IBM mobile strategy at Innovate 2012
-
Upload
dirk-nicol -
Category
Technology
-
view
4.083 -
download
0
description
Transcript of IBM mobile strategy at Innovate 2012
© 2012 IBM Corporation 1
IBM Mobile Strategy Business partner day
© 2012 IBM Corporation 2
© 2012 IBM Corporation 3
61% of CIOs put mobile as priority
increased productivity with mobile apps 45%
10 Billion devices by 2020
Mobile is a transformational
© 2012 IBM Corporation 4
Mobile presents an enormous set of opportunities…
Business to Consumer
• Improve customer satisfaction
• Deeper customer engagement and loyalty
• Drive increased sales through Personalized offers
• Customer service
• Competitive differentiator
• Improve brand perception
• Deeper insight into customer buying behavior for up sell and cross sell
• Improve in store experience with mobile concierge services
Business to Enterprise
• Increase worker productivity
• Improved claims processing
• Increase revenue through sales engagements
• Extend existing applications to mobile workers and customers
• Reducing fuel, gas, or fleet maintenance costs that are relevant in particular industries
• Increase employee responsiveness and decision making speed
• Resolve internal IT issues faster
• Reduce personnel cost (utilizing personal owned instead of corporate issued devices)
© 2012 IBM Corporation 5
Build mobile applications
Connect to, and run backend systems in support of mobile
Manage mobile devices and applications
Secure my mobile business
Extend existing business capabilities to mobile devices
Transform the business by creating new opportunities
Client Initiatives
Key Capabilities
• Strategy and planning services
• Mobile-enabled solutions
including analytics, commerce,
and social business
• Implementation and hosting
services
Key Capabilities
• Mobile web app development
• Enterprise data, service, and
application integration
• Mobile Lifecycle Management
Key Capabilities
• Mobile Device Management
• Secure Network
Communications &
Management
• Device analytics and control
Concord Hospital improved patch compliance 50%, reduced software license costs 25%, and has not had a single malware infection since implementation of IBM Endpoint Manager for patch management and core protection
Customers are focused on a new set of mobile “client initiatives”
*ING Canada
© 2012 IBM Corporation 6
But mobile also brings business and IT challenges
Top Mobile Adoption Concerns:
1. Security/privacy (53%)
2. Cost of developing for multiple
mobile platforms (52%)
3. Integrating cloud services to mobile
devices (51%)
Source: 2011 IBM Tech Trends Report
https://www.ibm.com/developerworks/mydeveloperworks/blogs/techtrends/entry/home?lang=en
Bring Your Own Device to Work (“BYOD”)
Cross-platform Development Considerations
– Ability to create the user interface that you
need
– Avoiding the lowest-common-denominator
pitfall
– Learning curve
– Avoiding vendor lock-in / technology that
won’t keep up
Using What the Device Has to Offer
R&D Processes and Developer Teams
Back-end Data Integration
Security and Authentication
Post-deployment control of apps
© 2012 IBM Corporation 7
Extending business to mobile customers
and workforce
Improve operational efficiencies and
reduce costs
Differentiate the customer experience
Enable new services and business models
Busin
ess
Re
su
lts
Banking Insurance Healthcare Telecom Retail Government Others
User Notification
3rd Party Mobility Services
Location Services
Mobile Payments
Social Mobile Commerce
Customer Care and Insights
Workforce Optimization
Product and Service Innovation
IBM Enterprise Mobile Platform
Social Collaboration
Customers are looking for a mobile platform that solves their needs
Build mobile applications
Connect to, and run backend systems in support of mobile
Manage mobile devices and applications
Secure my mobile business
Extend existing business capabilities to mobile devices
Transform the business by creating new opportunities
© 2012 IBM Corporation 8
Mobile client initiatives: Build and Connect
Build mobile applications
Connect to, and run backend systems in support of mobile
Manage mobile devices and applications
Secure my mobile business
Extend existing business capabilities to mobile devices
Transform the business by creating new opportunities
Client Initiatives
Customers can now build enterprise mobile
applications that:
• Run on multiple mobile devices
• Connect to enterprise back-end
applications and information systems
• Fulfills fast time-to-market requirements
and can be rapidly updated with new
releases
• Deliver high quality user experience
© 2012 IBM Corporation 9
Worklight Introduction
Worklight is an open, complete and advanced mobile
application platform for HTML5, hybrid and native apps.
© 2012 IBM Corporation 10
Worklight Studio A complete, extensible environment with maximum code reuse and per-device optimization
Worklight Server Unified notifications, runtime skinning, version management, security features, integration and delivery
Worklight Runtime Components Extensive libraries and client APIs that expose and interface with native device functionality and the Worklight server
Worklight Console A web-based console for real-time analytics and control of your mobile apps and infrastructure
←
Worklight mobile platform overview
© 2012 IBM Corporation 11 11
Worklight Architecture Overview
© 2012 IBM Corporation 12
Downloadable (Native) Apps
Application
Stores File System
(on mobile device)
Native App
(Java/Objective-C/C#)
Mobile Operating System
High-quality user
experience and full device
access.
