android for work: your enterprise mobility management and security checklist
TRANSCRIPT
© 2016 IBM Corporation
Your Enterprise Mobility Management and Security Checklist
Frank Schloendorn, Manager Quality AssuranceMatthew Melendez, Product AdvocateIBM Security
Android for Work
2 © 2016 IBM Corporation
Housekeeping items
Duration – 30 minutesSubmit your questions to all
panelists in the Q&A boxRecording and slides will be
emailed to you
© 2016 IBM Corporation
Android for Work – Overview
4 © 2016 IBM Corporation
Historically Android has lacked critical enterprise features– Differences across OEM’s on security and management capabilities– Gaps in base OS security– Difficulties in App distribution and management
Deployments of Android reflected this– In the Enterprise, 20% – Overall market, 80%
Android in the Enterprise
5 © 2016 IBM Corporation
Ensure Work data is safe– Protect Work data from Personal apps & data– Enforce data encryption
Keep users productive– Control apps available for Work– Deliver productivity apps to your users
• Any Google Play app or Enterprise app
Enable wide Enterprise adoption of Android
Android for Work - Goals
6 © 2016 IBM Corporation
OS Provided Dual Persona– Personal and Work accounts are separate– Works apps shown on same screen, but with briefcase– Two modes for enrollment- enterprise (corporate owned) and personal (BYOD)
Robust App Management– Support for any app off Google Play and Enterprise apps (all apps must go through Play Store)– IT can curate list of approved apps in Work Play Store– Silent push/pull
Relies on Full Disk Encryption– AES-128 is the minimum, OEM’s can exceed
Uses SE Linux for file separation between Work and Personal– Enforced by OS. Can be shut down on rooted device.
Highlights– Data Leakage prevention/Profile Management– Remote Wipe business data– Corporate VPN at device, container, or app level– Other device management capabilities
Some devices may not support• Usually lower end devices
Android Work – For 5.x/6.x and above devices
7 © 2016 IBM Corporation
Android Work App – Feature Summary
Android Work App(Android 4)
Productivity Applications:Android Work PIM suiteGoogle Docs, Sheets, SlidesChrome Secure BrowserWork CameraSecure File StorageSupport all 4.0+ devices
Android Work(Supported L+ devices)
Productivity Applications:Android Work PIM SuiteGoogle Docs, Sheets, SlidesChrome Secure BrowserWork CameraSecure File Storage
Google Play for WorkSecure App Distribution
8 © 2016 IBM Corporation
Point solution for legacy devices– Android 4.0-4.4– Android L+ devices without Work Native support
• Very low end devices
App Based Container– Requires wrapped apps
• Google has wrapped Chrome, Slides, Docs, Sheets, PIM– Can silently push/pull wrapped apps
Offers many of the same features of the full Work devices
Android Work App – Legacy Support
9 © 2016 IBM Corporation
Android N will introduce some much desired new features for Afw– QR Code Provisioning– Security Challeng for Work Profile– Temporary app access disablement– Toggle work Mode on/off– Always-On VPN– Contacts integration between personal and work profile– Remote reboot on enterprise owned devices– Disable data roaming on enterprise owned devices– Changes to client certificate management– And more
Android N New Features
10 © 2016 IBM Corporation
Program Requirements– MDM Vendor with Support ✔– Google for Work accounts
• For company and each user. Accounts are required during enrollment of the device to android for work
– Device that support Android for Work• Google Nexus series• Blackberry Priv• Samsung Galaxy series (S, Note, Edge)• HTC MX and One Series• Motorola Moto series• Sony Xperia series• Many Others….
Android for Work - Requirements
© 2016 IBM Corporation
Android for Work – MaaS360 Integration
12 © 2016 IBM Corporation
Settings are available in Android Policy– “Android Work Settings” Tab
New App Management Options– Deploy Google Play Apps Automatically
Control default enrollment mode– MDM or Android Work
Familiar Activation Experience– Just two new screens to set up Android Work profile
Android for Work – MaaS360 Integration
Source: Title of Document, date, author, publication or company
13 © 2016 IBM Corporation
Getting Ready– If MaaS360 trial account is desired, create one– Create Google for Work account, or use existing
• https://www.google.com/a/signup/u/0/?enterprise_product=ANDROID_WORK– Acquire Devices
• https://www.google.com/work/android/features/devices.html
Android for Work – Getting Started
Source: Title of Document, date, author, publication or company
© 2016 IBM Corporation
Android for Work – MaaS360 Integration Demonstration
© 2016 IBM Corporation
Questions?
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security