IBM mobile strategy at Innovate 2012

© 2012 IBM Corporation 1

IBM Mobile Strategy Business partner day


61% of CIOs put mobile as priority

increased productivity with mobile apps 45%

10 Billion devices by 2020

Mobile is a transformational


Mobile presents an enormous set of opportunities…

Business to Consumer

• Improve customer satisfaction

• Deeper customer engagement and loyalty

• Drive increased sales through Personalized offers

• Customer service

• Competitive differentiator

• Improve brand perception

• Deeper insight into customer buying behavior for up sell and cross sell

• Improve in store experience with mobile concierge services

Business to Enterprise

• Increase worker productivity

• Improved claims processing

• Increase revenue through sales engagements

• Extend existing applications to mobile workers and customers

• Reducing fuel, gas, or fleet maintenance costs that are relevant in particular industries

• Increase employee responsiveness and decision making speed

• Resolve internal IT issues faster

• Reduce personnel cost (utilizing personal owned instead of corporate issued devices)


Build mobile applications

Connect to, and run backend systems in support of mobile

Manage mobile devices and applications

Secure my mobile business

Extend existing business capabilities to mobile devices

Transform the business by creating new opportunities

Client Initiatives

Key Capabilities

• Strategy and planning services

• Mobile-enabled solutions

including analytics, commerce,

and social business

• Implementation and hosting

services

Key Capabilities

• Mobile web app development

• Enterprise data, service, and

application integration

• Mobile Lifecycle Management

Key Capabilities

• Mobile Device Management

• Secure Network

Communications &

Management

• Device analytics and control

Concord Hospital improved patch compliance 50%, reduced software license costs 25%, and has not had a single malware infection since implementation of IBM Endpoint Manager for patch management and core protection

Customers are focused on a new set of mobile “client initiatives”

*ING Canada


But mobile also brings business and IT challenges

Top Mobile Adoption Concerns:

1. Security/privacy (53%)

2. Cost of developing for multiple

mobile platforms (52%)

3. Integrating cloud services to mobile

devices (51%)

Source: 2011 IBM Tech Trends Report

https://www.ibm.com/developerworks/mydeveloperworks/blogs/techtrends/entry/home?lang=en

Bring Your Own Device to Work (“BYOD”)

Cross-platform Development Considerations

– Ability to create the user interface that you

need

– Avoiding the lowest-common-denominator

pitfall

– Learning curve

– Avoiding vendor lock-in / technology that

won’t keep up

Using What the Device Has to Offer

R&D Processes and Developer Teams

Back-end Data Integration

Security and Authentication

Post-deployment control of apps

https://www.ibm.com/developerworks/mydeveloperworks/blogs/techtrends/entry/home?lang=en


Extending business to mobile customers

and workforce

Improve operational efficiencies and

reduce costs

Differentiate the customer experience

Enable new services and business models

Busin

ess

Re

su

lts

Banking Insurance Healthcare Telecom Retail Government Others

User Notification

3rd Party Mobility Services

Location Services

Mobile Payments

Social Mobile Commerce

Customer Care and Insights

Workforce Optimization

Product and Service Innovation

IBM Enterprise Mobile Platform

Social Collaboration

Customers are looking for a mobile platform that solves their needs








Mobile client initiatives: Build and Connect







Client Initiatives

Customers can now build enterprise mobile

applications that:

• Run on multiple mobile devices

• Connect to enterprise back-end

applications and information systems

• Fulfills fast time-to-market requirements

and can be rapidly updated with new

releases

• Deliver high quality user experience


Worklight Introduction

Worklight is an open, complete and advanced mobile

application platform for HTML5, hybrid and native apps.


Worklight Studio A complete, extensible environment with maximum code reuse and per-device optimization

Worklight Server Unified notifications, runtime skinning, version management, security features, integration and delivery

Worklight Runtime Components Extensive libraries and client APIs that expose and interface with native device functionality and the Worklight server

Worklight Console A web-based console for real-time analytics and control of your mobile apps and infrastructure

←

Worklight mobile platform overview

© 2012 IBM Corporation 11 11

Worklight Architecture Overview


Downloadable (Native) Apps

Application

Stores File System

(on mobile device)

Native App

(Java/Objective-C/C#)

Mobile Operating System

High-quality user

experience and full device

access.

Platform-specific, requires

unique expertise,

expensive to develop and

maintain.


