Mobil eszközök alkalmazása vállalati környezetben Kiss Tibor ICTS Hungary Kft. kiss.tibor@ictshungary.hu Mobil: +36 30 7488787 *
A mobil eszközök hipergyors növekedése... We’re seeing a hypergrowth cycle in mobile devices A year ago, Mary Meeker predicted that mobile device unit shipments would eclipse PC sales by the end of 2012. This actually happened in Q4 of 2010. These devices are making their way into businesses around the world. “The desktop internet ramp was just a warm-up act for what we’re seeing happen on the mobile internet.” The pace of mobile innovation is “unprecedented, I think, in world history.” Mary Meeker, Morgan Stanley – April 2010 ” “
A mobil eszközök hipergyors növekedése... Remember 5-6 years ago when the sudden demands of COMPLIANCE were put upon us? Our Security and IT OPERATIONS had to become complaint very quickly; without fail. As an industry, we all scrambled and for the most part we succeeded – but at great cost. We achieved compliance but we didn’t start out very efficient. WHY?................ Gain acknowledgement of a common challenge we faced together and succeeded. Because we’re building a case for another common/urgent challenge. Then, over the past 5 years or so, as an industry we’ve improved our technology and efficiency. Most enterprises effectively optimized their IT Security Operations, and have added new technology. Most customers I meet with are running good, smooth security operations and doing a lot more to protect their businesses with even less resource. Compliment the customer, and gain agreement that optimized operations mean better protection, and that they generally have less resource now. Then came the acceleration of mobile. First, we only had BlackBerrys. It was a closed system, and we had years to optimize our operations. Then came the iPhone. It started to put pressure on our IT operations, but really wasn’t enterprise-friendly. The old sandbox technology was cumbersome but effective and many companies used it to support simple email. Then, about a year ago, Android phones were becoming more popular and powerful, and the iPad was launched. That changed everything. Our users, often led by our most senior executives, quickly demanded that their new mobile devices connect to the corporate network. Our smooth-running IT Security Operations were, nearly overnight, under intense pressure to adopt brand new technology and fully support completely new platforms, OSs, and architectures. As an industry, we’re now being asked to build and launch new technology and processes that we just spent the last 5 years building out for our historical endpoints, in weeks or months. Important message #1... Mobile is exploding and it will not slow down. Therefore it’s a whole new world, and a challenge for IT, and security that MUST be addressed. And as a vendor, we’re working as fast as we can to create new technology but you cannot expect all endpoint security technology available for PCs to be instantly available for Mobile, especially with the added challenge of many new OSs and platforms. …We’re building a case for sticking with McAfee in the long run as the best-positioned vendor in this space. A mobilok terjedése az iparágat arra kényszeríti, hogy 1-2 év alatt ugyanazt a biztonságot produkálja, amit az egyéb vállalati platformok évtizedes elterjedése alatt már kialakított..
Tipikus jelenségek a mobilok világában... Mindenki számára elérhető Egyre több privát mobil eszköz éri/né el a vállalati infrastruktúrát Nem lehet nemet mondani a vállalati felhasználásnak Változatos platformok iOS, Android, Windows, stb. különböző „készültségi fokok” vállalati felhasználásra Alkalmazások tömege MDM rendszerek korai fejlesztési stádiumban szigetszerű megoldások Also new to the mobile explosion are there additional challenges not present during the traditional endpoint growth of the past decade. (1) Consumerization of IT has, for the first time, volumes of employees being able to connect their own personal devices to corporate IT networks. This introduces a whole new set of challenges in securing corporate data while enable the productivity gains that Consumerization offers. (2) Device diversity – the past decade as most emphasis on Windows XP. Mobile has not only Apple iOS, Android, and Windows Mobile, but – for example - each hardware device for Android has a slightly different implementation of the OS making software development and support that much harder. And finally, (3) App Explosion is changing the way we create and use software. Traditional endpoints relied mostly on email and web for application framework. Mobile has a whole new freedom in custom applications. But each new application – either public or private – introduces new threats and risks to corporate IT.