Platform-specific, requires
unique expertise,
expensive to develop and
maintain.
© 2012 IBM Corporation 13
Web Server
Web Apps
Mobile Browser
Native App
(Java/Objective-C/C#)
Mobile Operating System
Written in HTML5
JavaScript and CSS3.
Quick and cheap to
develop.
Less powerful than native
and limited device
access.
© 2012 IBM Corporation 14
Hybrid Apps
Application
Stores File System
(on mobile device)
Native Container
HTML, CSS, JavaScript
Mobile Operating System
Combines best of both
worlds:
Primarily written in
HTML5, CSS, JS while
allowing full access to
device capabilities.
© 2012 IBM Corporation 15
Write the majority of the code in
reusable web languages
Maximize user experience and achieve
unique functionality with native code
Hybrid Coding – Why Mix Native and Web?
15
© 2012 IBM Corporation 16 16
Worklight Studio
• Eclipse-based IDE
• Combining native and standard web
technologies in one multiplatform app
• Environment-specific optimization
• 3rd-party libraries integration
• Device SDK integration
• Back-end connectivity utilities
© 2012 IBM Corporation 17
Single Shared Codebase
Common code placed
in primary file
Environment optimization
code is maintained
separately
© 2012 IBM Corporation 18
Incorporated Device SDKs
© 2012 IBM Corporation 19
Integrating Best-in-class Tools
Worklight is compatible with prominent HTML5 libraries and tools:
© 2012 IBM Corporation 20
Runtime Skins – Use Cases
Different
Screen Sizes
Different
Input Method
Different
Screen Densities
Support
for HTML5
© 2012 IBM Corporation 21
Distributed Mobile Development
Centralized Shell
development
Distributed app
development
Centralized inspection
Automatic policy
enforcement
Ease of Development Control and Governance
© 2012 IBM Corporation 22
Software Change &
Configuration Management
Rational Team Concert
Quality
Management
Rational Quality Manager
Rational solution for Collaborative Lifecycle Management
The Rational and Worklight Studio joint solution
Build & Deploy
Management
Requirements
Management
Application Development
Rational Team Concert
Rational Requirements
Composer
Studio
Application Development
Rational Application Developer
On-device testing (partner)
© 2012 IBM Corporation 23
The Rational Team Concert (RTC) Build Engine integration provides a controlled build environment for mobile apps – both native and hybrid
Team Concert Client
Build SCM
sources executables,
logfiles
Team
repository
of apps
Studio
iOS
SDK
Android
SDK
RIM
SDK
Builder
© 2012 IBM Corporation 24 24
Worklight Server
• Distribution of mobile web apps
• Enterprise connectivity:
• Secure client/server connectivity
• Direct access to enterprise back-end data and transaction capabilities
• Authentication enforcement
• Client control:
• Application version management and remote disabling
• Direct update of application code
• Unified Push Notifications
• Aggregation of usage statistics
© 2012 IBM Corporation 25
Secure back-end
integration
XML-based declarative
specification
Multi-source data mashups
Eclipse plug-in supporting
auto-complete and
validation
Simplified adapter testing
Server-side debugging
Web services and JDBC
integration
Access to session data and
user properties
Back-end Integration
© 2012 IBM Corporation 26
IBM Mobile Foundation – Worklight (WL) & Cast Iron Bundle
Cloud
Applications
Connects Worklight Apps with Cloud & On Premise Applications in Days
On-premise
Applications
Enterprise
Apps
Mobile Apps built on Worklight
IBM Mobile Foundation Bundle
IBM
Worklight
Server
WebSphere
Cast Iron
Hypervisor
Edition 6.1
IBM Mobile Foundation
© 2012 IBM Corporation 27
Cloud Applications
Companies engaging across traditional boundaries
Extending boundaries via Cloud apps, mobile apps and business APIs
Web APIs Mobile Applications
Back-end Systems
© 2012 IBM Corporation 28
Flexible Push Notification Framework
Multiple users logging into the same app
Multiple event sources from same back-end
Many-to-many relationship between event
sources and apps
One application multiple devices
Custom subscription management
Common APIs for both iOS and Android
© 2012 IBM Corporation 29 29
Device Runtime Components
• Framework for server integration:
• Secure server connectivity
• Authentication
• Remote disable & notification
• Push registration
• Event reporting for analytics & audit
• Cross-platform compatibility layer
• Runtime Skinning
• Secure encrypted storage
© 2012 IBM Corporation 30
Enforcing
security updates
Remote
disable
Direct
update
Providing robust
authentication and
authorization
Authenticati
on
integration
framework
Data
protection
realms
Coupling
device id
with user id
Streamlining
Corporate security
processes
Mobile
platform as
a trust
factor
Application
Security
Code
obfuscation
SSL with
server
identity
verification
Proven
platform
security
Security Features Mapping
Jailbreak
and
malware
detection
App
authenticity
testing
Protecting data on
the device
Encrypted
offline
cache
Offline
authentication
Secure
challenge-
response on
startup
© 2012 IBM Corporation 31 31
Worklight Console
• Application Version Management