Web Server

Web Apps

Mobile Browser

Native App

(Java/Objective-C/C#)


Written in HTML5

JavaScript and CSS3.

Quick and cheap to

develop.

Less powerful than native

and limited device

access.


Hybrid Apps

Application

Stores File System

(on mobile device)

Native Container

HTML, CSS, JavaScript


Combines best of both

worlds:

Primarily written in

HTML5, CSS, JS while

allowing full access to

device capabilities.


Write the majority of the code in

reusable web languages

Maximize user experience and achieve

unique functionality with native code

Hybrid Coding – Why Mix Native and Web?

15


Worklight Studio

• Eclipse-based IDE

• Combining native and standard web

technologies in one multiplatform app

• Environment-specific optimization

• 3rd-party libraries integration

• Device SDK integration

• Back-end connectivity utilities


Single Shared Codebase

Common code placed

in primary file

Environment optimization

code is maintained

separately


Incorporated Device SDKs


Integrating Best-in-class Tools

Worklight is compatible with prominent HTML5 libraries and tools:


Runtime Skins – Use Cases

Different

Screen Sizes

Different

Input Method

Different

Screen Densities

Support

for HTML5


Distributed Mobile Development

Centralized Shell

development

Distributed app

development

Centralized inspection

Automatic policy

enforcement

Ease of Development Control and Governance


Software Change &

Configuration Management

Rational Team Concert

Quality

Management

Rational Quality Manager

Rational solution for Collaborative Lifecycle Management

The Rational and Worklight Studio joint solution

Build & Deploy

Management

Requirements

Management

Application Development

Rational Team Concert

Rational Requirements

Composer

Studio

Application Development

Rational Application Developer

On-device testing (partner)


The Rational Team Concert (RTC) Build Engine integration provides a controlled build environment for mobile apps – both native and hybrid

Team Concert Client

Build SCM

sources executables,

logfiles

Team

repository

of apps

Studio

iOS

SDK

Android

SDK

RIM

SDK

Builder


Worklight Server

• Distribution of mobile web apps

• Enterprise connectivity:

• Secure client/server connectivity

• Direct access to enterprise back-end data and transaction capabilities

• Authentication enforcement

• Client control:

• Application version management and remote disabling

• Direct update of application code

• Unified Push Notifications

• Aggregation of usage statistics


Secure back-end

integration

XML-based declarative

specification

Multi-source data mashups

Eclipse plug-in supporting

auto-complete and

validation

Simplified adapter testing

Server-side debugging

Web services and JDBC

integration

Access to session data and

user properties

Back-end Integration


IBM Mobile Foundation – Worklight (WL) & Cast Iron Bundle

Cloud

Applications

Connects Worklight Apps with Cloud & On Premise Applications in Days

On-premise

Applications

Enterprise

Apps

Mobile Apps built on Worklight

IBM Mobile Foundation Bundle

IBM

Worklight

Server

WebSphere

Cast Iron

Hypervisor

Edition 6.1

IBM Mobile Foundation


Cloud Applications

Companies engaging across traditional boundaries

Extending boundaries via Cloud apps, mobile apps and business APIs

Web APIs Mobile Applications

Back-end Systems

http://www.netsuite.com/portal/home.shtml

http://images.google.com/imgres?imgurl=http://library2go.files.wordpress.com/2008/04/google.jpg&imgrefurl=http://library2go.wordpress.com/&usg=__LZxCu06kAhDW0WGln1U6IwcCEG4=&h=478&w=1197&sz=204&hl=en&start=1&tbnid=ylwf-XkJVe34QM:&tbnh=60&tbnw=150&prev=/images?q=google&hl=en&sa=G

http://images.google.com/imgres?imgurl=http://media.marketwire.com/attachments/200902/505229_eloqua_logo_red_RGB_451x80.png&imgrefurl=http://www.marketwire.com/press-release/Eloqua-NYSE-JMP-991200.html&usg=__64XVDmUrIBwHICp9kCxj6kUDyJk=&h=53&w=300&sz=9&hl=en&start=3&tbnid=j9GJjhvCrSSxuM:&tbnh=20&tbnw=116&prev=/images?q=eloqua+logo&gbv=2&hl=en


Flexible Push Notification Framework

Multiple users logging into the same app

Multiple event sources from same back-end

Many-to-many relationship between event

sources and apps

One application multiple devices

Custom subscription management

Common APIs for both iOS and Android


Device Runtime Components

• Framework for server integration:

