mdm jahresrück und ausblick
DESCRIPTION
TRANSCRIPT
Kapsch BusinessCom
| | Titel der Präsentation Untertitel der Präsentation 1
Kapsch BusinessCom
DI (FH) Daniel Ruby
Jahresrückblick/ -ausblick: MDM, MAM, BYOD, DLP...
und jetzt auch noch „mobile First“?
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 2 |
MDM is the solution - mobile device landscape changed… - Android Fragmentation - BYOD (bring your own device) - Apps / appstores / app deployment
- Mobile malware - Network requirements / WiFi / QoS Bandwidth - Data at Rest
- The dropbox problem - Privacy & Compliance - Cost Control - Secure Access to corporate ressources
- Certificates - Rollout / Lifecycle Management - Device Lockdown
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 3 |
- mobile device landscape changed…
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 4 |
- mobile device landscape changed…
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 5 |
- mobile device landscape changed…
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 6 |
- mobile device landscape changed…
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 7 |
- mobile device landscape changed…
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 8 |
- mobile device landscape changed…
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 9 |
- mobile device landscape changed…
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 10 |
- mobile device landscape changed…
Smartphones & Tablets im Unternehmen
OS X v10.7
OS X v10.8
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 12 |
- mobile device landscape changed…
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 13 |
- mobile device landscape changed…
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 14 |
- iOS 6 Global HTTP Proxy
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 15 |
- mobile device landscape changed…
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 16 |
MDM is the solution - mobile device landscape changed… - Android Fragmentation - BYOD (bring your own device) - Apps / appstores / app deployment
- Mobile malware - Network requirements / WiFi / QoS Bandwidth - Data at Rest
- The dropbox problem - Privacy & Compliance - Cost Control - Secure Access to corporate ressources
- Certificates - Rollout / Lifecycle Management - Device Lockdown
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 17 |
- Android Fragmentation -> The Android Challenge in the Enterprise...
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 18 |
- Android Fragmentation -> The Android Challenge in the Enterprise...
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 19 |
MDM is the solution - mobile device landscape changed… - Android Fragmentation - BYOD (bring your own device) - Apps / appstores / app deployment
- Mobile malware - Network requirements / WiFi / QoS Bandwidth - Data at Rest
- The dropbox problem - Privacy & Compliance - Cost Control - Secure Access to corporate ressources
- Certificates - Rollout / Lifecycle Management - Device Lockdown
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 20 |
- BYOD (bring your own device)
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 21 |
- BYOD (bring your own device)
Smartphones & Tablets im Unternehmen
Zugriff auf Firmenressourcen
Zugangsschutz Compliance Schutz
Management
- Active Sync Access (Mail, Kalender, Kontakte) - Netzwerk Zugang (WLAN Profile, APN settings, Dataguard) - Sharepoint (Dokumente, Präsentationen) - VPN (Zugriff von überall möglich?) - Cloud Services
- Passcode Policy - Verschlüsselung - Remote Wipe - Trennung Privat- und Firmengeräte
- Apple App-store / Google Play - App Inventory- & Deployment - App Black- / Whitelist - OS Updates/Releases Patchlevel
- Gerätekonfiguration - Ausbringung von Zertifikaten - Enforcement Möglichkeiten
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 22 |
- BYOD (bring your own device)
Smartphones & Tablets im Unternehmen
Microsoft Exchange Active Sync (EAS Policies)
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 23 |
- BYOD (bring your own device)
Smartphones & Tablets im Unternehmen
Apple iphone Configuration Utility
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 24 |
- BYOD (bring your own device)
Smartphones & Tablets im Unternehmen
Secure Container solutions (z.B. Checkpoint mobile Blade)
Secure Access to Web Portal
Integrated Document Security
Corporate Mail Sync in a secure workspace
MAB Exchange Server
EWS
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 25 |
- BYOD (bring your own device) MDM/mobile Iron
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 26 |
- BYOD (bring your own device)
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 27 |
- BYOD (bring your own device)
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 28 |
- BYOD (bring your own device)
Smartphones & Tablets im Unternehmen
Kapsch BusinessCom
|
Kapsch Security – wrap up… Mastervorlage zur Gestaltung von PowerPoint-Präsentationen
Kapsch BusinessCom 29 |
- mobile device landscape changed… - Android Fragmentation - BYOD (bring your own device) - Apps / appstores / app deployment
- Mobile malware - Network requirements / WiFi / QoS Bandwidth - Data at Rest
- The dropbox problem - Privacy & Compliance - Cost Control - Secure Access to corporate ressources
- Certificates - Rollout / Lifecycle Management - Device Lockdown
Smartphones & Tablets im Unternehmen Wrap up!
