windows 10: a guide to secure mobility in the enterprise
TRANSCRIPT
© 2015 IBM Corporation
A Guide to Secure Mobility in the Enterprise
Chuck BrownProduct Management
IBM Security
Windows 10
Jimmy TsangProduct Marketing
IBM Security
2 © 2016 IBM Corporation
Housekeeping items
Duration – 60 minutes Submit your questions to all
panelists in the Q&A box located in the bottom right corner of your screen
Recording and slides will be emailed to you
3 © 2016 IBM Corporation
Agenda
Windows overview & trends
Windows 10 highlights
MaaS360 support for Windows 10
Demo
Q&A
4 © 2016 IBM Corporation
Poll results from May 2015
Windows 8
Windows 7
Windows XP
Mac OS X
Other
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
9%
85%
4%
2%
0%
What operating system is installed on most of your laptops and desktops?
5 © 2016 IBM Corporation
Microsoft OS ecosystem
6 © 2016 IBM Corporation
Convergence of Windows
7 © 2016 IBM Corporation
Windows 10
8 © 2016 IBM Corporation
Current State of Affairs
Windows 10 generally available on July 29, 2015 “Free” upgrades to majority of devices except for Enterprise users First 24 hours – 14 million installs
– At peak - Windows 10 was being installed on about 1500 machines per second Adoption is accelerating: >40% of new Win10 devices since Black Friday Microsoft expects 1 billion devices to be running Windows 10 in 3 years
050000000
100000000150000000200000000250000000
14000000
110000000
200000000
Windows 10 Installs
9 © 2016 IBM Corporation
Windows 10 Migration
Shifting in Week 5 Previous – moves
from W8/8.1– W8/8.1 has
highest dissatisfaction among users
Now migrating more from Windows 7
http://www.networkworld.com/article/2985121/windows/windows-10-begins-to-eat-into-windows-7s-usage-share.html?phint=newt%3Dnetworkworld_daily_news_alert&phint=idg_eid%3D9d62e138c25290651cbb2506bb69e242#tk.NWWNLE_nlt_daily_am_2015-09-22&siteid=&phint=tpcs%3D&phint=idg_eid%3D9d62e138c25290651cbb2506bb69e242
10 © 2016 IBM Corporation
Laptop and Desktop OS Market Share
NetMarketShare.com
Windows operating systems constitute ~ 91% of the total market share Current Windows 10 market share is 9.96% At 10% growth rate month on month – 20.81% market share by 2016 Q3
NetMarketShare.com
Windows 758%
Windows XP16%
Windows 815%
OS X6%
Other3% Windows Vista
2%
April 2015
Windows 756%
Windows XP11%
Windows 813%
OS X7%
Other2%
Windows Vista2% Windows 10
10%
December 2015
11 © 2016 IBM Corporation
Microsoft has an API set across Windows 10 PC/Tablet and Mobile– API set is an extension to Windows Phone 8.1– No API sets on Windows 7
Mac OS X provides a set of management APIs similar to iOS.– Apple is working on convergence of management API sets
Device and OS are Creating a Continuum
Code for one.Reach them all.
12 © 2016 IBM Corporation
Where Are We?
13 © 2016 IBM Corporation
Configuration Service Provider Reference
Up-to-date list of API features for Windows 10
https://msdn.microsoft.com/en-us/library/windows/hardware/dn920025%28v=vs.85%29.aspx
14 © 2016 IBM Corporation
7 Reasons to Open Up Windows 10
Convergence of Windows (Continuum) Similar API set and policies on all devices Build once use anywhere (Universal Apps) Greater data and program security Enlightened applications – Application management Consistent workflow Spartan/Edge browser
© 2015 IBM Corporation
Windows 10 Policies
16 © 2016 IBM Corporation
Security Policies
17 © 2016 IBM Corporation
Device Restrictions
18 © 2016 IBM Corporation
Network Restrictions
19 © 2016 IBM Corporation
Configure Trusted Certificates
20 © 2016 IBM Corporation
ActiveSync Settings
© 2015 IBM Corporation
Windows 10 Actions
22 © 2016 IBM Corporation
Windows 10 Actions
Locate Selective Wipe Wipe Change Policy
* Support for real-time notifications for these actions
Remove Control Hide Request Data Refresh
© 2015 IBM Corporation
Additional Security Options
24 © 2016 IBM Corporation
Enterprise Data Protection – The Device is the BIG Container
Encrypt enterprise data on employee- and corporate-owned devices Remotely wipe enterprise data off managed devices w/o affecting
personal data Privileged Apps
– Select specific apps that can access data– Block non-privileged apps from accessing data
Employees not interrupted while switching between personal and enterprise apps while security policies are in place.
AppLocker– The AppLocker configuration service provider is used to specify which
applications are allowed or disallowed for enterprise data protection
https://technet.microsoft.com/en-us/library/Dn985838(v=VS.85).aspx
25 © 2016 IBM Corporation
Additional Security Options
BitLocker for Full Disk Encryption– New Features
• Encrypt and recover your device with Azure Active Directory. • DMA port protection. You can use the DataProtection/
AllowDirectMemoryAccess MDM policy to block DMA ports when the device is starting up.
• New Group Policy for configuring pre-boot recovery. Windows Defender included with the OS
– Anti-virus & Anti-malware• Auto updates• Have not receive glowing reviews – “Just good enough” ?
