Upload File

beyond mdm: the desktop/mobility convergence

12
BEYOND MDM THE DESKTOP/MOBILITY CONVERGENCE Mike Reed, Principal Strategist

Upload: mike-reed

Post on 16-Apr-2017

249 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Beyond MDM: The Desktop/Mobility Convergence

BEYOND MDMTHE DESKTOP/MOBILITY CONVERGENCE

Mike Reed, Principal Strategist

Page 2: Beyond MDM: The Desktop/Mobility Convergence

IN THE BEGINNING… THERE WERE WORKGROUPS

• OS/2 - NETBIOS• WINDOWS FOR WORKGROUPS (REMEMBER NOVELL

NETWARE?)• WINDOWS NT (NT DOMAINS)• PRIMARILY PASSWORD-BASED SECURITY (NTLM,

NTLMV2)• * NOT COUNTING ALL THE VARIANTS OF CONFIG FILES

IN UNIX, LDAP/NFS, ETC.

Page 3: Beyond MDM: The Desktop/Mobility Convergence

DIRECTORY SERVICES BECOME THE NORM

• FOR MOST OF THE 2000’S, ACTIVE DIRECTORY BECAME THE DE FACTO DIRECTORY SERVICE

• AD HAD THE CONCEPT OF A DISTINCT MACHINE ACCOUNT AND A USER ACCOUNT WITH DIFFERENT APPLIED SECURITY FOR EACH

• AD ALLOWED FOR LOCAL MACHINE POLICY AS WELL AS DIRECTORY POLICY (GPO)

• MOST IMPORTANTLY, AD MOVED TO A BACKWARD—COMPATIBLE LDAP/X.500 AND KERBEROS (MIT) INFRASTRUCTURE

• MANAGEMENT IS TYPICALLY A COMBINATION OF DIRECTORY-BASED POLICY AND A LOCAL SECURITY AGENT

Page 4: Beyond MDM: The Desktop/Mobility Convergence

ALONG COMES APPLE (DESKTOP)

• STARTING WITH OS X, APPLE MOVES TO A PSEUDO-BSD (LINUX) OS ARCHITECTURE

• THIS ALLOWS FOR CONNECTIVITY WITH MANY WINDOWS/AD SERVICES, INCLUDING DIRECTORY SERVICES (LDAP) AND FILE SHARING (SMB, MOSTLY)

• MACS ENJOY THE ABILITY TO SHARE “EQUAL CITIZEN” STATUS ON THE NETWORK WITH WINDOWS MACHINES…

• ...EXCEPT FOR THAT PESKY GROUP POLICY/SECURITY THING. OS X USES SEVERAL TYPES OF LOCAL/NETWORK POLICY, TYPICALLY REQUIRING EITHER A SEPARATE MANAGEMENT INFRASTRUCTURE OR A LOCAL AGENT TO BRIDGE WINDOWS POLICY TO OS X

Page 5: Beyond MDM: The Desktop/Mobility Convergence

IN 2007, EVERYTHING CHANGES• APPLE LAUNCHES THE IPHONE IN 2007 USING IOS, AN

OS BASED ON OS X, WHICH IS A VARIANT OF BSD• IOS HAS NO CONCEPT OF “USER” IN THE OS – NO

BINDING TO A DIRECTORY OR PROVIDING LOGIN CREDENTIALS TO THE DEVICE

• OVER THE NEXT SEVERAL ITERATIONS OF IOS, APPLE ADDS IN MANAGEMENT API’S, SOME OF WHICH INCLUDE MOBILE DEVICE MANAGEMENT

• MDM PROVIDERS PRIMARILY USE A METHOD OF MAPPING USERS TO DEVICES USING AN AGENT AND CERTIFICATES (X.509)

• IN RECENT ITERATIONS OF IOS, APPLE INCLUDES THE ABILITY TO USE KERBEROS FOR USER AUTHENTICATION AT THE APPLICATION LEVEL (ALONG WITH OTHER METHODS OF SECURE ACCESS TO NETWORKS), BUT STILL NOT CONCEPT OF “USER”

Page 6: Beyond MDM: The Desktop/Mobility Convergence

ANDROID FOLLOWS SUIT

• ANDROID, OWNED BY GOOGLE, FOLLOWS SUIT.• WANT TO COMPARE VERSIONS (FOR ENTERPRISE

FEATURES?) – CURRENT ANDROID USUALLY SUPPORTS IOS -1, MEANING ANDROID IS TYPICALLY A VERSION BEHIND, ENTERPRISE FEATURE-WISE