Mobile Device Management mit
- mobile device landscape changed… - Android Fragmentation - BYOD (bring your own device) - Apps / appstores / app deployment
- Mobile malware - Network requirements / WiFi / QoS Bandwidth - Data at Rest
- The dropbox problem - Privacy & Compliance - Cost Control - Secure Access to corporate ressources
- Certificates - Rollout / Lifecycle Management - Device Lockdown
Kapsch BusinessCom
|
DI (FH) Daniel Ruby System Engineer Security
ICT Infrastructure
Kapsch BusinessCom
Wienerbergstraße 53 | A-1120 Vienna | Austria
Phone +43 (0) 50 811 5455 | Mobile +43 664 628 5455
E-mail [email protected] | www.kapschbusiness.com
Please Note:
The content of this presentation is the intellectual property of Kapsch AG and all rights are reserved with respect to the copying, reproduction, alteration, utilization,
disclosure or transfer of such content to third parties. The foregoing is strictly prohibited without the prior written authorization of Kapsch BusinessCom AG. Product
and company names may be registered brand names or protected trademarks of third parties and are only used herein for the sake of clarification and to the
advantage of the respective legal owner without the intention of infringing proprietary rights.
Questions ?
Kapsch BusinessCom
|
MDM Dienstleistungs Module by Kapsch
Modul: Authentication & Certificates
Modul: Best Practice – Device Enablement & Rollout
Modul: High Availability - Sentry
Kapsch BusinessCom
|
MDM Dienstleistungs Module by Kapsch
Kapsch BusinessCom
|
MDM Dienstleistungs Module by Kapsch
Kapsch BusinessCom
|
MDM Dienstleistungs Module by Kapsch
Kapsch BusinessCom
|
MobileIron and ISE Workflow Initial Device Connection
Trust
Cisco ISE
Active Directory
Certificate Server
User connects to BYOD 802.1X EAP/PEAP and they log in with their corporate username and password or connects to Open SSID for on-boarding
Initial Connection
User is not registered with ISE so the user is redirected to the Cisco Captive Portal Page on ISE so they can register their device
for user self service later on
DMZ
Redirect to ISE Device Registration Page
NTLM, Kerberos or LDAP If EAP/Peap-MSChap v2 Authenticated
Kapsch BusinessCom
| Trust
Cisco ISE
Active Directory
Certificate Server
I do not
Do you know this user? Look up by MAC Address
The user opens up a browser and tries to access a protected resource at which point ISE does a
lookup against the MobileIron API to see if it’s a known user/mac address
DMZ
Redirect to ISE MDM Registration Page
The user is unknown so they are redrected to the ISE MDM enrollment page
MobileIron and ISE Workflow Initial Device Connection
Kapsch BusinessCom
| Trust
Cisco ISE
Active Directory
Certificate Server
…and follows the directions to install the MobileIron MyPhone@Work Client and enroll with the VSP
DMZ
LDAP
SCEP Certificate Enrollment
• Mobile Device Security, Lockdown, and Application Policies
• SSL VPN and WiFi Settings • iOS Restrictions
• Corporate Apps/Configuration/Identity • Authentication Certificate(s) • Corporate Root Certificate(s)
• Device Inventory • Application Inventory
• Multi-User • Kiosk Mode
MobileIron and ISE Workflow Initial Device Connection
Kapsch BusinessCom
| Trust
Cisco ISE
Active Directory
Certificate Server
Yes Device Posture is Returned
Device IS Compliant
Do you know this user? Look up by MAC Address
DMZ
Post ISE Registration/MI Enrollment (in policy)
User connects to same SSID using certificate and new WiFi profile that were provisioned from MobileIron.
This new profile uses EAP-TLS for authentication (certificate auth) instead of EAP/PEAP (username and
password)
User can Access Internet and Trusted Resources
Wireless Controller asks Cisco ISE for directions on what the user
should have access to
Cisco ISE returns access instructions to wireless
controller
Kapsch BusinessCom
| Trust
Cisco ISE
Active Directory
Certificate Server
Yes Device Posture is Returned
Device is NOT Compliant
Do you know this user? Look up by MAC Address
DMZ
User connects to same SSID using certificate and new WiFi profile that were provisioned from MobileIron.
This new profile uses EAP-TLS for authentication (certificate auth) instead of EAP/PEAP (username and
password)
User can Access Internet Resources Only
Wireless Controller asks Cisco ISE for directions on what the user
should have access to
Cisco ISE returns access instructions to wireless
controller
Post ISE Registration/MI Enrollment (out of policy)
X
Kapsch BusinessCom
|
Betrieb – Certificate Management mit SCEP