IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business
-
Upload
ibm-sverige -
Category
Business
-
view
828 -
download
0
description
Transcript of IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business
![Page 1: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/1.jpg)
“BYOD – So What ?”UNIFIED Device Management across your environment: From Server to Smartphone.
Keith Poyser.
Director: IBM Mobility and End Point.
UKI, SPGI, NORDICS,BENELUX.
IBM.
![Page 2: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/2.jpg)
Critical systems are globally distributed and in constant flux
Visibility is key in a constantly changing, distributed world
Find all assets on your network – NOW!
Deploy a software application worldwide in
days.
Patch hundreds of thousands of workstations, laptops and
servers in minutes.
Continuously enforce security configuration baselines, even
on mobile and off-network devices.
Patch anywhere, anytime over any network.
Find, Manage and Secure your BYOD and Smart Devices
![Page 3: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/3.jpg)
End Point Manager: The Power of One
3
![Page 4: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/4.jpg)
What Does End Point Manager Do?
• Gives IT the visibility, speed, adaptability,
control, and precision to do more with less• Packaged Specific Solution Areas:
– Systems Lifecycle Management– Core Protection & DLP & DC– Security & Compliance Management– Patch Management (s/alone)– Power Management (s/alone)– Mobile Device Management– Software Use Analysis
• As well as solving unforeseen problems such as…
RESULTS IN MINUTES:
• Automatically target machines for migration that are hardware-ready
• Precisely manage battery/hw replacements
• Reduce software spend based on accurate usage patterns
4
RESULTS IN MINUTES:
• How many machines are hardware-compatible with Win7?
• Which laptops are affected by a manufacturer’s battery recall?
• What software are we paying for vs. what we’re using? What is installed on employee Mobile Devices ?
![Page 5: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/5.jpg)
Single Server & Console• Highly secure, highly scalable• Aggregates data, analyzes & reports• Pushes out pre-defined/custom policies
Cloud-based Content Delivery• Highly extensible• Automatic, on-demand
functionality
Single Intelligent Agent• Performs multiple functions• Continuous self-assessment & policy
enforcement• Minimal system impact (< 2% CPU)
Lightweight, Robust Infrastructure• Use existing systems as Relays• Built-in redundancy • Support/secure roaming endpoints
End Point Manager : Secret Sauce….
5
![Page 6: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/6.jpg)
Tivoli Endpoint Manager, built on BigFix technology: Converged Capability.
Unifying IT operations and
security Tivoli Endpoint Manager for Security and Compliance
Tivoli Endpoint Manager
IT Security Solutions
Tivoli Endpoint Manager for Patch Management
Tivoli Endpoint Manager
IT Operations Solutions
Tivoli Endpoint Manager for Lifecycle Management
Tivoli Endpoint Manager for Power Management
Tivoli Endpoint Manager for Core Protection
Tivoli Endpoint Manager for Software Use Analysis
Tivoli Endpoint Manager for Patch Management
Tivoli Endpoint Manager for Mobile Device Management
Tivoli Endpoint Manager for Mobile Device Management
![Page 7: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/7.jpg)
61%of CIOs put mobile as priority
increased productivity with mobile apps45%
10 Billiondevices by 2020
BYOD and Mobile is a mandatory transformation
![Page 8: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/8.jpg)
Device inventory
Security policy mgmt
Application mgmt
Device config (VPN/Email/Wifi)
Encryption mgmt
Roaming device support
Integration with internal systems
Scalable/Secure solution
Easy-to-deploy
Multiple OS support
Consolidated infrastructure
Device Wipe
Location info
Jailbreak/Root detection
Enterprise App store
Self-service portal
OS provisioning
Patching
Power Mgmt
Anti-Virus Mgmt
Traditional Endpoint Management Mobile Device Management
![Page 9: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/9.jpg)
Benefits of an Endpoint Manager based Approach to Mobile Device Management
9
“Organizations…would prefer to use the same tools across PCs, tablets and smartphones, because it's increasingly the same people who support those device types”
– Gartner, PCCLM Magic Quadrant, January 2011 Although at some level mobile is unique, the devices are just another form of endpoints in your
infrastructure. This means whichever technologies you procure should have a road map for integration into your broader endpoint protection strategy.
– Forrester, Market Overview: Mobile Security, Q4, 2011
Reduces Hardware & Administration Costs
• “Single pane” for mobile devices, laptops, desktops, and servers
• Single Endpoint Manager Server scales to 250,000+ devices
• Unified infrastructure/administration model reduces FTE requirements
Fast Time-to-Value
• Enterprise-grade APIs enable integration with service desks, CMDBs, etc (Integrated Service Management)
• Cloud-based content delivery model allows for rapid updates with no software upgrade or installation required
![Page 10: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/10.jpg)
Mobile OS vendors move very quickly
Google and Apple have released major Android and iOS versions 6x and 3x faster, respectively, than Microsoft has released major Windows PC versions
Microsoft Windows Apple iOS Google Android
Release Year 1985 2007 2008
# of Versions 11* 6** 10***
Versions per Year 0.4 1.2 2.5
OS “velocity” vs. Microsoft - 3x 6.3x
* Microsoft Windows 1.0, 2.0, 3.0, 95, 98, 2000, ME, XP, Vista, 7, 8; excludes server platforms** Apple iOS 1, 2, 3, 4, 5, 6*** Google Android 1.0, 1.1, Cupcake, Donut, Éclair, Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean
How quickly does your management vendor support new OS versions?