A mobilok engedélyezése kockázatot jelent Web 2. 0, Apps 2 A mobilok engedélyezése kockázatot jelent Web 2.0, Apps 2.0, Mobility 2.0 A felhasználók több mint fele nem használ zárolást Házirend rés áll fenn a mobilok és a normál IT rendszerek között HR This creates a unique challenge for IT. You have layers of employees – groups and roles within your organization, contractors, and consultants. And of course, you have an explosion of applications your users want to access for work, life, and a combination of the two. You have an explosion of devices on different platforms. Anytime you have all of these factors at once, you introduce risk into your organization. Risk of device loss, data loss or breach, or exposure of your corporate network. IT IT Keres- kedők Majdnem minden ötödik mobil elveszik évente A mobil eszközök lesznek a rosszindulatú kódok elsőszámú hordozói Pénzügy
A mobilok vállalati felhasználására vonatkozó stratégiák... A „Nem engedjük a mobilokat” nem tartható stratégia Alapvető biztonsági házirendek kikényszerítése a mobilon lévő érzékeny adatok védelmét biztosítani kell Szelektív, különböző szintű hozzáférés biztosítása (mélységi védelem) Alapszintű hozzáférés (pl. vállalti e-mail és naptár) Web szintű hozzáférés intranet-es alkalmazásokhoz Hálózati szintű hozzáférés MDM rendszer kialakítása a fentiek kikényszerítése és kényelmessé tétele költségek kordában tartása Illeszkedés az addigi biztonsági infrastruktúrába Also new to the mobile explosion are there additional challenges not present during the traditional endpoint growth of the past decade. (1) Consumerization of IT has, for the first time, volumes of employees being able to connect their own personal devices to corporate IT networks. This introduces a whole new set of challenges in securing corporate data while enable the productivity gains that Consumerization offers. (2) Device diversity – the past decade as most emphasis on Windows XP. Mobile has not only Apple iOS, Android, and Windows Mobile, but – for example - each hardware device for Android has a slightly different implementation of the OS making software development and support that much harder. And finally, (3) App Explosion is changing the way we create and use software. Traditional endpoints relied mostly on email and web for application framework. Mobile has a whole new freedom in custom applications. But each new application – either public or private – introduces new threats and risks to corporate IT.
Gyakorlati magyarországi példa mobil menedzsment rendszer bevezetésére Kiváltó ok: CEO döntés Minden felsővezető iPad2-t kap vállalati felhasználásra Célok Alapvető üzleti funkciók (e-mail, naptár) egyszerű és biztonságos nyújtása Kötelező biztonsági házirendek kikényszerítése Könnyű menedzselhetőség Tapasztalatok A VIP felhasználók elismerését váltotta ki Több száz készülék hatékony kiszolgálása, rendszer bővítése folyamatban >2000 mobil eszköz menedzselésére Az MDM rendszer tükrözi a mobil eszközök inhomogenitását Nagyvállalati szintű biztonság menedzsment rendszerbe illeszkedő megoldás Nagyon lényeges látni a gyártó termékfejlesztési terveit iPad Enterprise Environment Messaging Android Applications iPhone McAfee Enterprise Mobility Management securely empowers enterprise mobility in three ways: It makes it secure, easy, and scalable. SECURE. McAfee EMM makes enterprise mobility secure by configuring, enforcing, and managing the native security settings across the whole device, not just providing security for a single application like email in a sandbox. It enforces compliance with enterprise policies like not letting a jailbroken device or one with an out of date OS on your network. It extends your security infrastructure to include mobile devices, tying them into McAfee ePO. And McAfee is aggressively integrating its broad portfolio of security technology with EMM. And finally, it integrates into your data center, securely connecting to VPN and Wi-Fi, leveraging your PKI and directories, and enabling secure access to your line-of-business applications. EASY. McAfee EMM is also easy. First off, our ePO integration allows you to centrally manage devices as you would other endpoints for simple, efficient administration. This centralized console allows you to define policies, assign membership, perform help desk functions remotely, administer the system centrally, and perform compliance reporting. But we also ease the burden on you and your team by providing user self-service provisioning for employees to activate themselves and connect to enterprise resources. This combination of user self-service and administrative policy-setting results in EMM personalizing devices to users to optimize their productivity. SCALABLE. And last, EMM is enterprise grade. Scalability is also a big factor when it comes to the large enterprise. McAfee EMM ensures scalability up tens of thousands of devices, as well as the enterprise configurations you’d expect from a McAfee solution, such as high availability and disaster recovery. Along the right-hand side of this slide, you see the different types of platforms supported by EMM: iPads, Android, iPhone, Web OS, Microsoft Windows Mobile, and Symbian. Directory Mobil Menedzs-ment Win 7 & WinMo Certificate Services BlackBerry Files webOS Database Symbian VPN 6 6 augusztus 28, 2011
Törekedni kell az egységes menedzsmentre. Ha már létrehozott egy IT biztonsági infrastruktúrát, akkor miért építene ki egy másikat? Since mobile devices are essentially forcing customers to create a security infrastructure anew, we propose to bring them into the existing one you already built and that already works. This is McAfee’s vision, and McAfee is uniquely positioned to help you do it. [For someone wishing to give a short “vision” preso, this is the end of the deck….if you want to show more detail about what we’re planning, you can use some or all of the following slides] Törekedni kell az egységes menedzsmentre.
Köszönöm a figyelmet! Kiss Tibor ICTS Hungary Kft. kiss.tibor@ictshungary.hu Mobil: +36 30 7488787
Néhány vállalati környezetben népszerű alkalmazás bemutatása Apple Keynote DropBox MindMeister Roambi