dell secure mobile access solutions · •mobile devices usage and future ... secure mobile access...

Dell Secure Mobile Access solutions Mobile Connect app E-class Secure Remote Access appliances Colin Wu colin_wu1@dell.com

2 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Agenda

• Mobile Devices Usage and Future • BYOD challenge and hidden costs • Evolution of SSL VPN • Dell SonicWALL SMA Solution & Modules • Demo (Per-app VPN for Mobile Devices) • Q&A

3 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

41% of smart phone users use personal devices for business*

*IDG Mobile Survey 2013

Mobile Devices Usage and Future

4 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Gartner predicts by 2017, half of employers will require employees to supply their own device for work purposes

Mobile Devices Usage and Future

5 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

1. Data loss from lost, stolen devices

2. Information-stealing mobile malware 3. Data loss, leakage through 3rd party apps

4. Vulnerabilities with devices, OS design and 3rd party apps

5. Insecure wifi (data loss)

Mobile security pain points*

Data Loss

Big Data Loss

6 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

The Mobile Devices challenge

Personal Business

Increased business risk:

Corporate data loss Malware attack Personal data privacy compliance

7 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Mobile Devices hidden costs Corp Issued PC

• Multiple solutions from different vendors required for a complete service • Each new device type or application requires new specialist technology and skill • Managing users access and protecting corporate data involves new assessments

$ $ $ $ $ $ $ $ = + + +

Corp Issued Mobiles

BYO Mobiles BYO Desktops

Future Devices and applications

8 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Evolution of Access The Remote Access Service

o Dial Up – RAS – Remote Access Service o Complex telephony and un-reliable modems o White gloves managed service

9 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Evolution of Access – Full VPN

SMA

Locked Down Perimeter

o Tunneled internet connection over IPSEC o Extends corporate network to mobile laptops o Perimeter protection around network edge and laptop

10 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Evolution of Access – SSL VPN

SMA

User Device Port Subnet

a b x y

ACL : Access Control List

Routing table 1.1.1.x 10.15.x.x 10.20.30.x

Granular selective access

11 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Evolution of Access – App Level VPN

SMA

o Core plumbing provided by the OS vendor o Perimeter reduced to the application o Only corporate apps allowed to access data over the VPN

12 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Evolution of Access – App Access Control VPN

SMA

User Device Port Subnet

a b x y App

z

Granular selective access refined with application variables

13 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Evolution of Access – App Instance VPN

User Device Port Subnet

a b x y App

z

SMA

Instance

c

o Containers provide DLP instance of user normal productivity apps o Normal user workflows maintained

14 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Trusted user? Trusted device? Trusted mobile apps?

Trusted user Trusted device Trusted mobile apps

Secure access – personal device

Dell Secure Mobile Access (SMA) Solution

Web Apps Client/Server Apps

File Shares Databases

VoIP VDI Infrastructure

Applications Directories

Corporate perimeter

LDAP AD

RADIUS

LDAP

Authenticate user Validate device and mobile app integrity Enforce BYOD policy acceptance Connect only authorized apps to VPN and resources

15 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Device Profile Attribute Types

Device identity • Mapped directory • Domain membership • Watermark/certificate • Any resident file • Device ID

Device integrity • Anti-virus • Registry key • Windows O/S level • Personal firewall • Anti-spyware • Jailbroken/rooted

Device profile • Android • iOS • Windows • Windows mobile • Macintosh • Linux

With data security • Cache control • Secure desktop

16 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Defining EPC Zones Connectio

n request

Any Deny

zones

matched?

User

placed in

Deny

zone

Any

Standard

zones

matched?

User

placed in

Standard

zone

yes

User

placed in

Quarantine

zone

no User

placed in

Default

zone

no

yes

17 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

End Point Control for iOS Devices

End Point Control • Determine Jailbreak status

• DeviceID

• Certificate enforcement

• OS version control

18 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

End Point Control for Android Devices

End Point Control • Determine if the device has been “rooted”

• DeviceID (Enforced based IMEI of the Android device)

• Certificate enforcement

• OS version control

• Enforcement of Anti-Virus (Requires Aventail 10.6.1)

19 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Simplify per app VPN access control • Restrict VPN access to mobile apps authorized by

IT to reduce threat risk.