• SOME VARIANTS OF ANDROID ARE BEGINNING TO FURTHER EXPLORE MULTI-USER AND ADVANCE THE CONCEPT OF USER, BUT MANAGEMENT FEATURES VARY (WILDLY) BY PLATFORM/PROVIDER

Page 7: Beyond MDM: The Desktop/Mobility Convergence

OS X 10.8+ AND WINDOWS 10

• BOTH APPLE AND MICROSOFT RECOGNIZED THAT PROFILE-BASED MANAGEMENT WAS SIMPLER TO CONFIGURE AND EASIER TO MANAGE AT SCALE AND STARTED BUILDING PROFILE-BASED MANAGEMENT INTO THEIR OS’ES

• OS X: SYSTEM PREFERENCES > PROFILES (ONLY VISIBLE WHEN A PROFILE IS APPLIED), MANAGED BY OS X SERVER AND PROFILE MANAGER OR VIA EMM

• WINDOWS 10: STILL SUPPORTS GPO AND WMI, BUT ALSO SUPPORTS “WORKPLACE” CONFIGURATION, E.G. EMM-BASED POLICIES AND CONFIGURATIONS

• WHAT ABOUT SURFACE PRO TABLETS? MOBILE OR DESKTOP?

Page 8: Beyond MDM: The Desktop/Mobility Convergence

WHERE DOES THIS LEAVE US?

• DESKTOP IS NOTHING MORE THAN A FORM FACTOR• EMM/PROFILE-BASED MANAGEMENT IS THE NEXT-

GENERATION MANAGEMENT APPROACH FOR DEVICE/LOCAL APP SECURITY

• CLOUD SERVICES ARE BROKERING THEIR OWN SECURITY (E.G. OFFICE365). CASB’S AND EMM PROVIDERS ARE GOING TO FIGHT FOR THE CLOUD ACCESS SECURITY MARKET

• APPLICATION-LEVEL SECURITY BECOMES KEY, WHICH MEANS IDENTITY IS A STRONG REQUIREMENT. NO MORE “BINDING TO ACTIVE DIRECTORY.”

Page 9: Beyond MDM: The Desktop/Mobility Convergence

WHAT SHOULD I DO NOW?

• EVALUATE YOUR IDENTITY MANAGEMENT SERVICE - THIS MAY BE LOCAL ACTIVE DIRECTORY TODAY. IT MOST LIKELY WILL NOT BE LOCAL ACTIVE DIRECTORY IN TWO YEARS.

• EVERY MAJOR CLOUD SERVICES PROVIDER IS FIGHTING TO BE YOUR IDENTITY PROVIDER. GOOGLE. MICROSOFT (AAD/O365). APPLE. AMAZON. SALESFORCE. OKTA. PING. THE LIST IS ENDLESS.

• SUPPORT FOR “SINGLE SIGN-ON” IS AN ABSOLUTE MUST FOR ANY NEW LOCAL OR CLOUD SOFTWARE/SERVICE YOU DEPLOY. ANYTHING USING LOCAL USER ACCOUNTS AS THE ONLY ACCESS MECHANISM IS ALREADY OBSOLETE.

Page 10: Beyond MDM: The Desktop/Mobility Convergence

WHAT SHOULD I DO NOW (CONT.)?• EMM PLAYERS HAVE AN ADVANTAGE OVER

TRADITIONAL DESKTOP MANAGEMENT PROVIDERS… TODAY. EACH ONE, BASED ON ITS HISTORY, OFFERS DIFFERENT APPROACHES.

• TALK TO YOUR EMM PROVIDER ABOUT THEIR SUPPORT FOR NEXT-GENERATION DESKTOP OS’ES

• TALK TO YOUR CURRENT DESKTOP MANAGEMENT PROVIDER ABOUT THEIR SUPPORT FOR PROFILE-BASED MANAGEMENT. HINT: THIS MAY BE MICROSOFT SCCM (AND LIKELY IS).

• IF YOU DON’T UNDERSTAND PKI & KERBEROS AND DON’T HAVE THEM DEPLOYED, START LEARNING NOW.

• IF YOU DON’T UNDERSTAND PROFILE-BASED MANAGEMENT AND DON’T HAVE EMM DEPLOYED, START EVALUATING NOW.