Backup & Recovery– Native integration with OneDrive
26 © 2016 IBM Corporation
Assigned Access – Kiosk Mode – Device Lockdown
Use Cases– Device in the lobby that customers can use to view your product catalog– Portable device that drivers can use to check a route on a map– Device that a temporary worker uses to enter data
Configure a persistent locked down state to create a kiosk-type device. When the locked-down account is logged on, the device displays only the app that you select.
Configure a lockdown state that takes effect when a given user account logs on. The lockdown restricts the user to only the apps that you specify.
Lockdown settings can also be configured for device look and feel, such as a theme or a custom layout on the Start screen
27 © 2016 IBM Corporation
Edge Browser
Stops phishers before they cast their bait – Edge aims to prevent phishing attacks through its Passport technology– Instead of using a shareable password, Edge will authenticate securely to
applications, including websites and networks Operates in a sandbox
– Internet Explorer was the browser was built directly into Windows– If the browser was compromised,
your entire computer might be taken down along with it
– Edge, on the other hand, will be a universal app, constantly running in a partial sandbox
Deactivates extensions, such as ActiveX & VB
© 2015 IBM Corporation
Patching
29 © 2016 IBM Corporation
Security Patching
Security patching is mandatory for all versions except Enterprise– Management– Automatic download and installation when device is connect to internet– Peer to Peer sharing of patch distribution inside the LAN – Updates/patches/fixes can be granularly controlled on the Enterprise edition
(have not seen that yet) Patching Bundles
– Multiple line items (bulletins) now bundled into one package• Do not have the ability to test each item• http://
www.computerworld.com/article/2969850/microsoft-windows/patch-bundles-are-the-new-norm-for-windows-10.html
OS Upgrades – 2 speeds – Fast and Slow ring
© 2015 IBM Corporation
Applications & Software Distribution
31 © 2016 IBM Corporation
Universal Applications, Store and Software Distribution
Build once – install on all devices Multiple types of applications
– Win32 – “legacy” type of application – APPX, App-V
Business Store for Applications– Acquire and Distribute Applications– Bulk Acquisition of Apps (Free and Paid)– Application Management – reclaim/re-use licenses– Similarities to iTunes App Store
Software Catalogs– Need to have a self-directed app catalog, like iOS/Android
32 © 2016 IBM Corporation
Third Party Software Distribution
Standard third party Windows software – Google (Chrome), Adobe, Java – Many have msi and APPX versions– Updates still necessary
© 2015 IBM Corporation
Windows 10 Enrollment
34 © 2016 IBM Corporation
Starting the Enrollment
Same standard process in MaaS360 for over-the-air enrollment Enroll a device – receive the request
35 © 2016 IBM Corporation
MDM Enrollment
Installing the Company Hub Click Continue
36 © 2016 IBM Corporation
MDM Enrollment
Enrolled successfully Click Done
37 © 2016 IBM Corporation
Poll Results from May 2015
Within 6 months
6-12 months
12-18 months
18 months or longer
We don’t plan to upgrade to
Windows 10
0% 5% 10% 15% 20% 25% 30% 35% 40%
5%
22%
22%
35%
17%
Based on what your organization knows today, when does it plan to upgrade to Windows 10?
© 2015 IBM Corporation
Demo
39 © 2016 IBM Corporation
Customer Value
Greatly simplifies workflows Support all devices from one window Actionable intelligence on or off network Upgrades and new features/functions made available without end-user
installations Silent service
– Does not disturb the productivity of the end user
40 © 2016 IBM Corporation
Why Should I Care?
Consistent unified workflow and information across all device platforms No on-site infrastructure needed to support laptops, desktops, tablets and
smartphones Easy and fast to turn on No heavy lifting for upgrades
41 © 2016 IBM Corporation
Complete Mobility Management and Security
Advanced ManagementVisibility & Control
Secure Productivity Suite Trusted Workplace
Secure Document SharingContent Collaboration
Mobile Threat ManagementMalware Protection
Mobile Enterprise GatewayEnterprise Access
42 © 2016 IBM Corporation
Seamless Enterprise Integration
Advanced ManagementVisibility & Control
Secure Productivity Suite Trusted Workplace
Secure Document SharingContent Collaboration
Mobile Threat ManagementMalware Protection
Mobile Enterprise GatewayEnterprise Access
BYODCorporate
Shared
Mail systemsDirectoriesCertificatesFile shares
43 © 2016 IBM Corporation
Platform for Strong Mobile Security
Mobile Threat Management
Risk & Event Detection
Unified Endpoint Management
Mobile Identity Management
Integrated App Security
App Vulnerability &
Reputation
Automated Policy ComplianceEncryption & Data ProtectionAuthentication & RestrictionsContainerization & App VPNDevice Quarantine & Wipe
44 © 2016 IBM Corporation
Why IBM MaaS360?
Integratedsolutions that connect
seamlessly to your existing and external
environments
Scalabledata security with intelligence for the
volume, speed, and variability of mobile
Completemanagement of
devices, apps, content and users from a single platform
45 © 2016 IBM Corporation
Get Started Right Now
InstantAccess a free, fully functional trial for 30 days
MobileManage and secure your devices, apps and content
EasySet up and configure your service in minutes
1 2 3
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security