• Secure server connectivity

• Authentication

• Remote disable & notification

• Push registration

• Event reporting for analytics & audit

• Cross-platform compatibility layer

• Runtime Skinning

• Secure encrypted storage


Enforcing

security updates

Remote

disable

Direct

update

Providing robust

authentication and

authorization

Authenticati

on

integration

framework

Data

protection

realms

Coupling

device id

with user id

Streamlining

Corporate security

processes

Mobile

platform as

a trust

factor

Application

Security

Code

obfuscation

SSL with

server

identity

verification

Proven

platform

security

Security Features Mapping

Jailbreak

and

malware

detection

App

authenticity

testing

Protecting data on

the device

Encrypted

offline

cache

Offline

authentication

Secure

challenge-

response on

startup


Worklight Console

• Application Version Management

• Push management

• Usage reports and analytics

• Reports of custom application events

• Configurable audit log

• Administrative dashboards for:

• Deployed applications

• Installed adapters

• Push notifications

• Data export to BI enterprise systems


App Management


Data Collection and Analytics


Advanced Reporting Functionality

34


Rich, cross-platform application development IBM Worklight V5.0

Enables flexible development, back-end

integration and ongoing management of rich,

cross-platform mobile apps using native and

standards-based HTML technologies and tools

Mobile-optimized middleware delivering an

enterprise-grade solution that meets the needs

of mobile employees and customers

Key capabilities:

Drag and Drop Visual development

Mobile simulator for mobile emulation and testing

app store for iterative development

Strong authentication framework

Encrypted offline data store

Enterprise back-end connectivity

Unified push notifications

Data collection for analytics

Direct updates and remote disablement

Packaged runtime skins

Expanded platform support

Fast and cost-effective development, integration and

management of enterprise mobile applications.

IBM Worklight, Developer edition V5.0 is licensed for development use only at no

charge


Comprehensive solution for mobile delivery IBM Mobile FoundationV5.0

A comprehensive suite that provides the

essential elements needed for mobile

applications development, deployment,

and management.

Mobile Foundation:

IBM Worklight for mobile application

development, delivery and

management

IBM Endpoint Manager for Mobile

Devices for complete end-to-end

Mobile Device Management (MDM)

IBM WebSphere Cast Iron

Hypervisor Edition advanced

connectivity to back-end and cloud

systems

End to end solution for mobile application

development, connectivity and device management


IBM Worklight Studio V 5.0

The IBM Worklight studio provides a visual

development environment for building rich

mobile applications .

Helps accelerate development time while

reducing errors.

Key capabilities:

WYSIWYG UI Construction

Drag and Drop components

Code Assist

Fast Preview in browser with device simulation

Integration with Native SDK

Integration with Rational Team Concert

Integration with RAD via shell sharing

Maximize code reuse across mobile platforms

A visual mobile app development environment

Helps accelerate development, rapid

prototypes, fast simulation, reduces errors.

Bundled with RAD


Mobile Application Center

A cross platform private mobile application

store similar to public app stores but focused

on the needs of an organization or a team

Ease highly iterative development process

and distribution of mobile applications

Key capabilities:

Delivers distribution and management of mobile applications within a company / teams

Easy distribution of iOs and Android apps within a team

Supports any mobile applications

Provides versioning and updates

Centralizes rating and feedback information

Controls who can modify or install an application

Easy to install and simple to run

App store supporting iterative development lifecycle to improve collaboration with application stakeholders, QA

and Development teams

Cross platform, technology agnostic mobile application

store


Mobile client initiatives: Manage and Secure





Client Initiatives

Customers can now:

• Use IBM Endpoint Manager for mobile

visibility, security and management

• Use IBM Security Access Manager to

authenticate and authorize mobile users

and devices

• Utilize managed services for complete

mobile landscape management



IBM Endpoint Manager for

Mobile Devices – extending

visibility, control and

automation for mobile

IBM Security Solutions


Extending visibility, control and automation to mobile devices

Building on the July 2010 BigFix acquisition

IBM Endpoint Manager for Mobile Devices

Available March 2012:

