Achieving Safe BYOD and Productive Apps with WSO2 Mobile Device Management and Mobile Application Management

Sinnathamby Shanmugarajah (Shan)WSO2Mobile

Director, Architecture

Achieving Safe BYOD using WSO2Mobile MDM

“Work is no longer seen as a place rather seen as an activity independent of location and specific technology”

Achieving Safe BYOD using WSO2Mobile MDM

Employees have started bringing their own device to work • working even after work hours from home • working even on the move

Achieving Safe BYOD using WSO2Mobile MDM

Some organizations openly give access to their corporate network for email and content sharing without any restrictions.

Achieving Safe BYOD using WSO2Mobile MDM

NOW ?

Achieving Safe BYOD using WSO2Mobile MDM

Biggest Challenge

1. Security Risk2. Remote Device Management

Achieving Safe BYOD using WSO2Mobile MDM

How to achieve safety using WSO2Mobile MDM ?

Achieving Safe BYOD using WSO2Mobile MDM

1.Device restrictions (OS Version)2.Authentication 3.Block compromised device 4.BYOD Policy 5.Compliance Monitoring

WSO2Mobile MDM

Achieving Safe BYOD using WSO2Mobile MDM

1. Device restrictions (OS and Version) > Android 4.0.4 > iOS 5.0

Achieving Safe BYOD using WSO2Mobile MDM

2. Authentication

Authentication against enterprise user store.

Achieving Safe BYOD using WSO2Mobile MDM

3. Block compromised Devices

• Before Enrolling - Blocking • After Enrolling - Block and Enterprise WIPE

Achieving Safe BYOD using WSO2Mobile MDM

Why ?

Jailbreaking iOS device or Rooting Android is the process of getting privileged access.

If allowed, all sensitive corporate information can be exposed.

Achieving Safe BYOD using WSO2Mobile MDM

4. Policy Enforcing

WSO2Mobile MDM allows you to define BYOD policy and make necessary action.

Based on• Roles • Specific User • Platform

Achieving Safe BYOD using WSO2Mobile MDM

Achieving Safe BYOD using WSO2Mobile MDM

Password Policy

Achieving Safe BYOD using WSO2Mobile MDM

4a. BYOD Policy - Password Policy

Password Policy enforced device

4b. BYOD Policy - Encrypt phone (in iOS this is automatic when passcode policy is applied)Encrypts all your data (Both personal and Corporate)

Achieving Safe BYOD using WSO2Mobile MDM

5c. Data leaks

iCloud data backup WSO2Mobile MDM disables this feature when an enterprise application is pushed or installed from the

Achieving Safe BYOD using WSO2Mobile MDM

5. Compliance Monitoring

• Monitors the status based on policy• Take necessary action if violated Warn Block Access Enterprise WIPE

Achieving Safe BYOD using WSO2Mobile MDM

Achieving Safe BYOD using WSO2Mobile MDM

Achieving Safe BYOD using WSO2Mobile MDM

Productive Apps with Mobile Application Management

Productive Apps with WSO2Mobile MAM

Current situation

• Develop apps and host it in the respective platform Public Market Place (Apple Store , Android Google Play)

• App is exposed to public (Restrictions through authentication)

• Discovering the application is not easy

Productive Apps with WSO2Mobile MAM

Achieve productive apps • Own enterprise store• Unified store• Easy app discovery and provisioning• App policy

Productive Apps with WSO2 Mobile Application Management

WSO2Mobile MAM

• Store • Publisher• Application Management Console

Productive Apps with WSO2 Mobile Application Management

WSO2Mobile Store

• User subscription• Advanced search options• Mobile App sorting• Support for existing user stores• Single-Sign on

Productive Apps with WSO2 Mobile Application Management

Productive Apps with WSO2Mobile MAM

WSO2Mobile Publisher

• Allows publishing application

Created In-Review Published

Unpublished

Rejected

Productive Apps with WSO2Mobile MAM

WSO2Mobile Publisher

Productive Apps with WSO2Mobile MAM

Applications Supported Android Native, Hybrid Application (apk) Web Application Market Place Application (Google Play) (Free) iOS (iPhone, iPad) Native, Hybrid Application (ipa) (Need to have enterprise developer account) Web Application Apple Store Applications (Free) VPP Application

Productive Apps with WSO2Mobile MAM

VPP Application• Apple supports VPP program to buy applications in

bulk• Enterprise enrolls • Buys app in bulk• Receives the redemption code• Uploads to MAM• Employees download applications, MAM provisions

the redemption code through MDM

Productive Apps with WSO2Mobile MAM

How application is installed ?

• Employee logs to the store • Discovers the application • Installs the app to the device

Productive Apps with WSO2Mobile MAM

• Role Based Application Installation & Uninstallation• User Based Application Installation & Uninstallation

• Policy Install Application Policy (Role, User , Platform) Black-List Application

Application Management Console

Productive Apps with WSO2Mobile MAM

Productive Apps with WSO2Mobile MAM

Productive Apps with WSO2Mobile MAM

MDMDB

Adapter

iOS APNS Android GCM

MDM Console

Notification

iOS Android

App Mgmt Device Mgmt

MAMMAM Console

PublisherG-Reg

Store

User Store

MAM is tightly integrated with MDM

Productive Apps with WSO2Mobile MAM

Thank You