• Push management
• Usage reports and analytics
• Reports of custom application events
• Configurable audit log
• Administrative dashboards for:
• Deployed applications
• Installed adapters
• Push notifications
• Data export to BI enterprise systems
© 2012 IBM Corporation 32
App Management
© 2012 IBM Corporation 33
Data Collection and Analytics
© 2012 IBM Corporation 34
Advanced Reporting Functionality
34
© 2012 IBM Corporation 35
Rich, cross-platform application development IBM Worklight V5.0
Enables flexible development, back-end
integration and ongoing management of rich,
cross-platform mobile apps using native and
standards-based HTML technologies and tools
Mobile-optimized middleware delivering an
enterprise-grade solution that meets the needs
of mobile employees and customers
Key capabilities:
Drag and Drop Visual development
Mobile simulator for mobile emulation and testing
app store for iterative development
Strong authentication framework
Encrypted offline data store
Enterprise back-end connectivity
Unified push notifications
Data collection for analytics
Direct updates and remote disablement
Packaged runtime skins
Expanded platform support
Fast and cost-effective development, integration and
management of enterprise mobile applications.
IBM Worklight, Developer edition V5.0 is licensed for development use only at no
charge
© 2012 IBM Corporation 36
Comprehensive solution for mobile delivery IBM Mobile FoundationV5.0
A comprehensive suite that provides the
essential elements needed for mobile
applications development, deployment,
and management.
Mobile Foundation:
IBM Worklight for mobile application
development, delivery and
management
IBM Endpoint Manager for Mobile
Devices for complete end-to-end
Mobile Device Management (MDM)
IBM WebSphere Cast Iron
Hypervisor Edition advanced
connectivity to back-end and cloud
systems
End to end solution for mobile application
development, connectivity and device management
© 2012 IBM Corporation 37
IBM Worklight Studio V 5.0
The IBM Worklight studio provides a visual
development environment for building rich
mobile applications .
Helps accelerate development time while
reducing errors.
Key capabilities:
WYSIWYG UI Construction
Drag and Drop components
Code Assist
Fast Preview in browser with device simulation
Integration with Native SDK
Integration with Rational Team Concert
Integration with RAD via shell sharing
Maximize code reuse across mobile platforms
A visual mobile app development environment
Helps accelerate development, rapid
prototypes, fast simulation, reduces errors.
Bundled with RAD
© 2012 IBM Corporation 38
Mobile Application Center
A cross platform private mobile application
store similar to public app stores but focused
on the needs of an organization or a team
Ease highly iterative development process
and distribution of mobile applications
Key capabilities:
Delivers distribution and management of mobile applications within a company / teams
Easy distribution of iOs and Android apps within a team
Supports any mobile applications
Provides versioning and updates
Centralizes rating and feedback information
Controls who can modify or install an application
Easy to install and simple to run
App store supporting iterative development lifecycle to improve collaboration with application stakeholders, QA
and Development teams
Cross platform, technology agnostic mobile application
store
© 2012 IBM Corporation 39
Mobile client initiatives: Manage and Secure
Build mobile applications
Connect to, and run backend systems in support of mobile
Extend existing business capabilities to mobile devices
Transform the business by creating new opportunities
Client Initiatives
Customers can now:
• Use IBM Endpoint Manager for mobile
visibility, security and management
• Use IBM Security Access Manager to
authenticate and authorize mobile users
and devices
• Utilize managed services for complete
mobile landscape management
Manage mobile devices and applications
Secure my mobile business
IBM Endpoint Manager for
Mobile Devices – extending
visibility, control and
automation for mobile
IBM Security Solutions
© 2012 IBM Corporation 40
Extending visibility, control and automation to mobile devices
Building on the July 2010 BigFix acquisition
IBM Endpoint Manager for Mobile Devices
Available March 2012:
• Advanced management for iOS,
Android, Symbian, and Windows
Phone
• Unified management automatically
enables VPN access based on
security compliance
• Integration with back-end IT
management systems such as
service desk, CMDB, and SIEM
• Security threat detection and
automated remediation
• Extends IBM’s existing 500,000
endpoint deployment
Desktop / laptop /
server endpoint
Mobile
endpoint
Purpose-specific
endpoint
Security
management
Systems
management
Common
management agent
and console
Near-instant
deployment of
new features
IBM Endpoint Manager
© 2012 IBM Corporation 41
Mobile Security Enabled with IBM Solutions
Internet
IBM WorkLight Runtime for safe mobile apps
• Encrypted data cache
• App validation
IBM Endpoint