• Support any mobile app, secure container or MDM solution.

• Validates mobile app integrity with app signature

20 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Mobile device policy enforcement protects from BYOD business risk

• End-user required to accept policy terms to gain access

• Administrator can customize policy

• Support for per group policy

• Policy acceptance reporting

21 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

WorkPlace access: Access to web-based and client/ server applications from virtually any device.

WorkPlace Portal Easy-to-use clientless browser based access

22 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Global Management

What is it? Centralised management of SMA Known as: CMS Customer Benefit: Lower TCO Central view of their global service

23 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

License Distribution – Normal Operations

Normal operations

- Fairly normal distribution of users across 3 managed appliances - Shanghai, Bangalore and Seattle

- Alerts panel: No Alerts

- Appliances panel: Table view shows appliances statistics

- Current users panel: Pie chart view shows distribution of users

24 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

License Distribution – Normal Operations

Normal operations with different view selections

- Appliances panel: Geographic view of CMS and appliances

- Current users panel: Dial gauge view of users on appliances - relative to max licensed setting (5000) for each appliance

25 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

License Distribution versus Consumed

Dynamic distribution of leased licenses depends:

- Number of users on the appliance

- Appliance capacity

- Max license setting

NOTE: All available licenses (10k total) are made available. CMS does not hold back any licenses.

26 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

License Distribution – Snowstorm in Seattle!

High usage of Seattle appliance

- Leased license distribution adjusts accordingly as more users connect on the Seattle appliance

- Alert generated as Seattle appliance’s max licensed capacity is close

- Alert generated as CMS pooled license consumption is close to max

27 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

License Distribution – Snowstorm in Seattle!

Dynamic distribution of leased licenses:

- More licenses are made available on Seattle appliance to cope with the demand

28 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

SMA v11.0 Feature Benefits

• Per-app VPN for Android

• Per-app VPN for iOS and MAC OSX

• Dell vWorkspace integration

• EMM integration with MobileIron and Dell DMM

• Hyper V support • Pooled licensing

• HTML5 new clients….

29 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Enable efficient administration with centralized access policy management

Object-based policy management: easy to setup and manage access control rules

Access rules

Users/groups

Device security posture Allowed mobile apps

Corporate resources

30 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Secure Mobile Access appliances

SMA 7200 SMA 6200 Virtual Appliance VM Ware, Hyper-V

SRA EX9000 Simple, policy-enforced per-app VPN access to corporate data and resources without

compromising security

Secure mobile access for all users, devices, apps and resources

Spike License

Secure Virtual Assist Advanced Reporting Native Access Modules Mobile Connect

End Point Control

The Product Range

New New New

31 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Secure Remote Access (SRA) Appliance Comparison matrix

32 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Dell secure mobile access solution

• Only per app VPN solution that can support any mobile app or container without modification and support iOS, Mac OSX, Android and Kindle Simplify per app VPN

• Mobile device policy enforcement and management Achieve BYOD compliance

• Per app VPN access controls, mobile app and device integrity validation and user authentication Protect from threats

• Scalable, network-level access to more resources including web, client/server, hosted virtual desktop and back connect such as VoIP

Access more resources

Enable mobile worker productivity while protecting from threats

33 Dell Mobility Solutions

Dell - Internal Use - Confidential - Privileged

Demo (Per-app VPN for Mobile Devices)

• Android – Use Chrome access internal HFS service. – Use RDP-2x apps Connect Remote Desktop. – UC Browser cannot access internal HFS Service. – RD client apps cannot Connect Remote Desktop

• iOS – From EMM Server Push Chrome app and Use Chrome access internal HFS service. – Use RDP-2x apps Connect Remote Desktop. – UC Browser cannot access internal HFS Service.

Thank you