Enabling a Mobile Enterprise
Mark Holobach Senior Systems Engineer
Citrix Mobility
Mark Holobach Citrix Systems
Enabling a Mobile Enterprise Your Technical
Blueprint To Getting Started
How Mobile Feels Today
User Needs Want access to all apps and data
from any of their devices
Enterprise Mobility in Numbers
BYO Devices
Average per Employee
3 Devices
Multiple Locations
Work in multiple locations
65% Employees
App Proliferation
Average Citrix customer portfolio
200+ Apps
Unmanaged Data
Use unmanaged cloud storage
80%+ Fortune 500
Source: Citrix and leading analysts
Forrsights Networks And Telecommunica7ons Survey
50% work from home
32% work at public sites
43% work from client sites
40% work while traveling
Win 40%
Other 39%
SaaS 16%
Mobile 5%
Win 38%
Other 24%
SaaS 25%
Mobile 13%
IDC
By 2015: • Mobile app development projects will outnumber na7ve PC projects by a ra7o of 4-‐to-‐1
Gartner
2011 2015
Need to Balance End Users and IT
Free
dom
C
ompliance
Any App, Any Device
Log In Once
Mail, Browser,
Docs Manage Devices
Secure Apps
Control Network Access
Free
dom
C
ompliance
Need to Balance End Users and IT
Corporate Devices
BYO Devices
2000 2012
Manage Email
Manage Devices
Consumerization in the mobile world
Manage BYO
MAM
MDM
Mobile Solutions Considerations
• Enterprise grade MDM
• Mail Options
• Secure Browser
• Secure Data Delivery Options
• Secure 3rd Party and House apps
• Unified App Store
• Federated identity & SSO
• Scenario-based access controls
4 Stages to Mobility Project
• MDM “1.0”
Manage the Devices
• Mail Options
What levels of security do I need?
• Enable Apps and Data
Manage the risk of data loss.
• Extra Features
Simplify the user experience,
enhance security.
MDM 1.0 - Mobile Device Lifecycle Management
Mail Delivery Options and Limitations Configuration of Native Mail and 3rd party mail apps, i.e. Touchdown for Android • iOS and Samsung provide a partitioned mail app. • A mail client is required for other Android Devices, i.e. Touchdown, Citrix,
Good. • No ability to password protect mail, control attachments or any DLP control. Native Mail / Touchdown + Email Attachment Encryption as an Option • Encrypt attachments to iOS or Android devices. • Key resides on the device so the attachment may only be viewed on that
device. • Attachment may be opened in DLP controlled apps. Secure Mail Client Considerations • Separate, secured, encrypted mail client for iOS and Android. • Adds the ability to set a password on the mail client and enforce DLP
controls. • Integrated with secure apps & data.
Secure Content Deliver Options None • No control Secure Ecosystem • Secured Apps
Email Web Browser Wrapped Apps
• Secure Data Container SharePoint ShareFile Other File Sources
Receiver • No data on device, full access to apps and data.
User and Security Enhancements
Enable Single Sign On • One complaint from users is that there are multiple passwords for mobile
apps that don’t use their domain credentials. i.e. Salesforce Automated Actions • One consideration that administrators and security professionals have is
‘monitoring’ what a user does on their device. Did they install a Blacklisted app? Did they Jailbreak/root the device? Did they remove the MDM app?
Delivering Apps • Administrators need to be able to deliver required and optional apps to any
device. With the proliferation of devices, the apps are no longer limited to iOS and Android store apps. The list now includes Windows, SaaS and Web.
Scenario Based Access Control • Some data an organization may only want to make available based on
location. That may be achieved using Scenario Bases Access Controls. For example, only allow access to shipbuilding docs when on a secure network.
So how does Citrix Solve the Problem
Browser
Docs
Sandboxed Mail, Docs, and Browser
combined with a great user experience.
Disable Camera þ
Disable iCloud use þ
Disable printing þ
Disable sending email þ Disable sending SMS þ
Disable Copy/Paste þ
Restrict outbound URL þ
Disable Open-In þ Data protection settings that allow IT to take a granular, yet measured approach
Encrypt app and data þ
@WorkWeb Secure Browsing
@WorkMail Email, calendar & contacts
ShareFile Follow-‐me
Data
GoToMeeting Integrated
Collabora7on
Podio Social Team Collabora7on
Me@Work mobile app family
@WorkWeb @WorkMail
Secure browser Internal web app access Full inter-‐app integra7on Consumer experience
MDX-‐secured
Mail, calendar, contacts Enterprise class security
Beau7ful na7ve experience Full inter-‐app integra7on
MDX-‐secured
@WorkWeb
@WorkMail
• Secure Exchange connec7vity
• No new messaging
infrastructure
• Connected/ disconnected
access
• Any intranet site access • Na7ve browser experience
MDX Policy
Allow Camera þ
iCloud Backup þ
Disable printing þ
Require Authentication þ Trusted Network Only þ
Enable DLP þ
Restrict outbound URL þ
InterApp Sharing þ
Offline lease period 24 h
MDX Policy
Allow Camera þ
iCloud Backup þ
Disable printing þ
Require Authentication þ Trusted Network Only þ
Enable DLP þ
Restrict outbound URL þ
InterApp Sharing þ
Offline lease period 24 h
• Secure app containers
• Micro VPN • Lock and wipe
• Inter-app controls • Conditional access policies
Use Cases Restaurant Chain > Red Robin Oil Production and Exploration > Marathon Oil Large Air Freight Logistics Company International Bank > Rabobank
Citrix — The Most Complete Mobile Portfolio
Mobile Device Management
Sandboxed Mail and Web
Mobile App Security
Secure Mobile Data Sharing
Mobile Network Control
SSO and Identity Management
Desktop and App
Virtualization
Collaboration
Mobile ROI
Any app, any device, anywhere
Top Related