WSO2 Inc.
2. Agen
da• Work- New definition
• Enterprise Mobility Challenges
• Different Approaches to Data
Security
• BYOD
• WSO2 EMM
• Summary
8. • New trend towards a shift in
work habits.
• Employees working out of
the office with Mobile
devices and cloud services
to perform business tasks.
Enterprise
Mobility
11. • Data Security
• Remote Device Management
• Enterprise Store
• Enterprise Application Development
& Management
Challenges
12. Data Security
How the data can be
compromised ?
Device being lost or
stolen
Malicious App stealing
the data
Data Leak
What is the data ?
• Email message or the
attachment
• Documents like
pdf,word,excel,ppt,text
• Browser accessing HTML
pages,cookies
• Contact,Calendar,Notes
• Application with Database
Why the data is sensitive ?
• It can be highly confidential
like quotation value, salary
details
• It can have a high impact if it
Who can
compromise ?
External
Internal
15. • Enforce password policy on the
device
• Encrypt data when locked (AES
256 FIPS 140-2)
• Enterprise Data WIPE & Device
WIPE
• iCloud Backup Disable
How MDM can solve this
challenge ?
• If the password is compromised
• Malware or malicious app stealing
data
Data Security - Approach 1
- MDM
Drawba
cks
17. Data Security - Approach 2 -
Separate Apps and Data
Within
Device
Away from
Device
18. Away from Device
•Desktop Virtualization or VDI technology (Citrix
XenDesktop,VMWare Horizon View, Dell
vWorkspace, Remote Desktop Microsoft.
•Web Apps
Within Device
• Virtualized OS’s on the mobile device
Data Security - Approach 2 -
Separate Apps and Data
19. Dual persona, two separate and independent end user
environments in a single device.
Mobile Virtualization
Virtualized OS’s on mobile
(Hypervisor 1 and 2)
BlackBerry
Balance
Samsung
KNOX
21. Not all the devices support dual persona
iOS does not support or Apple will not
allow to modify the OS
• Desktop virtualization
• Web apps
• Mobile virtualization
Each one of those options has
its flaws.
22. Data Security -
Approach 3Mobile App
Management
• MAM gets you a step closer
to managing what you care
about
• MAM brings the perimeter
closer to the corporate
resources
23. Mobile App
Management (MAM)1. MAM (Controlling App behavior)
1a. SDK Approach
1b. App wrapping
2. OS MAM - iOS MAM through MDM
3. App Store and Managing apps with MDM
24. Data security
features1.Encrypt the data at transmit use app VPN tunnel
or app tunnel
2.Encrypt the data at rest & decrypt only when
viewing
3.Two factor authentication
4.Data Loss prevention (Disable Cut,Copy and
Paste)
5.Data at rest should be controlled (Delete)
6.Policy based Data control , where policy can be
pushed and updated
MAM controlling
apps behavior
Additional Features
1.Enterprise Apps in the mobile should be able to use
SSO
2.Data can be shared between application
25. MAM SDK
ApproachSDK contains all the necessary API to implement
the MAM features
Provides enterprise-grade security with user
authentication, single sign on, copy/paste
prevention, data encryption, app-level policies,
compliance monitoring and management.
26. MAM - App
Wrapping App
Wrapper
Tool
• For apps already built
• Need unsigned app binary.
• Not to apps from public app stores.
• Can do basics of encryption, authentication, or
app-level VPNs.
• Can intercept, block, or spoof API calls made
27. MAM Solution (Controlling app behavior)
•Works across all versions of Android and iOS
•Native apps provide a superior user
experience.
Remote desktops, web apps, and virtualized
mobile devices each have their place in the
EMM world, but MAM has distinct advantages.
Data Security - Best
Approach
28. • Remote Device Management
(MDM)
• Enterprise Store
• Enterprise Application Development
& Management
(MEAP, mBaas)
Other Challenges in
Enterprise
30. User-Experience and
Privacy in BYOD
More than one Enterprise Apps
Every app needs login
Desktop apps have SSO
Why not give the same experience
Native App
Monitor the personal data like contact
info, app info
User-
Experience
Priva
cy
39. Store
Supports multiple platforms
User subscription
Advanced search options
App sorting
Support for existing user stores (Widgets,
Gadgets, Books, Magazines , APIs).
Single-Sign on
45. Summ
ary
• Different approaches to BYOD problem
• Based on your requirement
Can be MAM , or it can be hybrid
(MDM & MAM)
• End-user experience and their privacy is
important
46. Consumerization is a two-way
street.
You need to make sure your
users understand the need to
keep resources safe, but you
also need to make corporate
resources accessible.
IT
Consumeriz
ation