Page 11: Beyond MDM: The Desktop/Mobility Convergence

BRINGING IT ALL TOGETHER

• THE TECHNOLOGY IS MOVING TO PROFILE-BASED MANAGEMENT USING SINGLE SIGN-ON CREDENTIALS AS AN IDENTIFIER FOR DEVICE AND APPLICATION-LEVEL SECURITY

• THIS CHANGE, ESPECIALLY AS IT RELATES TO SSO, OFFERS UP SOME INTERESTING NEW METHODS TO BE MORE SECURE, ESPECIALLY FOR INTER-DEPARTMENTAL AND INTER-AGENCY INTERACTIONS

• THIS METHOD OF SECURE AUTHENTICATION AND AUTHORIZATION OFFERS A CHANCE FOR MORE SECURITY, NOT LESS, ESPECIALLY AS SERVICES MOVE TO CLOUD PROVIDERS

• MOVING FORWARD, “DESKTOP” IS A FORM FACTOR, NOT A DISTINCT PLATFORM OR OS

Page 12: Beyond MDM: The Desktop/Mobility Convergence

talkativetech.com @[email protected]

www.cmdsp.org

Credentialed Mobile DeviceSecurity Professional


MDM Program

Master Data Management - MDM - Pasos para implementar MDM

9 April 2016 Mdm Nurmala & Mdm Suma

MDM -RAJASTHAN

SECURE BUSINESS TRANSFORMATION THROUGH MDM · AGENDA 3 1. Need for Mobile Device Management (MDM) 2. MDM Implementation 3. MDM Benefits and Lessons Learned 4. Next Steps with MDM

META Reps, and the Inevitable Convergence of Level 1 and ... · Understanding of TCO and Shift Left Strategies ... Convergence of Level 1 and Desktop Support ... Network Operations

Mdm introduction

MDM Sports

Semantic Modeling & Data Managementwiki.praxeme.org/uploads/Syllabus/MDM-SLB15-outcome.pdf · 2014-06-06 · « MDM project outcome » MDM/SLB-15 2/54 Objectives Explain MDM Project

SAP NetWeaver MDM Business Content - URL – Sysurlsys.com/wp-content/uploads/2017/01/SAP-MDM-Document.pdf · SAP NetWeaver MDM Business Content ... MDM repositories containing pre-packaged

Valencia MDM

Convergence Of Desktop Web And Mobile

10.3 Informatica Multidomain MDM...Informatica MDM Hub..... 112 • • • • • 10 • • • • • • • • • • • • • • • • • • • • • • • •

MDM Catalog

MDM PREZENTACIJA

Before Mdm

IEE MDM Overview - Itron · PDF fileAgenda • Business Drivers • MDM Roles • MDM Boundaries • IEE MDM Architecture • IEE MDM Features • Demo

How to Build MDM App Using MDM Components

(Version 10.2) Informatica MDM Multidomain Edition Documentation/5/MDM… · (Version 10.2) Informatica MDM Multidomain Edition ... Informatica

Convergence of CRM, BPM, MDM and BI: The Fantastic Four … · cloud solutions have moved the customer to ... redundant legacy applications into more agile, ... MDM and BI: The Fantastic

MDM Presentation

MDM Overview

Mdm Fitingi

Convergence of CRM, BPM, MDM and BI: The Fantastic Four of

british-business-bank.co.uk · Web viewFamiliarity with Virtual Desktop Environment (VDI), Mobile infrastructure such as MDM and On-prem infrastructure Microsoft licensing Working

MDM-AGIDMP SOLUTION FOR IDMP COMPLIANCE - · PDF fileIDMP Eg. SAP MDM, Informatica MDM • Medicinal Product IDs, Pharmaceutical Product IDs are auto-populated with ... MDM-AGIDMP

Mission - bctqatar.com Profile.pdf · achieving sustainable, quality growth. Vision ... audio, web & video conferencing fixed-mobile convergence, desktop sharing, data sharing, call

MDM 2.0 Scenario: The Convergence of MDM & Data … Data Mgmt Solution ... (brand/architecture/platform) MDM 2.0 scenario: convergence of MDM & data governance

Convergence of Mdm and Mam 2

Performance, speed and convergence for doing … Series Color Printer... · with pivoting screen, a secure Mobile Device Management (MDM) solution that integrates with Samsung mobile

Semarchy Convergence for MDM · PDF file2 Getting Started Guide Overview Welcome to Semarchy Convergence for MDM! This Getting Started tutorial provides a step-by-step introduction

Configuring Informatica MDM Multidomain Edition Lab Guidegwinup.com/infa/Configuring MDM Multidomain Edition 9.x/MDM... · iii Preface Welcome to the “Configuring Informatica MDM

SK/MDM/1 Convergence and Coordination In the Context of the Mid Day Meal Scheme Convergence and Coordination In the Context of the Mid Day Meal Scheme

EOTSS Intune MDM Support: Microsoft Intune MDM install for

Mdm Server