![Page 11: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/11.jpg)
Mobile devices magnify existing challenges and also pose unique ones that significantly disrupt traditional management paradigms
Traditional Mgmt Model New Device Mgmt Paradigm
Enterprises provide all equipment Employees bring personal devices (BYOD)
Small set of supported platforms / models Many different manufacturers / models
IT initiates and manages upgrades OS/app upgrades managed by carriers, OEMs, users
IT tightly controls apps and security Users control their own devices
Options for IT departments Don’t allow mobile devices because they are too hard to manage Allow unmanaged and insecure mobile devices Invest in tools to secure and manage devices
![Page 12: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/12.jpg)
Management capabilities vary greatly by mobile operating system, but one thing is consistent – the user is king
Management Function
Supported by Apple?
NotesSupported by
Google?Notes
Selectively Wipe Mail / Calendar / Contacts
Standard part of Apple’s MDM interface
Android doesn’t have a native email client that supports selective wipe, so integration with 3rd-party email clients (e.g., Lotus Traveler or NitroDesk TouchDown) is necessary
Forcibly Install Apps
iOS doesn’t currently support forcible app install without user permission, so enterprise app store approach is needed.
“Vanilla” Android doesn’t currently support forcible app install without user permission, so enterprise app store approach is needed.
Forcibly Uninstall Apps
With iOS 5, apps (both public and private) provisioned via the enterprise app store can be uninstalled remotely without user intervention
“Vanilla” Android doesn’t currently support forcible app uninstall without user permission.
Remote ControlApps are sandboxed – there is no ability for an app to gain visibility/control over the entire device
“Vanilla” Android doesn’t currently support remote control
![Page 13: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/13.jpg)
Apple enables remote management of its capabilities via one set of remote APIs for all MDM vendors, while Google allows on-device, agent-based management
Sample of Apple Capabilities
![Page 14: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/14.jpg)
Hardware
OS
Personal Domain Enterprise Domain
OSHypervisor
No Data Separation
Hardware
Operating System
Enterprise & Personal AppsNativeApps
HardwareOperating System
Personal Apps Enterprise AppsNative Data Separation Based on platform-specific APIs
from OS vendors or from OEMs (Samsung, Lenovo, etc)
Preserves native user experience
Virtualization Hypervisor layer allows separate
OSes Currently possible on Android
Enterprise Data
Personal Data
1
2
3
Hardware
3rd-Party Separation 3rd-party app acts as container and
replicates native OS functionality such as email, calendar, contacts
Some apps live in container Disrupts native user experience
Apps Container
Operating System
Data Separation
![Page 15: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/15.jpg)
IBM’s Approach to Managing BYOD
• Deploy a secure technology framework: “Shark Cage”!
• Leverage the SAME Technology Framework as Desktop Management
• Develop a strong usage policy
• Educate employees – Digital IBMer Education– Business Conduct Guidelines
• Support personally-owned devices through social software
![Page 16: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/16.jpg)
3Q 2010 Normalized ITMS infections (similar results through Q4/2010)
Normalized: ITMS detected malware per country divided by number of employees per country
IBM CIO Office pilot
Tivoli Endpoint Manager in IBM Globally on Desktops
![Page 17: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/17.jpg)
BAU BigFix
Patch availability typically 3-14+ days Patch availability within 24 hours
92% compliance within 5 days (ACPM only) 98% within 24 hours
EZUpdate sometimes misses application of patches on required machines
Detected about 35% of participants missing at least one previous patch
Compliance model, completely reliant on user 90% of Windows requirements can be automatically remediated
Exceptions at machine level Exceptions at setting level
IBM Pilot Desktops Production results
![Page 18: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/18.jpg)
Customer Needs Key Features & Outcomes
IBM Office of the CIO then includes Mobile…
Support BYOD for a variety of mobile platforms securely for a highly mobile population
Scale to hundreds of thousands of devices
120,000 mobile devices, 80,000 personally owned, supported in months
Integrated Lotus Traveler, IBM Connections, IBM Sametime, and IBM Endpoint Manager
Extending Corporate Access“IBM's BYOD program “really is about supporting employees in the way they want to work. They will find the most appropriate tool to get their job done. I want to make sure I can enable them to do that, but in a way that safeguards the integrity of our business.”
Jeanette Horan, IBM CIO
![Page 19: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/19.jpg)
Tivoli Endpoint Manager: Lifecycle, Security and ComplianceFrom Datacentre to Desktop to Device. See More, Secure More; We Guarantee it….
Discover 10% - 30% more assets than previously reported
Achieve 95%+ first-pass success rates within hours of policy or patch deployment
Library of 5,000+ compliance settings, including support for FDCC SCAP, DISA STIG
Automatically and continuously enforce policy at the end point
• Patch Management• Security Config Mgmt• Vulnerability Mgmt• Asset Mgmt• Network Self-
Quarantine• Multi-Vendor Endpoint
Protection Mgmt• Anti-Malware & Web
Reputation Service, D.C and DLP.
• Software Distribution• O.S Distribution• Mobile Device
Management
![Page 20: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/20.jpg)
Thank You !
Keith Poyser.
Director: IBM Mobility and End Point.
UKI, SPGI, NORDICS,BENELUX.
IBM.
+447711 773878 / [email protected]
![Page 21: IBM Smarter Business 2012 - BYOD: "So what?" – Enabling mobile and mixed endpoints for business](https://reader038.fdocument.pub/reader038/viewer/2022103109/546c84c3af795956388b5f02/html5/thumbnails/21.jpg)