Manager for Mobile Configure, Provision, Monitor
• Set appropriate security
policies
• Enable endpoint access
• Ensure compliance
Secure Data & the Device
IBM Security Access
Manager for Mobile Authenticate & Authorize users and
devices
• Standards Support: OAuth,
SAML, OpenID
• Single Sign-On & Identity
Mediation
IBM Mobile Connect Secure Connectivity
• App level VPN
Protect Access to Enterprise
Apps & Data
Achieve Visibility & Enable
Adaptive Security Posture
IBM QRadar System-wide Mobile Security Awareness
• Risk Assessment
• Threat Detection
Build & Run Safe Mobile Apps
IBM WorkLight Develop safe mobile apps
• Direct Updates
IBM AppScan for Mobile Vulnerability testing
• Dynamic & Static analysis of Hybrid
and Mobile web apps
IBM DataPower Protect enterprise applications
• XML security & message
protection
• Protocol Transformation &
Mediation
© 2012 IBM Corporation 42
Mobile client initiatives: Extend and Transform
Build mobile applications
Connect to, and run backend systems in support of mobile
Client Initiatives
Customers can now
• Use our strategy and planning services to build a
mobile strategy and transform their business
• Use our industry frameworks and solutions
delivered via software, strategy, managed
services and business process consulting
• Use mobile to engage their own customers in
new ways with WebSphere Commerce and IBM
Social Collaboration software
Manage mobile devices and applications
Secure my mobile business
Extend existing business capabilities to mobile devices
Transform the business by creating new opportunities
Social collaboration
software – mobile
access to enterprise
social collaboration
IBM Mobile
Enterprise Services:
handles your secure
mobile device and
application deployment
and management
© 2012 IBM Corporation 43
© 2012 IBM Corporation 44
© 2012 IBM Corporation 45
Important Links
Resource Location
IBM Mobile Enterprise www.ibm.com/software/solutions/mobile-enterprise/
Worklight www.worklight.com
Worklight Trial www.worklight.com/download
Dirk Nicol – Program Director, IBM Enterprise Mobile
© 2012 IBM Corporation 46
Mechanism Benefits Details
Encrypted offline cache
• Protect against stealing sensitive information via malware, stolen devices
• Uses AES256 and PCKS #5 for on-device encrypted storage of app-generated information, with random server-generated numbers for high security
• Allows user authentication when server is offline • Implemented in JS (highly obfuscated) with optional native performance
enhancements
SSL identity verification for AJAX
• Protect against man-in-the-middle attacks
• Client-side AJAX framework automatically verifies Worklight-server credentials
Client code attestation • Prevent impersonation by phishing apps
• Protect apps from manipulation by malware
• Challenge-response based mechanism for proving client-application identity • Uses tamper-resistant self-inspecting code
Remote code updates
• Ensure timely propagation of critical security updates to entire install base
• New versions of the code can be distributed without requiring update of the app (currently JS/HTML)
Remote disable of specific versions
• Ensure timely propagation of critical security updates to entire install base
• Server-side console allows configuration of allowed app versions. Administrator can force users to install security updates to the native code
Authentication process framework
• Lower the cost and complexity of robust integration with the authentication infrastructure
• Server-side architecture for integration with back-end authentication infrastructure based on JAAS, with Authentication realms
• Client-side framework for asynchronous login requests on session expiration
Server-side safeguards • Prevention of SQL injection • XSRF protection
• Prepared-statement enforcement • Validation of submitted data against session cookie
Device identification • Prevent account-hijacking • Safely report device ID to the server • Identifying a user with specific devices
Mobile Security Measures
46
© 2012 IBM Corporation 47
Mechanism Benefits Details
Enterprise SSO integration
• Leverage existing enterprise authentication facilities and user credentials
• Enable employee-owned devices
• Client side mechanism obtains and encrypts user credentials, sends to the server with requests
• Encryption incorporates user-supplied PIN, Server side secret and deviceID • Credentials cannot be retrieved from lost or stolen device
VPN alternative
• Enable the secure delivery and operation of mobile applications for employee owned devices or device types not allowed on the corporate network
• Enable the secure delivery in cases where the installation of VPN client on mobile devices is not possible or complicated to manage
• Client side and server side framework act as SSL based VPN • Network access control and policies pre-configured in the client side
framework layer • Network access and security measures updated using server side framework • On device encrypted storage to prevent compromise of sensitive data
Mobile Security Measures (cont’d)
47