• Advanced management for iOS,

Android, Symbian, and Windows

Phone

• Unified management automatically

enables VPN access based on

security compliance

• Integration with back-end IT

management systems such as

service desk, CMDB, and SIEM

• Security threat detection and

automated remediation

• Extends IBM’s existing 500,000

endpoint deployment

Desktop / laptop /

server endpoint

Mobile

endpoint

Purpose-specific

endpoint

Security

management

Systems

management

Common

management agent

and console

Near-instant

deployment of

new features

IBM Endpoint Manager


Mobile Security Enabled with IBM Solutions

Internet

IBM WorkLight Runtime for safe mobile apps

• Encrypted data cache

• App validation

IBM Endpoint

Manager for Mobile Configure, Provision, Monitor

• Set appropriate security

policies

• Enable endpoint access

• Ensure compliance

Secure Data & the Device

IBM Security Access

Manager for Mobile Authenticate & Authorize users and

devices

• Standards Support: OAuth,

SAML, OpenID

• Single Sign-On & Identity

Mediation

IBM Mobile Connect Secure Connectivity

• App level VPN

Protect Access to Enterprise

Apps & Data

Achieve Visibility & Enable

Adaptive Security Posture

IBM QRadar System-wide Mobile Security Awareness

• Risk Assessment

• Threat Detection

Build & Run Safe Mobile Apps

IBM WorkLight Develop safe mobile apps

• Direct Updates

IBM AppScan for Mobile Vulnerability testing

• Dynamic & Static analysis of Hybrid

and Mobile web apps

IBM DataPower Protect enterprise applications

• XML security & message

protection

• Protocol Transformation &

Mediation


Mobile client initiatives: Extend and Transform



Client Initiatives

Customers can now

• Use our strategy and planning services to build a

mobile strategy and transform their business

• Use our industry frameworks and solutions

delivered via software, strategy, managed

services and business process consulting

• Use mobile to engage their own customers in

new ways with WebSphere Commerce and IBM

Social Collaboration software





Social collaboration

software – mobile

access to enterprise

social collaboration

IBM Mobile

Enterprise Services:

handles your secure

mobile device and

application deployment

and management


Important Links

Resource Location

IBM Mobile Enterprise www.ibm.com/software/solutions/mobile-enterprise/

Worklight www.worklight.com

Worklight Trial www.worklight.com/download

Dirk Nicol – Program Director, IBM Enterprise Mobile

[email protected]


Mechanism Benefits Details

Encrypted offline cache

• Protect against stealing sensitive information via malware, stolen devices

• Uses AES256 and PCKS #5 for on-device encrypted storage of app-generated information, with random server-generated numbers for high security

• Allows user authentication when server is offline • Implemented in JS (highly obfuscated) with optional native performance

enhancements

SSL identity verification for AJAX

• Protect against man-in-the-middle attacks

• Client-side AJAX framework automatically verifies Worklight-server credentials

Client code attestation • Prevent impersonation by phishing apps

• Protect apps from manipulation by malware

• Challenge-response based mechanism for proving client-application identity • Uses tamper-resistant self-inspecting code

Remote code updates

• Ensure timely propagation of critical security updates to entire install base

• New versions of the code can be distributed without requiring update of the app (currently JS/HTML)

Remote disable of specific versions

• Ensure timely propagation of critical security updates to entire install base

• Server-side console allows configuration of allowed app versions. Administrator can force users to install security updates to the native code

Authentication process framework

• Lower the cost and complexity of robust integration with the authentication infrastructure

• Server-side architecture for integration with back-end authentication infrastructure based on JAAS, with Authentication realms

• Client-side framework for asynchronous login requests on session expiration

Server-side safeguards • Prevention of SQL injection • XSRF protection

• Prepared-statement enforcement • Validation of submitted data against session cookie

Device identification • Prevent account-hijacking • Safely report device ID to the server • Identifying a user with specific devices

Mobile Security Measures

46


Mechanism Benefits Details

Enterprise SSO integration

• Leverage existing enterprise authentication facilities and user credentials

• Enable employee-owned devices

• Client side mechanism obtains and encrypts user credentials, sends to the server with requests

• Encryption incorporates user-supplied PIN, Server side secret and deviceID • Credentials cannot be retrieved from lost or stolen device

VPN alternative

• Enable the secure delivery and operation of mobile applications for employee owned devices or device types not allowed on the corporate network

• Enable the secure delivery in cases where the installation of VPN client on mobile devices is not possible or complicated to manage

• Client side and server side framework act as SSL based VPN • Network access control and policies pre-configured in the client side

framework layer • Network access and security measures updated using server side framework • On device encrypted storage to prevent compromise of sensitive data

Mobile Security Measures (cont’d)

47

IBM mobile strategy at Innovate 2012

Technology

Transcript of IBM mobile strategy at Innovate 2012